Documentation ¶
Index ¶
- Constants
- Variables
- func ValidateAccountName(name string) error
- func ValidateBlindName(blindName string) error
- func ValidateDirPath(path string) error
- func ValidateEmail(email string) error
- func ValidateFullName(fullName string) error
- func ValidateNamespace(namespace string) error
- func ValidateOrgDescription(description string) error
- func ValidateOrgName(name string) error
- func ValidateOrgRole(role string) error
- func ValidateRepoName(name string) error
- func ValidateRepoPath(path string) error
- func ValidateSecretName(name string) error
- func ValidateSecretPath(path string) error
- func ValidateServiceDescription(description string) error
- func ValidateServiceID(serviceID string) error
- func ValidateUsername(username string) error
- type AccessLevel
- type AccessRule
- type Account
- type AccountName
- type Audit
- type AuditAction
- type AuditActor
- type AuditSubject
- type AuditSubjectType
- type AuditSubjectTypeList
- type BillingInfo
- type BillingInfoParams
- type BillingPlan
- type BillingPlanType
- type BlindNamePath
- type CompanyDetails
- type CompanyDetailsParams
- type CreateAccessRuleRequest
- type CreateAccountKeyRequest
- type CreateCardRequest
- type CreateCredentialRequest
- type CreateDirRequest
- type CreateFederatedUserRequest
- type CreateOrgMemberRequest
- type CreateOrgRequest
- type CreateRepoMemberRequest
- type CreateRepoRequest
- type CreateSecretKeyRequest
- type CreateSecretRequest
- type CreateSecretVersionRequest
- type CreateServiceRequest
- type CreateUserRequest
- type Credential
- type CredentialType
- type CreditCard
- type DefaultPlans
- type Dir
- type DirPath
- func (dp DirPath) BlindName(key *crypto.SymmetricKey) (string, error)
- func (dp DirPath) GetDirName() string
- func (dp DirPath) GetNamespace() string
- func (dp DirPath) GetParentPath() (ParentPath, error)
- func (dp DirPath) GetRepo() string
- func (dp DirPath) GetRepoPath() RepoPath
- func (dp DirPath) HasParentDirectory() bool
- func (dp DirPath) IsRepoPath() bool
- func (dp DirPath) JoinDir(dirName string) DirPath
- func (dp DirPath) JoinSecret(secretName string) SecretPath
- func (dp *DirPath) Set(value string) error
- func (dp DirPath) String() string
- func (dp DirPath) Validate() error
- func (dp DirPath) Value() string
- type EncryptedAccountKey
- type EncryptedDir
- type EncryptedKeyRequest
- type EncryptedNameForNodeRequest
- type EncryptedNameRequest
- type EncryptedSecret
- type EncryptedSecretKey
- type EncryptedSecretVersion
- type EncryptedTree
- type Feature
- type FixedFee
- type InviteUserRequest
- type MeteredFee
- type MeteredTier
- type Namespace
- type NamespaceDetails
- type Org
- type OrgMember
- type OrgName
- type ParentPath
- type Path
- func (p Path) HasVersion() bool
- func (p *Path) Set(value string) error
- func (p Path) String() string
- func (p Path) ToDirPath() (DirPath, error)
- func (p Path) ToNamespace() (Namespace, error)
- func (p Path) ToRepoPath() (RepoPath, error)
- func (p Path) ToSecretPath() (SecretPath, error)
- func (p *Path) Validate() error
- type Permission
- type Pricing
- type Repo
- type RepoKeys
- type RepoMember
- type RepoPath
- func (rp RepoPath) BlindName(key *crypto.SymmetricKey) (string, error)
- func (rp RepoPath) GetDirPath() DirPath
- func (rp RepoPath) GetNamespace() string
- func (rp RepoPath) GetNamespaceAndRepoName() (string, string)
- func (rp RepoPath) GetRepo() string
- func (rp RepoPath) GetRepoPath() RepoPath
- func (rp *RepoPath) Set(value string) error
- func (rp RepoPath) String() string
- func (rp RepoPath) Validate() error
- func (rp RepoPath) Value() string
- type RevokeOpts
- type RevokeOrgResponse
- type RevokeRepoResponse
- type RevokeResponse
- type Secret
- type SecretAccessRequest
- type SecretKey
- type SecretKeyMemberRequest
- type SecretPath
- func (sp SecretPath) AddVersion(version int) (SecretPath, error)
- func (sp SecretPath) BlindName(key *crypto.SymmetricKey) (string, error)
- func (sp SecretPath) GetNamespace() string
- func (sp SecretPath) GetParentPath() (ParentPath, error)
- func (sp SecretPath) GetRepo() string
- func (sp SecretPath) GetRepoPath() RepoPath
- func (sp SecretPath) GetSecret() string
- func (sp SecretPath) GetVersion() (string, error)
- func (sp SecretPath) HasVersion() bool
- func (sp *SecretPath) Set(value string) error
- func (sp SecretPath) String() string
- func (sp SecretPath) Validate() error
- func (sp SecretPath) Value() string
- type SecretVersion
- type Service
- type SortAccessLevels
- type SortAccessRules
- type SortDirByName
- type SortDirPaths
- type SortOrgByName
- type SortOrgMemberByUsername
- type SortRepoByName
- type SortSecretByName
- type Subscription
- type SubscriptionFee
- type Tree
- type UpdateAccessRuleRequest
- type UpdateOrgMemberRequest
- type UpdateSubscriptionRequest
- type User
Constants ¶
const ( AuditSubjectAccount = "account" AuditSubjectUser = "user" AuditSubjectService = "service" AuditSubjectSecret = "secret" AuditSubjectSecretVersion = "secret_version" AuditSubjectSecretKey = "secret_key" AuditSubjectSecretMember = "permission" AuditSubjectRepo = "repo" AuditSubjectRepoMember = "repo_member" AuditSubjectRepoKey = "repo_key" )
The different options for an AuditSubjectType.
const ( OrgRoleAdmin = "admin" OrgRoleMember = "member" )
Roles
const ( // StatusOK signals everything is in order. StatusOK = "ok" // StatusFlagged signals that a resource should be considered compromised and should be rotated/no longer used. StatusFlagged = "flagged" // StatusFailed signals that revocation cannot complete. StatusFailed = "failed" )
Status Constants
const ( // MaxEncryptedSecretSize is the maximum size of EncryptedSecretVersion.EncryptedData. MaxEncryptedSecretSize = (512*4/3 + 5) * units.KiB // 512 KiB corrected for base64 overhead (4/3) and metadata )
Variables ¶
var ( ErrInvalidAccountName = errAPI.Code("invalid_account_name").Error("An account name either needs to be an username or a servicename") ErrInvalidKeyID = errAPI.Code("invalid_key_id").Error("id of the provided account key is invalid") ServiceNamePrefix = "s-" )
Errors
var ( ErrAccountNotKeyed = errAPI.Code("account_not_keyed").StatusError("User has not yet keyed their account", http.StatusBadRequest) ErrAccountKeyNotFound = errAPI.Code("account_key_not_found").StatusError("User has not yet keyed their account", http.StatusNotFound) )
Errors
var ( ErrInvalidSecretID = errAPI.Code("invalid_secret_id").StatusError("invalid secret id", http.StatusBadRequest) ErrInvalidDirID = errAPI.Code("invalid_dir_id").StatusError("invalid directory id", http.StatusBadRequest) ErrAccessRuleAlreadyExists = errAPI.Code("access_rule_already_exists").StatusError("access rule already exists", http.StatusConflict) ErrAccessRuleNotFound = errAPI.Code("access_rule_not_found").StatusError("access rule not found", http.StatusNotFound) )
Errors
var ( ErrInvalidCardToken = errAPI.Code("invalid_card_token").StatusError("invalid card token given", http.StatusBadRequest) ErrInvalidCardID = errAPI.Code("invalid_card_id").StatusError("invalid card_id given", http.StatusBadRequest) ErrInvalidPlanID = errAPI.Code("invalid_plan_id").StatusError("invalid plan_id given", http.StatusBadRequest) ErrTaxIDRequired = errAPI.Code("tax_id_required").StatusError("for EU countries a tax_id is required", http.StatusBadRequest) ErrAddressDoesNotMatchTaxCountry = errAPI.Code("countries_mismatch").StatusError("address country does not match tax country", http.StatusBadRequest) )
Errors
var ( ErrUnknownAlgorithm = errAPI.Code("unknown_algorithm").Error("algorithm of the encoded ciphertext is invalid") ErrInvalidCiphertext = errAPI.Code("invalid_ciphertext").Error("cannot encode invalid ciphertext") ErrInvalidMetadata = errAPI.Code("invalid_metadata").Error("metadata of encrypted key is invalid") )
Errors These will be removed after the next server-release, as they are then no longer returned from the server.
