registry

package
v0.26.1-rc Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 28, 2017 License: BSD-3-Clause Imports: 15 Imported by: 0

Documentation

Overview

Package registry provides access to the Torus registry REST API.

Index

Constants

This section is empty.

Variables

View Source
var ErrMemberNotFound = errors.New("keyring membership not found")

ErrMemberNotFound is returned when a keyring member find call fails.

Functions

This section is empty.

Types

type ClaimTree

type ClaimTree struct {
	Org        *envelope.Org               `json:"org"`
	PublicKeys []apitypes.PublicKeySegment `json:"public_keys"`
}

ClaimTree represents an organizations claim tree which contains public signing and encryption keys for every member.

type ClaimTreeClient

type ClaimTreeClient struct {
	// contains filtered or unexported fields
}

ClaimTreeClient represents the `/claimtree` registry endpoint, used for retrieving the public keys and their associated claims for an organization.

func (*ClaimTreeClient) List

func (c *ClaimTreeClient) List(ctx context.Context, orgID *identity.ID,
	ownerID *identity.ID) ([]ClaimTree, error)

List returns a list of all claimtrees for a given orgID. If no orgID is provided then it returns all claimtrees for every organization the user belongs too.

If an ownerID is provided then only public keys and claims related to that user or machine will be returned.

type ClaimedKeyPair

type ClaimedKeyPair struct {
	apitypes.PublicKeySegment
	PrivateKey *envelope.PrivateKey `json:"private_key"`
}

ClaimedKeyPair contains a public/private keypair, and all the Claims made against it (system and user signatures).

type ClaimsClient

type ClaimsClient struct {
	// contains filtered or unexported fields
}

ClaimsClient represents the `/claims` registry endpoint for making claims against keypairs. Claims can either be a signature or a revocation.

func (ClaimsClient) Create

func (c ClaimsClient) Create(ctx context.Context, claim *envelope.Claim) (*envelope.Claim, error)

Create creates a a new signed claim on the server

type Client

type Client struct {
	KeyPairs        *KeyPairsClient
	Tokens          *TokensClient
	Users           *UsersClient
	Teams           *TeamsClient
	Memberships     *MembershipsClient
	Credentials     *Credentials
	Orgs            *OrgsClient
	OrgInvites      *OrgInvitesClient
	Policies        *PoliciesClient
	Projects        *ProjectsClient
	Environments    *EnvironmentsClient
	Services        *ServicesClient
	Keyring         *KeyringClient
	KeyringMember   *KeyringMemberClientV1
	Claims          *ClaimsClient
	ClaimTree       *ClaimTreeClient
	CredentialGraph *CredentialGraphClient
	Machines        *MachinesClient
	Profiles        *ProfilesClient
	Self            *SelfClient
	Version         *VersionClient
}

Client exposes the registry REST API.

func NewClient

func NewClient(prefix string, apiVersion string, version string,
	token TokenHolder, t http.RoundTripper) *Client

NewClient returns a new Client.

func NewClientWithRoundTripper

func NewClientWithRoundTripper(rt RoundTripper) *Client

NewClientWithRoundTripper returns a new Client using the provided RoundTripper. This is used in the api package to embed registry endpoints.

type CredentialGraph

type CredentialGraph interface {
	KeyringSection
	GetCredentials() []envelope.CredentialInf
}

CredentialGraph is the shared interface between different credential graph versions

type CredentialGraphClient

type CredentialGraphClient struct {
	// contains filtered or unexported fields
}

CredentialGraphClient represents the `/credentialgraph` registry endpoint, user for retrieving keyrings, keyring members, and credentials associated with claims.

func (*CredentialGraphClient) List

func (c *CredentialGraphClient) List(ctx context.Context, path string,
	pathExp *pathexp.PathExp, ownerID *identity.ID) ([]CredentialGraph, error)

List returns back all segments of the CredentialGraph (Keyring, Keyring Members, and Credentials) that match the given name, path, or path expression.

func (*CredentialGraphClient) Post

Post creates a new CredentialGraph on the registry.

