api

package
v0.17.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 28, 2019 License: Apache-2.0 Imports: 16 Imported by: 5

Documentation

Index

Constants

View Source 
const (
	AuditSubjectAccount       = "account"
	AuditSubjectUser          = "user"
	AuditSubjectService       = "service"
	AuditSubjectSecret        = "secret"
	AuditSubjectSecretVersion = "secret_version"
	AuditSubjectSecretKey     = "secret_key"
	AuditSubjectSecretMember  = "permission"
	AuditSubjectRepo          = "repo"
	AuditSubjectRepoMember    = "repo_member"
	AuditSubjectRepoKey       = "repo_key"
)

The different options for an AuditSubjectType.

View Source 
const (
	OrgRoleAdmin  = "admin"
	OrgRoleMember = "member"
)

Roles

View Source 
const (
	// StatusOK signals everything is in order.
	StatusOK = "ok"
	// StatusFlagged signals that a resource should be considered compromised and should be rotated/no longer used.
	StatusFlagged = "flagged"
	// StatusFailed signals that revocation cannot complete.
	StatusFailed = "failed"
)

Status Constants

View Source 
const (
	// MaxEncryptedSecretSize is the maximum size of EncryptedSecretVersion.EncryptedData.
	MaxEncryptedSecretSize = (512*4/3 + 5) * units.KiB // 512 KiB corrected for base64 overhead (4/3) and metadata
)

Variables

View Source 
var (
	ErrInvalidAccountName = errAPI.Code("invalid_account_name").Error("An account name either needs to be an username or a servicename")
	ErrInvalidKeyID       = errAPI.Code("invalid_key_id").Error("id of the provided account key is invalid")

	ServiceNamePrefix = "s-"
)

Errors

View Source 
var (
	ErrAccountNotKeyed    = errAPI.Code("account_not_keyed").StatusError("User has not yet keyed their account", http.StatusBadRequest)
	ErrAccountKeyNotFound = errAPI.Code("account_key_not_found").StatusError("User has not yet keyed their account", http.StatusNotFound)
)

Errors

View Source 
var (
	ErrInvalidSecretID         = errAPI.Code("invalid_secret_id").StatusError("invalid secret id", http.StatusBadRequest)
	ErrInvalidDirID            = errAPI.Code("invalid_dir_id").StatusError("invalid directory id", http.StatusBadRequest)
	ErrAccessRuleAlreadyExists = errAPI.Code("access_rule_already_exists").StatusError("access rule already exists", http.StatusConflict)
	ErrAccessRuleNotFound      = errAPI.Code("access_rule_not_found").StatusError("access rule not found", http.StatusNotFound)
)

Errors

View Source 
var (
	ErrInvalidCardToken              = errAPI.Code("invalid_card_token").StatusError("invalid card token given", http.StatusBadRequest)
	ErrInvalidCardID                 = errAPI.Code("invalid_card_id").StatusError("invalid card_id given", http.StatusBadRequest)
	ErrInvalidPlanID                 = errAPI.Code("invalid_plan_id").StatusError("invalid plan_id given", http.StatusBadRequest)
	ErrTaxIDRequired                 = errAPI.Code("tax_id_required").StatusError("for EU countries a tax_id is required", http.StatusBadRequest)
	ErrAddressDoesNotMatchTaxCountry = errAPI.Code("countries_mismatch").StatusError("address country does not match tax country", http.StatusBadRequest)
)

Errors

View Source 
var (
	ErrUnknownAlgorithm  = errAPI.Code("unknown_algorithm").Error("algorithm of the encoded ciphertext is invalid")
	ErrInvalidCiphertext = errAPI.Code("invalid_ciphertext").Error("cannot encode invalid ciphertext")
	ErrInvalidMetadata   = errAPI.Code("invalid_metadata").Error("metadata of encrypted key is invalid")
)

Errors These will be removed after the next server-release, as they are then no longer returned from the server.

View Source 
var (
	ErrInvalidFingerprint = errAPI.Code("invalid_fingerprint").StatusError("fingerprint is invalid", http.StatusBadRequest)
	ErrInvalidVerifier    = errAPI.Code("invalid_verifier").StatusError("verifier is invalid", http.StatusBadRequest)
	ErrInvalidAlgorithm   = errAPI.Code("invalid_algorithm").StatusError("algorithm is invalid", http.StatusBadRequest)
)

Errors

View Source 
var (
	ErrInvalidDirName = errAPI.Code("invalid_dir_name").StatusError(
		"directory names must be between 2 and 32 characters long and "+
			"may only contain letters, numbers, dashes (-), underscores (_), and dots (.)",
		http.StatusBadRequest,
	)
	ErrInvalidDirBlindName    = errAPI.Code("invalid_dir_blind_name").StatusErrorf("directory blind name is invalid: %s", http.StatusBadRequest, ErrInvalidBlindName)
	ErrInvalidParentBlindName = errAPI.Code("invalid_parent_blind_name").StatusErrorf("directory parent blind name is invalid: %s", http.StatusBadRequest, ErrInvalidBlindName)
)

Errors

View Source 
var (
	ErrParentDirNotAvailable = errAPI.Code("parent_dir_not_available").StatusError("the parent directory is not available in EncryptedTree", http.StatusInternalServerError)
	ErrMultipleRootDirs      = errAPI.Code("multiple_root_dirs").StatusError("there are multiple root directories possible", http.StatusInternalServerError)
)

Errors

View Source 
var (
	ErrInvalidSecretPath       = errAPI.Code("invalid_secret_path").ErrorPref("secret path must be of the form <namespace>/<repo>[/<dir-path>]/<secret> got '%s'")
	ErrInvalidRepoPath         = errAPI.Code("invalid_repo_path").ErrorPref("repo path must be of the form <namespace>/<repo> got '%s'")
	ErrInvalidDirPath          = errAPI.Code("invalid_dir_path").ErrorPref("dir path must be of the form <namespace>/<repo>[/<dir-path>] got '%s'")
	ErrInvalidNamespace        = errAPI.Code("invalid_namespace").Error("namespace must be a valid username")
	ErrInvalidPath             = errAPI.Code("invalid_path").Error("path is not a reference to a namespace, a repository, a directory, or a secret")
	ErrInvalidPathType         = errAPI.Code("invalid_path_type").Error("using an unknown path type")
	ErrPathAlreadyHasVersion   = errAPI.Code("path_already_has_version").Error("this secret path already has a version")
	ErrPathHasNoVersion        = errAPI.Code("path_has_no_version").Error("this secret path requires a version")
	ErrParentPathOnInvalidPath = errAPI.Code("parent_path_on_invalid_path").ErrorPref("retrieving a parent path on an invalid path: %s")
)

Errors

View Source 
var (
	ErrInvalidOrgName = errAPI.Code("invalid_org_name").StatusError(
		"organization names must be between 3 and 32 characters long and "+
			"may only contain letters, numbers, dashes (-), underscores (_), and dots (.)",
		http.StatusBadRequest,
	)
	ErrOrgNameMustContainAlphanumeric = errAPI.Code("org_name_must_contain_alphanumeric").StatusError(
		"organization names must contain at least one alphanumeric character ",
		http.StatusBadRequest,
	)
	ErrInvalidDescription = errAPI.Code("invalid_description").StatusError(
		"descriptions have a maximum length of 144 characters "+
			"and may only contain (special) letters, numbers, spaces, and punctuation characters",
		http.StatusBadRequest,
	)
	ErrInvalidBlindName     = errAPI.Code("invalid_blind_name").StatusError("The blind name is not a 256 bits string encoded with URL safe base64", http.StatusBadRequest)
	ErrInvalidDirPermission = errAPI.Code("invalid_dir_permission").StatusError(
		"directory permission may only consist of up to 3 unique letters r (read), w (write), and a (admin)",
		http.StatusBadRequest,
	)
	ErrInvalidDirRole = errAPI.Code("invalid_dir_role").StatusError(
		"directory roles must be either read, write, or admin",
		http.StatusBadRequest,
	)
)

Errors

View Source 
var (
	ErrInvalidRepoName = errAPI.Code("invalid_repo_name").StatusError(
		"repo names must be between 1 and 32 characters long and "+
			"may only contain letters, numbers, dashes (-), underscores (_), and dots (.)",
		http.StatusBadRequest,
	)
	ErrInvalidRepoEncryptionKey        = errAPI.Code("invalid_repo_encryption_key").StatusError("repo encryption key is invalid", http.StatusBadRequest)
	ErrInvalidRepoIndexKey             = errAPI.Code("invalid_repo_index_key").StatusError("repo index key is invalid", http.StatusBadRequest)
	ErrInvalidAccountID                = errAPI.Code("invalid_account_id").StatusError("account id is invalid", http.StatusBadRequest)
	ErrInvalidSecretMemberAccountID    = errAPI.Code("invalid_secret_member_account_id").StatusError("account id of secret member does not correspond to the account id of the invited user", http.StatusBadRequest)
	ErrInvalidSecretKeyMemberAccountID = errAPI.Code("invalid_secret_key_member_account_id").StatusError("account id of secret key member does not correspond to the account id of the invited user", http.StatusBadRequest)
	ErrRepoMemberNotFound              = errAPI.Code("repo_member_not_found").StatusError("repo member not found", http.StatusNotFound)
	ErrNoRootDir                       = errAPI.Code("no_root_dir").StatusError("there is no create dir request for the root directory", http.StatusBadRequest)
	ErrNoRepoMember                    = errAPI.Code("no_repo_member").StatusError("there is no create repo member request for the root directory", http.StatusBadRequest)
)

