Documentation ¶
Overview ¶
Package registry provides access to the Torus registry REST API.
Index ¶
- Variables
- type ClaimTree
- type ClaimTreeClient
- type ClaimedKeyPair
- type Client
- func (c *Client) Do(ctx context.Context, r *http.Request, v interface{}) (*http.Response, error)
- func (c *Client) NewRequest(method, path string, query *url.Values, body interface{}) (*http.Request, error)
- func (c *Client) NewTokenRequest(token, method, path string, query *url.Values, body interface{}) (*http.Request, error)
- type CredentialGraph
- type CredentialGraphClient
- func (c *CredentialGraphClient) List(ctx context.Context, path string, pathExp *pathexp.PathExp, ...) ([]CredentialGraph, error)
- func (c *CredentialGraphClient) Post(ctx context.Context, t *CredentialGraph) (*CredentialGraphV2, error)
- func (c *CredentialGraphClient) Search(ctx context.Context, pathExp string, ownerID *identity.ID) ([]CredentialGraph, error)
- type CredentialGraphV1
- type CredentialGraphV2
- type Credentials
- type KeyPairs
- type KeyringClient
- type KeyringMember
- type KeyringMemberClientV1
- type KeyringMembersClient
- type KeyringSection
- type KeyringSectionV1
- type KeyringSectionV2
- type MachineCreationSegment
- type MachineTokenCreationSegment
- type MachinesClient
- type MembershipsClient
- type OrgInviteClient
- type Orgs
- type ProjectsClient
- type SelfClient
- type Signup
- type SignupBody
- type TeamsClient
- type Tokens
- func (t *Tokens) Delete(ctx context.Context, token string) error
- func (t *Tokens) PostAuth(ctx context.Context, token, hmac string) (string, error)
- func (t *Tokens) PostLogin(ctx context.Context, creds apitypes.LoginCredential) (*base64.Value, string, error)
- func (t *Tokens) PostPDPKAuth(ctx context.Context, token string, sig *base64.Value) (string, error)
- type Users
Constants ¶
This section is empty.
Variables ¶
var ErrMemberNotFound = errors.New("Keyring membership not found.")
ErrMemberNotFound is returned when a keyring member find call fails.
Functions ¶
This section is empty.
Types ¶
type ClaimTree ¶
type ClaimTree struct { Org *envelope.Unsigned `json:"org"` PublicKeys []apitypes.PublicKeySegment `json:"public_keys"` }
ClaimTree represents an organizations claim tree which contains public signing and encryption keys for every member.
type ClaimTreeClient ¶
type ClaimTreeClient struct {
// contains filtered or unexported fields
}
ClaimTreeClient represents the `/claimtree` registry endpoint, used for retrieving the public keys and their associated claims for an organization.
func (*ClaimTreeClient) List ¶
func (c *ClaimTreeClient) List(ctx context.Context, orgID *identity.ID, ownerID *identity.ID) ([]ClaimTree, error)
List returns a list of all claimtrees for a given orgID. If no orgID is provided then it returns all claimtrees for every organization the user belongs too.
If an ownerID is provided then only public keys and claims related to that user or machine will be returned.
type ClaimedKeyPair ¶
type ClaimedKeyPair struct { PublicKey *envelope.Signed `json:"public_key"` PrivateKey *envelope.Signed `json:"private_key"` Claims []envelope.Signed `json:"claims"` }
ClaimedKeyPair contains a public/private keypair, and all the Claims made against it (system and user signatures).
type Client ¶
type Client struct { KeyPairs *KeyPairs Tokens *Tokens Users *Users Teams *TeamsClient Memberships *MembershipsClient Credentials *Credentials Orgs *Orgs OrgInvite *OrgInviteClient Projects *ProjectsClient Keyring *KeyringClient KeyringMember *KeyringMemberClientV1 ClaimTree *ClaimTreeClient CredentialGraph *CredentialGraphClient Machines *MachinesClient Self *SelfClient // contains filtered or unexported fields }
Client exposes the registry REST API.
func NewClient ¶
func NewClient(prefix string, apiVersion string, version string, sess session.Session, t *http.Transport) *Client
NewClient returns a new Client.
func (*Client) Do ¶
Do executes an http.Request, populating v with the JSON response on success.
