request

package

v0.9.0 Latest Latest Go to latest Published: Feb 24, 2018 License: MPL-2.0 Imports: 18 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/andresoro/goldfish

Links

Open Source Insights

Documentation ¶

Index ¶

func Add(auth *vault.AuthInfo, raw map[string]interface{}) (string, error)
func IsRootOnly(req Request) bool
func Reject(auth *vault.AuthInfo, hash string) error
type GithubRequest
- func CreateGithubRequest(auth *vault.AuthInfo, raw map[string]interface{}) (*GithubRequest, error)
type PolicyDiff
type PolicyRequest
- func CreatePolicyRequest(auth *vault.AuthInfo, raw map[string]interface{}) (*PolicyRequest, string, error)
type Request
- func Approve(auth *vault.AuthInfo, hash string, unseal string) (Request, error)
- func Get(auth *vault.AuthInfo, hash string) (Request, error)
type TokenRequest
- func CreateTokenRequest(auth *vault.AuthInfo, raw map[string]interface{}) (*TokenRequest, string, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Add ¶

func Add(auth *vault.AuthInfo, raw map[string]interface{}) (string, error)

adds a request if user has authentication

func IsRootOnly ¶

func IsRootOnly(req Request) bool

func Reject ¶

func Reject(auth *vault.AuthInfo, hash string) error

deletes request, if user is authorized to read resource

Types ¶

type GithubRequest ¶

type GithubRequest struct {
	Type          string
	CommitHash    string
	Changes       map[string]PolicyDiff
	Requester     string
	RequesterHash string
	Required      int
	Progress      int `hash:"ignore"`
}

func CreateGithubRequest ¶

func CreateGithubRequest(auth *vault.AuthInfo, raw map[string]interface{}) (*GithubRequest, error)

verifies user can read all policies in the changes

func (*GithubRequest) Approve ¶

func (r *GithubRequest) Approve(hash string, unsealKey string) error

provides and unseal as an approval to a request if there are sufficient unseal tokens, attempt to roll the change

func (GithubRequest) IsRootOnly ¶

func (r GithubRequest) IsRootOnly() bool

func (*GithubRequest) Reject ¶

func (r *GithubRequest) Reject(auth *vault.AuthInfo, hash string) error

purges the request entry and unseal tokens from goldfish's cubbyhole

func (*GithubRequest) Verify ¶

func (r *GithubRequest) Verify(auth *vault.AuthInfo) error

verifies user can read all policies that will be changed if vault's policies changed in the meanwhile, progress will be reset

type PolicyDiff ¶

type PolicyDiff struct {
	Previous string
	Proposed string
}

type PolicyRequest ¶

type PolicyRequest struct {
	Type          string
	PolicyName    string
	Previous      string
	Proposed      string
	Requester     string
	RequesterHash string
	Required      int
	Progress      int `hash:"ignore"`
}

func CreatePolicyRequest ¶

func CreatePolicyRequest(auth *vault.AuthInfo, raw map[string]interface{}) (*PolicyRequest, string, error)

constructs the request from limited fields and returns the hash raw must contain two keys: 'policyname' and 'rules'

func (*PolicyRequest) Approve ¶

func (r *PolicyRequest) Approve(hash string, unsealKey string) error

provides an unseal key as an approval to a request if there are sufficient unseal keys, attempt to roll the change

func (PolicyRequest) IsRootOnly ¶

func (r PolicyRequest) IsRootOnly() bool

func (*PolicyRequest) Reject ¶

func (r *PolicyRequest) Reject(auth *vault.AuthInfo, hash string) error

purges the request entry and unseal keys from goldfish's cubbyhole

func (*PolicyRequest) Verify ¶

func (r *PolicyRequest) Verify(auth *vault.AuthInfo) error

verifies user can read policy, and that it hasn't changed since proposal

type Request ¶

type Request interface {
	IsRootOnly() bool
	Verify(*vault.AuthInfo) error
	Approve(string, string) error
	Reject(*vault.AuthInfo, string) error
}

func Approve ¶

func Approve(auth *vault.AuthInfo, hash string, unseal string) (Request, error)

if unseal is nonempty string, approve request with current auth otherwise, add unseal to list of unseals to generate root token later

func Get ¶

func Get(auth *vault.AuthInfo, hash string) (Request, error)

fetches a request if it exists, and if user has authentication

type TokenRequest ¶

type TokenRequest struct {
	Type           string
	Orphan         string
	Wrap_ttl       string
	Role           string
	CreateRequest  *api.TokenCreateRequest
	CreateResponse *api.Secret
	Requester      string
	RequesterHash  string
	Required       int
	Progress       int `hash:"ignore"`
}

func CreateTokenRequest ¶

func CreateTokenRequest(auth *vault.AuthInfo, raw map[string]interface{}) (*TokenRequest, string, error)

constructs the request from limited fields and returns the hash raw must contain key: 'wrap_ttl', and can contain 'orphan', 'role'

func (*TokenRequest) Approve ¶

func (r *TokenRequest) Approve(hash string, unsealKey string) error

provides an unseal token as an approval to a request if there are sufficient unseal tokens, attempt to roll the change

func (TokenRequest) IsRootOnly ¶

func (r TokenRequest) IsRootOnly() bool

func (*TokenRequest) Reject ¶

func (r *TokenRequest) Reject(auth *vault.AuthInfo, hash string) error

purges the request entry and unseal tokens from goldfish's cubbyhole

func (*TokenRequest) Verify ¶

func (r *TokenRequest) Verify(auth *vault.AuthInfo) error

verifies user can read the role if request contains one, and at least lookup self

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL