conjurapi

package
v0.5.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 1, 2019 License: Apache-2.0 Imports: 21 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func LoginPairFromEnv 

func LoginPairFromEnv() (*authn.LoginPair, error)

func LoginPairFromNetRC 

func LoginPairFromNetRC(config Config) (*authn.LoginPair, error)

func ReadResponseBody added in v0.3.0 

func ReadResponseBody(response io.ReadCloser) ([]byte, error)

ReadResponseBody fully reads a response and closes it.

Types

type Authenticator 

type Authenticator interface {
	RefreshToken() ([]byte, error)
	NeedsTokenRefresh() bool
}

type Client 

type Client struct {
	// contains filtered or unexported fields
}

func NewClientFromEnvironment 

func NewClientFromEnvironment(config Config) (*Client, error)

func NewClientFromKey 

func NewClientFromKey(config Config, loginPair authn.LoginPair) (*Client, error)

func NewClientFromToken 

func NewClientFromToken(config Config, token string) (*Client, error)

func NewClientFromTokenFile 

func NewClientFromTokenFile(config Config, tokenFile string) (*Client, error)

func (*Client) AddSecret 

func (c *Client) AddSecret(variableID string, secretValue string) error

AddSecret adds a secret value to a variable.

The authenticated user must have update privilege on the variable.

func (*Client) Authenticate 

func (c *Client) Authenticate(loginPair authn.LoginPair) ([]byte, error)

Authenticate obtains a new access token.

func (*Client) AuthenticateReader added in v0.3.0 

func (c *Client) AuthenticateReader(loginPair authn.LoginPair) (io.ReadCloser, error)

AuthenticateReader obtains a new access token and returns it as a data stream.

func (*Client) CheckPermission added in v0.3.0 

func (c *Client) CheckPermission(resourceID, privilege string) (bool, error)

CheckPermission determines whether the authenticated user has a specified privilege on a resource.

func (*Client) GetConfig added in v0.5.0 

func (c *Client) GetConfig() Config

func (*Client) GetHttpClient added in v0.5.1 

func (c *Client) GetHttpClient() *http.Client

func (*Client) LoadPolicy 

func (c *Client) LoadPolicy(mode PolicyMode, policyID string, policy io.Reader) (*PolicyResponse, error)

LoadPolicy submits new policy data or polciy changes to the server.

The required permission depends on the mode.

func (*Client) NeedsTokenRefresh 

func (c *Client) NeedsTokenRefresh() bool

func (*Client) RefreshToken 

func (c *Client) RefreshToken() (err error)

func (*Client) Resource added in v0.4.0 

func (c *Client) Resource(resourceID string) (resource map[string]interface{}, err error)

Resource fetches a single user-visible resource by id.

func (*Client) Resources added in v0.4.0 

func (c *Client) Resources(filter *ResourceFilter) (resources []map[string]interface{}, err error)

Resources fetches user-visible resources. The set of resources can be limited by the given ResourceFilter. If filter is non-nil, only non-zero-valued members of the filter will be applied.

func (*Client) RetrieveBatchSecrets added in v0.3.3 

func (c *Client) RetrieveBatchSecrets(variableIDs []string) (map[string][]byte, error)

RetrieveBatchSecrets fetches values for all variables in a slice using a single API call

The authenticated user must have execute privilege on all variables.

func (*Client) RetrieveSecret 

func (c *Client) RetrieveSecret(variableID string) ([]byte, error)

RetrieveSecret fetches a secret from a variable.

The authenticated user must have execute privilege on the variable.

func (*Client) RetrieveSecretReader added in v0.3.0 

func (c *Client) RetrieveSecretReader(variableID string) (io.ReadCloser, error)

RetrieveSecretReader fetches a secret from a variable and returns it as a data stream.

The authenticated user must have execute privilege on the variable.

func (*Client) RotateAPIKey added in v0.3.0 

func (c *Client) RotateAPIKey(roleID string) ([]byte, error)

RotateAPIKey replaces the API key of a role on the server with a new random secret.

The authenticated user must have update privilege on the role.

func (*Client) RotateAPIKeyReader added in v0.3.0 

func (c *Client) RotateAPIKeyReader(roleID string) (io.ReadCloser, error)

RotateAPIKeyReader replaces the API key of a role on the server with a new random secret and returns it as a data stream.

The authenticated user must have update privilege on the role.

func (*Client) SetHttpClient added in v0.5.1 

func (c *Client) SetHttpClient(httpClient *http.Client)

func (*Client) SubmitRequest 

func (c *Client) SubmitRequest(req *http.Request) (resp *http.Response, err error)

type Config 

type Config struct {
	Account      string `yaml:"account,omitempty"`
	ApplianceURL string `yaml:"appliance_url,omitempty"`
	NetRCPath    string `yaml:"netrc_path,omitempty"`
	SSLCert      string `yaml:"-"`
	SSLCertPath  string `yaml:"cert_file,omitempty"`
	V4           bool   `yaml:"v4"`
}

func LoadConfig 

func LoadConfig() (config Config, err error)

func (*Config) BaseURL 

func (c *Config) BaseURL() string

func (*Config) IsHttps added in v0.5.0 

func (c *Config) IsHttps() bool

func (*Config) ReadSSLCert 

func (c *Config) ReadSSLCert() ([]byte, error)

type CreatedRole added in v0.3.0 

type CreatedRole struct {
	ID     string `json:"id"`
	APIKey string `json:"api_key"`
}