The CredentialGraph includes the keyring, it's members, and credentials.

func (*CredentialGraphClient) Search

func (c *CredentialGraphClient) Search(ctx context.Context, pathExp string,
	ownerID *identity.ID) ([]CredentialGraph, error)

Search returns back all segments of the CredentialGraph (Keyring, Keyring Members, and Credentials) that are contained within the given loose path expression. It is loose in that it can have * for projects.

type CredentialGraphV1

type CredentialGraphV1 struct {
	KeyringSectionV1
	Credentials []envelope.CredentialInf `json:"credentials"`
}

CredentialGraphV1 represents a Keyring, it's members, and associated Credentials.

func (*CredentialGraphV1) GetCredentials

func (c *CredentialGraphV1) GetCredentials() []envelope.CredentialInf

GetCredentials returns the Credentials objects in this CredentialGraph

type CredentialGraphV2

type CredentialGraphV2 struct {
	KeyringSectionV2
	Credentials []envelope.CredentialInf `json:"credentials"`
}

CredentialGraphV2 represents a Keyring, it's members, and associated Credentials.

func (*CredentialGraphV2) GetCredentials

func (c *CredentialGraphV2) GetCredentials() []envelope.CredentialInf

GetCredentials returns the Credentials objects in this CredentialGraph

type Credentials

type Credentials struct {
	// contains filtered or unexported fields
}

Credentials represents the `/credentials` registry endpoint, used for accessing encrypted credentials/secrets.

func (*Credentials) Create

func (c *Credentials) Create(ctx context.Context, creds []envelope.CredentialInf) ([]*envelope.Credential, error)

Create creates the provided credential in the registry.

type DefaultRequestDoer

type DefaultRequestDoer struct {
	Client *http.Client
	Host   string
}

DefaultRequestDoer is a default implementation of the RequestDoer interface. It is shared and extended by the registry and api clients.

func (*DefaultRequestDoer) Do

func (rt *DefaultRequestDoer) Do(ctx context.Context, r *http.Request,
	v interface{}) (*http.Response, error)

Do executes an http.Request, populating v with the JSON response on success.

If the request errors with a JSON formatted response body, it will be unmarshaled into the returned error.

func (*DefaultRequestDoer) NewRequest

func (rt *DefaultRequestDoer) NewRequest(method, path string,
	query *url.Values, body interface{}) (*http.Request, error)

NewRequest constructs a new http.Request, with a body containing the json representation of body, if provided.

type EnvironmentsClient

type EnvironmentsClient struct {
	// contains filtered or unexported fields
}

EnvironmentsClient makes proxied requests to the registry's envs endpoints

func (*EnvironmentsClient) Create

func (e *EnvironmentsClient) Create(ctx context.Context, orgID, projectID *identity.ID, name string) error

Create generates a new env object for an org/project ID

func (*EnvironmentsClient) List

func (e *EnvironmentsClient) List(ctx context.Context, orgIDs, projectIDs []identity.ID, names []string) ([]envelope.Environment, error)

List retrieves relevant envs by name and/or orgID and/or projectID

type KeyPairsClient

type KeyPairsClient struct {
	// contains filtered or unexported fields
}

KeyPairsClient represents the `/keypairs` registry endpoint, used for accessing users' signing and encryption keypairs.

func (*KeyPairsClient) Create

Create creates a new keypair on the registry.

The keypair includes the user's public key, private key, and a self-signed claim on the public key.

keys may be either signing or encryption keys.

func (*KeyPairsClient) List

func (k *KeyPairsClient) List(ctx context.Context, orgID *identity.ID) ([]ClaimedKeyPair, error)

List returns all KeyPairs for the logged in user in the given, or all orgs if orgID is nil.

type KeyringClient

type KeyringClient struct {
	Members *KeyringMembersClient
	// contains filtered or unexported fields
}

KeyringClient represents the `/keyrings` registry end point for accessing keyrings the user or machine belong too.

func (*KeyringClient) List

func (k *KeyringClient) List(ctx context.Context, orgID *identity.ID,
	ownerID *identity.ID) ([]KeyringSection, error)

List retrieves an array of KeyringSections from the registry.

type KeyringMember

type KeyringMember struct {
	Member   *envelope.KeyringMember `json:"member"`
	MEKShare *envelope.MEKShare      `json:"mekshare"`
}

KeyringMember holds membership information for v2 keyrings. In v2, a user can have their master encryption key share removed.

