Documentation ¶
Overview ¶
Package logic exposes the core logic engine used for working with keyrings, keys, claims, teams, memberships, orgs, and other primitive objects core to the cryptography architecture
Index ¶
- type Engine
- func (e *Engine) AppendCredential(ctx context.Context, notifier *observer.Notifier, ...) (*PlaintextCredentialEnvelope, error)
- func (e *Engine) ApproveInvite(ctx context.Context, notifier *observer.Notifier, InviteID *identity.ID) (*envelope.OrgInvite, error)
- func (e *Engine) ChangePassword(ctx context.Context, newPassword string) (*primitive.UserPassword, *primitive.MasterKey, error)
- func (e *Engine) GenerateKeypairs(ctx context.Context, notifier *observer.Notifier, OrgID *identity.ID) error
- func (e *Engine) RetrieveCredentials(ctx context.Context, notifier *observer.Notifier, cpath, cpathexp *string) ([]PlaintextCredentialEnvelope, error)
- func (e *Engine) RevokeKeypairs(ctx context.Context, notifier *observer.Notifier, orgID *identity.ID) error
- type Machine
- type MachineTokenSegment
- type PlaintextCredential
- type PlaintextCredentialEnvelope
- type RotationReason
- type Session
- type Worklog
- func (w *Worklog) Get(ctx context.Context, orgID *identity.ID, ident *apitypes.WorklogID) (*apitypes.WorklogItem, error)
- func (w *Worklog) List(ctx context.Context, orgID *identity.ID, itemType apitypes.WorklogType) ([]apitypes.WorklogItem, error)
- func (w *Worklog) Resolve(ctx context.Context, n *observer.Notifier, orgID *identity.ID, ...) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Engine ¶
type Engine struct { Worklog Worklog Machine Machine Session Session // contains filtered or unexported fields }
Engine exposes methods for performing actions that will affect the keys, keyrings, keyring memberships, or credential objects.
All data passing in and out of the engine is unencrypted for the currently logged in user.
func NewEngine ¶
func NewEngine(c *config.Config, s session.Session, db *db.DB, e *crypto.Engine, client *registry.Client) *Engine
NewEngine returns a new Engine
func (*Engine) AppendCredential ¶
func (e *Engine) AppendCredential(ctx context.Context, notifier *observer.Notifier, cred *PlaintextCredentialEnvelope) (*PlaintextCredentialEnvelope, error)
AppendCredential attempts to append a plain-text Credential object to the Credential Graph.
func (*Engine) ApproveInvite ¶
func (e *Engine) ApproveInvite(ctx context.Context, notifier *observer.Notifier, InviteID *identity.ID) (*envelope.OrgInvite, error)
ApproveInvite approves an invitation of a user into an organzation by encoding them into a Keyring.
func (*Engine) ChangePassword ¶ added in v0.17.0
func (e *Engine) ChangePassword(ctx context.Context, newPassword string) (*primitive.UserPassword, *primitive.MasterKey, error)
ChangePassword returns the new password object and re-encrypted masterkey object
func (*Engine) GenerateKeypairs ¶ added in v0.21.0
func (e *Engine) GenerateKeypairs(ctx context.Context, notifier *observer.Notifier, OrgID *identity.ID) error
GenerateKeypairs creates a signing and encrypting keypair for the current user for the given organization.
func (*Engine) RetrieveCredentials ¶
func (e *Engine) RetrieveCredentials(ctx context.Context, notifier *observer.Notifier, cpath, cpathexp *string) ([]PlaintextCredentialEnvelope, error)
RetrieveCredentials returns all credentials for the given CPath string
func (*Engine) RevokeKeypairs ¶ added in v0.21.0
func (e *Engine) RevokeKeypairs(ctx context.Context, notifier *observer.Notifier, orgID *identity.ID) error
RevokeKeypairs creates revocation claims for the signing and encrypting keypair for the current user for the given organization.
A revocation claim is a self-signed claim that effectively deletes the keypairs.
type Machine ¶ added in v0.15.0
type Machine struct {
// contains filtered or unexported fields
}
Machine represents the business logic for managing machines
func (*Machine) CreateToken ¶ added in v0.15.0
func (m *Machine) CreateToken(ctx context.Context, notifier *observer.Notifier, machine *envelope.Machine, secret *base64.Value) (*registry.MachineTokenCreationSegment, error)
CreateToken generates a new machine token given a machine and a secret value.
func (*Machine) EncodeToken ¶ added in v0.15.0
func (m *Machine) EncodeToken(ctx context.Context, notifier *observer.Notifier, token *envelope.MachineToken) error
EncodeToken creates KeyringMemberships for the provided Machine Token. Used during the machine creation process
type MachineTokenSegment ¶ added in v0.15.0
type MachineTokenSegment struct { Token *envelope.MachineToken `json:"token"` Keypair *registry.ClaimedKeyPair `json:"keypair"` }
MachineTokenSegment represents a Token and it's associated Keypair
type PlaintextCredential ¶
type PlaintextCredential struct { Name string `json:"name"` OrgID *identity.ID `json:"org_id"` PathExp *pathexp.PathExp `json:"pathexp"` ProjectID *identity.ID `json:"project_id"` Value string `json:"value"` State *string `json:"state"` }
PlaintextCredential is the body of an unencrypted Credential
type PlaintextCredentialEnvelope ¶
type PlaintextCredentialEnvelope struct { ID *identity.ID `json:"id"` Version uint8 `json:"version"` Body *PlaintextCredential `json:"body"` }
PlaintextCredentialEnvelope is an unencrypted credential object
type RotationReason ¶ added in v0.23.0
type RotationReason struct { Credential envelope.CredentialInf Reasons []primitive.KeyringMemberClaim }
RotationReason contains a Credential, and the user ids that had access changes to require the rotation.
type Session ¶ added in v0.15.0
type Session struct {
// contains filtered or unexported fields
}
Session represents the business logic for creating and managing tokens (and their underlying effects on the current session)
type Worklog ¶ added in v0.12.0
type Worklog struct {
// contains filtered or unexported fields
}
Worklog holds the logic for discovering and acting on worklog items. A Worklog item is some action the user should take, either for maintenance (this user should be in this keyring, this invite can be approved), or as a preventative measure (this credential value should be rotated).
Worklog items may be automatically resolved, or require the user do manually perform some action.
func (*Worklog) Get ¶ added in v0.12.0
func (w *Worklog) Get(ctx context.Context, orgID *identity.ID, ident *apitypes.WorklogID) (*apitypes.WorklogItem, error)
Get returns a single worklog item for the given org with the given ident.