Documentation
¶
Index ¶
- Constants
- Variables
- func IsForbidden(err error) bool
- func IsNotFound(err error) bool
- func IsRateLimited(err error) bool
- func IsUnauthorized(err error) bool
- func WalkPages(ctx context.Context, initial *ListOptions, maxPages int, fetch PageFetcher) error
- type APIError
- type Authenticator
- type BasicAuth
- type BearerTokenAuth
- type Client
- func (c *Client) BaseURL() *url.URL
- func (c *Client) Do(ctx context.Context, req *http.Request, v any) (*Response, error)
- func (c *Client) DoRaw(ctx context.Context, req *http.Request, w io.Writer) (*Response, error)
- func (c *Client) NewRequest(ctx context.Context, method, path string, body any) (*http.Request, error)
- func (c *Client) WithOrgScope(id string) *Client
- type HTTPClient
- type ListOptions
- type Logger
- type Option
- func WithAccessKeyAuth(keyID, secretID string) Option
- func WithAuthenticator(a Authenticator) Option
- func WithBaseURL(u string) Option
- func WithBasicAuth(username, password string) Option
- func WithBearerToken(token string) Option
- func WithCookie(name, value string) Option
- func WithDebugRequests(on bool) Option
- func WithHTTPClient(hc *http.Client) Option
- func WithHeader(key, value string) Option
- func WithInsecureSkipVerify(skip bool) Option
- func WithLogger(l Logger) Option
- func WithOrg(id string) Option
- func WithPrivateToken(token string) Option
- func WithRetry(maxRetries int, minWait, maxWait time.Duration) Option
- func WithTimeout(d time.Duration) Option
- func WithUserAgent(ua string) Option
- type PageFetcher
- type PrivateTokenAuth
- type Response
- type SignatureAuth
Constants ¶
const Version = "0.2.0"
Version is the semantic version of the SDK. Bump whenever the public API surface changes in a user-visible way.
Variables ¶
var ( ErrBadRequest = &APIError{StatusCode: http.StatusBadRequest} ErrForbidden = &APIError{StatusCode: http.StatusForbidden} ErrNotFound = &APIError{StatusCode: http.StatusNotFound} ErrConflict = &APIError{StatusCode: http.StatusConflict} ErrRateLimited = &APIError{StatusCode: http.StatusTooManyRequests} ErrServer = &APIError{StatusCode: http.StatusInternalServerError} )
Sentinel errors for common status classes.
Functions ¶
func IsForbidden ¶
func IsNotFound ¶
func IsRateLimited ¶
func IsUnauthorized ¶
func WalkPages ¶
func WalkPages(ctx context.Context, initial *ListOptions, maxPages int, fetch PageFetcher) error
WalkPages repeatedly invokes fetch with an advancing ListOptions until no next page is reported. maxPages bounds the total number of HTTP calls as a safety valve; pass 0 for "unbounded".
Types ¶
type APIError ¶
type APIError struct {
StatusCode int
Method string
URL string
Body []byte
Message string
Response *http.Response
}
APIError represents a non-2xx response from the JumpServer API.
type Authenticator ¶
type Authenticator interface {
// Authenticate mutates req in place (typically by setting headers
// or cookies). Returning a non-nil error aborts the request.
Authenticate(req *http.Request) error
}
Authenticator signs or annotates an outgoing *http.Request with credentials. Implementations must be safe for concurrent use.
type BearerTokenAuth ¶
type BearerTokenAuth struct {
Token string
}
BearerTokenAuth sets "Authorization: Bearer <token>".
func (*BearerTokenAuth) Authenticate ¶
func (a *BearerTokenAuth) Authenticate(req *http.Request) error
Authenticate implements Authenticator.
type Client ¶
type Client struct {
Auth *auth.Service
Users *users.Service
UserGroups *users.GroupsService
Roles *rbac.Service
Assets *assets.AssetsService
Hosts *assets.CategoryService
Devices *assets.CategoryService
Databases *assets.CategoryService
Webs *assets.CategoryService
Clouds *assets.CategoryService
Customs *assets.CategoryService
Nodes *assets.NodesService
Platforms *assets.PlatformsService
Zones *assets.ZonesService
Gateways *assets.GatewaysService
Labels *labels.Service
Accounts *accounts.Service
AccountTemplates *accounts.TemplatesService
ChangeSecrets *accounts.ChangeSecretService
AccountBackups *accounts.BackupService
Organizations *orgs.Service
Permissions *perms.Service
Self *perms.SelfService
CommandFilters *acls.CommandFiltersService
LoginACLs *acls.LoginACLsService
Audits *audits.Service
Terminal *terminal.Service
Tickets *tickets.Service
Settings *settings.Service
Ops *ops.Service
Xpack *xpack.Service
// contains filtered or unexported fields
}
Client talks to a JumpServer instance. Construct one with NewClient.
