Documentation ¶
Index ¶
- Constants
- func LoginPairFromEnv() (*authn.LoginPair, error)
- func PurgeCredentials(config Config) error
- func ReadResponseBody(response io.ReadCloser) ([]byte, error)
- type Authenticator
- type Client
- func NewClient(config Config) (*Client, error)
- func NewClientFromEnvironment(config Config) (*Client, error)
- func NewClientFromJwt(config Config, authnJwtServiceID string) (*Client, error)
- func NewClientFromKey(config Config, loginPair authn.LoginPair) (*Client, error)
- func NewClientFromOidcCode(config Config, code, nonce, code_verifier string) (*Client, error)
- func NewClientFromToken(config Config, token string) (*Client, error)
- func NewClientFromTokenFile(config Config, tokenFile string) (*Client, error)
- func (c *Client) AddSecret(variableID string, secretValue string) error
- func (c *Client) AddSecretRequest(variableID, secretValue string) (*http.Request, error)
- func (c *Client) Authenticate(loginPair authn.LoginPair) ([]byte, error)
- func (c *Client) AuthenticateReader(loginPair authn.LoginPair) (io.ReadCloser, error)
- func (c *Client) AuthenticateRequest(loginPair authn.LoginPair) (*http.Request, error)
- func (c *Client) ChangeCurrentUserPassword(newPassword string) ([]byte, error)
- func (c *Client) ChangeUserPassword(username string, password string, newPassword string) ([]byte, error)
- func (c *Client) ChangeUserPasswordRequest(username string, password string, newPassword string) (*http.Request, error)
- func (c *Client) CheckPermission(resourceID string, privilege string) (bool, error)
- func (c *Client) CheckPermissionForRole(resourceID string, roleID string, privilege string) (bool, error)
- func (c *Client) CheckPermissionForRoleRequest(resourceID, roleID, privilege string) (*http.Request, error)
- func (c *Client) CheckPermissionRequest(resourceID, privilege string) (*http.Request, error)
- func (c *Client) CreateHost(id string, token string) (HostFactoryHostResponse, error)
- func (c *Client) CreateHostRequest(body string, token string) (*http.Request, error)
- func (c *Client) CreateToken(durationStr string, hostFactory string, cidrs []string, count int) ([]HostFactoryTokenResponse, error)
- func (c *Client) CreateTokenRequest(body string) (*http.Request, error)
- func (c *Client) DeleteToken(token string) error
- func (c *Client) DeleteTokenRequest(token string) (*http.Request, error)
- func (c *Client) ForceRefreshToken() error
- func (c *Client) GetAuthenticator() Authenticator
- func (c *Client) GetConfig() Config
- func (c *Client) GetHttpClient() *http.Client
- func (c *Client) InternalAuthenticate() ([]byte, error)
- func (c *Client) ListOidcProviders() ([]OidcProvider, error)
- func (c *Client) ListOidcProvidersRequest() (*http.Request, error)
- func (c *Client) LoadPolicy(mode PolicyMode, policyID string, policy io.Reader) (*PolicyResponse, error)
- func (c *Client) LoadPolicyRequest(mode PolicyMode, policyID string, policy io.Reader) (*http.Request, error)
- func (c *Client) Login(login string, password string) ([]byte, error)
- func (c *Client) LoginRequest(login string, password string) (*http.Request, error)
- func (c *Client) NeedsTokenRefresh() bool
- func (c *Client) OidcAuthenticate(code, nonce, code_verifier string) ([]byte, error)
- func (c *Client) OidcAuthenticateRequest(code, nonce, code_verifier string) (*http.Request, error)
- func (c *Client) PermittedRoles(resourceID, privilege string) ([]string, error)
- func (c *Client) PermittedRolesRequest(resourceID string, privilege string) (*http.Request, error)
- func (c *Client) PublicKeys(kind string, identifier string) ([]byte, error)
- func (c *Client) PublicKeysRequest(kind string, identifier string) (*http.Request, error)
- func (c *Client) PurgeCredentials() error
- func (c *Client) RefreshToken() (err error)
- func (c *Client) Resource(resourceID string) (resource map[string]interface{}, err error)
- func (c *Client) ResourceExists(resourceID string) (bool, error)
- func (c *Client) ResourceIDs(filter *ResourceFilter) ([]string, error)
- func (c *Client) ResourceRequest(resourceID string) (*http.Request, error)
- func (c *Client) Resources(filter *ResourceFilter) (resources []map[string]interface{}, err error)
- func (c *Client) ResourcesRequest(filter *ResourceFilter) (*http.Request, error)
- func (c *Client) RetrieveBatchSecrets(variableIDs []string) (map[string][]byte, error)
- func (c *Client) RetrieveBatchSecretsRequest(variableIDs []string, base64Flag bool) (*http.Request, error)
- func (c *Client) RetrieveBatchSecretsSafe(variableIDs []string) (map[string][]byte, error)
- func (c *Client) RetrieveSecret(variableID string) ([]byte, error)
- func (c *Client) RetrieveSecretReader(variableID string) (io.ReadCloser, error)
- func (c *Client) RetrieveSecretRequest(variableID string) (*http.Request, error)
- func (c *Client) RetrieveSecretWithVersion(variableID string, version int) ([]byte, error)
- func (c *Client) RetrieveSecretWithVersionReader(variableID string, version int) (io.ReadCloser, error)
- func (c *Client) RetrieveSecretWithVersionRequest(variableID string, version int) (*http.Request, error)
- func (c *Client) Role(roleID string) (role map[string]interface{}, err error)
- func (c *Client) RoleExists(roleID string) (bool, error)
- func (c *Client) RoleMembers(roleID string) (members []map[string]interface{}, err error)
- func (c *Client) RoleMembersRequest(roleID string) (*http.Request, error)
- func (c *Client) RoleMemberships(roleID string) (memberships []map[string]interface{}, err error)
- func (c *Client) RoleMembershipsRequest(roleID string) (*http.Request, error)
- func (c *Client) RoleRequest(roleID string) (*http.Request, error)
- func (c *Client) RotateAPIKey(roleID string) ([]byte, error)
- func (c *Client) RotateAPIKeyReader(roleID string) (io.ReadCloser, error)
- func (c *Client) RotateAPIKeyRequest(roleID string) (*http.Request, error)
- func (c *Client) RotateCurrentUserAPIKey() ([]byte, error)
- func (c *Client) RotateCurrentUserAPIKeyRequest(login string, password string) (*http.Request, error)
- func (c *Client) RotateHostAPIKey(hostID string) ([]byte, error)
- func (c *Client) RotateUserAPIKey(userID string) ([]byte, error)
- func (c *Client) SetAuthenticator(authenticator Authenticator)
- func (c *Client) SetHttpClient(httpClient *http.Client)
- func (c *Client) SubmitRequest(req *http.Request) (resp *http.Response, err error)
- func (c *Client) WhoAmI() ([]byte, error)
- func (c *Client) WhoAmIRequest() (*http.Request, error)
- type Config
- type CreatedRole
- type CredentialStorageProvider
- type HostFactoryHostResponse
- type HostFactoryTokenResponse
- type OidcProvider
- type PolicyMode
- type PolicyResponse
- type ResourceFilter
Constants ¶
const ( CredentialStorageFile = "file" CredentialStorageKeyring = "keyring" CredentialStorageNone = "none" )
Variables ¶
This section is empty.
Functions ¶
func LoginPairFromEnv ¶
func PurgeCredentials ¶ added in v0.11.0
PurgeCredentials purges credentials from the credential storage indicated by the configuration.
func ReadResponseBody ¶ added in v0.3.0
func ReadResponseBody(response io.ReadCloser) ([]byte, error)
ReadResponseBody fully reads a response and closes it.
Types ¶
type Authenticator ¶
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
func NewClientFromEnvironment ¶
TODO: Create a version of this function for creating an authenticator from environment
func NewClientFromJwt ¶ added in v0.11.0
func NewClientFromKey ¶
func NewClientFromOidcCode ¶ added in v0.11.0
func NewClientFromTokenFile ¶
func (*Client) AddSecret ¶
AddSecret adds a secret value to a variable.
The authenticated user must have update privilege on the variable.
func (*Client) AddSecretRequest ¶ added in v0.11.0
func (*Client) Authenticate ¶
Authenticate obtains a new access token.
func (*Client) AuthenticateReader ¶ added in v0.3.0
AuthenticateReader obtains a new access token and returns it as a data stream.
func (*Client) AuthenticateRequest ¶ added in v0.11.0
func (*Client) ChangeCurrentUserPassword ¶ added in v0.11.0
func (*Client) ChangeUserPassword ¶ added in v0.11.0
func (*Client) ChangeUserPasswordRequest ¶ added in v0.11.0
func (*Client) CheckPermission ¶ added in v0.3.0
CheckPermission determines whether the authenticated user has a specified privilege on a resource.
func (*Client) CheckPermissionForRole ¶ added in v0.11.0
func (c *Client) CheckPermissionForRole(resourceID string, roleID string, privilege string) (bool, error)
CheckPermissionForRole determines whether the provided role has a specific privilege on a resource.
func (*Client) CheckPermissionForRoleRequest ¶ added in v0.11.0
func (c *Client) CheckPermissionForRoleRequest(resourceID, roleID, privilege string) (*http.Request, error)
CheckPermissionForRoleRequest crafts an HTTP request to Conjur's /resource endpoint to check if a given role has the given privilege on the given resourceID.