If the request errors with a JSON formatted response body, it will be unmarshaled into the returned error.
func (*Client) NewRequest ¶
func (c *Client) NewRequest(method, path string, query *url.Values, body interface{}) (*http.Request, error)
NewRequest constructs a new http.Request, with a body containing the json representation of body, if provided.
func (*Client) NewTokenRequest ¶
func (c *Client) NewTokenRequest(token, method, path string, query *url.Values, body interface{}) (*http.Request, error)
NewTokenRequest constructs a new http.Request, with a body containing the json representation of body, if provided.
The request will be authorized with the provided token.
type CredentialGraph ¶ added in v0.10.0
type CredentialGraph interface { KeyringSection GetCredentials() []envelope.Signed KeyringVersion() int }
CredentialGraph is the shared interface between different credential graph versions
type CredentialGraphClient ¶ added in v0.10.0
type CredentialGraphClient struct {
// contains filtered or unexported fields
}
CredentialGraphClient represents the `/credentialgraph` registry endpoint, user for retrieving keyrings, keyring members, and credentials associated with claims.
func (*CredentialGraphClient) List ¶ added in v0.10.0
func (c *CredentialGraphClient) List(ctx context.Context, path string, pathExp *pathexp.PathExp, ownerID *identity.ID) ([]CredentialGraph, error)
List returns back all segments of the CredentialGraph (Keyring, Keyring Members, and Credentials) that match the given name, path, or path expression.
func (*CredentialGraphClient) Post ¶ added in v0.10.0
func (c *CredentialGraphClient) Post(ctx context.Context, t *CredentialGraph) (*CredentialGraphV2, error)
Post creates a new CredentialGraph on the registry.
The CredentialGraph includes the keyring, it's members, and credentials.
func (*CredentialGraphClient) Search ¶ added in v0.12.0
func (c *CredentialGraphClient) Search(ctx context.Context, pathExp string, ownerID *identity.ID) ([]CredentialGraph, error)
Search returns back all segments of the CredentialGraph (Keyring, Keyring Members, and Credentials) that are contained within the given loose path expression. It is loose in that it can have * for projects.
type CredentialGraphV1 ¶ added in v0.10.0
type CredentialGraphV1 struct { KeyringSectionV1 Credentials []envelope.Signed `json:"credentials"` }
CredentialGraphV1 represents a Keyring, it's members, and associated Credentials.
func (*CredentialGraphV1) GetCredentials ¶ added in v0.10.0
func (c *CredentialGraphV1) GetCredentials() []envelope.Signed
GetCredentials returns the Credentials objects in this CredentialGraph
func (*CredentialGraphV1) KeyringVersion ¶ added in v0.12.0
func (c *CredentialGraphV1) KeyringVersion() int
KeyringVersion returns the version of the keyring itself (not its schema).
type CredentialGraphV2 ¶ added in v0.10.0
type CredentialGraphV2 struct { KeyringSectionV2 Credentials []envelope.Signed `json:"credentials"` }
CredentialGraphV2 represents a Keyring, it's members, and associated Credentials.
func (*CredentialGraphV2) GetCredentials ¶ added in v0.10.0
func (c *CredentialGraphV2) GetCredentials() []envelope.Signed
GetCredentials returns the Credentials objects in this CredentialGraph
func (*CredentialGraphV2) KeyringVersion ¶ added in v0.12.0
func (c *CredentialGraphV2) KeyringVersion() int
KeyringVersion returns the version of the keyring itself (not its schema).
type Credentials ¶
type Credentials struct {
// contains filtered or unexported fields
}
Credentials represents the `/credentials` registry endpoint, used for accessing encrypted credentials/secrets.
type KeyPairs ¶
type KeyPairs struct {
// contains filtered or unexported fields
}
KeyPairs represents the `/keypairs` registry endpoint, used for accessing users' signing and encryption keypairs.
func (*KeyPairs) List ¶
List returns all KeyPairs for the logged in user in the given, or all orgs if orgID is nil.
func (*KeyPairs) Post ¶
func (k *KeyPairs) Post(ctx context.Context, pubKey, privKey, claim *envelope.Signed) (*envelope.Signed, *envelope.Signed, []envelope.Signed, error)
Post creates a new keypair on the registry.