Errors

View Source 
var (
	ErrInvalidSecretName = errAPI.Code("invalid_secret_name").StatusError(
		"secret names must be between 1 and 32 characters and "+
			"may only contain letters, numbers, dashes (-), underscores (_), and dots (.)",
		http.StatusBadRequest,
	)

	ErrInvalidSecretVersion = errAPI.Code("invalid_secret_version").StatusError(
		"secret version can only be positive numbers or latest",
		http.StatusBadRequest,
	)

	ErrInvalidNodeID              = errAPI.Code("invalid_node_id").StatusError("the node id is invalid", http.StatusBadRequest)
	ErrInvalidEncryptedSecretName = errAPI.Code("invalid_encrypted_secret_name").StatusError("invalid ciphertext for encrypted secret name", http.StatusBadRequest)
	ErrInvalidSecretBlindName     = errAPI.Code("invalid_secret_blind_name").StatusError("secret blind name is invalid", http.StatusBadRequest)
	ErrInvalidSecretBlob          = errAPI.Code("invalid_secret_blob").StatusError("secret blob is invalid", http.StatusBadRequest)
	ErrNoSecretMembers            = errAPI.Code("no_secret_members").StatusError("no secret members added to write request", http.StatusBadRequest)

	ErrInvalidSecretKeyID              = errAPI.Code("invalid_secret_key_id").StatusError("secret_key_id is invalid", http.StatusBadRequest)
	ErrNotEncryptedForAccounts         = errAPI.Code("not_encrypted_for_accounts").StatusError("missing data encrypted for accounts", http.StatusBadRequest)
	ErrNotUniquelyEncryptedForAccounts = errAPI.Code("not_uniquely_encrypted_for_accounts").StatusError("not uniquely encrypted for accounts", http.StatusBadRequest)

	ErrCannotDeleteLastSecretVersion = errAPI.Code("cannot_delete_last_version").StatusError("Cannot delete the last version of a secret", http.StatusForbidden)
)

Errors

View Source 
var (

	// General
	ErrNotFound                  = errHub.Code("not_found").StatusError("Not found", http.StatusNotFound)
	ErrValidationFailed          = errHub.Code("validation_failed").StatusError("Validation errors", http.StatusExpectationFailed)
	ErrBadRequest                = errHub.Code("bad_request").StatusError("Bad request", http.StatusBadRequest)
	ErrTimeout                   = errHub.Code("timeout").StatusError("Timeout", http.StatusInternalServerError)
	ErrUnknownMethod             = errHub.Code("method_not_supported").StatusError("Method not supported", http.StatusNotImplemented)
	ErrDomainNotFound            = errHub.Code("domain_not_found").StatusError("Domain not found", http.StatusNotFound)
	ErrForbidden                 = errAPI.Code("forbidden").StatusError("You are not allowed to perform this action", http.StatusForbidden)
	ErrRequestNotAuthenticated   = errAPI.Code("not_authenticated").StatusError("Request was not authenticated", http.StatusUnauthorized)
	ErrNoAccountKeyForCredential = errAPI.Code("no_account_key_for_credential").StatusError("Could not find account-key for credential used for authentication.", http.StatusInternalServerError)
	ErrCannotPerformActionOnSelf = errAPI.Code("cannot_perform_action_on_self").StatusError("You cannot perform this action on yourself", http.StatusForbidden)
	ErrYourAccountNotKeyed       = errAPI.Code("account_not_keyed").StatusError("Your account has not been fully initialized", http.StatusBadRequest)

	// DB
	ErrDatabaseRecordAlreadyExists = errHub.Code("already_exists").StatusError("Already exists", http.StatusConflict)

	// Namespaces
	ErrNamespaceNotFound                      = errAPI.Code("namespace_not_found").StatusError("Namespace not found", http.StatusNotFound)
	ErrNamespaceAlreadyExists                 = errAPI.Code("namespace_already_exists").StatusError("this name already exists", http.StatusConflict)
	ErrCannotPerformActionOnPersonalNamespace = errAPI.Code("not_allowed_on_personal_namespace").StatusError("you cannot perform this action on a personal namespace", http.StatusForbidden)

	// Auth
	ErrAccountIncomplete    = errHub.Code("account_incomplete").StatusError("This account is not registered, please create a user first", http.StatusForbidden)
	ErrTokenNotVerified     = errHub.Code("token_not_verified").StatusError("Token not verified", http.StatusUnauthorized)
	ErrPasswordTooWeak      = errHub.Code("password_too_weak").StatusError("The password must be longer than 8 characters", http.StatusBadRequest)
	ErrSignatureNotVerified = errHub.Code("invalid_signature").StatusError("request was not signed by a valid credential", http.StatusUnauthorized)

	// Repos
	ErrRepoNotFound      = errHub.Code("repo_not_found").StatusError("Repo not found", http.StatusNotFound)
	ErrRepoAlreadyExists = errHub.Code("repo_already_exists").StatusError("Repo already exists, please create a different repo", http.StatusConflict)

	// Dirs
	ErrDirAlreadyExists    = errHub.Code("dir_already_exists").StatusError("Directory or secret already exists, create a different directory", http.StatusConflict)
	ErrDirNotFound         = errHub.Code("dir_not_found").StatusError("Directory not found", http.StatusNotFound)
	ErrParentDirNotFound   = errHub.Code("parent_dir_not_found").StatusError("Parent directory not found", http.StatusNotFound)
	ErrCannotRemoveRootDir = errHub.Code("cannot_remove_root_dir").StatusError("Root directory of a repository cannot be removed, remove the repository instead", http.StatusBadRequest)

	// Secrets
	ErrSecretAlreadyExists   = errHub.Code("secret_already_exists").StatusError("Secret or directory already exists, please update or create a different secret", http.StatusConflict)
	ErrSecretNotFound        = errHub.Code("secret_not_found").StatusError("Secret not found", http.StatusNotFound)
	ErrSecretVersionNotFound = errHub.Code("version_not_found").StatusError("Version of secret not found", http.StatusNotFound)
	ErrSecretKeyNotFound     = errHub.Code("secret_key_not_found").StatusError("Key for secret not found", http.StatusNotFound)

	// Secret Keys
	ErrSecretKeyFlagged = errAPI.Code("secret_key_flagged").StatusError(fmt.Sprintf("Cannot write new secrets with a key that has status %s", StatusFlagged), http.StatusBadRequest)
	ErrNoOKSecretKey    = errAPI.Code("no_secret_key_found_with_status_ok").StatusError(fmt.Sprintf("No secret key found with status %s", StatusOK), http.StatusNotFound)

	// Organization
	ErrOrgAlreadyExists         = errAPI.Code("org_already_exists").StatusError("Organization already exists, please create a different organization", http.StatusConflict)
	ErrOrgNotFound              = errAPI.Code("org_not_found").StatusError("Organization not found", http.StatusNotFound)
	ErrOrgMemberNotFound        = errAPI.Code("org_member_not_found").StatusError("Organization member not found", http.StatusNotFound)
	ErrOrgMemberAlreadyExists   = errAPI.Code("org_member_already_exists").StatusError("Organization member already exists", http.StatusConflict)
	ErrInvalidOrgRole           = errAPI.Code("invalid_org_role").StatusError("Organization role is invalid. Must be either `admin` or `member`", http.StatusBadRequest)
	ErrCannotRemoveLastOrgAdmin = errAPI.Code("cannot_remove_last_org_admin").StatusError("The last admin of an organization cannot be removed.", http.StatusForbidden)

	// User
	ErrUserEmailAlreadyExists = errHub.Code("user_email_already_exists").StatusError("That email address is already in use", http.StatusConflict)
	ErrUsernameAlreadyExists  = errHub.Code("username_already_exists").StatusError("A user with the given username already exists, please choose a different username", http.StatusConflict)
	ErrUserNotFound           = errHub.Code("user_not_found").StatusError("User not found, please verify username", http.StatusNotFound)
	ErrNotAUser               = errHub.Code("not_a_user").StatusError("Only users can perform this action", http.StatusForbidden)
	ErrNotOwner               = errHub.Code("not_owner").StatusError("Only repo owners can perform this action", http.StatusForbidden)
	ErrCannotAddYourself      = errHub.Code("cannot_add_self").StatusError("You cannot add yourself to your repo", http.StatusForbidden)
	ErrCannotRemoveYourself   = errHub.Code("cannot_remove_self").StatusError("You cannot remove yourself from your repo", http.StatusForbidden)