type KeyringMemberClientV1

type KeyringMemberClientV1 struct {
	// contains filtered or unexported fields
}

KeyringMemberClientV1 represents the `/keyring-members` registry endpoint for creating memberships related to a set of Keyrings.

func (*KeyringMemberClientV1) Post

Post sends a creation requests for a set of KeyringMember objects to the registry.

type KeyringMembersClient

type KeyringMembersClient struct {
	// contains filtered or unexported fields
}

KeyringMembersClient represents the `/keyring/:id/members` registry endpoint for creating memberships in a keyring.

func (*KeyringMembersClient) Post

Post sends a creation requests for a set of KeyringMember objects to the registry.

type KeyringSection

type KeyringSection interface {
	GetKeyring() envelope.KeyringInf
	KeyringVersion() int
	FindMember(*identity.ID) (*primitive.KeyringMember, *primitive.MEKShare, error)
	HasRevocations() bool
	GetClaims() []envelope.KeyringMemberClaim
}

KeyringSection is the shared interface between different KeyringSection versions.

type KeyringSectionV1

type KeyringSectionV1 struct {
	Keyring *envelope.KeyringV1        `json:"keyring"`
	Members []envelope.KeyringMemberV1 `json:"members"`
}

KeyringSectionV1 represents a section of the CredentialGraph only pertaining to a keyring and it's membership.

func (*KeyringSectionV1) FindMember

FindMember returns the membership and mekshare for the given user id. The data is returned in V2 format.

func (KeyringSectionV1) GetClaims added in v0.23.0

GetClaims returns the Member claims for this keyring. These don't exist in V1 so it is always an empty list.

func (*KeyringSectionV1) GetKeyring

func (k *KeyringSectionV1) GetKeyring() envelope.KeyringInf

GetKeyring returns the Keyring object in this KeyringSection

func (KeyringSectionV1) HasRevocations

func (KeyringSectionV1) HasRevocations() bool

HasRevocations indicates that a Keyring holds revoked user keys. We don't track in V1 so it is always false.

func (*KeyringSectionV1) KeyringVersion

func (k *KeyringSectionV1) KeyringVersion() int

KeyringVersion returns the version of the keyring itself (not its schema).

type KeyringSectionV2

type KeyringSectionV2 struct {
	Keyring *envelope.Keyring             `json:"keyring"`
	Members []KeyringMember               `json:"members"`
	Claims  []envelope.KeyringMemberClaim `json:"claims"`
}

KeyringSectionV2 represents a Keyring and its members.

func (*KeyringSectionV2) FindMember

FindMember returns the membership and mekshare for the given user id.

An owner (user/machine token) may have multiple memberships, one per encryption key. There will only be one unrevoked membership. Either this unrevoked membership will be returned, or the result will error with ErrMemberNotFound.

func (*KeyringSectionV2) GetClaims added in v0.23.0

func (k *KeyringSectionV2) GetClaims() []envelope.KeyringMemberClaim

GetClaims returns the list of Member claims for this keyring.

func (*KeyringSectionV2) GetKeyring

func (k *KeyringSectionV2) GetKeyring() envelope.KeyringInf

GetKeyring returns the Keyring object in this KeyringSection

func (*KeyringSectionV2) HasRevocations

func (k *KeyringSectionV2) HasRevocations() bool

HasRevocations indicates that a Keyring holds revoked user keys.

func (*KeyringSectionV2) KeyringVersion

func (k *KeyringSectionV2) KeyringVersion() int

KeyringVersion returns the version of the keyring itself (not its schema).

type MachineCreationSegment

type MachineCreationSegment struct {
	apitypes.MachineSegment
	Tokens []MachineTokenCreationSegment `json:"tokens"`
}

MachineCreationSegment represents the request sent to create the registry to create a machine and it's first token

type MachineTokenCreationSegment

type MachineTokenCreationSegment struct {
	Token    *envelope.MachineToken `json:"token"`
	Keypairs []*ClaimedKeyPair      `json:"keypairs"`
}

MachineTokenCreationSegment represents the request send to the registry to create a Machine Token

type MachinesClient

type MachinesClient struct {
	// contains filtered or unexported fields
}

MachinesClient represents the `/machines` registry endpoint, used for creating, listing, authorizing, and destroying machines and their tokens.

func (*MachinesClient) Create

Create requests the registry to create a MachineSegment.