var ( ErrInvalidFingerprint = errAPI.Code("invalid_fingerprint").StatusError("fingerprint is invalid", http.StatusBadRequest) ErrInvalidVerifier = errAPI.Code("invalid_verifier").StatusError("verifier is invalid", http.StatusBadRequest) ErrInvalidAlgorithm = errAPI.Code("invalid_algorithm").StatusError("algorithm is invalid", http.StatusBadRequest) )
Errors
var ( ErrInvalidDirName = errAPI.Code("invalid_dir_name").StatusError( "directory names must be between 2 and 32 characters long and "+ "may only contain letters, numbers, dashes (-), underscores (_), and dots (.)", http.StatusBadRequest, ) ErrInvalidDirBlindName = errAPI.Code("invalid_dir_blind_name").StatusErrorf("directory blind name is invalid: %s", http.StatusBadRequest, ErrInvalidBlindName) ErrInvalidParentBlindName = errAPI.Code("invalid_parent_blind_name").StatusErrorf("directory parent blind name is invalid: %s", http.StatusBadRequest, ErrInvalidBlindName) )
Errors
var ( ErrParentDirNotAvailable = errAPI.Code("parent_dir_not_available").StatusError("the parent directory is not available in EncryptedTree", http.StatusInternalServerError) ErrMultipleRootDirs = errAPI.Code("multiple_root_dirs").StatusError("there are multiple root directories possible", http.StatusInternalServerError) )
Errors
var ( ErrInvalidSecretPath = errAPI.Code("invalid_secret_path").ErrorPref("secret path must be of the form <namespace>/<repo>[/<dir-path>]/<secret> got '%s'") ErrInvalidRepoPath = errAPI.Code("invalid_repo_path").ErrorPref("repo path must be of the form <namespace>/<repo> got '%s'") ErrInvalidDirPath = errAPI.Code("invalid_dir_path").ErrorPref("dir path must be of the form <namespace>/<repo>[/<dir-path>] got '%s'") ErrInvalidNamespace = errAPI.Code("invalid_namespace").Error("namespace must be a valid username") ErrInvalidPath = errAPI.Code("invalid_path").Error("path is not a reference to a namespace, a repository, a directory, or a secret") ErrInvalidPathType = errAPI.Code("invalid_path_type").Error("using an unknown path type") ErrPathAlreadyHasVersion = errAPI.Code("path_already_has_version").Error("this secret path already has a version") ErrPathHasNoVersion = errAPI.Code("path_has_no_version").Error("this secret path requires a version") ErrParentPathOnInvalidPath = errAPI.Code("parent_path_on_invalid_path").ErrorPref("retrieving a parent path on an invalid path: %s") )
Errors
var ( ErrInvalidOrgName = errAPI.Code("invalid_org_name").StatusError( "organization names must be between 3 and 32 characters long and "+ "may only contain letters, numbers, dashes (-), underscores (_), and dots (.)", http.StatusBadRequest, ) ErrOrgNameMustContainAlphanumeric = errAPI.Code("org_name_must_contain_alphanumeric").StatusError( "organization names must contain at least one alphanumeric character ", http.StatusBadRequest, ) ErrInvalidDescription = errAPI.Code("invalid_description").StatusError( "descriptions have a maximum length of 144 characters "+ "and may only contain (special) letters, numbers, spaces, and punctuation characters", http.StatusBadRequest, ) ErrInvalidBlindName = errAPI.Code("invalid_blind_name").StatusError("The blind name is not a 256 bits string encoded with URL safe base64", http.StatusBadRequest) ErrInvalidDirPermission = errAPI.Code("invalid_dir_permission").StatusError( "directory permission may only consist of up to 3 unique letters r (read), w (write), and a (admin)", http.StatusBadRequest, ) ErrInvalidDirRole = errAPI.Code("invalid_dir_role").StatusError( "directory roles must be either read, write, or admin", http.StatusBadRequest, ) )
Errors
var ( ErrInvalidRepoName = errAPI.Code("invalid_repo_name").StatusError( "repo names must be between 1 and 32 characters long and "+ "may only contain letters, numbers, dashes (-), underscores (_), and dots (.)", http.StatusBadRequest, ) ErrInvalidRepoEncryptionKey = errAPI.Code("invalid_repo_encryption_key").StatusError("repo encryption key is invalid", http.StatusBadRequest) ErrInvalidRepoIndexKey = errAPI.Code("invalid_repo_index_key").StatusError("repo index key is invalid", http.StatusBadRequest) ErrInvalidAccountID = errAPI.Code("invalid_account_id").StatusError("account id is invalid", http.StatusBadRequest) ErrInvalidSecretMemberAccountID = errAPI.Code("invalid_secret_member_account_id").StatusError("account id of secret member does not correspond to the account id of the invited user", http.StatusBadRequest) ErrInvalidSecretKeyMemberAccountID = errAPI.Code("invalid_secret_key_member_account_id").StatusError("account id of secret key member does not correspond to the account id of the invited user", http.StatusBadRequest) ErrRepoMemberNotFound = errAPI.Code("repo_member_not_found").StatusError("repo member not found", http.StatusNotFound) ErrNoRootDir = errAPI.Code("no_root_dir").StatusError("there is no create dir request for the root directory", http.StatusBadRequest) ErrNoRepoMember = errAPI.Code("no_repo_member").StatusError("there is no create repo member request for the root directory", http.StatusBadRequest) )
Errors
var ( ErrInvalidSecretName = errAPI.Code("invalid_secret_name").StatusError( "secret names must be between 1 and 32 characters and "+ "may only contain letters, numbers, dashes (-), underscores (_), and dots (.)", http.StatusBadRequest, ) ErrInvalidSecretVersion = errAPI.Code("invalid_secret_version").StatusError( "secret version can only be positive numbers or latest", http.StatusBadRequest, ) ErrInvalidNodeID = errAPI.Code("invalid_node_id").StatusError("the node id is invalid", http.StatusBadRequest) ErrInvalidEncryptedSecretName = errAPI.Code("invalid_encrypted_secret_name").StatusError("invalid ciphertext for encrypted secret name", http.StatusBadRequest) ErrInvalidSecretBlindName = errAPI.Code("invalid_secret_blind_name").StatusError("secret blind name is invalid", http.StatusBadRequest) ErrInvalidSecretBlob = errAPI.Code("invalid_secret_blob").StatusError("secret blob is invalid", http.StatusBadRequest) ErrNoSecretMembers = errAPI.Code("no_secret_members").StatusError("no secret members added to write request", http.StatusBadRequest) ErrInvalidSecretKeyID = errAPI.Code("invalid_secret_key_id").StatusError("secret_key_id is invalid", http.StatusBadRequest) ErrNotEncryptedForAccounts = errAPI.Code("not_encrypted_for_accounts").StatusError("missing data encrypted for accounts", http.StatusBadRequest) ErrNotUniquelyEncryptedForAccounts = errAPI.Code("not_uniquely_encrypted_for_accounts").StatusError("not uniquely encrypted for accounts", http.StatusBadRequest) ErrCannotDeleteLastSecretVersion = errAPI.Code("cannot_delete_last_version").StatusError("Cannot delete the last version of a secret", http.StatusForbidden) )
Errors
var ( // General ErrNotFound = errHub.Code("not_found").StatusError("Not found", http.StatusNotFound) ErrValidationFailed = errHub.Code("validation_failed").StatusError("Validation errors", http.StatusExpectationFailed) ErrBadRequest = errHub.Code("bad_request").StatusError("Bad request", http.StatusBadRequest) ErrTimeout = errHub.Code("timeout").StatusError("Timeout", http.StatusInternalServerError) ErrUnknownMethod = errHub.Code("method_not_supported").StatusError("Method not supported", http.StatusNotImplemented) ErrDomainNotFound = errHub.Code("domain_not_found").StatusError("Domain not found", http.StatusNotFound) ErrForbidden = errAPI.Code("forbidden").StatusError("You are not allowed to perform this action", http.StatusForbidden) ErrRequestNotAuthenticated = errAPI.Code("not_authenticated").StatusError("Request was not authenticated", http.StatusUnauthorized) ErrNoAccountKeyForCredential = errAPI.Code("no_account_key_for_credential").StatusError("Could not find account-key for credential used for authentication.", http.StatusInternalServerError) ErrCannotPerformActionOnSelf = errAPI.Code("cannot_perform_action_on_self").StatusError("You cannot perform this action on yourself", http.StatusForbidden) ErrYourAccountNotKeyed = errAPI.Code("account_not_keyed").StatusError("Your account has not been fully initialized", http.StatusBadRequest) // DB ErrDatabaseRecordAlreadyExists = errHub.Code("already_exists").StatusError("Already exists", http.StatusConflict) // Namespaces ErrNamespaceNotFound = errAPI.Code("namespace_not_found").StatusError("Namespace not found", http.StatusNotFound) ErrNamespaceAlreadyExists = errAPI.Code("namespace_already_exists").StatusError("this name already exists", http.StatusConflict) ErrCannotPerformActionOnPersonalNamespace = errAPI.Code("not_allowed_on_personal_namespace").StatusError("you cannot perform this action on a personal namespace", http.StatusForbidden) // Auth ErrAccountIncomplete = errHub.Code("account_incomplete").StatusError("This account is not registered, please create a user first", http.StatusForbidden) ErrTokenNotVerified = errHub.Code("token_not_verified").StatusError("Token not verified", http.StatusUnauthorized) ErrPasswordTooWeak = errHub.Code("password_too_weak").StatusError("The password must be longer than 8 characters", http.StatusBadRequest) ErrSignatureNotVerified = errHub.Code("invalid_signature").StatusError("request was not signed by a valid credential", http.StatusUnauthorized) // Repos ErrRepoNotFound = errHub.Code("repo_not_found").StatusError("Repo not found", http.StatusNotFound) ErrRepoAlreadyExists = errHub.Code("repo_already_exists").StatusError("Repo already exists, please create a different repo", http.StatusConflict) // Dirs ErrDirAlreadyExists = errHub.Code("dir_already_exists").StatusError("Directory or secret already exists, create a different directory", http.StatusConflict) ErrDirNotFound = errHub.Code("dir_not_found").StatusError("Directory not found", http.StatusNotFound) ErrParentDirNotFound = errHub.Code("parent_dir_not_found").StatusError("Parent directory not found", http.StatusNotFound) ErrCannotRemoveRootDir = errHub.Code("cannot_remove_root_dir").StatusError("Root directory of a repository cannot be removed, remove the repository instead", http.StatusBadRequest) // Secrets ErrSecretAlreadyExists = errHub.Code("secret_already_exists").StatusError("Secret or directory already exists, please update or create a different secret", http.StatusConflict) ErrSecretNotFound = errHub.Code("secret_not_found").StatusError("Secret not found", http.StatusNotFound) ErrSecretVersionNotFound = errHub.Code("version_not_found").StatusError("Version of secret not found", http.StatusNotFound) ErrSecretKeyNotFound = errHub.Code("secret_key_not_found").StatusError("Key for secret not found", http.StatusNotFound) // Secret Keys ErrSecretKeyFlagged = errAPI.Code("secret_key_flagged").StatusError(fmt.Sprintf("Cannot write new secrets with a key that has status %s", StatusFlagged), http.StatusBadRequest) ErrNoOKSecretKey = errAPI.Code("no_secret_key_found_with_status_ok").StatusError(fmt.Sprintf("No secret key found with status %s", StatusOK), http.StatusNotFound) // Organization ErrOrgAlreadyExists = errAPI.Code("org_already_exists").StatusError("Organization already exists, please create a different organization", http.StatusConflict) ErrOrgNotFound = errAPI.Code("org_not_found").StatusError("Organization not found", http.StatusNotFound) ErrOrgMemberNotFound = errAPI.Code("org_member_not_found").StatusError("Organization member not found", http.StatusNotFound) ErrOrgMemberAlreadyExists = errAPI.Code("org_member_already_exists").StatusError("Organization member already exists", http.StatusConflict) ErrInvalidOrgRole = errAPI.Code("invalid_org_role").StatusError("Organization role is invalid. Must be either `admin` or `member`", http.StatusBadRequest) ErrCannotRemoveLastOrgAdmin = errAPI.Code("cannot_remove_last_org_admin").StatusError("The last admin of an organization cannot be removed.", http.StatusForbidden) // User ErrUserEmailAlreadyExists = errHub.Code("user_email_already_exists").StatusError("That email address is already in use", http.StatusConflict) ErrUsernameAlreadyExists = errHub.Code("username_already_exists").StatusError("A user with the given username already exists, please choose a different username", http.StatusConflict) ErrUserNotFound = errHub.Code("user_not_found").StatusError("User not found, please verify username", http.StatusNotFound) ErrNotAUser = errHub.Code("not_a_user").StatusError("Only users can perform this action", http.StatusForbidden) ErrNotOwner = errHub.Code("not_owner").StatusError("Only repo owners can perform this action", http.StatusForbidden) ErrCannotAddYourself = errHub.Code("cannot_add_self").StatusError("You cannot add yourself to your repo", http.StatusForbidden) ErrCannotRemoveYourself = errHub.Code("cannot_remove_self").StatusError("You cannot remove yourself from your repo", http.StatusForbidden) // Service ErrServiceNotFound = errHub.Code("service_not_found").StatusError("Service not found", http.StatusNotFound) ErrAccountIsNotService = errHub.Code("not_a_service").StatusError("Account name does not represent a service", http.StatusBadRequest) ErrServiceAlreadyExists = errHub.Code("service_already_exists").StatusError("Service already exists, please create a different service", http.StatusConflict) ErrNoAdminAccess = errHub.Code("no_admin_access").StatusError("Only accounts with Admin access can perform this action", http.StatusForbidden) ErrMemberAlreadyExists = errHub.Code("member_already_exists").StatusError("The member already exists", http.StatusConflict) // Account ErrAccountNotFound = errHub.Code("account_not_found").StatusError("Account not found", http.StatusNotFound) ErrUnknownSubjectType = errHub.Code("unknown_subject_type").Error("Unknown subject type") // no status error because it is an internal error ErrUnknownAccountType = errHub.Code("unknown_account_type").Error("Unknown account type") // no status error because it is an internal error ErrNotMemberOfRepo = errHub.Code("not_repo_member").StatusError("Account is not a member of the repo", http.StatusBadRequest) // Credential ErrCredentialNotFound = errHub.Code("credential_not_found").StatusError("Credential not found", http.StatusNotFound) ErrCredentialAlreadyExists = errHub.Code("credential_already_exists").StatusError("A credential with the given identifier already exists", http.StatusConflict) // Account key ErrPublicAccountKeyConflict = errHub.Code("public_account_key_does_not_match").StatusError("A different public account key is already registered for this account", http.StatusConflict) ErrPrivateKeyAlreadyExists = errHub.Code("private_key_already_exists").StatusError("A private key for this credential already exists.", http.StatusConflict) ErrCredentialNotKeyed = errHub.Code("credential_not_keyed").StatusError("The account key has not been encrypted for this credential", http.StatusNotFound) // Dirs ErrCannotRemoveLastRootAdmin = errHub.Code("cannot_remove_last_root_admin").StatusError("Cannot remove the last admin on the repo root", http.StatusBadRequest) )
Errors returned by the SecretHub API
var ( ErrInvalidServiceID = errAPI.Code("invalid_service_id").StatusError( "service id is 14 characters long and starts with s-", http.StatusBadRequest, ) ErrInvalidServiceDescription = errAPI.Code("invalid_service_description").StatusError( fmt.Sprintf( "service descriptions can at most be %d long and cannot contain any newlines or tabs", serviceDescriptionMaxLength, ), http.StatusBadRequest, ) )
Errors
var ( ErrInvalidUsername = errAPI.Code("invalid_username").StatusError( "usernames must be between 3 and 32 characters long and "+ "may only contain letters, numbers, dashes (-), underscores (_), and dots (.)", http.StatusBadRequest, ) ErrUsernameMustContainAlphanumeric = errAPI.Code("username_must_contain_alphanumeric").StatusError( "usernames must contain at least one alphanumeric character ", http.StatusBadRequest, ) ErrUsernameIsService = errAPI.Code("username_is_service").StatusError( "usernames cannot start with s- as that prefix is reserved for service accounts", http.StatusBadRequest, ) ErrInvalidPublicKey = errAPI.Code("invalid_public_key").StatusError("public key is invalid", http.StatusBadRequest) ErrInvalidEmail = errAPI.Code("invalid_email").StatusError("email address is invalid", http.StatusBadRequest) ErrInvalidFullName = errAPI.Code("invalid_full_name").StatusError( "full names may be at most 128 characters long and "+ "may only contain (special) letters, apostrophes ('), spaces and dashes (-)", http.StatusBadRequest, ) ErrNoPasswordNorCredential = errAPI.Code("no_password_nor_credential").StatusError("either a password or a credential should be supplied", http.StatusBadRequest) )
Errors
var (
ErrAccessLevelUnknown = errAPI.Code("access_level_unknown").Error("The access level is not known")
)
Error
var (
ErrEncryptedDataTooBig = errAPI.Code("encrypted_data_too_big").Error(fmt.Sprintf("maximum size of encrypted data is %s", units.BytesSize(MaxEncryptedSecretSize)))
)
Errors
Functions ¶
func ValidateAccountName ¶
ValidateAccountName validates an AcccountName.