	// Service
	ErrServiceNotFound      = errHub.Code("service_not_found").StatusError("Service not found", http.StatusNotFound)
	ErrAccountIsNotService  = errHub.Code("not_a_service").StatusError("Account name does not represent a service", http.StatusBadRequest)
	ErrServiceAlreadyExists = errHub.Code("service_already_exists").StatusError("Service already exists, please create a different service", http.StatusConflict)
	ErrNoAdminAccess        = errHub.Code("no_admin_access").StatusError("Only accounts with Admin access can perform this action", http.StatusForbidden)
	ErrMemberAlreadyExists  = errHub.Code("member_already_exists").StatusError("The member already exists", http.StatusConflict)

	// Account
	ErrAccountNotFound    = errHub.Code("account_not_found").StatusError("Account not found", http.StatusNotFound)
	ErrUnknownSubjectType = errHub.Code("unknown_subject_type").Error("Unknown subject type") // no status error because it is an internal error
	ErrUnknownAccountType = errHub.Code("unknown_account_type").Error("Unknown account type") // no status error because it is an internal error
	ErrNotMemberOfRepo    = errHub.Code("not_repo_member").StatusError("Account is not a member of the repo", http.StatusBadRequest)

	// Credential
	ErrCredentialNotFound      = errHub.Code("credential_not_found").StatusError("Credential not found", http.StatusNotFound)
	ErrCredentialAlreadyExists = errHub.Code("credential_already_exists").StatusError("A credential with the given identifier already exists", http.StatusConflict)

	// Account key
	ErrPublicAccountKeyConflict = errHub.Code("public_account_key_does_not_match").StatusError("A different public account key is already registered for this account", http.StatusConflict)
	ErrPrivateKeyAlreadyExists  = errHub.Code("private_key_already_exists").StatusError("A private key for this credential already exists.", http.StatusConflict)
	ErrCredentialNotKeyed       = errHub.Code("credential_not_keyed").StatusError("The account key has not been encrypted for this credential", http.StatusNotFound)

	// Dirs
	ErrCannotRemoveLastRootAdmin = errHub.Code("cannot_remove_last_root_admin").StatusError("Cannot remove the last admin on the repo root", http.StatusBadRequest)
)

Errors returned by the SecretHub API

View Source 
var (
	ErrInvalidServiceID = errAPI.Code("invalid_service_id").StatusError(
		"service id is 14 characters long and starts with s-",
		http.StatusBadRequest,
	)
	ErrInvalidServiceDescription = errAPI.Code("invalid_service_description").StatusError(
		fmt.Sprintf(
			"service descriptions can at most be %d long and cannot contain any newlines or tabs",
			serviceDescriptionMaxLength,
		),
		http.StatusBadRequest,
	)
)

Errors

View Source 
var (
	ErrInvalidUsername = errAPI.Code("invalid_username").StatusError(
		"usernames must be between 3 and 32 characters long and "+
			"may only contain letters, numbers, dashes (-), underscores (_), and dots (.)",
		http.StatusBadRequest,
	)
	ErrUsernameMustContainAlphanumeric = errAPI.Code("username_must_contain_alphanumeric").StatusError(
		"usernames must contain at least one alphanumeric character ",
		http.StatusBadRequest,
	)
	ErrUsernameIsService = errAPI.Code("username_is_service").StatusError(
		"usernames cannot start with s- as that prefix is reserved for service accounts",
		http.StatusBadRequest,
	)
	ErrInvalidPublicKey = errAPI.Code("invalid_public_key").StatusError("public key is invalid", http.StatusBadRequest)
	ErrInvalidEmail     = errAPI.Code("invalid_email").StatusError("email address is invalid", http.StatusBadRequest)
	ErrInvalidFullName  = errAPI.Code("invalid_full_name").StatusError(
		"full names may be at most 128 characters long and "+
			"may only contain (special) letters, apostrophes ('), spaces and dashes (-)",
		http.StatusBadRequest,
	)
	ErrNoPasswordNorCredential = errAPI.Code("no_password_nor_credential").StatusError("either a password or a credential should be supplied", http.StatusBadRequest)
)

Errors

View Source 
var (
	ErrAccessLevelUnknown = errAPI.Code("access_level_unknown").Error("The access level is not known")
)

Error

View Source 
var (
	ErrEncryptedDataTooBig = errAPI.Code("encrypted_data_too_big").Error(fmt.Sprintf("maximum size of encrypted data is %s", units.BytesSize(MaxEncryptedSecretSize)))
)

Errors

Functions

func ValidateAccountName 

func ValidateAccountName(name string) error

ValidateAccountName validates an AcccountName.

func ValidateBlindName 

func ValidateBlindName(blindName string) error

ValidateBlindName validates a blind name.

func ValidateDirPath 

func ValidateDirPath(path string) error

ValidateDirPath validates a dir path of form :owner/:repo_name/[parents/]*:directory

func ValidateEmail 

func ValidateEmail(email string) error

ValidateEmail validates an email address.

func ValidateFullName 

func ValidateFullName(fullName string) error

ValidateFullName validates a user's full name.

func ValidateNamespace 

func ValidateNamespace(namespace string) error

ValidateNamespace validates a username.

func ValidateOrgDescription 

func ValidateOrgDescription(description string) error

ValidateOrgDescription validates an organization description.

func ValidateOrgName 

func ValidateOrgName(name string) error

ValidateOrgName validates an organization name.

func ValidateOrgRole 

func ValidateOrgRole(role string) error

ValidateOrgRole validates an organization role.

func ValidateRepoName 

func ValidateRepoName(name string) error

ValidateRepoName validates a repo name.

func ValidateRepoPath 

func ValidateRepoPath(path string) error

ValidateRepoPath validates a repo path of form :owner/:repo_name

func ValidateSecretName 

func ValidateSecretName(name string) error

ValidateSecretName validates a secret name.

func ValidateSecretPath 

func ValidateSecretPath(path string) error

ValidateSecretPath validates a secret path of form :owner/:repo_name/:secretname

func ValidateServiceDescription 

func ValidateServiceDescription(description string) error

ValidateServiceDescription validates a service description.

func ValidateServiceID 

func ValidateServiceID(serviceID string) error

ValidateServiceID validates a service id.

func ValidateUsername 

func ValidateUsername(username string) error

ValidateUsername validates a username.

Types

type AccessLevel 

type AccessLevel struct {
	Account    *Account   `json:"account"`
	AccountID  *uuid.UUID `json:"account_id"`
	DirID      *uuid.UUID `json:"dir_id"`
	Permission Permission `json:"permission"`
}

AccessLevel defines the permissions of an account on a directory and is the effect of one or more access rules on the directory itself or its parent(s).

type AccessRule 

type AccessRule struct {
	Account       *Account   `json:"account"`
	AccountID     *uuid.UUID `json:"account_id"`
	DirID         *uuid.UUID `json:"dir_id"`
	RepoID        *uuid.UUID `json:"repo_id"`
	Permission    Permission `json:"permission"`
	CreatedAt     time.Time  `json:"created_at"`
	LastChangedAt time.Time  `json:"last_changed_at"`
}

AccessRule defines the permission of an account on a directory and its children.

type Account 

type Account struct {
	AccountID   *uuid.UUID  `json:"account_id"`
	Name        AccountName `json:"name"`
	PublicKey   []byte      `json:"public_key"`
	AccountType string      `json:"account_type"`
	CreatedAt   time.Time   `json:"created_at"`
}

Account represents an account on SecretHub.

type AccountName 

type AccountName string

AccountName represents the name of either a user or a service.

func NewAccountName 

func NewAccountName(name string) (AccountName, error)

NewAccountName validates an account's name and returns it as a typed AccountName when valid.

func (AccountName) IsService 

func (n AccountName) IsService() bool

IsService returns true if the AccountName contains the name of a service.

func (AccountName) IsUser 

func (n AccountName) IsUser() bool

IsUser returns true if the AccountName contains the name of a user.

func (*AccountName) Set 

func (n *AccountName) Set(value string) error

Set sets the AccountName to the value.

func (AccountName) String 

func (n AccountName) String() string

String returns the account's name as a string to be used for printing.

func (AccountName) Validate 

func (n AccountName) Validate() error

Validate checks whether an AccountName is valid.

func (AccountName) Value 

func (n AccountName) Value() string

Value returns the account's name as a string to be used in communication with the client and in transportation to the server.

type Audit 

type Audit struct {
	EventID   *uuid.UUID   `json:"event_id"`
	Action    AuditAction  `json:"action"`
	IPAddress string       `json:"ip_address"`
	LoggedAt  time.Time    `json:"logged_at"`
	Repo      Repo         `json:"repo"`
	Actor     AuditActor   `json:"actor"`
	Subject   AuditSubject `json:"subject"`
}

Audit represents an AuditEvent in SecretHub.

type AuditAction 

type AuditAction string

AuditAction represents the action that was performed to create this audit event. 

const (
	AuditActionUnknown AuditAction = "unknown"
	AuditActionCreate  AuditAction = "create"
	AuditActionRead    AuditAction = "read"
	AuditActionUpdate  AuditAction = "update"
	AuditActionDelete  AuditAction = "delete"
)

AuditAction values.

type AuditActor 

type AuditActor struct {
	ActorID *uuid.UUID `json:"id,omitempty"`
	Deleted bool       `json:"deleted,omitempty"`
	// Type is `user` or `service`. When actor is deleted, type is always `account`
	Type    string   `json:"type"`
	User    *User    `json:"user,omitempty"`
	Service *Service `json:"service,omitempty"`
}