CreatedRole contains the full role ID and API key of a role which was created by the server when loading a policy.

type PolicyMode added in v0.3.0 

type PolicyMode uint

PolicyMode defines the server-sized behavior when loading a policy. 

const (
	// PolicyModePost appends new data to the policy.
	PolicyModePost PolicyMode = 1
	// PolicyModePut completely replaces the policy, implicitly deleting data which is not present in the new policy.
	PolicyModePut PolicyMode = 2
	// PolicyModePatch adds policy data and explicitly deletes policy data.
	PolicyModePatch PolicyMode = 3
)

type PolicyResponse added in v0.3.0 

type PolicyResponse struct {
	// Newly created roles.
	CreatedRoles map[string]CreatedRole `json:"created_roles"`
	// The version number of the policy.
	Version uint32 `json:"version"`
}

PolicyResponse contains information about the policy update.

type ResourceFilter added in v0.4.0 

type ResourceFilter struct {
	Kind string
}

type Router added in v0.3.0 

type Router interface {
	AddSecretRequest(variableID, secretValue string) (*http.Request, error)
	AuthenticateRequest(loginPair authn.LoginPair) (*http.Request, error)
	CheckPermissionRequest(resourceID, privilege string) (*http.Request, error)
	LoadPolicyRequest(mode PolicyMode, policyID string, policy io.Reader) (*http.Request, error)
	ResourceRequest(resourceID string) (*http.Request, error)
	ResourcesRequest(filter *ResourceFilter) (*http.Request, error)
	RetrieveBatchSecretsRequest(variableIDs []string) (*http.Request, error)
	RetrieveSecretRequest(variableID string) (*http.Request, error)
	RotateAPIKeyRequest(roleID string) (*http.Request, error)
}

type RouterV4 added in v0.3.0 

type RouterV4 struct {
	Config *Config
}

func (RouterV4) AddSecretRequest added in v0.3.0 

func (r RouterV4) AddSecretRequest(variableID, secretValue string) (*http.Request, error)

func (RouterV4) AuthenticateRequest added in v0.3.0 

func (r RouterV4) AuthenticateRequest(loginPair authn.LoginPair) (*http.Request, error)

func (RouterV4) CheckPermissionRequest added in v0.3.0 

func (r RouterV4) CheckPermissionRequest(resourceID, privilege string) (*http.Request, error)

func (RouterV4) LoadPolicyRequest added in v0.3.0 

func (r RouterV4) LoadPolicyRequest(mode PolicyMode, policyID string, policy io.Reader) (*http.Request, error)

func (RouterV4) ResourceRequest added in v0.4.0 

func (r RouterV4) ResourceRequest(resourceID string) (*http.Request, error)

func (RouterV4) ResourcesRequest added in v0.4.0 

func (r RouterV4) ResourcesRequest(filter *ResourceFilter) (*http.Request, error)

func (RouterV4) RetrieveBatchSecretsRequest added in v0.3.3 

func (r RouterV4) RetrieveBatchSecretsRequest(variableIDs []string) (*http.Request, error)

func (RouterV4) RetrieveSecretRequest added in v0.3.0 

func (r RouterV4) RetrieveSecretRequest(variableID string) (*http.Request, error)

func (RouterV4) RotateAPIKeyRequest added in v0.3.0 

func (r RouterV4) RotateAPIKeyRequest(roleID string) (*http.Request, error)

type RouterV5 added in v0.3.0 

type RouterV5 struct {
	Config *Config
}

func (RouterV5) AddSecretRequest added in v0.3.0 

func (r RouterV5) AddSecretRequest(variableID, secretValue string) (*http.Request, error)

func (RouterV5) AuthenticateRequest added in v0.3.0 

func (r RouterV5) AuthenticateRequest(loginPair authn.LoginPair) (*http.Request, error)

func (RouterV5) CheckPermissionRequest added in v0.3.0 

func (r RouterV5) CheckPermissionRequest(resourceID, privilege string) (*http.Request, error)

func (RouterV5) LoadPolicyRequest added in v0.3.0 

func (r RouterV5) LoadPolicyRequest(mode PolicyMode, policyID string, policy io.Reader) (*http.Request, error)

func (RouterV5) ResourceRequest added in v0.4.0 

func (r RouterV5) ResourceRequest(resourceID string) (*http.Request, error)

func (RouterV5) ResourcesRequest added in v0.4.0 

func (r RouterV5) ResourcesRequest(filter *ResourceFilter) (*http.Request, error)

func (RouterV5) RetrieveBatchSecretsRequest added in v0.3.3 

func (r RouterV5) RetrieveBatchSecretsRequest(variableIDs []string) (*http.Request, error)

func (RouterV5) RetrieveSecretRequest added in v0.3.0 

func (r RouterV5) RetrieveSecretRequest(variableID string) (*http.Request, error)

func (RouterV5) RotateAPIKeyRequest added in v0.3.0 

func (r RouterV5) RotateAPIKeyRequest(roleID string) (*http.Request, error)

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.