func ValidateBlindName ¶
ValidateBlindName validates a blind name.
func ValidateDirPath ¶
ValidateDirPath validates a dir path of form :owner/:repo_name/[parents/]*:directory
func ValidateEmail ¶
ValidateEmail validates an email address.
func ValidateFullName ¶
ValidateFullName validates a user's full name.
func ValidateNamespace ¶
ValidateNamespace validates a username.
func ValidateOrgDescription ¶
ValidateOrgDescription validates an organization description.
func ValidateOrgName ¶
ValidateOrgName validates an organization name.
func ValidateOrgRole ¶
ValidateOrgRole validates an organization role.
func ValidateRepoName ¶
ValidateRepoName validates a repo name.
func ValidateRepoPath ¶
ValidateRepoPath validates a repo path of form :owner/:repo_name
func ValidateSecretName ¶
ValidateSecretName validates a secret name.
func ValidateSecretPath ¶
ValidateSecretPath validates a secret path of form :owner/:repo_name/:secretname
func ValidateServiceDescription ¶
ValidateServiceDescription validates a service description.
func ValidateServiceID ¶
ValidateServiceID validates a service id.
func ValidateUsername ¶
ValidateUsername validates a username.
Types ¶
type AccessLevel ¶
type AccessLevel struct { Account *Account `json:"account"` AccountID *uuid.UUID `json:"account_id"` DirID *uuid.UUID `json:"dir_id"` Permission Permission `json:"permission"` }
AccessLevel defines the permissions of an account on a directory and is the effect of one or more access rules on the directory itself or its parent(s).
type AccessRule ¶
type AccessRule struct { Account *Account `json:"account"` AccountID *uuid.UUID `json:"account_id"` DirID *uuid.UUID `json:"dir_id"` RepoID *uuid.UUID `json:"repo_id"` Permission Permission `json:"permission"` CreatedAt time.Time `json:"created_at"` LastChangedAt time.Time `json:"last_changed_at"` }
AccessRule defines the permission of an account on a directory and its children.
type Account ¶
type Account struct { AccountID *uuid.UUID `json:"account_id"` Name AccountName `json:"name"` PublicKey []byte `json:"public_key"` AccountType string `json:"account_type"` CreatedAt time.Time `json:"created_at"` }
Account represents an account on SecretHub.
type AccountName ¶
type AccountName string
AccountName represents the name of either a user or a service.
func NewAccountName ¶
func NewAccountName(name string) (AccountName, error)
NewAccountName validates an account's name and returns it as a typed AccountName when valid.
func (AccountName) IsService ¶
func (n AccountName) IsService() bool
IsService returns true if the AccountName contains the name of a service.
func (AccountName) IsUser ¶
func (n AccountName) IsUser() bool
IsUser returns true if the AccountName contains the name of a user.
func (*AccountName) Set ¶
func (n *AccountName) Set(value string) error
Set sets the AccountName to the value.
func (AccountName) String ¶
func (n AccountName) String() string
String returns the account's name as a string to be used for printing.
func (AccountName) Validate ¶
func (n AccountName) Validate() error
Validate checks whether an AccountName is valid.
func (AccountName) Value ¶
func (n AccountName) Value() string
Value returns the account's name as a string to be used in communication with the client and in transportation to the server.
type Audit ¶
type Audit struct { EventID *uuid.UUID `json:"event_id"` Action AuditAction `json:"action"` IPAddress string `json:"ip_address"` LoggedAt time.Time `json:"logged_at"` Repo Repo `json:"repo"` Actor AuditActor `json:"actor"` Subject AuditSubject `json:"subject"` }
Audit represents an AuditEvent in SecretHub.
type AuditAction ¶
type AuditAction string
AuditAction represents the action that was performed to create this audit event.
const ( AuditActionUnknown AuditAction = "unknown" AuditActionCreate AuditAction = "create" AuditActionRead AuditAction = "read" AuditActionUpdate AuditAction = "update" AuditActionDelete AuditAction = "delete" )
AuditAction values.
type AuditActor ¶
type AuditActor struct { ActorID *uuid.UUID `json:"id,omitempty"` Deleted bool `json:"deleted,omitempty"` // Type is `user` or `service`. When actor is deleted, type is always `account` Type string `json:"type"` User *User `json:"user,omitempty"` Service *Service `json:"service,omitempty"` }
AuditActor represents the Account of an AuditEvent
type AuditSubject ¶
type AuditSubject struct { SubjectID *uuid.UUID `json:"id,omitempty"` Deleted bool `json:"deleted,omitempty"` // Type is `user`, `service`, `repo`, `secret`, `secret_version` or `secret_key`. When subject is deleted, user and service are indicated with type `account` Type AuditSubjectType `json:"type"` User *User `json:"user,omitempty"` Service *Service `json:"service,omitempty"` Repo *Repo `json:"repo,omitempty"` EncryptedSecret *EncryptedSecret `json:"encrypted_secret,omitempty"` // This is converted to a Secret by the Client. Secret *Secret `json:"secret,omitempty"` EncryptedSecretVersion *EncryptedSecretVersion `json:"encrypted_secret_version,omitempty"` // This is converted to a SecretVersion by the Client. SecretVersion *SecretVersion `json:"secret_version,omitempty"` }
AuditSubject represents the Subject of an AuditEvent
type AuditSubjectType ¶
type AuditSubjectType string
AuditSubjectType represents the type of an audit subject.
type AuditSubjectTypeList ¶
type AuditSubjectTypeList []AuditSubjectType
AuditSubjectTypeList represents a list of AuditSubjectTypes.
func (AuditSubjectTypeList) Join ¶
func (l AuditSubjectTypeList) Join(separator string) string
Join converts an AuditSubjectTypeList to a string where each AuditSubjectType is separated by separator.
type BillingInfo ¶
type BillingInfo struct { CustomerID string `json:"customer_id"` CompanyDetails CompanyDetails `json:"company_details"` Email string `json:"email"` DefaultCardID string `json:"default_card_id"` Cards []*CreditCard `json:"cards"` }
BillingInfo contains the billing information of a customer and determines what will be put on invoices sent to the customer.
type BillingInfoParams ¶
type BillingInfoParams struct { CompanyDetails *CompanyDetailsParams `json:"company_details,omitempty"` Email *string `json:"email,omitempty"` DefaultCardID *string `json:"default_card_id,omitempty"` // optional, cannot be unset }
BillingInfoParams defines the optional customer detail fields that can be set.
func (*BillingInfoParams) Validate ¶
func (c *BillingInfoParams) Validate() error
Validate validates the request fields.
type BillingPlan ¶
type BillingPlan struct { ID string `json:"id"` // short tag shared across Stripe plans that together form this plan Name string `json:"name"` Description string `json:"description"` Currency string `json:"currency"` // eur BaseFee *FixedFee `json:"base_fee"` PerSecretFee *MeteredFee `json:"per_secret_fee,omitempty"` MaxMembers int `json:"max_members"` Features []string `json:"features"` TrialPeriodDays int64 `json:"trial_period_days"` Type BillingPlanType `json:"type"` }
BillingPlan defines a plan for billing customers.
type BillingPlanType ¶
type BillingPlanType string
BillingPlanType is used to distinguish between different types of plans.
const ( // BillingPlanTypeDefault defines default plans selectable by the user. BillingPlanTypeDefault BillingPlanType = "default" // BillingPlanTypePersonal defines personal plans. BillingPlanTypePersonal BillingPlanType = "personal" // BillingPlanTypeCustom defines custom plans that need to be handled differently. BillingPlanTypeCustom BillingPlanType = "custom" // BillingPlanTypePromo defines plans used for promotional purposes. BillingPlanTypePromo BillingPlanType = "promo" )
type BlindNamePath ¶
type BlindNamePath interface { // BlindName returns the blindname corresponding to this path. BlindName(key *crypto.SymmetricKey) (string, error) // GetRepoPath returns the RepoPath inside this BlindNamePath. GetRepoPath() RepoPath }
BlindNamePath represents a path that can be converted into a BlindName and exposes the necessary functions.
type CompanyDetails ¶
type CompanyDetails struct { Address string `json:"address"` City string `json:"city"` Name string `json:"name"` Country string `json:"country"` PostalCode string `json:"postal_code"` TaxID vat.Number `json:"tax_id"` }
CompanyDetails contains the billing details of a customer's company that will be put on invoices sent to the customer.