AuditActor represents the Account of an AuditEvent

type AuditSubject 

type AuditSubject struct {
	SubjectID *uuid.UUID `json:"id,omitempty"`
	Deleted   bool       `json:"deleted,omitempty"`
	// Type is `user`, `service`, `repo`, `secret`, `secret_version` or `secret_key`. When subject is deleted, user and service are indicated with type `account`
	Type                   AuditSubjectType        `json:"type"`
	User                   *User                   `json:"user,omitempty"`
	Service                *Service                `json:"service,omitempty"`
	Repo                   *Repo                   `json:"repo,omitempty"`
	EncryptedSecret        *EncryptedSecret        `json:"encrypted_secret,omitempty"` // This is converted to a Secret by the Client.
	Secret                 *Secret                 `json:"secret,omitempty"`
	EncryptedSecretVersion *EncryptedSecretVersion `json:"encrypted_secret_version,omitempty"` // This is converted to a SecretVersion by the Client.
	SecretVersion          *SecretVersion          `json:"secret_version,omitempty"`
}

AuditSubject represents the Subject of an AuditEvent

type AuditSubjectType 

type AuditSubjectType string

AuditSubjectType represents the type of an audit subject.

type AuditSubjectTypeList 

type AuditSubjectTypeList []AuditSubjectType

AuditSubjectTypeList represents a list of AuditSubjectTypes.

func (AuditSubjectTypeList) Join 

func (l AuditSubjectTypeList) Join(separator string) string

Join converts an AuditSubjectTypeList to a string where each AuditSubjectType is separated by separator.

type BillingInfo 

type BillingInfo struct {
	CustomerID     string         `json:"customer_id"`
	CompanyDetails CompanyDetails `json:"company_details"`
	Email          string         `json:"email"`
	DefaultCardID  string         `json:"default_card_id"`
	Cards          []*CreditCard  `json:"cards"`
}

BillingInfo contains the billing information of a customer and determines what will be put on invoices sent to the customer.

type BillingInfoParams 

type BillingInfoParams struct {
	CompanyDetails *CompanyDetailsParams `json:"company_details,omitempty"`
	Email          *string               `json:"email,omitempty"`
	DefaultCardID  *string               `json:"default_card_id,omitempty"` // optional, cannot be unset
}

BillingInfoParams defines the optional customer detail fields that can be set.

func (*BillingInfoParams) Validate 

func (c *BillingInfoParams) Validate() error

Validate validates the request fields.

type BillingPlan 

type BillingPlan struct {
	ID              string          `json:"id"` // short tag shared across Stripe plans that together form this plan
	Name            string          `json:"name"`
	Description     string          `json:"description"`
	Currency        string          `json:"currency"` // eur
	BaseFee         *FixedFee       `json:"base_fee"`
	PerSecretFee    *MeteredFee     `json:"per_secret_fee,omitempty"`
	MaxMembers      int             `json:"max_members"`
	Features        []string        `json:"features"`
	TrialPeriodDays int64           `json:"trial_period_days"`
	Type            BillingPlanType `json:"type"`
}

BillingPlan defines a plan for billing customers.

type BillingPlanType 

type BillingPlanType string

BillingPlanType is used to distinguish between different types of plans. 

const (
	// BillingPlanTypeDefault defines default plans selectable by the user.
	BillingPlanTypeDefault BillingPlanType = "default"
	// BillingPlanTypePersonal defines personal plans.
	BillingPlanTypePersonal BillingPlanType = "personal"
	// BillingPlanTypeCustom defines custom plans that need to be handled differently.
	BillingPlanTypeCustom BillingPlanType = "custom"
	// BillingPlanTypePromo defines plans used for promotional purposes.
	BillingPlanTypePromo BillingPlanType = "promo"
)

type BlindNamePath 

type BlindNamePath interface {
	// BlindName returns the blindname corresponding to this path.
	BlindName(key *crypto.SymmetricKey) (string, error)
	// GetRepoPath returns the RepoPath inside this BlindNamePath.
	GetRepoPath() RepoPath
}

BlindNamePath represents a path that can be converted into a BlindName and exposes the necessary functions.

type CompanyDetails 

type CompanyDetails struct {
	Address    string     `json:"address"`
	City       string     `json:"city"`
	Name       string     `json:"name"`
	Country    string     `json:"country"`
	PostalCode string     `json:"postal_code"`
	TaxID      vat.Number `json:"tax_id"`
}

CompanyDetails contains the billing details of a customer's company that will be put on invoices sent to the customer.

type CompanyDetailsParams 

type CompanyDetailsParams struct {
	Address    string     `json:"address"`
	City       string     `json:"city"`
	Name       string     `json:"name"`
	Country    string     `json:"country"`
	PostalCode string     `json:"postal_code"`
	TaxID      vat.Number `json:"tax_id"` // required for EU countries, optional for non-EU countries
}

CompanyDetailsParams are used to update a customer's company details.

func (*CompanyDetailsParams) Validate 

func (p *CompanyDetailsParams) Validate() error

Validate validates the parameters.

type CreateAccessRuleRequest 

type CreateAccessRuleRequest struct {
	Permission       Permission                    `json:"permission"`
	EncryptedDirs    []EncryptedNameForNodeRequest `json:"encrypted_dirs"`
	EncryptedSecrets []SecretAccessRequest         `json:"encrypted_secrets"`
}

CreateAccessRuleRequest contains the request fields for creating an AccessRule.

func (*CreateAccessRuleRequest) Validate 

func (car *CreateAccessRuleRequest) Validate() error

Validate validates the request fields.

type CreateAccountKeyRequest 

type CreateAccountKeyRequest struct {
	EncryptedPrivateKey crypto.CiphertextRSAAES
	PublicKey           []byte
}

CreateAccountKeyRequest contains the fields to add an account_key encrypted for a credential.

func (CreateAccountKeyRequest) Validate 

func (req CreateAccountKeyRequest) Validate() error

Validate checks whether the request is valid.

type CreateCardRequest 

type CreateCardRequest struct {
	Token string `json:"token"`
}

CreateCardRequest defines the request fields for creating a new credit card.

func (CreateCardRequest) Validate 

func (r CreateCardRequest) Validate() error

Validate validates the request fields.

type CreateCredentialRequest 

type CreateCredentialRequest struct {
	Type        CredentialType `json:"type"`
	Fingerprint string         `json:"fingerprint"`
	Name        string         `json:"name,omitempty"`
	Verifier    []byte         `json:"verifier"`
}

CreateCredentialRequest contains the fields to add a credential to an account.

func (CreateCredentialRequest) Validate 

func (req CreateCredentialRequest) Validate() error

Validate validates the request fields.

type CreateDirRequest 

type CreateDirRequest struct {
	BlindName       string `json:"blind_name"`
	ParentBlindName string `json:"parent_blind_name"`

	EncryptedNames []EncryptedNameRequest `json:"encrypted_names"`
}

CreateDirRequest contains the request fields for creating a new directory.

func (*CreateDirRequest) Validate 

func (cdr *CreateDirRequest) Validate() error

Validate validates the CreateDirRequest to be valid.

type CreateFederatedUserRequest 

type CreateFederatedUserRequest struct {
	Username string `json:"username"`
}

CreateFederatedUserRequest contains the required fields for signing up with a federated user

func (CreateFederatedUserRequest) Validate 

func (req CreateFederatedUserRequest) Validate() error

Validate validates the request fields.

type CreateOrgMemberRequest 

type CreateOrgMemberRequest struct {
	Username string `json:"username"`
	Role     string `json:"role"`
}

CreateOrgMemberRequest contains the required fields for creating a user's organization membership.

func (CreateOrgMemberRequest) Validate 

func (req CreateOrgMemberRequest) Validate() error

Validate validates the request fields.

type CreateOrgRequest 

type CreateOrgRequest struct {
	Name        string `json:"name"`
	Description string `json:"description"`
}

CreateOrgRequest contains the required fields for creating an organization.

func (CreateOrgRequest) Validate 

func (req CreateOrgRequest) Validate() error

Validate validates the request fields.

type CreateRepoMemberRequest 

type CreateRepoMemberRequest struct {
	RepoEncryptionKey []byte `json:"repo_encryption_key"`
	RepoIndexKey      []byte `json:"repo_index_key"`
}

CreateRepoMemberRequest contains the required fields for adding a user to a repo.

func (CreateRepoMemberRequest) Validate 

func (req CreateRepoMemberRequest) Validate() error

Validate validates a CreateRepoMemberRequests

type CreateRepoRequest 

type CreateRepoRequest struct {
	Name       string                   `json:"name"`
	RootDir    *CreateDirRequest        `json:"root_dir"`
	RepoMember *CreateRepoMemberRequest `json:"repo_member"`
}

CreateRepoRequest contains the required fields for a Repo.

func (CreateRepoRequest) Validate 

func (crr CreateRepoRequest) Validate() error

Validate validates the request fields.