func (*Client) CheckPermissionRequest ¶ added in v0.11.0
CheckPermissionRequest crafts an HTTP request to Conjur's /resource endpoint to check if the authenticated user has the given privilege on the given resourceID.
func (*Client) CreateHost ¶ added in v0.11.0
func (c *Client) CreateHost(id string, token string) (HostFactoryHostResponse, error)
func (*Client) CreateHostRequest ¶ added in v0.11.0
func (*Client) CreateToken ¶ added in v0.11.0
func (*Client) CreateTokenRequest ¶ added in v0.11.0
func (*Client) DeleteToken ¶ added in v0.11.0
func (*Client) DeleteTokenRequest ¶ added in v0.11.0
func (*Client) ForceRefreshToken ¶ added in v0.11.0
func (*Client) GetAuthenticator ¶ added in v0.11.0
func (c *Client) GetAuthenticator() Authenticator
func (*Client) GetHttpClient ¶ added in v0.5.1
func (*Client) InternalAuthenticate ¶ added in v0.11.0
Authenticate obtains a new access token using the internal authenticator.
func (*Client) ListOidcProviders ¶ added in v0.11.0
func (c *Client) ListOidcProviders() ([]OidcProvider, error)
func (*Client) ListOidcProvidersRequest ¶ added in v0.11.0
func (*Client) LoadPolicy ¶
func (c *Client) LoadPolicy(mode PolicyMode, policyID string, policy io.Reader) (*PolicyResponse, error)
LoadPolicy submits new policy data or polciy changes to the server.
The required permission depends on the mode.
func (*Client) LoadPolicyRequest ¶ added in v0.11.0
func (*Client) LoginRequest ¶ added in v0.11.0
func (*Client) NeedsTokenRefresh ¶
func (*Client) OidcAuthenticate ¶ added in v0.11.0
func (*Client) OidcAuthenticateRequest ¶ added in v0.11.0
func (*Client) PermittedRoles ¶ added in v0.11.0
PermittedRoles lists the roles which have the named permission on a resource
func (*Client) PermittedRolesRequest ¶ added in v0.11.0
func (*Client) PublicKeys ¶ added in v0.11.0
func (*Client) PublicKeysRequest ¶ added in v0.11.0
func (*Client) PurgeCredentials ¶ added in v0.11.0
PurgeCredentials purges credentials from the client's credential storage.
func (*Client) RefreshToken ¶
func (*Client) ResourceExists ¶ added in v0.11.0
ResourceExists checks whether or not a resource exists
func (*Client) ResourceIDs ¶ added in v0.11.0
func (c *Client) ResourceIDs(filter *ResourceFilter) ([]string, error)
func (*Client) ResourceRequest ¶ added in v0.11.0
func (*Client) Resources ¶ added in v0.4.0
func (c *Client) Resources(filter *ResourceFilter) (resources []map[string]interface{}, err error)
Resources fetches user-visible resources. The set of resources can be limited by the given ResourceFilter. If filter is non-nil, only non-zero-valued members of the filter will be applied.
func (*Client) ResourcesRequest ¶ added in v0.11.0
func (c *Client) ResourcesRequest(filter *ResourceFilter) (*http.Request, error)
func (*Client) RetrieveBatchSecrets ¶ added in v0.3.3
RetrieveBatchSecrets fetches values for all variables in a slice using a single API call
The authenticated user must have execute privilege on all variables.
func (*Client) RetrieveBatchSecretsRequest ¶ added in v0.11.0
func (*Client) RetrieveBatchSecretsSafe ¶ added in v0.7.0
RetrieveBatchSecretsSafe fetches values for all variables in a slice using a single API call. This version of the method will automatically base64-encode the secrets on the server side allowing the retrieval of binary values in batch requests. Secrets are NOT base64 encoded in the returned map.
The authenticated user must have execute privilege on all variables.
func (*Client) RetrieveSecret ¶
RetrieveSecret fetches a secret from a variable.
The authenticated user must have execute privilege on the variable.
func (*Client) RetrieveSecretReader ¶ added in v0.3.0
func (c *Client) RetrieveSecretReader(variableID string) (io.ReadCloser, error)
RetrieveSecretReader fetches a secret from a variable and returns it as a data stream.
The authenticated user must have execute privilege on the variable.
func (*Client) RetrieveSecretRequest ¶ added in v0.11.0
func (*Client) RetrieveSecretWithVersion ¶ added in v0.11.0
RetrieveSecretWithVersion fetches a specific version of a secret from a variable.
The authenticated user must have execute privilege on the variable.
func (*Client) RetrieveSecretWithVersionReader ¶ added in v0.11.0
func (c *Client) RetrieveSecretWithVersionReader(variableID string, version int) (io.ReadCloser, error)
RetrieveSecretWithVersionReader fetches a specific version of a secret from a variable and returns it as a data stream.
