Versions in this module Expand all Collapse all v1 v1.4.1 May 14, 2026 v1.4.0 May 14, 2026 v1.3.1 May 7, 2026 v1.3.0 Apr 29, 2026 v1.2.0 Feb 20, 2026 v1.1.0 Feb 8, 2026 Changes in this version + const BadKeyFormatCode + const BadPrincipalIdentifier + const BadRequestDataCode + const InternalServerErrorCode + const KeyIdentifierDoesNotExistCode + const KeyIdentifierExistsCode + const KeyVersionDoesNotExistCode + const Machine + const MachinePrefix + const MaxKeyDataSize + const MaxKeyIDLength + const MaxPrincipalIDLength + const MaxRequestBodySize + const NoKeyDataCode + const NoKeyIDCode + const NotFoundCode + const NotYetImplementedCode + const OKCode + const Service + const ServicePrefix + const UnauthenticatedCode + const UnauthorizedCode + const Unknown + const User + const UserGroup + var ErrACLContainsNone = errors.New("ACL contains None access") + var ErrACLDuplicateEntries = errors.New("duplicate entries in ACL") + var ErrACLEmptyPrincipal = errors.New(...) + var ErrACLInvalidService = errors.New("service is invalid, must conform to 'spiffe://<domain>/<path>' format") + var ErrACLInvalidServicePrefixNoSlash = errors.New(...) + var ErrACLInvalidServicePrefixTooShort = errors.New("service prefix too short, path of namespace for prefix needs to be longer") + var ErrACLInvalidServicePrefixURL = errors.New(...) + var ErrInactiveToPrimary = errors.New("version must be active to promote to primary") + var ErrInvalidJSON = errors.New("invalid JSON format") + var ErrInvalidKeyID = errors.New("key ID can only contain alphanumeric characters, colons, and underscores") + var ErrInvalidMachineID = errors.New("invalid machine ID format") + var ErrInvalidSPIFFEURI = errors.New("invalid SPIFFE URI format") + var ErrInvalidStatus = errors.New("invalid status") + var ErrInvalidUserID = errors.New("invalid user ID format") + var ErrInvalidVersionHash = errors.New("hash does not match") + var ErrKeyDataTooLarge = errors.New("key data too large (max 1MB)") + var ErrKeyExists = errors.New("key exists") + var ErrKeyIDEmpty = errors.New("key ID cannot be empty") + var ErrKeyIDInvalidFormat = errors.New("key ID contains invalid characters") + var ErrKeyIDNotFound = errors.New("key ID not found") + var ErrKeyIDTooLong = errors.New("key ID too long (max 256 characters)") + var ErrKeyVersionNotFound = errors.New("key version not found") + var ErrMulitplePrimary = errors.New("more than one primary key") + var ErrPathTraversal = errors.New("path traversal attempt detected") + var ErrPrimaryToActive = errors.New("primary key cannot be demoted, specify active key to promote") + var ErrPrimaryToInactive = errors.New("version must be active to demote to inactive") + var ErrPrincipalIDEmpty = errors.New("principal ID cannot be empty") + var ErrPrincipalIDTooLong = errors.New("principal ID too long (max 512 characters)") + var ErrRequestTooLarge = errors.New("request body too large (max 10MB)") + var ErrSameVersionID = errors.New("repeated version ID") + var ErrUnsafeCharacters = errors.New("input contains unsafe characters") + func IsValidJSON(data []byte) bool + func SanitizeString(input string) string + func ValidateACL(acl ACL) error + func ValidateAccess(access Access) error + func ValidateKeyCreation(keyID string, data []byte, acl ACL) error + func ValidateKeyData(data []byte) error + func ValidateKeyID(keyID string) error + func ValidatePrincipalID(principalType PrincipalType, id string) error + func ValidateRequestBodySize(size int64) error + type ACL []Access + func (acl ACL) Add(a Access) ACL + func (acl ACL) Validate() error + type Access struct + AccessType AccessType + ID string + Type PrincipalType + type AccessCallbackInput struct + AccessType AccessType + Key Key + Principals []RawPrincipal + type AccessType int + const Admin + const None + const Read + const Write + func (s *AccessType) UnmarshalJSON(b []byte) error + func (s AccessType) CanAccess(resource AccessType) bool + func (s AccessType) MarshalJSON() ([]byte, error) + type Key struct + ACL ACL + ID string + Path string + TinkKeyset string + VersionHash string + VersionList KeyVersionList + func (k Key) Validate() error + type KeyVersion struct + CreationTime int64 + Data []byte + ID uint64 + Status VersionStatus + type KeyVersionList []KeyVersion + func (kvl KeyVersionList) GetActive() KeyVersionList + func (kvl KeyVersionList) GetPrimary() *KeyVersion + func (kvl KeyVersionList) Hash() string + func (kvl KeyVersionList) Len() int + func (kvl KeyVersionList) Less(i, j int) bool + func (kvl KeyVersionList) Swap(i, j int) + func (kvl KeyVersionList) Update(versionID uint64, s VersionStatus) (KeyVersionList, error) + func (kvl KeyVersionList) Validate() error + type Principal interface + CanAccess func(ACL, AccessType) bool + GetID func() string + Raw func() []RawPrincipal + Type func() string + func NewPrincipalMux(defaultPrincipal Principal, allPrincipals map[string]Principal) Principal + type PrincipalMux struct + func (p PrincipalMux) CanAccess(acl ACL, accessType AccessType) bool + func (p PrincipalMux) Default() Principal + func (p PrincipalMux) GetID() string + func (p PrincipalMux) GetIDs() []string + func (p PrincipalMux) Raw() []RawPrincipal + func (p PrincipalMux) Type() string + type PrincipalType int + func (s *PrincipalType) UnmarshalJSON(b []byte) error + func (s PrincipalType) IsValidPrincipal(id string, extraValidators []PrincipalValidator) error + func (s PrincipalType) MarshalJSON() ([]byte, error) + type PrincipalValidator func(pt PrincipalType, id string) error + func ServicePrefixPathComponentsValidator(minPathComponents int) PrincipalValidator + type RawPrincipal struct + ID string + Type string + type Response struct + Code int + Data any + Host string + Message string + Status string + Timestamp int64 + type VersionStatus int + const Active + const Inactive + const Primary + func (s *VersionStatus) UnmarshalJSON(b []byte) error + func (s VersionStatus) MarshalJSON() ([]byte, error)
Go to main page