The keypair includes the user's public key, private key, and a self-signed claim on the public key.
keys may be either signing or encryption keys.
type KeyringClient ¶
type KeyringClient struct { Members *KeyringMembersClient // contains filtered or unexported fields }
KeyringClient represents the `/keyrings` registry end point for accessing keyrings the user or machine belong too.
type KeyringMember ¶ added in v0.10.0
KeyringMember holds membership information for v2 keyrings. In v2, a user can have their master encryption key share removed.
type KeyringMemberClientV1 ¶ added in v0.10.0
type KeyringMemberClientV1 struct {
// contains filtered or unexported fields
}
KeyringMemberClientV1 represents the `/keyring-members` registry endpoint for creating memberships related to a set of Keyrings.
type KeyringMembersClient ¶ added in v0.10.0
type KeyringMembersClient struct {
// contains filtered or unexported fields
}
KeyringMembersClient represents the `/keyring/:id/members` registry endpoint for creating memberships in a keyring.
func (*KeyringMembersClient) Post ¶ added in v0.10.0
func (k *KeyringMembersClient) Post(ctx context.Context, member KeyringMember) error
Post sends a creation requests for a set of KeyringMember objects to the registry.
type KeyringSection ¶
type KeyringSection interface { GetKeyring() *envelope.Signed FindMember(*identity.ID) (*primitive.KeyringMember, *primitive.MEKShare, error) HasRevocations() bool }
KeyringSection is the shared interface between different KeyringSection versions.
type KeyringSectionV1 ¶ added in v0.10.0
type KeyringSectionV1 struct { Keyring *envelope.Signed `json:"keyring"` Members []envelope.Signed `json:"members"` }
KeyringSectionV1 represents a section of the CredentialGraph only pertaining to a keyring and it's membership.
func (*KeyringSectionV1) FindMember ¶ added in v0.10.0
func (k *KeyringSectionV1) FindMember(id *identity.ID) (*primitive.KeyringMember, *primitive.MEKShare, error)
FindMember returns the membership and mekshare for the given user id. The data is returned in V2 format.
func (*KeyringSectionV1) GetKeyring ¶ added in v0.10.0
func (k *KeyringSectionV1) GetKeyring() *envelope.Signed
GetKeyring returns the Keyring object in this KeyringSection
func (KeyringSectionV1) HasRevocations ¶ added in v0.12.0
func (KeyringSectionV1) HasRevocations() bool
HasRevocations indicates that a Keyring holds revoked user keys. We don't track in V1 so it is always false.
type KeyringSectionV2 ¶ added in v0.10.0
type KeyringSectionV2 struct { Keyring *envelope.Signed `json:"keyring"` Members []KeyringMember `json:"members"` Claims []envelope.Signed `json:"claims"` }
KeyringSectionV2 represents a Keyring and its members.
func (*KeyringSectionV2) FindMember ¶ added in v0.10.0
func (k *KeyringSectionV2) FindMember(id *identity.ID) (*primitive.KeyringMember, *primitive.MEKShare, error)
FindMember returns the membership and mekshare for the given user id.
func (*KeyringSectionV2) GetKeyring ¶ added in v0.10.0
func (k *KeyringSectionV2) GetKeyring() *envelope.Signed
GetKeyring returns the Keyring object in this KeyringSection
func (*KeyringSectionV2) HasRevocations ¶ added in v0.12.0
func (k *KeyringSectionV2) HasRevocations() bool
HasRevocations indicates that a Keyring holds revoked user keys.