type CreateSecretKeyRequest 

type CreateSecretKeyRequest struct {
	EncryptedFor []EncryptedKeyRequest `json:"encrypted_for"`
}

CreateSecretKeyRequest contains the request fields for creating a new secret key.

func (*CreateSecretKeyRequest) Validate 

func (r *CreateSecretKeyRequest) Validate() error

Validate validates the request fields.

type CreateSecretRequest 

type CreateSecretRequest struct {
	BlindName     string               `json:"blind_name"`
	EncryptedData crypto.CiphertextAES `json:"encrypted_data"`

	EncryptedNames []EncryptedNameRequest `json:"encrypted_names"`
	EncryptedKeys  []EncryptedKeyRequest  `json:"encrypted_keys"`
}

CreateSecretRequest contains the request fields for creating a new secret, together with its first version, encrypted for accounts that need access.

func (*CreateSecretRequest) Validate 

func (csr *CreateSecretRequest) Validate() error

Validate validates the request fields.

type CreateSecretVersionRequest 

type CreateSecretVersionRequest struct {
	EncryptedData crypto.CiphertextAES `json:"encrypted_data"`
	SecretKeyID   *uuid.UUID           `json:"secret_key_id"`
}

CreateSecretVersionRequest contains the request fields for creating a secret version with a secret key.

func (*CreateSecretVersionRequest) Validate 

func (csvr *CreateSecretVersionRequest) Validate() error

Validate validates the request fields.

type CreateServiceRequest 

type CreateServiceRequest struct {
	Description string                   `json:"description"`
	Credential  *CreateCredentialRequest `json:"credential"`
	AccountKey  *CreateAccountKeyRequest `json:"account_key"`
	RepoMember  *CreateRepoMemberRequest `json:"repo_member"`
}

CreateServiceRequest contains the required fields for creating an Service.

func (CreateServiceRequest) Validate 

func (req CreateServiceRequest) Validate() error

Validate validates the request fields.

type CreateUserRequest 

type CreateUserRequest struct {
	Username   string                   `json:"username"`
	Email      string                   `json:"email"`
	FullName   string                   `json:"full_name"`
	Password   string                   `json:"password,omitempty"`
	Credential *CreateCredentialRequest `json:"credential,omitempty"`
}

CreateUserRequest contains the required fields for signing up

func (*CreateUserRequest) Validate 

func (req *CreateUserRequest) Validate() error

Validate validates the request fields.

type Credential 

type Credential struct {
	AccountID   *uuid.UUID     `json:"account_id"`
	Type        CredentialType `json:"algorithm"`
	CreatedAt   time.Time      `json:"created_at"`
	Fingerprint string         `json:"fingerprint"`
	Name        string         `json:"name"`
	Verifier    []byte         `json:"verifier"`
}

Credential is used to authenticate to the API and to encrypt the account key.

type CredentialType 

type CredentialType string

CredentialType is used to identify the type of algorithm that is used for a credential. 

const (
	CredentialTypeRSA CredentialType = "rsa"
)

Credential types

func (CredentialType) Validate 

func (a CredentialType) Validate() error

Validate validates whether the algorithm type is valid.

type CreditCard 

type CreditCard struct {
	CardID   string `json:"card_id"`
	Brand    string `json:"brand"`
	ExpMonth uint8  `json:"exp_month"`
	ExpYear  uint16 `json:"exp_year"`
	Last4    string `json:"last_4"`
}

CreditCard defines a card used for payments.

type DefaultPlans 

type DefaultPlans struct {
	Month    string `json:"month"`
	Year     string `json:"year"`
	Personal string `json:"personal"`
}

DefaultPlans defines the plan ids for default plans.

type Dir 

type Dir struct {
	DirID          *uuid.UUID `json:"dir_id"`
	BlindName      string     `json:"blind_name"`
	Name           string     `json:"name"`
	ParentID       *uuid.UUID `json:"parent_id"`
	Status         string     `json:"status"`
	CreatedAt      time.Time  `json:"created_at"`
	LastModifiedAt time.Time  `json:"last_modified_at"`
	SubDirs        []*Dir     `json:"sub_dirs"`
	Secrets        []*Secret  `json:"secrets"`
}

Dir represents an directory. A dir belongs to a repo and contains other dirs and secrets.

type DirPath 

type DirPath ParentPath

DirPath is a parse for dir paths of form :owner/:repo_name/[parents/]*:directory

func NewDirPath 

func NewDirPath(path string) (DirPath, error)

NewDirPath formats a RepoPath from an owner, repo string.

func (DirPath) BlindName 

func (dp DirPath) BlindName(key *crypto.SymmetricKey) (string, error)

BlindName returns the blind name of the DirPath.

func (DirPath) GetDirName 

func (dp DirPath) GetDirName() string

GetDirName returns the dir name.

func (DirPath) GetNamespace 

func (dp DirPath) GetNamespace() string

GetNamespace returns the namespace of the Repo.

func (DirPath) GetParentPath 

func (dp DirPath) GetParentPath() (ParentPath, error)

GetParentPath returns the parent of the directory.

func (DirPath) GetRepo 

func (dp DirPath) GetRepo() string

GetRepo returns the name of the Repo.

func (DirPath) GetRepoPath 

func (dp DirPath) GetRepoPath() RepoPath

GetRepoPath returns the namespace and repo name of the Repo.

func (DirPath) HasParentDirectory 

func (dp DirPath) HasParentDirectory() bool

HasParentDirectory returns if the DirPath has a parent directory.

func (DirPath) IsRepoPath 

func (dp DirPath) IsRepoPath() bool

IsRepoPath returns if the dir path is on repo level.

func (DirPath) JoinDir 

func (dp DirPath) JoinDir(dirName string) DirPath

JoinDir constructs a new DirPath combined by the dirPath and dirName.

func (DirPath) JoinSecret 

func (dp DirPath) JoinSecret(secretName string) SecretPath

JoinSecret constructs a new SecretPath combined by the dirPath and dirName.

func (*DirPath) Set 

func (dp *DirPath) Set(value string) error

Set implements the flag.Value interface and validates the value.

func (DirPath) String 

func (dp DirPath) String() string

String returns the dir path as a string to be used for printing.

func (DirPath) Validate 

func (dp DirPath) Validate() error

Validate validates a dir path of form :owner/:repo_name/[parents/]*:directory

func (DirPath) Value 

func (dp DirPath) Value() string

Value returns the dir path as a string to be used in communication with the client and in transportation to the server.

type EncryptedAccountKey 

type EncryptedAccountKey struct {
	Account             *Account
	PublicKey           []byte
	EncryptedPrivateKey crypto.CiphertextRSAAES
	Credential          *Credential
}

EncryptedAccountKey represents an account key encrypted with a credential.

type EncryptedDir 

type EncryptedDir struct {
	DirID          *uuid.UUID           `json:"dir_id"`
	BlindName      string               `json:"blind_name"`
	EncryptedName  crypto.CiphertextRSA `json:"encrypted_name"`
	ParentID       *uuid.UUID           `json:"parent_id"`
	Status         string               `json:"status"`
	CreatedAt      time.Time            `json:"created_at"`
	LastModifiedAt time.Time            `json:"last_modified_at"`
}

EncryptedDir represents an encrypted Dir. The names are encrypted and so are the names of SubDirs and Secrets. The secrets contain no encrypted data, only the encrypted name.

func (*EncryptedDir) Decrypt 

func (ed *EncryptedDir) Decrypt(accountKey *crypto.RSAPrivateKey) (*Dir, error)

Decrypt decrypts an EncryptedDir into a Dir.

type EncryptedKeyRequest 

type EncryptedKeyRequest struct {
	AccountID    *uuid.UUID           `json:"account_id"`
	EncryptedKey crypto.CiphertextRSA `json:"encrypted_key"`
}

EncryptedKeyRequest contains the request fields for re-encrypted for an account.

func (*EncryptedKeyRequest) Validate 

func (r *EncryptedKeyRequest) Validate() error

Validate validates the request fields.

type EncryptedNameForNodeRequest 

type EncryptedNameForNodeRequest struct {
	EncryptedNameRequest
	NodeID *uuid.UUID `json:"node_id"`
}

EncryptedNameForNodeRequest contains an EncryptedName for an Account and the corresponding NodeID.

func (EncryptedNameForNodeRequest) Validate 

func (nnr EncryptedNameForNodeRequest) Validate() error

Validate validates the EncryptedNameForNodeRequest.

type EncryptedNameRequest 

type EncryptedNameRequest struct {
	AccountID     *uuid.UUID           `json:"account_id"`
	EncryptedName crypto.CiphertextRSA `json:"encrypted_name"`
}

EncryptedNameRequest contains an EncryptedName for an Account.

func (*EncryptedNameRequest) Validate 

func (enr *EncryptedNameRequest) Validate() error

Validate validates the EncryptedNameRequest to be valid.

type EncryptedSecret 

type EncryptedSecret struct {
	SecretID      *uuid.UUID           `json:"secret_id"`
	DirID         *uuid.UUID           `json:"dir_id"`
	RepoID        *uuid.UUID           `json:"repo_id"`
	EncryptedName crypto.CiphertextRSA `json:"encrypted_name"`
	BlindName     string               `json:"blind_name"`
	VersionCount  int                  `json:"version_count"`
	LatestVersion int                  `json:"latest_version"`
	Status        string               `json:"status"`
	CreatedAt     time.Time            `json:"created_at"`
}