The MachineSegment includes the Machine, it's Memberships, and authorization tokens.

func (*MachinesClient) Destroy

func (m *MachinesClient) Destroy(ctx context.Context, machineID *identity.ID) error

Destroy machine by ID

func (*MachinesClient) Get

func (m *MachinesClient) Get(ctx context.Context, machineID *identity.ID) (*apitypes.MachineSegment, error)

Get requests a single machine from the registry

func (*MachinesClient) List

func (m *MachinesClient) List(ctx context.Context, orgID *identity.ID, state *string, name *string, teamID *identity.ID) ([]apitypes.MachineSegment, error)

List machines in the given org and state

type MembershipsClient

type MembershipsClient struct {
	// contains filtered or unexported fields
}

MembershipsClient represents the `/memberships` registry endpoint, used for accessing the relationship between users, organization, and teams.

func (*MembershipsClient) Create

func (m *MembershipsClient) Create(ctx context.Context, userID, orgID, teamID *identity.ID) error

Create requests addition of a user to a team

func (*MembershipsClient) Delete

func (m *MembershipsClient) Delete(ctx context.Context, membership *identity.ID) error

Delete requests deletion of a specific membership row by ID

func (*MembershipsClient) List

func (m *MembershipsClient) List(ctx context.Context, orgID *identity.ID,
	teamID *identity.ID, ownerID *identity.ID) ([]envelope.Membership, error)

List returns all memberships for a given organization, team, or user/machine

type OrgInvitesClient

type OrgInvitesClient struct {
	// contains filtered or unexported fields
}

OrgInvitesClient represents the `/org-invites` registry endpoint, used for sending, accepting, and approving invitations to organizations in Torus.

func (*OrgInvitesClient) Accept

func (o *OrgInvitesClient) Accept(ctx context.Context, org, email, code string) error

Accept executes the accept invite request

func (*OrgInvitesClient) Approve

func (o *OrgInvitesClient) Approve(ctx context.Context, inviteID *identity.ID) (*envelope.OrgInvite, error)

Approve sends an approval notification to the registry regarding a specific invitation.

func (*OrgInvitesClient) Associate

func (o *OrgInvitesClient) Associate(ctx context.Context, org, email, code string) (*envelope.OrgInvite, error)

Associate executes the associate invite request

func (*OrgInvitesClient) Get

func (o *OrgInvitesClient) Get(ctx context.Context, inviteID *identity.ID) (*envelope.OrgInvite, error)

Get returns a specific Org Invite based on it's ID

func (*OrgInvitesClient) List

func (o *OrgInvitesClient) List(ctx context.Context, orgID *identity.ID, states []string, email string) ([]envelope.OrgInvite, error)

List lists all invites for a given org with the given states

func (*OrgInvitesClient) Send

func (o *OrgInvitesClient) Send(ctx context.Context, email string, orgID, inviterID identity.ID, teamIDs []identity.ID) error

Send creates a new org invitation

type OrgTreeSegment

type OrgTreeSegment struct {
	Org      *primitive.Org      `json:"org"`
	Policies []primitive.Policy  `json:"policies"`
	Profiles []*apitypes.Profile `json:"profiles"`
	Teams    []*struct {
		Team              *envelope.Team               `json:"team"`
		Memberships       *[]envelope.Membership       `json:"memberships"`
		PolicyAttachments *[]envelope.PolicyAttachment `json:"policy_attachments"`
	} `json:"teams"`
}

OrgTreeSegment is the payload returned for an org tree

type OrgsClient

type OrgsClient struct {
	// contains filtered or unexported fields
}

OrgsClient makes proxied requests to the registry's orgs endpoints

func (*OrgsClient) Create

func (o *OrgsClient) Create(ctx context.Context, name string) (*envelope.Org, error)

Create creates a new org with the given name. It returns the newly-created org.

func (*OrgsClient) Get

func (o *OrgsClient) Get(ctx context.Context, orgID *identity.ID) (*envelope.Org, error)

Get returns the organization with the given ID.

func (*OrgsClient) GetByName

func (o *OrgsClient) GetByName(ctx context.Context, name string) (*envelope.Org, error)