type CompanyDetailsParams ¶
type CompanyDetailsParams struct { Address string `json:"address"` City string `json:"city"` Name string `json:"name"` Country string `json:"country"` PostalCode string `json:"postal_code"` TaxID vat.Number `json:"tax_id"` // required for EU countries, optional for non-EU countries }
CompanyDetailsParams are used to update a customer's company details.
func (*CompanyDetailsParams) Validate ¶
func (p *CompanyDetailsParams) Validate() error
Validate validates the parameters.
type CreateAccessRuleRequest ¶
type CreateAccessRuleRequest struct { Permission Permission `json:"permission"` EncryptedDirs []EncryptedNameForNodeRequest `json:"encrypted_dirs"` EncryptedSecrets []SecretAccessRequest `json:"encrypted_secrets"` }
CreateAccessRuleRequest contains the request fields for creating an AccessRule.
func (*CreateAccessRuleRequest) Validate ¶
func (car *CreateAccessRuleRequest) Validate() error
Validate validates the request fields.
type CreateAccountKeyRequest ¶
type CreateAccountKeyRequest struct { EncryptedPrivateKey crypto.CiphertextRSAAES PublicKey []byte }
CreateAccountKeyRequest contains the fields to add an account_key encrypted for a credential.
func (CreateAccountKeyRequest) Validate ¶
func (req CreateAccountKeyRequest) Validate() error
Validate checks whether the request is valid.
type CreateCardRequest ¶
type CreateCardRequest struct {
Token string `json:"token"`
}
CreateCardRequest defines the request fields for creating a new credit card.
func (CreateCardRequest) Validate ¶
func (r CreateCardRequest) Validate() error
Validate validates the request fields.
type CreateCredentialRequest ¶
type CreateCredentialRequest struct { Type CredentialType `json:"type"` Fingerprint string `json:"fingerprint"` Name string `json:"name,omitempty"` Verifier []byte `json:"verifier"` }
CreateCredentialRequest contains the fields to add a credential to an account.
func (CreateCredentialRequest) Validate ¶
func (req CreateCredentialRequest) Validate() error
Validate validates the request fields.
type CreateDirRequest ¶
type CreateDirRequest struct { BlindName string `json:"blind_name"` ParentBlindName string `json:"parent_blind_name"` EncryptedNames []EncryptedNameRequest `json:"encrypted_names"` }
CreateDirRequest contains the request fields for creating a new directory.
func (*CreateDirRequest) Validate ¶
func (cdr *CreateDirRequest) Validate() error
Validate validates the CreateDirRequest to be valid.
type CreateFederatedUserRequest ¶
type CreateFederatedUserRequest struct {
Username string `json:"username"`
}
CreateFederatedUserRequest contains the required fields for signing up with a federated user
func (CreateFederatedUserRequest) Validate ¶
func (req CreateFederatedUserRequest) Validate() error
Validate validates the request fields.
type CreateOrgMemberRequest ¶
CreateOrgMemberRequest contains the required fields for creating a user's organization membership.
func (CreateOrgMemberRequest) Validate ¶
func (req CreateOrgMemberRequest) Validate() error
Validate validates the request fields.
type CreateOrgRequest ¶
CreateOrgRequest contains the required fields for creating an organization.
func (CreateOrgRequest) Validate ¶
func (req CreateOrgRequest) Validate() error
Validate validates the request fields.
type CreateRepoMemberRequest ¶
type CreateRepoMemberRequest struct { RepoEncryptionKey []byte `json:"repo_encryption_key"` RepoIndexKey []byte `json:"repo_index_key"` }
CreateRepoMemberRequest contains the required fields for adding a user to a repo.
func (CreateRepoMemberRequest) Validate ¶
func (req CreateRepoMemberRequest) Validate() error
Validate validates a CreateRepoMemberRequests
type CreateRepoRequest ¶
type CreateRepoRequest struct { Name string `json:"name"` RootDir *CreateDirRequest `json:"root_dir"` RepoMember *CreateRepoMemberRequest `json:"repo_member"` }
CreateRepoRequest contains the required fields for a Repo.
func (CreateRepoRequest) Validate ¶
func (crr CreateRepoRequest) Validate() error
Validate validates the request fields.
type CreateSecretKeyRequest ¶
type CreateSecretKeyRequest struct {
EncryptedFor []EncryptedKeyRequest `json:"encrypted_for"`
}
CreateSecretKeyRequest contains the request fields for creating a new secret key.
func (*CreateSecretKeyRequest) Validate ¶
func (r *CreateSecretKeyRequest) Validate() error
Validate validates the request fields.
type CreateSecretRequest ¶
type CreateSecretRequest struct { BlindName string `json:"blind_name"` EncryptedData crypto.CiphertextAES `json:"encrypted_data"` EncryptedNames []EncryptedNameRequest `json:"encrypted_names"` EncryptedKeys []EncryptedKeyRequest `json:"encrypted_keys"` }
CreateSecretRequest contains the request fields for creating a new secret, together with its first version, encrypted for accounts that need access.
func (*CreateSecretRequest) Validate ¶
func (csr *CreateSecretRequest) Validate() error
Validate validates the request fields.
type CreateSecretVersionRequest ¶
type CreateSecretVersionRequest struct { EncryptedData crypto.CiphertextAES `json:"encrypted_data"` SecretKeyID *uuid.UUID `json:"secret_key_id"` }
CreateSecretVersionRequest contains the request fields for creating a secret version with a secret key.
func (*CreateSecretVersionRequest) Validate ¶
func (csvr *CreateSecretVersionRequest) Validate() error
Validate validates the request fields.
type CreateServiceRequest ¶
type CreateServiceRequest struct { Description string `json:"description"` Credential *CreateCredentialRequest `json:"credential"` AccountKey *CreateAccountKeyRequest `json:"account_key"` RepoMember *CreateRepoMemberRequest `json:"repo_member"` }
CreateServiceRequest contains the required fields for creating an Service.
func (CreateServiceRequest) Validate ¶
func (req CreateServiceRequest) Validate() error
Validate validates the request fields.
type CreateUserRequest ¶
type CreateUserRequest struct { Username string `json:"username"` Email string `json:"email"` FullName string `json:"full_name"` Password string `json:"password,omitempty"` Credential *CreateCredentialRequest `json:"credential,omitempty"` }
CreateUserRequest contains the required fields for signing up
func (*CreateUserRequest) Validate ¶
func (req *CreateUserRequest) Validate() error
Validate validates the request fields.
type Credential ¶
type Credential struct { AccountID *uuid.UUID `json:"account_id"` Type CredentialType `json:"algorithm"` CreatedAt time.Time `json:"created_at"` Fingerprint string `json:"fingerprint"` Name string `json:"name"` Verifier []byte `json:"verifier"` }
Credential is used to authenticate to the API and to encrypt the account key.
type CredentialType ¶
type CredentialType string
CredentialType is used to identify the type of algorithm that is used for a credential.
const (
CredentialTypeRSA CredentialType = "rsa"
)
Credential types
func (CredentialType) Validate ¶
func (a CredentialType) Validate() error
Validate validates whether the algorithm type is valid.
type CreditCard ¶
type CreditCard struct { CardID string `json:"card_id"` Brand string `json:"brand"` ExpMonth uint8 `json:"exp_month"` ExpYear uint16 `json:"exp_year"` Last4 string `json:"last_4"` }
CreditCard defines a card used for payments.
type DefaultPlans ¶
type DefaultPlans struct { Month string `json:"month"` Year string `json:"year"` Personal string `json:"personal"` }
DefaultPlans defines the plan ids for default plans.
type Dir ¶
type Dir struct { DirID *uuid.UUID `json:"dir_id"` BlindName string `json:"blind_name"` Name string `json:"name"` ParentID *uuid.UUID `json:"parent_id"` Status string `json:"status"` CreatedAt time.Time `json:"created_at"` LastModifiedAt time.Time `json:"last_modified_at"` SubDirs []*Dir `json:"sub_dirs"` Secrets []*Secret `json:"secrets"` }
Dir represents an directory. A dir belongs to a repo and contains other dirs and secrets.
type DirPath ¶
type DirPath ParentPath
DirPath is a parse for dir paths of form :owner/:repo_name/[parents/]*:directory
func NewDirPath ¶
NewDirPath formats a RepoPath from an owner, repo string.
func (DirPath) BlindName ¶
func (dp DirPath) BlindName(key *crypto.SymmetricKey) (string, error)
BlindName returns the blind name of the DirPath.
func (DirPath) GetNamespace ¶
GetNamespace returns the namespace of the Repo.
func (DirPath) GetParentPath ¶
func (dp DirPath) GetParentPath() (ParentPath, error)
GetParentPath returns the parent of the directory.
func (DirPath) GetRepoPath ¶
GetRepoPath returns the namespace and repo name of the Repo.
