registry

package
v0.21.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 20, 2016 License: BSD-3-Clause Imports: 17 Imported by: 0

Documentation

Overview

Package registry provides access to the Torus registry REST API.

Index

Constants

This section is empty.

Variables

View Source 
var ErrMemberNotFound = errors.New("keyring membership not found")

ErrMemberNotFound is returned when a keyring member find call fails.

Functions

This section is empty.

Types

type ClaimTree 

type ClaimTree struct {
	Org        *envelope.Unsigned          `json:"org"`
	PublicKeys []apitypes.PublicKeySegment `json:"public_keys"`
}

ClaimTree represents an organizations claim tree which contains public signing and encryption keys for every member.

type ClaimTreeClient 

type ClaimTreeClient struct {
	// contains filtered or unexported fields
}

ClaimTreeClient represents the `/claimtree` registry endpoint, used for retrieving the public keys and their associated claims for an organization.

func (*ClaimTreeClient) List 

func (c *ClaimTreeClient) List(ctx context.Context, orgID *identity.ID,
	ownerID *identity.ID) ([]ClaimTree, error)

List returns a list of all claimtrees for a given orgID. If no orgID is provided then it returns all claimtrees for every organization the user belongs too.

If an ownerID is provided then only public keys and claims related to that user or machine will be returned.

type ClaimedKeyPair 

type ClaimedKeyPair struct {
	apitypes.PublicKeySegment
	PrivateKey *envelope.Signed `json:"private_key"`
}

ClaimedKeyPair contains a public/private keypair, and all the Claims made against it (system and user signatures).

type ClaimsClient added in v0.21.0 

type ClaimsClient struct {
	// contains filtered or unexported fields
}

ClaimsClient represents the `/claims` registry endpoint for making claims against keypairs. Claims can either be a signature or a revocation.

func (ClaimsClient) Create added in v0.21.0 

func (c ClaimsClient) Create(ctx context.Context, claim *envelope.Signed) (*envelope.Signed, error)

Create creates a a new signed claim on the server

type Client 

type Client struct {
	KeyPairs        *KeyPairs
	Tokens          *Tokens
	Users           *Users
	Teams           *TeamsClient
	Memberships     *MembershipsClient
	Credentials     *Credentials
	Orgs            *Orgs
	OrgInvite       *OrgInviteClient
	Projects        *ProjectsClient
	Keyring         *KeyringClient
	KeyringMember   *KeyringMemberClientV1
	Claims          *ClaimsClient
	ClaimTree       *ClaimTreeClient
	CredentialGraph *CredentialGraphClient
	Machines        *MachinesClient
	Self            *SelfClient
	// contains filtered or unexported fields
}

Client exposes the registry REST API.

func NewClient 

func NewClient(prefix string, apiVersion string, version string, sess session.Session, t *http.Transport) *Client

NewClient returns a new Client.

func (*Client) Do 

func (c *Client) Do(ctx context.Context, r *http.Request, v interface{}) (*http.Response, error)

Do executes an http.Request, populating v with the JSON response on success.

If the request errors with a JSON formatted response body, it will be unmarshaled into the returned error.

func (*Client) NewRequest 

func (c *Client) NewRequest(method, path string, query *url.Values,
	body interface{}) (*http.Request, error)

NewRequest constructs a new http.Request, with a body containing the json representation of body, if provided.

func (*Client) NewTokenRequest 

func (c *Client) NewTokenRequest(token, method, path string, query *url.Values,
	body interface{}) (*http.Request, error)

NewTokenRequest constructs a new http.Request, with a body containing the json representation of body, if provided.

The request will be authorized with the provided token.

type CredentialGraph added in v0.10.0 

type CredentialGraph interface {
	KeyringSection
	GetCredentials() []envelope.Signed
	KeyringVersion() int
}

CredentialGraph is the shared interface between different credential graph versions

type CredentialGraphClient added in v0.10.0 

type CredentialGraphClient struct {
	// contains filtered or unexported fields
}

CredentialGraphClient represents the `/credentialgraph` registry endpoint, user for retrieving keyrings, keyring members, and credentials associated with claims.

func (*CredentialGraphClient) List added in v0.10.0 

func (c *CredentialGraphClient) List(ctx context.Context, path string,
	pathExp *pathexp.PathExp, ownerID *identity.ID) ([]CredentialGraph, error)

List returns back all segments of the CredentialGraph (Keyring, Keyring Members, and Credentials) that match the given name, path, or path expression.

func (*CredentialGraphClient) Post added in v0.10.0 

func (c *CredentialGraphClient) Post(ctx context.Context, t *CredentialGraph) (*CredentialGraphV2, error)

Post creates a new CredentialGraph on the registry.