EncryptedSecret represents an encrypted Secret It does not contain the encrypted data. Only the encrypted name.

func (*EncryptedSecret) Decrypt 

func (es *EncryptedSecret) Decrypt(accountKey *crypto.RSAPrivateKey) (*Secret, error)

Decrypt decrypts an EncryptedSecret into a Secret.

func (*EncryptedSecret) ToAuditSubject 

func (es *EncryptedSecret) ToAuditSubject() *AuditSubject

ToAuditSubject converts an EncryptedSecret to an AuditSubject

type EncryptedSecretKey 

type EncryptedSecretKey struct {
	SecretKeyID  *uuid.UUID           `json:"secret_key_id"`
	AccountID    *uuid.UUID           `json:"account_id"`
	EncryptedKey crypto.CiphertextRSA `json:"encrypted_key"`
}

EncryptedSecretKey represents a secret key, encrypted for a specific account.

func (*EncryptedSecretKey) Decrypt 

func (k *EncryptedSecretKey) Decrypt(accountKey *crypto.RSAPrivateKey) (*SecretKey, error)

Decrypt decrypts an EncryptedSecretKey into a SecretKey.

type EncryptedSecretVersion 

type EncryptedSecretVersion struct {
	SecretVersionID *uuid.UUID            `json:"secret_version_id"`
	Secret          *EncryptedSecret      `json:"secret"`
	Version         int                   `json:"version"`
	SecretKey       *EncryptedSecretKey   `json:"secret_key,omitempty"`
	EncryptedData   *crypto.CiphertextAES `json:"encrypted_data,omitempty"`
	CreatedAt       time.Time             `json:"created_at"`
	Status          string                `json:"status"`
}

EncryptedSecretVersion represents a version of an encrypted Secret. It contains the encrypted data and the corresponding key.

func (*EncryptedSecretVersion) Decrypt 

func (esv *EncryptedSecretVersion) Decrypt(accountKey *crypto.RSAPrivateKey) (*SecretVersion, error)

Decrypt decrypts an EncryptedSecretVersion into a SecretVersion.

func (*EncryptedSecretVersion) ToAuditSubject 

func (esv *EncryptedSecretVersion) ToAuditSubject() *AuditSubject

ToAuditSubject converts a SecretVersion to an AuditSubject

type EncryptedTree 

type EncryptedTree struct {
	Directories map[uuid.UUID]*EncryptedDir
	Secrets     []*EncryptedSecret
}

EncryptedTree can construct a full tree at a certain path. It contains all dirs and secrets.

func (EncryptedTree) Decrypt 

func (t EncryptedTree) Decrypt(accountKey *crypto.RSAPrivateKey) (*Tree, error)

Decrypt decrypts and constructs a tree of the directories and secrets. Decrypt does not set the ParentPath.

func (EncryptedTree) DecryptContents 

func (t EncryptedTree) DecryptContents(accountKey *crypto.RSAPrivateKey) ([]*Dir, []*Secret, error)

DecryptContents decrypts every directory and Secret.

type Feature 

type Feature struct {
	Name        string `json:"name"`
	Description string `json:"description"`
}

Feature defines a product feature included in billing plans.

type FixedFee 

type FixedFee struct {
	Name     string `json:"name"`
	Interval string `json:"interval"`
	Price    int64  `json:"price"`
}

FixedFee defines a fixed price for a subscription billed at a given interval.

type InviteUserRequest 

type InviteUserRequest struct {
	AccountID  *uuid.UUID               `json:"account_id"`
	RepoMember *CreateRepoMemberRequest `json:"repo_member"`
}

InviteUserRequest contains the required fields for inviting a user to a repo.

func (InviteUserRequest) Validate 

func (req InviteUserRequest) Validate() error

Validate validates a InviteUserRequest

type MeteredFee 

type MeteredFee struct {
	Name     string        `json:"name"`
	Interval string        `json:"interval"`
	Tiers    []MeteredTier `json:"tiers"`
}

MeteredFee defines a metered price for a subscription billed at a given interval, per units defined in the tiers.

type MeteredTier 

type MeteredTier struct {
	Price int64 `json:"price"`
	UpTo  int64 `json:"up_to"`
}

MeteredTier defines a price per unit up to a given number of units.

type Namespace 

type Namespace ParentPath

Namespace represents a namespace

func (*Namespace) Set 

func (n *Namespace) Set(value string) error

Set implements the flag.Value interface and validates the value.

func (Namespace) String 

func (n Namespace) String() string

String returns the namespace as a string to be used for printing.

func (Namespace) Validate 

func (n Namespace) Validate() error

Validate verifies whether the Namespace is valid

func (Namespace) Value 

func (n Namespace) Value() string

Value returns the namespace as a string to be used in communication with the client and in transportation to the server.

type NamespaceDetails 

type NamespaceDetails struct {
	Name         string        `json:"name"`
	MemberCount  int           `json:"member_count"`
	RepoCount    int           `json:"repo_count"`
	SecretCount  int           `json:"secret_count"`
	Subscription *Subscription `json:"subscription"`
}

NamespaceDetails defines a user or organization namespace. TODO: rename this to Namespace currently claimed in paths.go

type Org 

type Org struct {
	OrgID       *uuid.UUID   `json:"org_id"`
	Name        string       `json:"name"`
	Description string       `json:"description"`
	CreatedAt   time.Time    `json:"created_at"`
	Members     []*OrgMember `json:"members,omitempty"`
}

Org represents an organization account on SecretHub

type OrgMember 

type OrgMember struct {
	OrgID         *uuid.UUID `json:"org_id"`
	AccountID     *uuid.UUID `json:"account_id"`
	Role          string     `json:"role"`
	CreatedAt     time.Time  `json:"created_at"`
	LastChangedAt time.Time  `json:"last_changed_at"`
	User          *User      `json:"user,omitempty"`
}

OrgMember represents a user's membership of an organization.

type OrgName 

type OrgName Namespace

OrgName is the name of an organization.

func (OrgName) Namespace 

func (n OrgName) Namespace() Namespace

Namespace returns the OrgName as a Namespace.

func (*OrgName) Set 

func (n *OrgName) Set(value string) error

Set implements the flag.Value interface and validates the value.

func (OrgName) String 

func (n OrgName) String() string

String returns the organisation's name as a string to be used for printing.

func (OrgName) Value 

func (n OrgName) Value() string

Value returns the organisation's name as a string to be used in communication with the client and in transportation to the server.

type ParentPath 

type ParentPath Path

ParentPath is a path to a namespace, repo or directory. This is used for generic blind name generation.

func (ParentPath) BlindName 

func (pp ParentPath) BlindName(key *crypto.SymmetricKey) (string, error)

BlindName generates the BlindName of the ParentPath.

func (ParentPath) GetRepoPath 

func (pp ParentPath) GetRepoPath() RepoPath

GetRepoPath returns the RepoPath of the ParentPath.

func (ParentPath) HasParentPath 

func (pp ParentPath) HasParentPath() bool

HasParentPath checks if the ParentPath has a path or if it is the repo path.

func (ParentPath) JoinDir 

func (pp ParentPath) JoinDir(dirName string) DirPath

JoinDir constructs a new DirPath combined by the ParentPath and dirName.

func (ParentPath) String 

func (pp ParentPath) String() string

type Path 

type Path string

Path represents a path to either a namespace, a repo, a directory, or a secret

func NewPath 

func NewPath(path string) (Path, error)

NewPath creates a new Path and validates whether it is valid

func (Path) HasVersion 

func (p Path) HasVersion() bool

HasVersion returns if the path has a version. Only SecretPath has versions, so if has a version it is a SecretPath.

func (*Path) Set 

func (p *Path) Set(value string) error

Set implements the flag.Value interface and validates the value.

func (Path) String 

func (p Path) String() string

String converts the Path to a string

func (Path) ToDirPath 

func (p Path) ToDirPath() (DirPath, error)

ToDirPath tries to convert the path to a valid DirPath

func (Path) ToNamespace 

func (p Path) ToNamespace() (Namespace, error)

ToNamespace tries to convert the Path to a valid Namespace

func (Path) ToRepoPath 

func (p Path) ToRepoPath() (RepoPath, error)

ToRepoPath tries to convert the Path to a valid RepoPath

func (Path) ToSecretPath 

func (p Path) ToSecretPath() (SecretPath, error)

ToSecretPath tries to convert the Path to a valid SecretPath

func (*Path) Validate 

func (p *Path) Validate() error

Validate checks whether the Path is either a valid SecretPath, DirPath, RepoPath or Namespace

type Permission 

type Permission int

Permission defines what kind of access an access rule grants or a access level has. 

const (
	PermissionNone Permission = iota
	PermissionRead
	PermissionWrite
	PermissionAdmin
)

The different Permission options.

func (*Permission) Set 

func (al *Permission) Set(value string) error

Set sets the Permission to the value.