func (*Client) Do ¶
Do sends req and decodes the response into v. When v is a *bytes.Buffer the raw body is copied into it instead.
func (*Client) DoRaw ¶
DoRaw sends req and streams the response body into w without JSON decoding. Use it for binary downloads (e.g. session replays, files).
func (*Client) NewRequest ¶
func (c *Client) NewRequest(ctx context.Context, method, path string, body any) (*http.Request, error)
NewRequest builds an *http.Request against the client's base URL. Body is JSON-encoded when non-nil.
func (*Client) WithOrgScope ¶
WithOrgScope returns a copy of c whose default X-JMS-ORG header is overridden to id.
type HTTPClient ¶
type HTTPClient = core.HTTPClient
HTTPClient is the interface that service sub-packages use to make HTTP requests. *Client satisfies this interface.
type ListOptions ¶
type ListOptions = core.ListOptions
ListOptions configures pagination and search for list endpoints.
type Logger ¶
Logger is a minimal interface satisfied by *log.Logger. Pass any compatible implementation to WithLogger.
type Option ¶
type Option func(*clientConfig)
Option configures a Client. Pass any number of options to NewClient.
func WithAccessKeyAuth ¶
WithAccessKeyAuth authenticates using HMAC-SHA256 HTTP Signature (JumpServer "Access Key"). This is the recommended way to talk to the API with a service account.
func WithAuthenticator ¶
func WithAuthenticator(a Authenticator) Option
WithAuthenticator installs a fully custom Authenticator.
func WithBaseURL ¶
WithBaseURL sets the JumpServer base URL, e.g. "https://jumpserver.example.com". Trailing slashes are trimmed.
func WithBasicAuth ¶
WithBasicAuth authenticates with HTTP Basic. Useful to obtain a Bearer token through the authentication endpoint.
func WithBearerToken ¶
WithBearerToken authenticates with "Authorization: Bearer <token>".
func WithCookie ¶
WithCookie adds a cookie sent on every request.
func WithDebugRequests ¶
WithDebugRequests toggles verbose request/response dumps in the logger output.
func WithHTTPClient ¶
WithHTTPClient replaces the default *http.Client. When set, the timeout/retry/InsecureSkipVerify options are still respected for retry logic but the caller owns the transport.
func WithHeader ¶
WithHeader adds an extra header sent on every request.
func WithInsecureSkipVerify ¶
WithInsecureSkipVerify controls TLS certificate verification. The default is true for compatibility with self-signed JumpServer deployments, but production code should set this to false.
func WithLogger ¶
WithLogger enables request/response logging via the supplied Logger.
func WithOrg ¶
WithOrg sets the default X-JMS-ORG header value. JumpServer routes most endpoints through an organization; use "ROOT" (default) for the default organization, "00000000-0000-0000-0000-000000000002" for the global org, or a specific org ID.
func WithPrivateToken ¶
WithPrivateToken authenticates with "Authorization: Token <token>", the legacy JumpServer private-token scheme.
func WithRetry ¶
WithRetry configures automatic retries. Retries occur on:
- HTTP 408, 429, 500, 502, 503, 504 responses
- Transient network errors (timeout, connection reset, DNS temporary failure)
Permanent errors (TLS failures, context cancellation) are never retried. Backoff uses exponential delay with full jitter, honouring Retry-After headers.
func WithTimeout ¶
WithTimeout sets the per-request timeout.
func WithUserAgent ¶
WithUserAgent overrides the default User-Agent header.
type PageFetcher ¶
type PageFetcher = core.PageFetcher
PageFetcher paginates through all pages of a list endpoint.
type PrivateTokenAuth ¶
type PrivateTokenAuth struct {
Token string
}
PrivateTokenAuth sets "Authorization: Token <token>".
func (*PrivateTokenAuth) Authenticate ¶
func (a *PrivateTokenAuth) Authenticate(req *http.Request) error
Authenticate implements Authenticator.
type SignatureAuth ¶
SignatureAuth signs requests with HMAC-SHA256 using the JumpServer "Access Key" scheme, which is a profile of the IETF HTTP Signatures draft. The signed headers are "(request-target)" and "date".
func (*SignatureAuth) Authenticate ¶
func (a *SignatureAuth) Authenticate(req *http.Request) error
Authenticate implements Authenticator.
Directories
¶
| Path | Synopsis |
|---|---|
|
examples
|
|
|
connection-token
command
Connection token flow example — mirrors the Python UserClient workflow.
|
Connection token flow example — mirrors the Python UserClient workflow. |
|
create-asset
command
Example: create a host asset and bind it to a node.
|
Example: create a host asset and bind it to a node. |
|
integration
command
Integration test: full CRUD lifecycle for every JumpServer v4 service.
|
Integration test: full CRUD lifecycle for every JumpServer v4 service. |
|
list-users
command
Example: list users from a JumpServer instance using an AccessKey.
|
Example: list users from a JumpServer instance using an AccessKey. |
|
internal
|
|