The CredentialGraph includes the keyring, it's members, and credentials.

func (*CredentialGraphClient) Search added in v0.12.0 

func (c *CredentialGraphClient) Search(ctx context.Context, pathExp string,
	ownerID *identity.ID) ([]CredentialGraph, error)

Search returns back all segments of the CredentialGraph (Keyring, Keyring Members, and Credentials) that are contained within the given loose path expression. It is loose in that it can have * for projects.

type CredentialGraphV1 added in v0.10.0 

type CredentialGraphV1 struct {
	KeyringSectionV1
	Credentials []envelope.Signed `json:"credentials"`
}

CredentialGraphV1 represents a Keyring, it's members, and associated Credentials.

func (*CredentialGraphV1) GetCredentials added in v0.10.0 

func (c *CredentialGraphV1) GetCredentials() []envelope.Signed

GetCredentials returns the Credentials objects in this CredentialGraph

func (*CredentialGraphV1) KeyringVersion added in v0.12.0 

func (c *CredentialGraphV1) KeyringVersion() int

KeyringVersion returns the version of the keyring itself (not its schema).

type CredentialGraphV2 added in v0.10.0 

type CredentialGraphV2 struct {
	KeyringSectionV2
	Credentials []envelope.Signed `json:"credentials"`
}

CredentialGraphV2 represents a Keyring, it's members, and associated Credentials.

func (*CredentialGraphV2) GetCredentials added in v0.10.0 

func (c *CredentialGraphV2) GetCredentials() []envelope.Signed

GetCredentials returns the Credentials objects in this CredentialGraph

func (*CredentialGraphV2) KeyringVersion added in v0.12.0 

func (c *CredentialGraphV2) KeyringVersion() int

KeyringVersion returns the version of the keyring itself (not its schema).

type Credentials 

type Credentials struct {
	// contains filtered or unexported fields
}

Credentials represents the `/credentials` registry endpoint, used for accessing encrypted credentials/secrets.

func (*Credentials) Create 

func (c *Credentials) Create(ctx context.Context, credential *envelope.Signed) (*envelope.Signed, error)

Create creates the provided credential in the registry.

type KeyPairs 

type KeyPairs struct {
	// contains filtered or unexported fields
}

KeyPairs represents the `/keypairs` registry endpoint, used for accessing users' signing and encryption keypairs.

func (*KeyPairs) List 

func (k *KeyPairs) List(ctx context.Context, orgID *identity.ID) ([]ClaimedKeyPair, error)

List returns all KeyPairs for the logged in user in the given, or all orgs if orgID is nil.

func (*KeyPairs) Post 

func (k *KeyPairs) Post(ctx context.Context, pubKey, privKey,
	claim *envelope.Signed) (*envelope.Signed, *envelope.Signed, []envelope.Signed, error)

Post creates a new keypair on the registry.

The keypair includes the user's public key, private key, and a self-signed claim on the public key.

keys may be either signing or encryption keys.

type KeyringClient 

type KeyringClient struct {
	Members *KeyringMembersClient
	// contains filtered or unexported fields
}

KeyringClient represents the `/keyrings` registry end point for accessing keyrings the user or machine belong too.

func (*KeyringClient) List 

func (k *KeyringClient) List(ctx context.Context, orgID *identity.ID,
	ownerID *identity.ID) ([]KeyringSection, error)

List retrieves an array of KeyringSections from the registry.

type KeyringMember added in v0.10.0 

type KeyringMember struct {
	Member   *envelope.Signed `json:"member"`
	MEKShare *envelope.Signed `json:"mekshare"`
}

KeyringMember holds membership information for v2 keyrings. In v2, a user can have their master encryption key share removed.

type KeyringMemberClientV1 added in v0.10.0 

type KeyringMemberClientV1 struct {
	// contains filtered or unexported fields
}

KeyringMemberClientV1 represents the `/keyring-members` registry endpoint for creating memberships related to a set of Keyrings.

func (*KeyringMemberClientV1) Post added in v0.10.0 

func (k *KeyringMemberClientV1) Post(ctx context.Context, members []envelope.Signed) ([]envelope.Signed, error)

Post sends a creation requests for a set of KeyringMember objects to the registry.

type KeyringMembersClient added in v0.10.0 

type KeyringMembersClient struct {
	// contains filtered or unexported fields
}

KeyringMembersClient represents the `/keyring/:id/members` registry endpoint for creating memberships in a keyring.

func (*KeyringMembersClient) Post added in v0.10.0 

func (k *KeyringMembersClient) Post(ctx context.Context, member KeyringMember) error

Post sends a creation requests for a set of KeyringMember objects to the registry.

type KeyringSection 

type KeyringSection interface {
	GetKeyring() *envelope.Signed
	FindMember(*identity.ID) (*primitive.KeyringMember, *primitive.MEKShare, error)
	HasRevocations() bool
}

KeyringSection is the shared interface between different KeyringSection versions.

type KeyringSectionV1 added in v0.10.0 

type KeyringSectionV1 struct {
	Keyring *envelope.Signed  `json:"keyring"`
	Members []envelope.Signed `json:"members"`
}

KeyringSectionV1 represents a section of the CredentialGraph only pertaining to a keyring and it's membership.

func (*KeyringSectionV1) FindMember added in v0.10.0 

func (k *KeyringSectionV1) FindMember(id *identity.ID) (*primitive.KeyringMember, *primitive.MEKShare, error)

FindMember returns the membership and mekshare for the given user id. The data is returned in V2 format.

func (*KeyringSectionV1) GetKeyring added in v0.10.0 

func (k *KeyringSectionV1) GetKeyring() *envelope.Signed

GetKeyring returns the Keyring object in this KeyringSection

func (KeyringSectionV1) HasRevocations added in v0.12.0 

func (KeyringSectionV1) HasRevocations() bool

HasRevocations indicates that a Keyring holds revoked user keys. We don't track in V1 so it is always false.

type KeyringSectionV2 added in v0.10.0 

type KeyringSectionV2 struct {
	Keyring *envelope.Signed  `json:"keyring"`
	Members []KeyringMember   `json:"members"`
	Claims  []envelope.Signed `json:"claims"`
}

KeyringSectionV2 represents a Keyring and its members.

func (*KeyringSectionV2) FindMember added in v0.10.0 

func (k *KeyringSectionV2) FindMember(id *identity.ID) (*primitive.KeyringMember, *primitive.MEKShare, error)

FindMember returns the membership and mekshare for the given user id.

An owner (user/machine token) may have multiple memberships, one per encryption key. There will only be one unrevoked membership. Either this unrevoked membership will be returned, or the result will error with ErrMemberNotFound.

func (*KeyringSectionV2) GetKeyring added in v0.10.0 

func (k *KeyringSectionV2) GetKeyring() *envelope.Signed

GetKeyring returns the Keyring object in this KeyringSection

func (*KeyringSectionV2) HasRevocations added in v0.12.0 

func (k *KeyringSectionV2) HasRevocations() bool

HasRevocations indicates that a Keyring holds revoked user keys.

type MachineCreationSegment added in v0.15.0 

type MachineCreationSegment struct {
	Machine     *envelope.Unsigned            `json:"machine"`
	Memberships []envelope.Unsigned           `json:"memberships"`
	Tokens      []MachineTokenCreationSegment `json:"tokens"`
}

MachineCreationSegment represents the request sent to create the registry to create a machine and it's first token

type MachineTokenCreationSegment added in v0.15.0 

type MachineTokenCreationSegment struct {
	Token    *envelope.Unsigned `json:"token"`
	Keypairs []*ClaimedKeyPair  `json:"keypairs"`
}

MachineTokenCreationSegment represents the request send to the registry to create a Machine Token

type MachinesClient added in v0.15.0 

type MachinesClient struct {
	// contains filtered or unexported fields
}

MachinesClient represents the `/machines` registry endpoint, used for creating, listing, authorizing, and destroying machines and their tokens.

func (*MachinesClient) Create added in v0.15.0 

func (m *MachinesClient) Create(ctx context.Context, machine *envelope.Unsigned,
	memberships []envelope.Unsigned, token *MachineTokenCreationSegment) (*apitypes.MachineSegment, error)

Create requests the registry to create a MachineSegment.

The MachineSegment includes the Machine, it's Memberships, and authorization tokens.

func (*MachinesClient) Get added in v0.15.0 

func (m *MachinesClient) Get(ctx context.Context, machineID *identity.ID) (*apitypes.MachineSegment, error)

Get requests a single machine from the registry

type MembershipsClient 

type MembershipsClient struct {
	// contains filtered or unexported fields
}

MembershipsClient represents the `/memberships` registry endpoint, used for accessing the relationship between users, organization, and teams.

func (*MembershipsClient) List 

func (m *MembershipsClient) List(ctx context.Context, orgID *identity.ID,
	teamID *identity.ID, ownerID *identity.ID) ([]envelope.Unsigned, error)

List returns all memberships for a given organization, team, or user/machine

type OrgInviteClient 

type OrgInviteClient struct {
	// contains filtered or unexported fields
}

OrgInviteClient represents the `/org-invites` registry endpoint, used for sending, accepting, and approving invitations to organizations in Torus.

func (*OrgInviteClient) Approve 

func (o *OrgInviteClient) Approve(ctx context.Context, inviteID *identity.ID) (*envelope.Unsigned, error)

Approve sends an approval notification to the registry regarding a specific invitation.

func (*OrgInviteClient) Get 

func (o *OrgInviteClient) Get(ctx context.Context, inviteID *identity.ID) (*envelope.Unsigned, error)

Get returns a specific Org Invite based on it's ID

func (*OrgInviteClient) List added in v0.18.0 

func (o *OrgInviteClient) List(ctx context.Context, orgID *identity.ID, states []string, email string) ([]envelope.Unsigned, error)

List lists all invites for a given org with the given states

type Orgs 

type Orgs struct {
	// contains filtered or unexported fields
}

Orgs represents the `/orgs` registry endpoint, used for accessing organizations stored in Torus.

func (*Orgs) Get added in v0.12.0 

func (o *Orgs) Get(ctx context.Context, orgID *identity.ID) (*envelope.Unsigned, error)

Get returns the organization with the given ID.

func (*Orgs) List 

func (o *Orgs) List(ctx context.Context, name string) ([]envelope.Unsigned, error)

List returns all organizations that match the given name.

type ProjectsClient added in v0.12.0 

type ProjectsClient struct {
	// contains filtered or unexported fields
}

ProjectsClient represents the `/projects` registry endpoint, for manipulating projects.

func (*ProjectsClient) List added in v0.12.0 

func (p *ProjectsClient) List(ctx context.Context, orgID *identity.ID) ([]envelope.Unsigned, error)

List returns a list of all Projects within the given org.

type SelfClient added in v0.15.0 

type SelfClient struct {
	// contains filtered or unexported fields
}

SelfClient represents the registry `/self` endpoints.

func (*SelfClient) Get added in v0.15.0 

func (s *SelfClient) Get(ctx context.Context, token string) (*apitypes.Self, error)

Get returns the current identities associated with this token

type Signup added in v0.11.0 

type Signup struct {
	ID      string      `json:"id"`
	Version int         `json:"version"`
	Body    *SignupBody `json:"body"`
}

Signup contains fields for signup

type SignupBody added in v0.11.0 

type SignupBody struct {
	Username string `json:"username"`
	Name     string `json:"name"`
	Email    string `json:"email"`
	// State is not a field because the server determines it, client cannot
	Password *primitive.UserPassword `json:"password"`
	Master   *primitive.MasterKey    `json:"master"`
}

SignupBody contains fields for Signup object body during signup

func (SignupBody) Mutable added in v0.11.0 

func (SignupBody) Mutable()

Mutable indicates this object is Mutable type

func (SignupBody) Type added in v0.11.0 

func (SignupBody) Type() byte

Type returns the User byte

func (SignupBody) Version added in v0.11.0 

func (SignupBody) Version() int

Version returns the object version

type TeamsClient 

type TeamsClient struct {
	// contains filtered or unexported fields
}

TeamsClient represents the `/teams` registry endpoint, used for accessing teams stored in Torus.

func (*TeamsClient) List 

func (t *TeamsClient) List(ctx context.Context, orgID *identity.ID) ([]envelope.Unsigned, error)

List returns all teams for an organization

type Tokens 

type Tokens struct {
	// contains filtered or unexported fields
}

Tokens represents the registry '/tokens' endpoints, used for session management.

Logging in is a two step process. We must first request a login token. This token is then HMAC'd and returned to the server, exchanging it for an auth token, which is used for all other operations.

func (*Tokens) Delete 

func (t *Tokens) Delete(ctx context.Context, token string) error

Delete deletes the token with the provided value from the registry. This effectively logs a user out.

func (*Tokens) PostAuth 

func (t *Tokens) PostAuth(ctx context.Context, token, hmac string) (string, error)

PostAuth requests an auth token from the registry for the provided login token value, and it's HMAC.

func (*Tokens) PostLogin 

func (t *Tokens) PostLogin(ctx context.Context, creds apitypes.LoginCredential) (*base64.Value, string, error)

PostLogin requests a login token from the registry for the provided email address.

func (*Tokens) PostPDPKAuth added in v0.15.0 

func (t *Tokens) PostPDPKAuth(ctx context.Context, token string, sig *base64.Value) (string, error)

PostPDPKAuth requests an auth token from the registry for the provided login token value, and it's signature.

type Users 

type Users struct {
	// contains filtered or unexported fields
}

Users represents the registry `/users` endpoints.

func (*Users) Create 

func (u *Users) Create(ctx context.Context, userObj Signup, signup apitypes.Signup) (*envelope.Unsigned, error)

Create attempts to register a new user

func (*Users) Update added in v0.17.0 

func (u *Users) Update(ctx context.Context, userObj interface{}) (*envelope.Unsigned, error)

Update patches the user object with whitelisted fields

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.