func (Permission) String 

func (al Permission) String() string

type Pricing 

type Pricing struct {
	AnnualDiscountLabel string             `json:"annual_discount_label"`
	DefaultPlans        *DefaultPlans      `json:"default_plans"`
	Features            map[string]Feature `json:"features"`
	Plans               []*BillingPlan     `json:"plans"`
}

Pricing defines the pricing scheme of SecretHub, with all the plans customers can subscribe to.

type Repo 

type Repo struct {
	RepoID         *uuid.UUID `json:"repo_id"`
	Owner          string     `json:"owner"`
	Name           string     `json:"name"`
	CreatedAt      *time.Time `json:"created_at"`
	LastModifiedAt *time.Time `json:"last_modified_at"`
	Status         string     `json:"status"`
	SecretCount    int        `json:"secret_count,omitempty"`
	MemberCount    int        `json:"member_count,omitempty"`
}

Repo represents a repo on SecretHub.

func (Repo) Path 

func (r Repo) Path() RepoPath

Path returns the full repository path.

func (Repo) ToAuditSubject 

func (r Repo) ToAuditSubject() *AuditSubject

ToAuditSubject converts a Repo to an AuditSubject

func (Repo) Trim 

func (r Repo) Trim() *Repo

Trim removes all non-essential fields from Repo for output

type RepoKeys 

type RepoKeys struct {
	RepoEncryptionKey []byte `json:"repo_encryption_key"`
	RepoIndexKey      []byte `json:"repo_index_key"`
}

RepoKeys contains the response with the repo key.

type RepoMember 

type RepoMember struct {
	RepoID    *uuid.UUID `json:"repo_id"`
	AccountID *uuid.UUID `json:"account_id"`
	CreatedAt time.Time  `json:"created_at"`
}

RepoMember represents a member of a SecretHub repo.

type RepoPath 

type RepoPath ParentPath

RepoPath is a parse for repo paths of form :owner/:repo_name

func NewRepoPath 

func NewRepoPath(path string) (RepoPath, error)

NewRepoPath formats a RepoPath from an owner and repo.

func (RepoPath) BlindName 

func (rp RepoPath) BlindName(key *crypto.SymmetricKey) (string, error)

BlindName returns the blind name of the DirPath.

func (RepoPath) GetDirPath 

func (rp RepoPath) GetDirPath() DirPath

GetDirPath converts this repoPath into a DirPath. This should be valid.

func (RepoPath) GetNamespace 

func (rp RepoPath) GetNamespace() string

GetNamespace returns the namespace of the Repo.

func (RepoPath) GetNamespaceAndRepoName 

func (rp RepoPath) GetNamespaceAndRepoName() (string, string)

GetNamespaceAndRepoName returns the namespace and repo name of the Repo.

func (RepoPath) GetRepo 

func (rp RepoPath) GetRepo() string

GetRepo returns the name of the Repo.

func (RepoPath) GetRepoPath 

func (rp RepoPath) GetRepoPath() RepoPath

GetRepoPath gets the RepoPath from the RepoPath. This function only works on validated RepoPaths. This is necessary to implement BlindNamePath interface.

func (*RepoPath) Set 

func (rp *RepoPath) Set(value string) error

Set implements the flag.Value interface and validates the value.

func (RepoPath) String 

func (rp RepoPath) String() string

String returns the repository's path as a string to be used for printing.

func (RepoPath) Validate 

func (rp RepoPath) Validate() error

Validate validates a repo path of form :owner/:repo_name

func (RepoPath) Value 

func (rp RepoPath) Value() string

Value returns the repository's path as a string to be used in communication with the client and in transportation to the server.

type RevokeOpts 

type RevokeOpts struct {
	DryRun bool `url:"dry_run"` // Dry performs a dry run without actually revoking the account.
}

RevokeOpts contains optional query parameters for revoke requests.

func (*RevokeOpts) Unmarshal 

func (o *RevokeOpts) Unmarshal(values url.Values)

Unmarshal decodes url.Values into the options struct, setting default values if not present in the query values. TODO SHDEV-817: refactor this to a more extendable mechanism.

func (RevokeOpts) Values 

func (o RevokeOpts) Values() (url.Values, error)

Values returns the url.Values encoding of the options.

type RevokeOrgResponse 

type RevokeOrgResponse struct {
	DryRun       bool                  `json:"dry"` // Dry indicates whether it was a dry run or not.
	Repos        []*RevokeRepoResponse `json:"repos"`
	StatusCounts map[string]int        `json:"status_counts"` // StatusCounts contains aggregate counts of the repos the account is revoked from.
}

RevokeOrgResponse is returned as the effect of revoking an account from a repository.

type RevokeRepoResponse 

type RevokeRepoResponse struct {
	Namespace                 string `json:"namespace"` // Added for display purposes
	Name                      string `json:"name"`      // Added for display purposes
	Status                    string `json:"status"`
	RevokedSecretVersionCount int    `json:"revoked_secret_version_count"`
	RevokedSecretKeyCount     int    `json:"revoked_secret_key_count"`
}

RevokeRepoResponse is returned as the effect of revoking an account from a repo.

type RevokeResponse 

type RevokeResponse struct {
	RevokedSecretVersions []*EncryptedSecretVersion `json:"revoked_secret_versions"`
	RevokedSecretKeys     []*SecretKey              `json:"revoked_secret_keys"`
}

RevokeResponse is returned when a revoke command is executed.

type Secret 

type Secret struct {
	SecretID      *uuid.UUID `json:"secret_id"`
	DirID         *uuid.UUID `json:"dir_id"`
	RepoID        *uuid.UUID `json:"repo_id"`
	Name          string     `json:"name"`
	BlindName     string     `json:"blind_name"`
	VersionCount  int        `json:"version_count"`
	LatestVersion int        `json:"latest_version"`
	Status        string     `json:"status"`
	CreatedAt     time.Time  `json:"created_at"`
}

Secret represents a decrypted secret in SecretHub.

func (*Secret) HasName 

func (s *Secret) HasName(name string) bool

HasName returns true when the secret version has the exact name.

type SecretAccessRequest 

type SecretAccessRequest struct {
	Name EncryptedNameForNodeRequest `json:"name_member"`
	Keys []SecretKeyMemberRequest    `json:"keys"`
}

SecretAccessRequest contains the request fields to grant an account access to a secret.

func (*SecretAccessRequest) Validate 

func (r *SecretAccessRequest) Validate() error

Validate validates the request fields.

type SecretKey 

type SecretKey struct {
	SecretKeyID *uuid.UUID           `json:"secret_key_id"`
	AccountID   *uuid.UUID           `json:"account_id"`
	Key         *crypto.SymmetricKey `json:"key"`
}

SecretKey represents a secret key that is intended to be used by a specific account.

func (*SecretKey) ToAuditSubject 

func (sk *SecretKey) ToAuditSubject() *AuditSubject

ToAuditSubject converts a SecretKey to an AuditSubject

type SecretKeyMemberRequest 

type SecretKeyMemberRequest struct {
	AccountID    *uuid.UUID           `json:"account_id"`
	SecretKeyID  *uuid.UUID           `json:"secret_key_id"`
	EncryptedKey crypto.CiphertextRSA `json:"encrypted_key"`
}

SecretKeyMemberRequest contains the request fields to grant access to a secret key.

func (*SecretKeyMemberRequest) Validate 

func (skmr *SecretKeyMemberRequest) Validate() error

Validate validates the request fields.

type SecretPath 

type SecretPath string

SecretPath is a custom type for secret paths of form :owner/:repo_name/:secret

func NewSecretPath 

func NewSecretPath(path string) (SecretPath, error)

NewSecretPath formats a SecretPath from an owner, repo, and a secret.

func (SecretPath) AddVersion 

func (sp SecretPath) AddVersion(version int) (SecretPath, error)

AddVersion adds a version to a SecretPath and returns this path.

func (SecretPath) BlindName 

func (sp SecretPath) BlindName(key *crypto.SymmetricKey) (string, error)

BlindName converts a SecretPath to a blindname. BlindName ignores the Secret Version.

func (SecretPath) GetNamespace 

func (sp SecretPath) GetNamespace() string

GetNamespace returns the namespace in the SecretPath.

func (SecretPath) GetParentPath 

func (sp SecretPath) GetParentPath() (ParentPath, error)

GetParentPath gets the DirPath from the SecretPath.

func (SecretPath) GetRepo 

func (sp SecretPath) GetRepo() string

GetRepo returns the repo name in the SecretPath.

func (SecretPath) GetRepoPath 

func (sp SecretPath) GetRepoPath() RepoPath

GetRepoPath gets the RepoPath from the SecretPath. This function only works on validated SecretPaths.

func (SecretPath) GetSecret 

func (sp SecretPath) GetSecret() string

GetSecret gets the secret name from the path.

func (SecretPath) GetVersion 

func (sp SecretPath) GetVersion() (string, error)

GetVersion gets the version from the path.

func (SecretPath) HasVersion 

func (sp SecretPath) HasVersion() bool

HasVersion returns whether there is a version specified in the path.

func (*SecretPath) Set 

func (sp *SecretPath) Set(value string) error

Set implements the flag.Value interface and validates the value.