func (DirPath) HasParentDirectory ¶
HasParentDirectory returns if the DirPath has a parent directory.
func (DirPath) IsRepoPath ¶
IsRepoPath returns if the dir path is on repo level.
func (DirPath) JoinSecret ¶
func (dp DirPath) JoinSecret(secretName string) SecretPath
JoinSecret constructs a new SecretPath combined by the dirPath and dirName.
type EncryptedAccountKey ¶
type EncryptedAccountKey struct { Account *Account PublicKey []byte EncryptedPrivateKey crypto.CiphertextRSAAES Credential *Credential }
EncryptedAccountKey represents an account key encrypted with a credential.
type EncryptedDir ¶
type EncryptedDir struct { DirID *uuid.UUID `json:"dir_id"` BlindName string `json:"blind_name"` EncryptedName crypto.CiphertextRSA `json:"encrypted_name"` ParentID *uuid.UUID `json:"parent_id"` Status string `json:"status"` CreatedAt time.Time `json:"created_at"` LastModifiedAt time.Time `json:"last_modified_at"` }
EncryptedDir represents an encrypted Dir. The names are encrypted and so are the names of SubDirs and Secrets. The secrets contain no encrypted data, only the encrypted name.
func (*EncryptedDir) Decrypt ¶
func (ed *EncryptedDir) Decrypt(accountKey *crypto.RSAPrivateKey) (*Dir, error)
Decrypt decrypts an EncryptedDir into a Dir.
type EncryptedKeyRequest ¶
type EncryptedKeyRequest struct { AccountID *uuid.UUID `json:"account_id"` EncryptedKey crypto.CiphertextRSA `json:"encrypted_key"` }
EncryptedKeyRequest contains the request fields for re-encrypted for an account.
func (*EncryptedKeyRequest) Validate ¶
func (r *EncryptedKeyRequest) Validate() error
Validate validates the request fields.
type EncryptedNameForNodeRequest ¶
type EncryptedNameForNodeRequest struct { EncryptedNameRequest NodeID *uuid.UUID `json:"node_id"` }
EncryptedNameForNodeRequest contains an EncryptedName for an Account and the corresponding NodeID.
func (EncryptedNameForNodeRequest) Validate ¶
func (nnr EncryptedNameForNodeRequest) Validate() error
Validate validates the EncryptedNameForNodeRequest.
type EncryptedNameRequest ¶
type EncryptedNameRequest struct { AccountID *uuid.UUID `json:"account_id"` EncryptedName crypto.CiphertextRSA `json:"encrypted_name"` }
EncryptedNameRequest contains an EncryptedName for an Account.
func (*EncryptedNameRequest) Validate ¶
func (enr *EncryptedNameRequest) Validate() error
Validate validates the EncryptedNameRequest to be valid.
type EncryptedSecret ¶
type EncryptedSecret struct { SecretID *uuid.UUID `json:"secret_id"` DirID *uuid.UUID `json:"dir_id"` RepoID *uuid.UUID `json:"repo_id"` EncryptedName crypto.CiphertextRSA `json:"encrypted_name"` BlindName string `json:"blind_name"` VersionCount int `json:"version_count"` LatestVersion int `json:"latest_version"` Status string `json:"status"` CreatedAt time.Time `json:"created_at"` }
EncryptedSecret represents an encrypted Secret It does not contain the encrypted data. Only the encrypted name.
func (*EncryptedSecret) Decrypt ¶
func (es *EncryptedSecret) Decrypt(accountKey *crypto.RSAPrivateKey) (*Secret, error)
Decrypt decrypts an EncryptedSecret into a Secret.
func (*EncryptedSecret) ToAuditSubject ¶
func (es *EncryptedSecret) ToAuditSubject() *AuditSubject
ToAuditSubject converts an EncryptedSecret to an AuditSubject
type EncryptedSecretKey ¶
type EncryptedSecretKey struct { SecretKeyID *uuid.UUID `json:"secret_key_id"` AccountID *uuid.UUID `json:"account_id"` EncryptedKey crypto.CiphertextRSA `json:"encrypted_key"` }
EncryptedSecretKey represents a secret key, encrypted for a specific account.
func (*EncryptedSecretKey) Decrypt ¶
func (k *EncryptedSecretKey) Decrypt(accountKey *crypto.RSAPrivateKey) (*SecretKey, error)
Decrypt decrypts an EncryptedSecretKey into a SecretKey.
type EncryptedSecretVersion ¶
type EncryptedSecretVersion struct { SecretVersionID *uuid.UUID `json:"secret_version_id"` Secret *EncryptedSecret `json:"secret"` Version int `json:"version"` SecretKey *EncryptedSecretKey `json:"secret_key,omitempty"` EncryptedData *crypto.CiphertextAES `json:"encrypted_data,omitempty"` CreatedAt time.Time `json:"created_at"` Status string `json:"status"` }
EncryptedSecretVersion represents a version of an encrypted Secret. It contains the encrypted data and the corresponding key.
func (*EncryptedSecretVersion) Decrypt ¶
func (esv *EncryptedSecretVersion) Decrypt(accountKey *crypto.RSAPrivateKey) (*SecretVersion, error)
Decrypt decrypts an EncryptedSecretVersion into a SecretVersion.
func (*EncryptedSecretVersion) ToAuditSubject ¶
func (esv *EncryptedSecretVersion) ToAuditSubject() *AuditSubject
ToAuditSubject converts a SecretVersion to an AuditSubject
type EncryptedTree ¶
type EncryptedTree struct { Directories map[uuid.UUID]*EncryptedDir Secrets []*EncryptedSecret }
EncryptedTree can construct a full tree at a certain path. It contains all dirs and secrets.
func (EncryptedTree) Decrypt ¶
func (t EncryptedTree) Decrypt(accountKey *crypto.RSAPrivateKey) (*Tree, error)
Decrypt decrypts and constructs a tree of the directories and secrets. Decrypt does not set the ParentPath.
func (EncryptedTree) DecryptContents ¶
func (t EncryptedTree) DecryptContents(accountKey *crypto.RSAPrivateKey) ([]*Dir, []*Secret, error)
DecryptContents decrypts every directory and Secret.
type FixedFee ¶
type FixedFee struct { Name string `json:"name"` Interval string `json:"interval"` Price int64 `json:"price"` }
FixedFee defines a fixed price for a subscription billed at a given interval.
type InviteUserRequest ¶
type InviteUserRequest struct { AccountID *uuid.UUID `json:"account_id"` RepoMember *CreateRepoMemberRequest `json:"repo_member"` }
InviteUserRequest contains the required fields for inviting a user to a repo.
func (InviteUserRequest) Validate ¶
func (req InviteUserRequest) Validate() error
Validate validates a InviteUserRequest
type MeteredFee ¶
type MeteredFee struct { Name string `json:"name"` Interval string `json:"interval"` Tiers []MeteredTier `json:"tiers"` }
MeteredFee defines a metered price for a subscription billed at a given interval, per units defined in the tiers.
type MeteredTier ¶
MeteredTier defines a price per unit up to a given number of units.
type Namespace ¶
type Namespace ParentPath
Namespace represents a namespace
type NamespaceDetails ¶
type NamespaceDetails struct { Name string `json:"name"` MemberCount int `json:"member_count"` RepoCount int `json:"repo_count"` SecretCount int `json:"secret_count"` Subscription *Subscription `json:"subscription"` }
NamespaceDetails defines a user or organization namespace. TODO: rename this to Namespace currently claimed in paths.go
type Org ¶
type Org struct { OrgID *uuid.UUID `json:"org_id"` Name string `json:"name"` Description string `json:"description"` CreatedAt time.Time `json:"created_at"` Members []*OrgMember `json:"members,omitempty"` }
Org represents an organization account on SecretHub
type OrgMember ¶
type OrgMember struct { OrgID *uuid.UUID `json:"org_id"` AccountID *uuid.UUID `json:"account_id"` Role string `json:"role"` CreatedAt time.Time `json:"created_at"` LastChangedAt time.Time `json:"last_changed_at"` User *User `json:"user,omitempty"` }
OrgMember represents a user's membership of an organization.
type OrgName ¶
type OrgName Namespace
OrgName is the name of an organization.
type ParentPath ¶
type ParentPath Path
ParentPath is a path to a namespace, repo or directory. This is used for generic blind name generation.
func (ParentPath) BlindName ¶
func (pp ParentPath) BlindName(key *crypto.SymmetricKey) (string, error)
BlindName generates the BlindName of the ParentPath.
func (ParentPath) GetRepoPath ¶
func (pp ParentPath) GetRepoPath() RepoPath
GetRepoPath returns the RepoPath of the ParentPath.
