Documentation
¶
Index ¶
- Constants
- func APIKeyCreate(serverURL, apiKey, operatorID, name string) error
- func APIKeyRevoke(serverURL, apiKey, operatorID, keyID string) error
- func CACreate(serverURL, apiKey, name, duration string) error
- func CADelete(serverURL, apiKey, id string) error
- func CAList(serverURL, apiKey string) error
- func CARotate(serverURL, apiKey, id string) error
- func HashAPIKey(key string) string
- func HostBlock(serverURL, apiKey, hostID string) error
- func HostCreate(serverURL, apiKey, networkID, name, nebulaIP, role string, groups []string, ...) error
- func HostDelete(serverURL, apiKey, hostID string) error
- func HostList(serverURL, apiKey, networkID string) error
- func HostUnblock(serverURL, apiKey, hostID string) error
- func Init(configPath string) error
- func NetworkCreate(serverURL, apiKey, name, cidr string) error
- func NetworkList(serverURL, apiKey string) error
- func OpsMintAdminKey(configPath string) error
- func SeedAdminOperator(ctx context.Context, s store.Store, uiPassword, apiKey string) (bool, error)
- func Serve(configPath string) error
- func UserCreate(serverURL, apiKey, username, password, displayName, role string) error
- func UserDisable(serverURL, apiKey, id string) error
- func UserEnable(serverURL, apiKey, id string) error
- func UserList(serverURL, apiKey string) error
Constants ¶
const DefaultAdminUsername = "admin"
DefaultAdminUsername is the username assigned to the auto-seeded admin operator.
Variables ¶
This section is empty.
Functions ¶
func APIKeyCreate ¶
APIKeyCreate creates a new per-operator API key. The plaintext key is printed once.
func APIKeyRevoke ¶
APIKeyRevoke revokes an existing per-operator API key.
func HashAPIKey ¶
HashAPIKey hashes an API key for storage. Used by both bootstrap and the API auth middleware so the same algorithm is applied on insert and lookup.
func HostCreate ¶
func HostCreate(serverURL, apiKey, networkID, name, nebulaIP, role string, groups []string, publicIP string, listenPort int) error
HostCreate creates a host via the API.
func HostDelete ¶
HostDelete deletes a host via the API.
func HostUnblock ¶
HostUnblock unblocks a host via the API. The host is moved back to pending and must re-enroll to obtain a new certificate.
func Init ¶
Init initializes the management server: creates CA, generates API key, and initializes the database. configPath is required — the generated API key is written back to this file.
func NetworkCreate ¶
NetworkCreate creates a network via the API.
func NetworkList ¶
NetworkList lists networks via the API.
func OpsMintAdminKey ¶
OpsMintAdminKey opens the SQLite store referenced by configPath, looks up the admin operator by DefaultAdminUsername, mints a fresh operator_api_keys row with a SHA-256 hashed plaintext, records an audit entry, and prints the plaintext to stdout once. Used for break-glass recovery when the initial admin key is lost.
func SeedAdminOperator ¶
SeedAdminOperator creates the initial admin operator from the configured password and API key when no operators exist yet. It is safe to call on every startup: it is idempotent and a no-op if the operators table is already populated. Either uiPassword or apiKey may be empty.
When apiKey is non-empty it is hashed and stored as the admin's first operator API key. The apiKey value comes from the caller (Init generates it inline; Serve passes ""), not from a persisted config field. Runtime auth via bearerAuth middleware authenticates exclusively through operator_api_keys.
The empty-table check and the inserts are delegated to the store as a single atomic operation (SeedInitialAdminOperator). Two concurrent first-boot invocations therefore cannot both seed an admin row: the race-loser's conditional INSERT sees a non-empty operators table and returns (false, nil) without writing.
It returns true if this call performed the seed so the caller can log it.
func UserCreate ¶
UserCreate creates a new operator via the API.
func UserDisable ¶
UserDisable disables an operator via the API. Their sessions are invalidated and API keys revoked atomically.
func UserEnable ¶
UserEnable re-enables a disabled operator.
Types ¶
This section is empty.
Source Files