The authenticated user must have execute privilege on the variable.
func (*Client) RetrieveSecretWithVersionRequest ¶ added in v0.11.0
func (*Client) Role ¶ added in v0.11.0
Role fetches detailed information about a specific role, including the role members
func (*Client) RoleExists ¶ added in v0.11.0
RoleExists checks whether or not a role exists
func (*Client) RoleMembers ¶ added in v0.11.0
RoleMembers fetches members within a role
func (*Client) RoleMembersRequest ¶ added in v0.11.0
func (*Client) RoleMemberships ¶ added in v0.11.0
RoleMemberships fetches memberships of a role, including a list of groups of which a specific host or user is a member
func (*Client) RoleMembershipsRequest ¶ added in v0.11.0
func (*Client) RoleRequest ¶ added in v0.11.0
func (*Client) RotateAPIKey ¶ added in v0.3.0
RotateAPIKey replaces the API key of a role on the server with a new random secret. Given that a fully-qualified resource id resembles '<account>:<kind>:<identifier>', argument roleID must be at least partially-qualified.
The authenticated user must have update privilege on the role.
func (*Client) RotateAPIKeyReader ¶ added in v0.3.0
func (c *Client) RotateAPIKeyReader(roleID string) (io.ReadCloser, error)
RotateAPIKeyReader replaces the API key of a role on the server with a new random secret and returns it as a data stream.
The authenticated user must have update privilege on the role.
func (*Client) RotateAPIKeyRequest ¶ added in v0.11.0
RotateAPIKeyRequest requires roleID argument to be at least partially-qualified ID of from [<account>:]<kind>:<identifier>.
func (*Client) RotateCurrentUserAPIKey ¶ added in v0.11.0
func (*Client) RotateCurrentUserAPIKeyRequest ¶ added in v0.11.0
func (*Client) RotateHostAPIKey ¶ added in v0.11.0
RotateHostAPIKey constructs a role ID from a given host ID then replaces the API key of the role with a new random secret. Given that a fully-qualified resource ID resembles '<account>:<kind>:<identifier>', argument hostID will be accepted as either fully- or partially-qualified, but the provided role must be a host.
The authenticated user must have update privilege on the role.
func (*Client) RotateUserAPIKey ¶ added in v0.11.0
RotateUserAPIKey constructs a role ID from a given user ID then replaces the API key of the role with a new random secret. Given that a fully-qualified resource ID resembles '<account>:<kind>:<identifier>', argument userID will be accepted as either fully- or partially-qualified, but the provided role must be a user.
The authenticated user must have update privilege on the role.
func (*Client) SetAuthenticator ¶ added in v0.11.0
func (c *Client) SetAuthenticator(authenticator Authenticator)
func (*Client) SetHttpClient ¶ added in v0.5.1
func (*Client) SubmitRequest ¶
type Config ¶
type Config struct { Account string `yaml:"account,omitempty"` ApplianceURL string `yaml:"appliance_url,omitempty"` NetRCPath string `yaml:"netrc_path,omitempty"` SSLCert string `yaml:"-"` SSLCertPath string `yaml:"cert_file,omitempty"` AuthnType string `yaml:"authn_type,omitempty"` ServiceID string `yaml:"service_id,omitempty"` CredentialStorage string `yaml:"credential_storage,omitempty"` }
func LoadConfig ¶
func (*Config) ReadSSLCert ¶
type CreatedRole ¶ added in v0.3.0
CreatedRole contains the full role ID and API key of a role which was created by the server when loading a policy.
type CredentialStorageProvider ¶ added in v0.11.0
type HostFactoryHostResponse ¶ added in v0.11.0
type HostFactoryTokenResponse ¶ added in v0.11.0
type OidcProvider ¶ added in v0.11.0
type OidcProvider struct { ServiceID string `json:"service_id"` Type string `json:"type"` Name string `json:"name"` Nonce string `json:"nonce"` CodeVerifier string `json:"code_verifier"` RedirectURI string `json:"redirect_uri"` }
OidcProvider contains information about an OIDC provider.
type PolicyMode ¶ added in v0.3.0
type PolicyMode uint
PolicyMode defines the server-sized behavior when loading a policy.
const ( // PolicyModePost appends new data to the policy. PolicyModePost PolicyMode = 1 // PolicyModePut completely replaces the policy, implicitly deleting data which is not present in the new policy. PolicyModePut PolicyMode = 2 // PolicyModePatch adds policy data and explicitly deletes policy data. PolicyModePatch PolicyMode = 3 )
type PolicyResponse ¶ added in v0.3.0
type PolicyResponse struct { // Newly created roles. CreatedRoles map[string]CreatedRole `json:"created_roles"` // The version number of the policy. Version uint32 `json:"version"` }
PolicyResponse contains information about the policy update.