GetByName retrieves an org by its name

func (*OrgsClient) GetTree

func (o *OrgsClient) GetTree(ctx context.Context, orgID identity.ID) ([]OrgTreeSegment, error)

GetTree returns an org tree

func (*OrgsClient) List

func (o *OrgsClient) List(ctx context.Context) ([]envelope.Org, error)

List returns all organizations that the signed-in user has access to

func (*OrgsClient) RemoveMember

func (o *OrgsClient) RemoveMember(ctx context.Context, orgID identity.ID,
	userID identity.ID) error

RemoveMember removes a user from an org

type PoliciesClient

type PoliciesClient struct {
	// contains filtered or unexported fields
}

PoliciesClient makes proxied requests to the registry's policies endpoints

func (*PoliciesClient) Attach

func (p *PoliciesClient) Attach(ctx context.Context, org, policy, team *identity.ID) error

Attach attaches a policy to a team

func (*PoliciesClient) AttachmentsList

func (p *PoliciesClient) AttachmentsList(ctx context.Context, orgID, ownerID, policyID *identity.ID) ([]envelope.PolicyAttachment, error)

AttachmentsList retrieves all policy attachments for an org

func (*PoliciesClient) Create

func (p *PoliciesClient) Create(ctx context.Context, policy *primitive.Policy) (*envelope.Policy, error)

Create creates a new policy

func (*PoliciesClient) Delete added in v0.26.0

func (p *PoliciesClient) Delete(ctx context.Context, policyID *identity.ID) error

Delete destroys the policy for the given ID

func (*PoliciesClient) Detach

func (p *PoliciesClient) Detach(ctx context.Context, attachmentID *identity.ID) error

Detach deletes a specific attachment

func (*PoliciesClient) List

func (p *PoliciesClient) List(ctx context.Context, orgID *identity.ID, name string) ([]envelope.Policy, error)

List retrieves relevant policiies by orgID and/or name

type ProfilesClient

type ProfilesClient struct {
	// contains filtered or unexported fields
}

ProfilesClient makes proxied requests to the registry's profiles endpoints

func (*ProfilesClient) ListByID

func (p *ProfilesClient) ListByID(ctx context.Context, userIDs []identity.ID) ([]apitypes.Profile, error)

ListByID returns profiles looked up by User ID

func (*ProfilesClient) ListByName

func (p *ProfilesClient) ListByName(ctx context.Context, name string) (*apitypes.Profile, error)

ListByName returns profiles looked up by username

type ProjectTreeSegment

type ProjectTreeSegment struct {
	Org      *envelope.Org           `json:"org"`
	Envs     []*envelope.Environment `json:"envs"`
	Services []*envelope.Service     `json:"services"`
	Projects []envelope.Project      `json:"projects"`
	Profiles []*apitypes.Profile     `json:"profiles"`
}

ProjectTreeSegment is the payload returned for a project tree

type ProjectsClient

type ProjectsClient struct {
	// contains filtered or unexported fields
}

ProjectsClient makes proxied requests to the registry's projects endpoints

func (*ProjectsClient) Create

func (p *ProjectsClient) Create(ctx context.Context, org *identity.ID, name string) (*envelope.Project, error)

Create creates a new project with the given name within the given org

func (*ProjectsClient) GetTree

func (p *ProjectsClient) GetTree(ctx context.Context, orgID *identity.ID) ([]ProjectTreeSegment, error)

GetTree returns a project tree

func (*ProjectsClient) List

func (p *ProjectsClient) List(ctx context.Context, orgID *identity.ID) ([]envelope.Project, error)

List returns a list of all Projects within the given org.

func (*ProjectsClient) Search

func (p *ProjectsClient) Search(ctx context.Context, orgIDs []identity.ID, names []string) ([]envelope.Project, error)

Search retrieves relevant projects by name and/or orgID

type RequestDoer

type RequestDoer interface {
	NewRequest(method, path string, query *url.Values, body interface{}) (*http.Request, error)
	Do(ctx context.Context, r *http.Request, v interface{}) (*http.Response, error)
}

RequestDoer is the interface used to construct and send requests to the torus registry.

type RoundTripper

type RoundTripper interface {
	RequestDoer
	RoundTrip(ctx context.Context, method, path string, query *url.Values, body, response interface{}) error
}

RoundTripper is a RequestDoer with a convenience method for doing a request/response round trip in a single call.