func (SecretPath) String 

func (sp SecretPath) String() string

String returns the secret path as a string to be used for printing.

func (SecretPath) Validate 

func (sp SecretPath) Validate() error

Validate validates a Secret path.

func (SecretPath) Value 

func (sp SecretPath) Value() string

Value returns the secret path as a string to be used in communication with the client and in transportation to the server.

type SecretVersion 

type SecretVersion struct {
	SecretVersionID *uuid.UUID `json:"secret_version_id"`
	Secret          *Secret    `json:"secret"`
	Version         int        `json:"version"`
	SecretKey       *SecretKey `json:"secret_key,omitempty"`
	Data            []byte     `json:"data,omitempty"`
	CreatedAt       time.Time  `json:"created_at"`
	Status          string     `json:"status"`
}

SecretVersion represents a version of a Secret without any encrypted data.

func (*SecretVersion) IsLatest 

func (sv *SecretVersion) IsLatest() bool

IsLatest returns true when the secret version is the latest version of the secret.

func (*SecretVersion) Name 

func (sv *SecretVersion) Name() string

Name returns the secret name:version

type Service 

type Service struct {
	AccountID   *uuid.UUID `json:"account_id"`
	ServiceID   string     `json:"service_id"`
	Repo        *Repo      `json:"repo"`
	Description string     `json:"description"`
	CreatedBy   *uuid.UUID `json:"created_by,omitempty"`
}

Service represents a service account on SecretHub.

func (Service) ToAuditActor 

func (a Service) ToAuditActor() *AuditActor

ToAuditActor converts an Service to an AuditActor

func (Service) ToAuditSubject 

func (a Service) ToAuditSubject() *AuditSubject

ToAuditSubject converts an Service to an AuditSubject

func (Service) Trim 

func (a Service) Trim() *Service

Trim removes all non-essential fields from Service for output

type SortAccessLevels 

type SortAccessLevels []*AccessLevel

SortAccessLevels sorts a list of AccessLevels first by the permission and then by the account name.

func (SortAccessLevels) Len 

func (s SortAccessLevels) Len() int

func (SortAccessLevels) Less 

func (s SortAccessLevels) Less(i, j int) bool

func (SortAccessLevels) Swap 

func (s SortAccessLevels) Swap(i, j int)

type SortAccessRules 

type SortAccessRules []*AccessRule

SortAccessRules makes a list of AccessRules sortable. Sort order: Permission (high to low), AccountName (natural)

func (SortAccessRules) Len 

func (s SortAccessRules) Len() int

func (SortAccessRules) Less 

func (s SortAccessRules) Less(i, j int) bool

func (SortAccessRules) Swap 

func (s SortAccessRules) Swap(i, j int)

type SortDirByName 

type SortDirByName []*Dir

SortDirByName makes a list of Dir sortable.

func (SortDirByName) Len 

func (d SortDirByName) Len() int

func (SortDirByName) Less 

func (d SortDirByName) Less(i, j int) bool

func (SortDirByName) Swap 

func (d SortDirByName) Swap(i, j int)

type SortDirPaths 

type SortDirPaths []DirPath

SortDirPaths makes a slice of dir paths sortable.

func (SortDirPaths) Len 

func (s SortDirPaths) Len() int

func (SortDirPaths) Less 

func (s SortDirPaths) Less(i, j int) bool

func (SortDirPaths) Swap 

func (s SortDirPaths) Swap(i, j int)

type SortOrgByName 

type SortOrgByName []*Org

SortOrgByName makes a list of orgs sortable.

func (SortOrgByName) Len 

func (s SortOrgByName) Len() int

func (SortOrgByName) Less 

func (s SortOrgByName) Less(i, j int) bool

func (SortOrgByName) Swap 

func (s SortOrgByName) Swap(i, j int)

type SortOrgMemberByUsername 

type SortOrgMemberByUsername []*OrgMember

SortOrgMemberByUsername makes a list of org members sortable.

func (SortOrgMemberByUsername) Len 

func (s SortOrgMemberByUsername) Len() int

func (SortOrgMemberByUsername) Less 

func (s SortOrgMemberByUsername) Less(i, j int) bool

func (SortOrgMemberByUsername) Swap 

func (s SortOrgMemberByUsername) Swap(i, j int)

type SortRepoByName 

type SortRepoByName []*Repo

SortRepoByName makes a list of repos sortable.

func (SortRepoByName) Len 

func (r SortRepoByName) Len() int

func (SortRepoByName) Less 

func (r SortRepoByName) Less(i, j int) bool

func (SortRepoByName) Swap 

func (r SortRepoByName) Swap(i, j int)

type SortSecretByName 

type SortSecretByName []*Secret

SortSecretByName makes a list of Secret sortable.

func (SortSecretByName) Len 

func (s SortSecretByName) Len() int

func (SortSecretByName) Less 

func (s SortSecretByName) Less(i, j int) bool

func (SortSecretByName) Swap 

func (s SortSecretByName) Swap(i, j int)

type Subscription 

type Subscription struct {
	Plan       *BillingPlan       `json:"plan"`
	Fees       []*SubscriptionFee `json:"fees"`
	TaxPercent float64            `json:"tax_percent"`
}

Subscription defines a billing plan a customer has subscribed to.

type SubscriptionFee 

type SubscriptionFee struct {
	Name               string `json:"name"`
	Status             string `json:"status"`
	CurrentPeriodEnd   int64  `json:"current_period_end"`
	CurrentPeriodStart int64  `json:"current_period_start"`
	TrialEnd           int64  `json:"trial_end"`
	TrialStart         int64  `json:"trial_start"`
}

SubscriptionFee defines a fee included in a subscription, which the customer will be billed for. Each fee has their own charge and billing cycle.

type Tree 

type Tree struct {
	ParentPath ParentPath
	RootDir    *Dir
	Dirs       map[uuid.UUID]*Dir
	Secrets    map[uuid.UUID]*Secret
}

Tree contains a full tree from the RootDir and all dirs and secrets. ParentPath is used to construct absolute paths. ParentPath is the path to the parent of the root dir, eg: For namespace/repo/parent/rootdir => namespace/repo/parent

func (Tree) AbsDirPath 

func (t Tree) AbsDirPath(dirID *uuid.UUID) (DirPath, error)

AbsDirPath returns the full path of dir This function makes the assumption that only the root dir has no parentID. If not, an error will occur.

func (Tree) AbsSecretPath 

func (t Tree) AbsSecretPath(secretID *uuid.UUID) (*SecretPath, error)

AbsSecretPath returns the full path of secret. This function makes the assumption that every secret has a ParentDir.  If not, an error will occur.

func (Tree) DirCount 

func (t Tree) DirCount() int

DirCount returns the number of directories inside the tree. This does not include the root directory.

func (Tree) SecretCount 

func (t Tree) SecretCount() int

SecretCount returns the number of secrets contained in the tree.

type UpdateAccessRuleRequest 

type UpdateAccessRuleRequest struct {
	Permission Permission `json:"permission"`
}

UpdateAccessRuleRequest contains the request fields for updating an AccessRule.

func (*UpdateAccessRuleRequest) Validate 

func (uar *UpdateAccessRuleRequest) Validate() error

Validate validates the request fields.

type UpdateOrgMemberRequest 

type UpdateOrgMemberRequest struct {
	Role string `json:"role"`
}

UpdateOrgMemberRequest contains the required fields for updating a user's organization membership.

func (UpdateOrgMemberRequest) Validate 

func (req UpdateOrgMemberRequest) Validate() error

Validate validates the request fields.

type UpdateSubscriptionRequest 

type UpdateSubscriptionRequest struct {
	PlanID string `json:"plan_id"`
}

UpdateSubscriptionRequest defines a request for adding or updating a subscription.

func (UpdateSubscriptionRequest) Validate 

func (r UpdateSubscriptionRequest) Validate() error

Validate validates a UpdateSubscriptionRequest

type User 

type User struct {
	AccountID   *uuid.UUID `json:"account_id"`
	PublicKey   []byte     `json:"public_key"`
	Username    string     `json:"username"`
	FullName    string     `json:"full_name"`
	Email       string     `json:"user_email,omitempty"`    // Optional, private information is only returned for yourself
	CreatedAt   *time.Time `json:"created_at,omitempty"`    // Optional, private information is only returned for yourself
	LastLoginAt *time.Time `json:"last_login_at,omitempty"` // Optional, private information is only returned for yourself
}

User represents a SecretHub user.

func (User) PrettyName 

func (u User) PrettyName() string

PrettyName returns a printable string with the username and full name.

func (User) ToAuditActor 

func (u User) ToAuditActor() *AuditActor

ToAuditActor converts a User to an AuditActor

func (User) ToAuditSubject 

func (u User) ToAuditSubject() *AuditSubject

ToAuditSubject converts a User to an AuditSubject

func (User) Trim 

func (u User) Trim() *User

Trim removes all non-essential fields from User for output

Source Files

View all Source files

Directories

Path Synopsis
Package uuid is a utility package to standardize and abstract away how UUIDs are generated and used.
 Package uuid is a utility package to standardize and abstract away how UUIDs are generated and used.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.