type MachineCreationSegment ¶ added in v0.15.0
type MachineCreationSegment struct { Machine *envelope.Unsigned `json:"machine"` Memberships []envelope.Unsigned `json:"memberships"` Tokens []MachineTokenCreationSegment `json:"tokens"` }
MachineCreationSegment represents the request sent to create the registry to create a machine and it's first token
type MachineTokenCreationSegment ¶ added in v0.15.0
type MachineTokenCreationSegment struct { Token *envelope.Unsigned `json:"token"` Keypairs []*ClaimedKeyPair `json:"keypairs"` }
MachineTokenCreationSegment represents the request send to the registry to create a Machine Token
type MachinesClient ¶ added in v0.15.0
type MachinesClient struct {
// contains filtered or unexported fields
}
MachinesClient represents the `/machines` registry endpoint, used for creating, listing, authorizing, and destroying machines and their tokens.
func (*MachinesClient) Create ¶ added in v0.15.0
func (m *MachinesClient) Create(ctx context.Context, machine *envelope.Unsigned, memberships []envelope.Unsigned, token *MachineTokenCreationSegment) (*apitypes.MachineSegment, error)
Create requests the registry to create a MachineSegment.
The MachineSegment includes the Machine, it's Memberships, and authorization tokens.
func (*MachinesClient) Get ¶ added in v0.15.0
func (m *MachinesClient) Get(ctx context.Context, machineID *identity.ID) (*apitypes.MachineSegment, error)
Get requests a single machine from the registry
type MembershipsClient ¶
type MembershipsClient struct {
// contains filtered or unexported fields
}
MembershipsClient represents the `/memberships` registry endpoint, used for accessing the relationship between users, organization, and teams.
type OrgInviteClient ¶
type OrgInviteClient struct {
// contains filtered or unexported fields
}
OrgInviteClient represents the `/org-invites` registry endpoint, used for sending, accepting, and approving invitations to organizations in Torus.
type Orgs ¶
type Orgs struct {
// contains filtered or unexported fields
}
Orgs represents the `/orgs` registry endpoint, used for accessing organizations stored in Torus.
type ProjectsClient ¶ added in v0.12.0
type ProjectsClient struct {
// contains filtered or unexported fields
}
ProjectsClient represents the `/projects` registry endpoint, for manipulating projects.
type SelfClient ¶ added in v0.15.0
type SelfClient struct {
// contains filtered or unexported fields
}
SelfClient represents the registry `/self` endpoints.
type Signup ¶ added in v0.11.0
type Signup struct { ID string `json:"id"` Version int `json:"version"` Body *SignupBody `json:"body"` }
Signup contains fields for signup
type SignupBody ¶ added in v0.11.0
type SignupBody struct { Username string `json:"username"` Name string `json:"name"` Email string `json:"email"` // State is not a field because the server determines it, client cannot Password *primitive.UserPassword `json:"password"` Master *primitive.MasterKey `json:"master"` }
SignupBody contains fields for Signup object body during signup
func (SignupBody) Mutable ¶ added in v0.11.0
func (SignupBody) Mutable()
Mutable indicates this object is Mutable type
func (SignupBody) Version ¶ added in v0.11.0
func (SignupBody) Version() int
Version returns the object version
type TeamsClient ¶
type TeamsClient struct {
// contains filtered or unexported fields
}
TeamsClient represents the `/teams` registry endpoint, used for accessing teams stored in Torus.
type Tokens ¶
type Tokens struct {
// contains filtered or unexported fields
}
Tokens represents the registry '/tokens' endpoints, used for session management.
Logging in is a two step process. We must first request a login token. This token is then HMAC'd and returned to the server, exchanging it for an auth token, which is used for all other operations.
func (*Tokens) Delete ¶
Delete deletes the token with the provided value from the registry. This effectively logs a user out.
func (*Tokens) PostAuth ¶
PostAuth requests an auth token from the registry for the provided login token value, and it's HMAC.