func (ParentPath) HasParentPath ¶
func (pp ParentPath) HasParentPath() bool
HasParentPath checks if the ParentPath has a path or if it is the repo path.
func (ParentPath) JoinDir ¶
func (pp ParentPath) JoinDir(dirName string) DirPath
JoinDir constructs a new DirPath combined by the ParentPath and dirName.
func (ParentPath) String ¶
func (pp ParentPath) String() string
type Path ¶
type Path string
Path represents a path to either a namespace, a repo, a directory, or a secret
func (Path) HasVersion ¶
HasVersion returns if the path has a version. Only SecretPath has versions, so if has a version it is a SecretPath.
func (Path) ToNamespace ¶
ToNamespace tries to convert the Path to a valid Namespace
func (Path) ToRepoPath ¶
ToRepoPath tries to convert the Path to a valid RepoPath
func (Path) ToSecretPath ¶
func (p Path) ToSecretPath() (SecretPath, error)
ToSecretPath tries to convert the Path to a valid SecretPath
type Permission ¶
type Permission int
Permission defines what kind of access an access rule grants or a access level has.
const ( PermissionNone Permission = iota PermissionRead PermissionWrite PermissionAdmin )
The different Permission options.
func (*Permission) Set ¶
func (al *Permission) Set(value string) error
Set sets the Permission to the value.
func (Permission) String ¶
func (al Permission) String() string
type Pricing ¶
type Pricing struct { AnnualDiscountLabel string `json:"annual_discount_label"` DefaultPlans *DefaultPlans `json:"default_plans"` Features map[string]Feature `json:"features"` Plans []*BillingPlan `json:"plans"` }
Pricing defines the pricing scheme of SecretHub, with all the plans customers can subscribe to.
type Repo ¶
type Repo struct { RepoID *uuid.UUID `json:"repo_id"` Owner string `json:"owner"` Name string `json:"name"` CreatedAt *time.Time `json:"created_at"` LastModifiedAt *time.Time `json:"last_modified_at"` Status string `json:"status"` SecretCount int `json:"secret_count,omitempty"` MemberCount int `json:"member_count,omitempty"` }
Repo represents a repo on SecretHub.
func (Repo) ToAuditSubject ¶
func (r Repo) ToAuditSubject() *AuditSubject
ToAuditSubject converts a Repo to an AuditSubject
type RepoKeys ¶
type RepoKeys struct { RepoEncryptionKey []byte `json:"repo_encryption_key"` RepoIndexKey []byte `json:"repo_index_key"` }
RepoKeys contains the response with the repo key.
type RepoMember ¶
type RepoMember struct { RepoID *uuid.UUID `json:"repo_id"` AccountID *uuid.UUID `json:"account_id"` CreatedAt time.Time `json:"created_at"` }
RepoMember represents a member of a SecretHub repo.
type RepoPath ¶
type RepoPath ParentPath
RepoPath is a parse for repo paths of form :owner/:repo_name
func NewRepoPath ¶
NewRepoPath formats a RepoPath from an owner and repo.
func (RepoPath) BlindName ¶
func (rp RepoPath) BlindName(key *crypto.SymmetricKey) (string, error)
BlindName returns the blind name of the DirPath.
func (RepoPath) GetDirPath ¶
GetDirPath converts this repoPath into a DirPath. This should be valid.
func (RepoPath) GetNamespace ¶
GetNamespace returns the namespace of the Repo.
func (RepoPath) GetNamespaceAndRepoName ¶
GetNamespaceAndRepoName returns the namespace and repo name of the Repo.
func (RepoPath) GetRepoPath ¶
GetRepoPath gets the RepoPath from the RepoPath. This function only works on validated RepoPaths. This is necessary to implement BlindNamePath interface.
type RevokeOpts ¶
type RevokeOpts struct {
DryRun bool `url:"dry_run"` // Dry performs a dry run without actually revoking the account.
}
RevokeOpts contains optional query parameters for revoke requests.
func (*RevokeOpts) Unmarshal ¶
func (o *RevokeOpts) Unmarshal(values url.Values)
Unmarshal decodes url.Values into the options struct, setting default values if not present in the query values. TODO SHDEV-817: refactor this to a more extendable mechanism.
type RevokeOrgResponse ¶
type RevokeOrgResponse struct { DryRun bool `json:"dry"` // Dry indicates whether it was a dry run or not. Repos []*RevokeRepoResponse `json:"repos"` StatusCounts map[string]int `json:"status_counts"` // StatusCounts contains aggregate counts of the repos the account is revoked from. }
RevokeOrgResponse is returned as the effect of revoking an account from a repository.
type RevokeRepoResponse ¶
type RevokeRepoResponse struct { Namespace string `json:"namespace"` // Added for display purposes Name string `json:"name"` // Added for display purposes Status string `json:"status"` RevokedSecretVersionCount int `json:"revoked_secret_version_count"` RevokedSecretKeyCount int `json:"revoked_secret_key_count"` }
RevokeRepoResponse is returned as the effect of revoking an account from a repo.
type RevokeResponse ¶
type RevokeResponse struct { RevokedSecretVersions []*EncryptedSecretVersion `json:"revoked_secret_versions"` RevokedSecretKeys []*SecretKey `json:"revoked_secret_keys"` }
RevokeResponse is returned when a revoke command is executed.
type Secret ¶
type Secret struct { SecretID *uuid.UUID `json:"secret_id"` DirID *uuid.UUID `json:"dir_id"` RepoID *uuid.UUID `json:"repo_id"` Name string `json:"name"` BlindName string `json:"blind_name"` VersionCount int `json:"version_count"` LatestVersion int `json:"latest_version"` Status string `json:"status"` CreatedAt time.Time `json:"created_at"` }
Secret represents a decrypted secret in SecretHub.
type SecretAccessRequest ¶
type SecretAccessRequest struct { Name EncryptedNameForNodeRequest `json:"name_member"` Keys []SecretKeyMemberRequest `json:"keys"` }
SecretAccessRequest contains the request fields to grant an account access to a secret.
func (*SecretAccessRequest) Validate ¶
func (r *SecretAccessRequest) Validate() error
Validate validates the request fields.
type SecretKey ¶
type SecretKey struct { SecretKeyID *uuid.UUID `json:"secret_key_id"` AccountID *uuid.UUID `json:"account_id"` Key *crypto.SymmetricKey `json:"key"` }
SecretKey represents a secret key that is intended to be used by a specific account.
func (*SecretKey) ToAuditSubject ¶
func (sk *SecretKey) ToAuditSubject() *AuditSubject
ToAuditSubject converts a SecretKey to an AuditSubject
type SecretKeyMemberRequest ¶
type SecretKeyMemberRequest struct { AccountID *uuid.UUID `json:"account_id"` SecretKeyID *uuid.UUID `json:"secret_key_id"` EncryptedKey crypto.CiphertextRSA `json:"encrypted_key"` }
SecretKeyMemberRequest contains the request fields to grant access to a secret key.
func (*SecretKeyMemberRequest) Validate ¶
func (skmr *SecretKeyMemberRequest) Validate() error
Validate validates the request fields.
type SecretPath ¶
type SecretPath string
SecretPath is a custom type for secret paths of form :owner/:repo_name/:secret
func NewSecretPath ¶
func NewSecretPath(path string) (SecretPath, error)
NewSecretPath formats a SecretPath from an owner, repo, and a secret.
func (SecretPath) AddVersion ¶
func (sp SecretPath) AddVersion(version int) (SecretPath, error)
AddVersion adds a version to a SecretPath and returns this path.
func (SecretPath) BlindName ¶
func (sp SecretPath) BlindName(key *crypto.SymmetricKey) (string, error)
BlindName converts a SecretPath to a blindname. BlindName ignores the Secret Version.
func (SecretPath) GetNamespace ¶
func (sp SecretPath) GetNamespace() string
GetNamespace returns the namespace in the SecretPath.
func (SecretPath) GetParentPath ¶
func (sp SecretPath) GetParentPath() (ParentPath, error)
GetParentPath gets the DirPath from the SecretPath.
func (SecretPath) GetRepo ¶
func (sp SecretPath) GetRepo() string
GetRepo returns the repo name in the SecretPath.
func (SecretPath) GetRepoPath ¶
func (sp SecretPath) GetRepoPath() RepoPath
GetRepoPath gets the RepoPath from the SecretPath. This function only works on validated SecretPaths.
func (SecretPath) GetSecret ¶
func (sp SecretPath) GetSecret() string
GetSecret gets the secret name from the path.
func (SecretPath) GetVersion ¶
func (sp SecretPath) GetVersion() (string, error)
GetVersion gets the version from the path.
func (SecretPath) HasVersion ¶
func (sp SecretPath) HasVersion() bool
HasVersion returns whether there is a version specified in the path.
func (*SecretPath) Set ¶
func (sp *SecretPath) Set(value string) error
Set implements the flag.Value interface and validates the value.
func (SecretPath) String ¶
func (sp SecretPath) String() string
String returns the secret path as a string to be used for printing.
func (SecretPath) Validate ¶
func (sp SecretPath) Validate() error
Validate validates a Secret path.
func (SecretPath) Value ¶
func (sp SecretPath) Value() string
Value returns the secret path as a string to be used in communication with the client and in transportation to the server.
type SecretVersion ¶
type SecretVersion struct { SecretVersionID *uuid.UUID `json:"secret_version_id"` Secret *Secret `json:"secret"` Version int `json:"version"` SecretKey *SecretKey `json:"secret_key,omitempty"` Data []byte `json:"data,omitempty"` CreatedAt time.Time `json:"created_at"` Status string `json:"status"` }
SecretVersion represents a version of a Secret without any encrypted data.
func (*SecretVersion) IsLatest ¶
func (sv *SecretVersion) IsLatest() bool
IsLatest returns true when the secret version is the latest version of the secret.
func (*SecretVersion) Name ¶
func (sv *SecretVersion) Name() string
Name returns the secret name:version
type Service ¶
type Service struct { AccountID *uuid.UUID `json:"account_id"` ServiceID string `json:"service_id"` Repo *Repo `json:"repo"` Description string `json:"description"` CreatedBy *uuid.UUID `json:"created_by,omitempty"` }
Service represents a service account on SecretHub.
func (Service) ToAuditActor ¶
func (a Service) ToAuditActor() *AuditActor
ToAuditActor converts an Service to an AuditActor
func (Service) ToAuditSubject ¶
func (a Service) ToAuditSubject() *AuditSubject
ToAuditSubject converts an Service to an AuditSubject
type SortAccessLevels ¶
type SortAccessLevels []*AccessLevel
SortAccessLevels sorts a list of AccessLevels first by the permission and then by the account name.
func (SortAccessLevels) Len ¶
func (s SortAccessLevels) Len() int
func (SortAccessLevels) Less ¶
func (s SortAccessLevels) Less(i, j int) bool
func (SortAccessLevels) Swap ¶
func (s SortAccessLevels) Swap(i, j int)
type SortAccessRules ¶
type SortAccessRules []*AccessRule
SortAccessRules makes a list of AccessRules sortable. Sort order: Permission (high to low), AccountName (natural)
func (SortAccessRules) Len ¶
func (s SortAccessRules) Len() int
func (SortAccessRules) Less ¶
func (s SortAccessRules) Less(i, j int) bool
func (SortAccessRules) Swap ¶
func (s SortAccessRules) Swap(i, j int)
type SortDirByName ¶
type SortDirByName []*Dir
SortDirByName makes a list of Dir sortable.
func (SortDirByName) Len ¶
func (d SortDirByName) Len() int
func (SortDirByName) Less ¶
func (d SortDirByName) Less(i, j int) bool
func (SortDirByName) Swap ¶
func (d SortDirByName) Swap(i, j int)
type SortDirPaths ¶
type SortDirPaths []DirPath
SortDirPaths makes a slice of dir paths sortable.
func (SortDirPaths) Len ¶
func (s SortDirPaths) Len() int
func (SortDirPaths) Less ¶
func (s SortDirPaths) Less(i, j int) bool
func (SortDirPaths) Swap ¶
func (s SortDirPaths) Swap(i, j int)
type SortOrgByName ¶
type SortOrgByName []*Org
SortOrgByName makes a list of orgs sortable.
func (SortOrgByName) Len ¶
func (s SortOrgByName) Len() int
func (SortOrgByName) Less ¶
func (s SortOrgByName) Less(i, j int) bool
func (SortOrgByName) Swap ¶
func (s SortOrgByName) Swap(i, j int)
type SortOrgMemberByUsername ¶
type SortOrgMemberByUsername []*OrgMember
SortOrgMemberByUsername makes a list of org members sortable.
func (SortOrgMemberByUsername) Len ¶
func (s SortOrgMemberByUsername) Len() int
func (SortOrgMemberByUsername) Less ¶
func (s SortOrgMemberByUsername) Less(i, j int) bool
func (SortOrgMemberByUsername) Swap ¶
func (s SortOrgMemberByUsername) Swap(i, j int)
type SortRepoByName ¶
type SortRepoByName []*Repo
SortRepoByName makes a list of repos sortable.
func (SortRepoByName) Len ¶
func (r SortRepoByName) Len() int
func (SortRepoByName) Less ¶
func (r SortRepoByName) Less(i, j int) bool
func (SortRepoByName) Swap ¶
func (r SortRepoByName) Swap(i, j int)
type SortSecretByName ¶
type SortSecretByName []*Secret
SortSecretByName makes a list of Secret sortable.
func (SortSecretByName) Len ¶
func (s SortSecretByName) Len() int
func (SortSecretByName) Less ¶
func (s SortSecretByName) Less(i, j int) bool
func (SortSecretByName) Swap ¶
func (s SortSecretByName) Swap(i, j int)
type Subscription ¶
type Subscription struct { Plan *BillingPlan `json:"plan"` Fees []*SubscriptionFee `json:"fees"` TaxPercent float64 `json:"tax_percent"` }
Subscription defines a billing plan a customer has subscribed to.
type SubscriptionFee ¶
type SubscriptionFee struct { Name string `json:"name"` Status string `json:"status"` CurrentPeriodEnd int64 `json:"current_period_end"` CurrentPeriodStart int64 `json:"current_period_start"` TrialEnd int64 `json:"trial_end"` TrialStart int64 `json:"trial_start"` }
SubscriptionFee defines a fee included in a subscription, which the customer will be billed for. Each fee has their own charge and billing cycle.
type Tree ¶
type Tree struct { ParentPath ParentPath RootDir *Dir Dirs map[uuid.UUID]*Dir Secrets map[uuid.UUID]*Secret }
Tree contains a full tree from the RootDir and all dirs and secrets. ParentPath is used to construct absolute paths. ParentPath is the path to the parent of the root dir, eg: For namespace/repo/parent/rootdir => namespace/repo/parent
func (Tree) AbsDirPath ¶
AbsDirPath returns the full path of dir This function makes the assumption that only the root dir has no parentID. If not, an error will occur.
func (Tree) AbsSecretPath ¶
func (t Tree) AbsSecretPath(secretID *uuid.UUID) (*SecretPath, error)
AbsSecretPath returns the full path of secret. This function makes the assumption that every secret has a ParentDir. If not, an error will occur.
func (Tree) DirCount ¶
DirCount returns the number of directories inside the tree. This does not include the root directory.
func (Tree) SecretCount ¶
SecretCount returns the number of secrets contained in the tree.
type UpdateAccessRuleRequest ¶
type UpdateAccessRuleRequest struct {
Permission Permission `json:"permission"`
}
UpdateAccessRuleRequest contains the request fields for updating an AccessRule.
func (*UpdateAccessRuleRequest) Validate ¶
func (uar *UpdateAccessRuleRequest) Validate() error
Validate validates the request fields.
type UpdateOrgMemberRequest ¶
type UpdateOrgMemberRequest struct {
Role string `json:"role"`
}
UpdateOrgMemberRequest contains the required fields for updating a user's organization membership.
func (UpdateOrgMemberRequest) Validate ¶
func (req UpdateOrgMemberRequest) Validate() error
Validate validates the request fields.
type UpdateSubscriptionRequest ¶
type UpdateSubscriptionRequest struct {
PlanID string `json:"plan_id"`
}
UpdateSubscriptionRequest defines a request for adding or updating a subscription.
func (UpdateSubscriptionRequest) Validate ¶
func (r UpdateSubscriptionRequest) Validate() error
Validate validates a UpdateSubscriptionRequest
type User ¶
type User struct { AccountID *uuid.UUID `json:"account_id"` PublicKey []byte `json:"public_key"` Username string `json:"username"` FullName string `json:"full_name"` Email string `json:"user_email,omitempty"` // Optional, private information is only returned for yourself CreatedAt *time.Time `json:"created_at,omitempty"` // Optional, private information is only returned for yourself LastLoginAt *time.Time `json:"last_login_at,omitempty"` // Optional, private information is only returned for yourself }
User represents a SecretHub user.
func (User) PrettyName ¶
PrettyName returns a printable string with the username and full name.
func (User) ToAuditActor ¶
func (u User) ToAuditActor() *AuditActor
ToAuditActor converts a User to an AuditActor
func (User) ToAuditSubject ¶
func (u User) ToAuditSubject() *AuditSubject
ToAuditSubject converts a User to an AuditSubject