type SelfClient

type SelfClient struct {
	// contains filtered or unexported fields
}

SelfClient represents the registry `/self` endpoints.

func (*SelfClient) Get

func (s *SelfClient) Get(ctx context.Context, token string) (*apitypes.Self, error)

Get returns the current identities associated with this token

type ServicesClient

type ServicesClient struct {
	// contains filtered or unexported fields
}

ServicesClient makes proxied requests to the registry's services endpoints

func (*ServicesClient) Create

func (s *ServicesClient) Create(ctx context.Context, orgID, projectID *identity.ID, name string) error

Create performs a request to create a new service object

func (*ServicesClient) List

func (s *ServicesClient) List(ctx context.Context, orgIDs, projectIDs []identity.ID, names []string) ([]envelope.Service, error)

List retrieves relevant services by name and/or orgID and/or projectID

type TeamsClient

type TeamsClient struct {
	// contains filtered or unexported fields
}

TeamsClient makes proxied requests to the registry's teams endpoints

func (*TeamsClient) Create

func (t *TeamsClient) Create(ctx context.Context, orgID *identity.ID, name string,
	teamType primitive.TeamType) (*envelope.Team, error)

Create performs a request to create a new team object

func (*TeamsClient) GetByName

func (t *TeamsClient) GetByName(ctx context.Context, orgID *identity.ID, name string) ([]envelope.Team, error)

GetByName retrieves the team with the specified name

func (*TeamsClient) GetByOrg

func (t *TeamsClient) GetByOrg(ctx context.Context, orgID *identity.ID) ([]envelope.Team, error)

GetByOrg retrieves all teams for an org id

func (*TeamsClient) List

func (t *TeamsClient) List(ctx context.Context, orgID *identity.ID, name string, teamType primitive.TeamType) ([]envelope.Team, error)

List retrieves all teams for an org based on the filtered values

type TokenHolder

type TokenHolder interface {
	Token() string
}

TokenHolder holds an authorization token

type TokensClient

type TokensClient struct {
	// contains filtered or unexported fields
}

TokensClient represents the registry '/tokens' endpoints, used for session management.

Logging in is a two step process. We must first request a login token. This token is then HMAC'd and returned to the server, exchanging it for an auth token, which is used for all other operations.

func (*TokensClient) Delete

func (t *TokensClient) Delete(ctx context.Context, token string) error

Delete deletes the token with the provided value from the registry. This effectively logs a user out.

func (*TokensClient) PostEdDSAAuth

func (t *TokensClient) PostEdDSAAuth(ctx context.Context, token string,
	sig *base64.Value) (*envelope.Token, error)

PostEdDSAAuth requests an auth token from the registry for the provided login token value, and it's signature.

func (*TokensClient) PostLogin

func (t *TokensClient) PostLogin(ctx context.Context, creds apitypes.LoginCredential) (
	*base64.Value, *envelope.Token, error)

PostLogin requests a login token from the registry for the provided email address.

func (*TokensClient) PostUpgradeEdDSAAuth

func (t *TokensClient) PostUpgradeEdDSAAuth(ctx context.Context, token, hmac string,
	sig, publicKey *base64.Value) (*envelope.Token, error)

PostUpgradeEdDSAAuth requests an auth token from the registry while upgrading the user from HMAC based authentication to EdDSA

type UsersClient

type UsersClient struct {
	// contains filtered or unexported fields
}

UsersClient represents the registry `/users` endpoints.

func (*UsersClient) Create

func (u *UsersClient) Create(ctx context.Context, userObj *envelope.User,
	signup apitypes.Signup) (envelope.UserInf, error)

Create attempts to register a new user

func (*UsersClient) Update

func (u *UsersClient) Update(ctx context.Context, userObj interface{}) (envelope.UserInf, error)

Update patches the user object with whitelisted fields

func (*UsersClient) VerifyEmail

func (u *UsersClient) VerifyEmail(ctx context.Context, verifyCode string) error

VerifyEmail will confirm the user's email with the registry

type VersionClient

type VersionClient struct {
	// contains filtered or unexported fields
}

VersionClient provides access to the daemon's /v1/version endpoint, for inspecting the daemon's release version.

func (*VersionClient) Get

Get returns the registry's release version.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL