README
¶
Data structures for TRASA
Documentation
¶
Index ¶
- type AccessMapDetail
- type AccessToken
- type AccountSecrets
- type AdhocDetails
- type AdhocPermission
- type AlertPolicy
- type AuthLog
- type AuthRequest
- type Authorization
- type Backup
- type BackupPlan
- type BrowserExtensions
- type CertHolder
- type CheckPolicyFunc
- type CloudIaaSSync
- type ComplianceViolation
- type Config
- type ConnectionParams
- type DBVersion
- type DayAndTimePolicy
- type DeviceAuthFinger
- type DeviceBrowser
- type DeviceFinger
- type DeviceHygiene
- type DeviceInfo
- type DeviceOS
- type DevicePolicy
- type DevicePolicyMaker
- type EmailAdhoc
- type EmailDynamicAccess
- type EmailIntegrationConfig
- type EmailSecurityAlert
- type EmailUserCrud
- type EncryptionKeyLog
- type EndpointSecurity
- type Entity
- type ErrorStrings
- type GeoLocation
- type GlobalDynamicAccessSettings
- type GlobalEmailSetting
- type GlobalSettings
- type GlobalTrasaSshAuth
- type Group
- type IPDetails
- type IdentityProvider
- type InAppNotification
- type InAppTrail
- type InitSignup
- type Intent
- type KeyStore
- type KeysHolder
- type KeysHolderReq
- type License
- type LoginSecurity
- type MobileDeviceHygiene1
- type MyService
- type MyServiceDetails
- type NetworkInfo
- type Org
- type PasswordPolicy
- type PasswordState
- type Policy
- type PolicyEnforcer
- type ResponseStruct
- type ReverseProxy
- type SAML
- type ScimConflict
- type ScimContext
- type ScimGroup
- type ScimGroupMembers
- type ScimGroupPatch
- type ScimGroupPatchOps
- type ScimListGroup
- type ScimListUser
- type ScimMeta
- type ScimUser
- type ScimUserEmails
- type ScimUserGroups
- type ScimUserName
- type ScimUserX509Certificates
- type SecurityRule
- type SecurityRuleViolationAction
- type Service
- type ServiceGroupMap
- type ServiceGroupUserGroupMap
- type ServiceLogin
- type ServiceSecretVault
- type ServiceUserMap
- type SignupLog
- type TRASAFeaturesStatus
- type TrasaFeatures
- type TrasaResponseStruct
- type TrasaResponseStructWIthDataString
- type UpstreamCreds
- type User
- type UserContext
- type UserDevice
- type UserGroupMap
- type UserWithPass
- type VaultAccessLogs
- type VaultCredStorageEvent
- type VaultFeature
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AccessMapDetail ¶
type AccessMapDetail struct {
MapID string `json:"mapID"`
ServiceID string `json:"serviceID"`
ServiceName string `json:"serviceName"`
ServiceType string `json:"serviceType"`
Hostname string `json:"hostname"`
OrgID string `json:"orgID"`
UserID string `json:"userID"`
Email string `json:"email"`
Policy Policy `json:"policy"`
Privilege string `json:"privilege"`
UserAddedAt int64 `json:"userAddedAt"`
}
type AccessToken ¶
type AccessToken struct {
GrantID string
UserID string
AccessToken string
IDToken string
Scopes []string
CreatedAt string
TTLValue string
// contains filtered or unexported fields
}
AccessToken defines api access token structures.
type AccountSecrets ¶
type AccountSecrets struct {
Username string `json:"userName"`
Secret string `json:"secret"`
AddedAt int64 `json:"addedAt"`
LastUpdated int64 `json:"lastUpdated"`
}
AccountSecrets holds secrets for users which needs to be stored in trasaVault
type AdhocDetails ¶
type AdhocDetails struct {
AdhocPermission
ServiceName string `json:"serviceName"`
ServiceType string `json:"serviceType"`
RequesterEmail string `json:"requesterEmail"`
RequesteeEmail string `json:"requesteeEmail"`
}
type AdhocPermission ¶
type AdhocPermission struct {
RequestID string `json:"reqID"`
RequesterID string `json:"requesterID"`
OrgID string `json:"orgID"`
ServiceID string `json:"serviceID"`
RequesteeID string `json:"requesteeID"`
RequestTxt string `json:"requestTxt"`
RequestedOn int64 `json:"reqTime"`
IsAuthorized bool `json:"isAuthorized"`
AuthorizedOn int64 `json:"authorizedOn"`
AuthorizedPeriod int64 `json:"authorizedPeriod"`
AuthorizedPolicy Policy `json:"authorizedPolicy"`
IsExpired bool `json:"isExpired"`
SessionID []string `json:"sessionID"`
}
AdhocPermission represents a single adhoc request
type AlertPolicy ¶
type AlertPolicy struct {
PolicyID string `json:"policyID"`
PolicyName string `json:"policyName"`
OrgID string `json:"orgID"`
NotifCase string `json:"notifCase"`
NotifChannel string `json:"notifChannel"`
NotifyTo string `json:"notifyTo"`
CreatedBy string `json:"createdBy"`
CreatedAt int64 `json:"createdAt"`
UpdatedAt int64 `json:"updatedAt"`
}
type AuthLog ¶
type AuthLog struct {
EventID string `json:"eventID"`
Endpoint consts.ConstEndpoints `json:"endpoint"`
SessionID string `json:"sessionID"`
OrgID string `json:"orgID"`
ServiceName string `json:"ServiceName"`
ServiceID string `json:"ServiceID"`
ServiceType string `json:"ServiceType"`
ServerIP string `json:"serverIP"`
ServerName string `json:"serverName"`
UserName string `json:"userName"`
Email string `json:"email"`
UserID string `json:"userID"`
UserAgent string `json:"userAgent"`
AccessDeviceID string `json:"accessDeviceID"`
TfaDeviceID string `json:"tfaDeviceID"`
DeviceType string `json:"deviceType"`
Commands []string `json:"commands"`
UserIP string `json:"userIP"`
GeoLocation struct {
IsoCountryCode string `json:"isoCountryCode"`
City string `json:"city"`
TimeZone string `json:"timeZone"`
Location []float64 `json:"location"`
} `json:"geoLocation"`
LoginMethod string `json:"loginMethod"`
Status bool `json:"status"`
MarkedAs string `json:"markedAs"`
LoginTime int64 `json:"loginTime"`
LogoutTime int64 `json:"logoutTime"`
SessionDuration string `json:"sessionDuration"`
SessionRecord bool `json:"sessionRecord"`
FailedReason consts.FailedReason `json:"failedReason"`
Guests []string `json:"guests"`
}
AuthLog is a log struct for all authentication events in trasa including dashboard login
type AuthRequest ¶
type AuthRequest struct {
RequestID string
Scopes []string
ClientID string
RedirectURI string
ResponseType []string
// contains filtered or unexported fields
}
AuthRequest struct. Authentication Request:
type Authorization ¶
type Authorization struct {
AuthorizationID string
UserID string
Scopes []string
Nonce string
CreatedAt string
// contains filtered or unexported fields
}
Authorization struct defines authorization event. server reference this event to generate access tokens
type BackupPlan ¶
type BackupPlan struct {
OrgID string `json:"orgID"`
BackupPlanID string `json:"backupPlanID"`
BackupPlanName string `json:"backupPlanName"`
BackupType string `json:"backupType"`
ScheduleTime int64 `json:"scheduleTime"`
Interval string `json:"interval"`
BackupServiceNames []string `json:"backupServiceNames"`
CreatedAt int64 `json:"createdAt"`
UpdatedAt int64 `json:"updatedAt"`
}
type BrowserExtensions ¶
type BrowserExtensions struct {
// device id is id of device which maps to deviceID of userdevices
DeviceID string `json:"deviceID"`
// userID maps to userID from users
UserID string `json:"userID"`
OrgID string `json:"orgID"`
// ExtensionID is unique identifier of extension that is provided by extensions to browser vendors.
ExtensionID string `json:"id"`
Name string `json:"name"`
Description string `json:"description"`
Version string `json:"version"`
MayDisable bool `json:"mayDisable"`
Enabled bool `json:"enabled"`
InstallType string `json:"installType"`
Type string `json:"type"`
Permissions []string `json:"permissions"`
HostPermissions []string `json:"hostPermissions"`
IsVulnerable bool `json:"isVulnerable"`
VulnReason string `json:"vulnReason"`
// LastChecked stores date of when this extension was last uddated in trasa database
LastChecked int64 `json:"lastChecked"`
}
type CertHolder ¶
type CertHolder struct {
CertID string `json:"certID"`
OrgID string `json:"orgID"`
EntityID string `json:"entityID"`
Cert []byte `json:"cert"`
Key []byte `json:"key"`
Csr []byte `json:"csr"`
// CertificateType should be constant representing CA, intermediate CA or Service(for http?) cert others
CertType string `json:"certType"`
CreatedAt int64 `json:"createdAt"`
// CertMeta holds metadata for generating or signing other certs.
// This metadata is only valid as default parameters and can be override by Service specefic metadata.
// For example default generated client cert expiry time might be 24 hours but specefic Service can allow
// access only for 1 hour or 1 time access as 1 minute validity.
CertMeta string `json:"certMeta"`
LastUpdated int64 `json:"lastUpdated"`
}
CertHolder holds certificate data.
type CheckPolicyFunc ¶
type CheckPolicyFunc func(params *ConnectionParams, policy *Policy, adhoc bool) (bool, consts.FailedReason)
CheckPolicyFunc is a function which takes connection parameters and checks policy
type CloudIaaSSync ¶
type CloudIaaSSync struct {
CloudIaasID string `json:"cloudIaasID"`
OrgID string `json:"orgID"`
CloudIaasName string `json:"cloudIaasName"`
LasgtSyncedBy string `json:"LasgtSyncedBy"`
LastSyncedOn int64 `json:"keyTag"`
}
CloudIaaSSync tracks synchronization with cloud service provider.
type ComplianceViolation ¶
type ComplianceViolation struct {
// ViolationID is unique id for the event
ViolationID string `json:"violationID"`
OrgID string `json:"orgID"`
// EntityType can be either user or Service or any entity type
EntityType string `json:"entityType"`
// EntityID is unique ID of entityType in scope
EntityID string `json:"entityID"`
ComplianceType string `json:"ComplianceType"`
ComplReqID string `json:"complReqID"`
CompleReqDesc string `json:"compleReqDesc"`
// ViolationType should be based on constant value of violation
ViolationType string `json:"violationType"`
ReportedOn int64 `json:"reportedOn"`
ResolvedOn int64 `json:"resolvedOn"`
}
ComplianceViolation is triggered based on violation of compliance requirements.
type Config ¶
type Config struct {
Backup struct {
Backupdir string `toml:"backupdir"`
} `toml:"backup"`
Database struct {
Dbname string `toml:"dbname"`
Dbuser string `toml:"dbuser"`
Port string `toml:"port"`
Server string `toml:"server"`
Sslenabled bool `toml:"sslenabled"`
Usercert string `toml:"usercert"`
Userkey string `toml:"userkey"`
Cacert string `toml:"cacert"`
} `toml:"database"`
//Deprecated
Etcd struct {
Server string `toml:"server"`
Usercert string `toml:"usercert"`
Userkey string `toml:"userkey"`
Cacert string `toml:"cacert"`
} `toml:"etcd"`
//Deprecated
Logging struct {
Env string `toml:"env"`
} `toml:"logging"`
Minio struct {
Key string `toml:"key"`
Secret string `toml:"secret"`
Server string `toml:"server"`
Usessl bool `toml:"usessl"`
} `toml:"minio"`
Platform struct {
Base string `toml:"base"`
} `toml:"platform"`
Redis struct {
Port string `toml:"port"`
Server []string `toml:"server"`
Sslenabled bool `toml:"sslenabled"`
Usercert string `toml:"usercert"`
Userkey string `toml:"userkey"`
Cacert string `toml:"cacert"`
} `toml:"redis"`
Timezone struct {
Location string `toml:"location"`
} `toml:"timezone"`
Security struct {
InsecureSkipVerify bool `toml:"insecureSkipVerify"`
} `toml:"security"`
Trasa struct {
Dashboard string `toml:"dashboard"`
Rootdomain string `toml:"rootdomain"`
CloudServer string `toml:"cloudServer"`
Ssodomain string `toml:"ssodomain"`
//Deprecated
Trasacore string `toml:"trasacore"`
Rootdir string `toml:"rootdir"`
OrgId string `toml:"orgID"`
} `toml:"trasa"`
Vault struct {
Tsxvault bool `toml:"tsxvault"`
Port string `toml:"port"`
Server string `toml:"server"`
Token string `toml:"token"`
} `toml:"vault"`
InternalHosts struct {
Hosts string `toml:"hosts"`
} `toml:"internalHosts"`
}
Config is trasa config file structure
type ConnectionParams ¶
type ConnectionParams struct {
ServiceID string `json:"serviceID"`
ServiceName string `json:"-"`
ServiceSecret string `json:"serviceSecret"`
TfaMethod string `json:"tfaMethod"`
TotpCode string `json:"totpCode"`
TrasaID string `json:"trasaID"`
OrgID string `json:"orgID"`
Privilege string `json:"privilege"`
Password string `json:"password"`
UserID string `json:"userID"`
SessionID string `json:"sessionID"`
UserIP string `json:"userIP"`
Skip2FA bool `json:"skip2FA"`
SignResponse u2f.SignResponse `json:"signResponse"`
CSRF string `json:"csrf"`
//SESSION string `json:"session"`
OptHeight int64 `json:"optHeight"`
OptWidth int64 `json:"optWidth"`
ConnID string `json:"connID"`
Token string `json:"token"`
ServiceType string `json:"serviceType"`
RdpProtocol string `json:"rdpProto"`
SessionRecord bool `json:"-"`
CanTransferFile bool `json:"-"`
DeviceHygiene DeviceHygiene `json:"deviceHygiene"`
AccessDeviceID string `json:"-"`
TfaDeviceID string `json:"-"`
BrowserID string `json:"-"`
Hostname string `json:"hostname"`
Timezone string `json:"-"`
OrgName string `json:"-"`
}
ConnectionParams contains all details related to login.
type DayAndTimePolicy ¶
type DayAndTimePolicy struct {
Days []string `json:"days"`
FromTime string `json:"fromTime"`
ToTime string `json:"toTime"`
}
func (DayAndTimePolicy) Scan ¶
func (d DayAndTimePolicy) Scan(src interface{}) error
type DeviceAuthFinger ¶
type DeviceAuthFinger struct {
MachineID string `json:"machineID"`
Hostname string `json:"hostname"`
KernelType string `json:"kernelType"`
OsName string `json:"osName"`
OsVersion string `json:"osVersion"`
DeviceName string `json:"deviceName"`
SecurityStatus struct {
IsPasswordSet bool `json:"isPasswordSet"`
PasswordLastUpdated string `json:"passwordLastUpdated"`
IsFirewallSet bool `json:"isFirewallSet"`
IsDeviceEncryptionSet bool `json:"isDeviceEncryptionSet"`
IsRemoteLoginEnabled bool `json:"isRemoteLoginEnabled"`
IsScreenLockEnabled bool `json:"isScreenLockEnabled"`
CriticalAutoUpdateStatus bool `json:"criticalAutoUpdateStatus"`
PendingUpdates []string `json:"pendingUpdates"`
} `json:"securityStatus"`
}
type DeviceBrowser ¶
type DeviceBrowser struct {
ID string `json:"ID"`
OrgID string `json:"orgID"`
// DeviceID should be deviceID of workstation which this browser in context belongs to.
DeviceID string `json:"deviceID"`
Name string `json:"name"`
Version string `json:"version"`
Build string `json:"build"`
IsBot bool `json:"isBot"`
UserAgent string `json:"userAgent"`
Extensions []BrowserExtensions `json:"extensions"`
}
DeviceBrowser hygiene should be always updated along with workstation.
type DeviceFinger ¶
type DeviceFinger struct {
Browser string `json:"browser"`
BrowserVersion string `json:"browserVersion"`
Engine string `json:"engine"`
Os string `json:"os"`
Device string `json:"device"`
IP string `json:"ip"`
Blob string `json:"blob"`
}
Deprecated
type DeviceHygiene ¶
type DeviceHygiene struct {
//DeviceID string `json:"deviceID"` // TRASA unique identifier for this device.
//DeviceType string `json:"deviceType"` // can be mobile or workstation
DeviceInfo DeviceInfo `json:"deviceInfo"`
DeviceOS DeviceOS `json:"deviceOS"`
LoginSecurity LoginSecurity `json:"loginSecurity"`
//DeviceBrowser DeviceBrowser `json:"deviceBrowser"`
NetworkInfo NetworkInfo `json:"networkInfo"`
EndpointSecurity EndpointSecurity `json:"endpointSecurity"`
LastCheckedTime int64 `json:"lastCheckedTime"`
}
WorkstationHygiene stores health of user workstation.
func (*DeviceHygiene) Scan ¶
func (a *DeviceHygiene) Scan(value interface{}) error
Make the Attrs struct implement the sql.Scanner interface. This method simply decodes a JSON-encoded value into the struct fields.
type DeviceInfo ¶
type DeviceInfo struct {
DeviceName string `json:"deviceName"`
DeviceVersion string `json:"deviceVersion"`
MachineID string `json:"machineID"`
Brand string `json:"brand"` // iOS: "Apple" // Android: "xiaomi"
Manufacturer string `json:"manufacturer"` // iOS: "Apple" // Android: "Google"
DeviceModel string `json:"deviceModel"` // iOS: "iPhone7,2" //
}
DeviceInfo
type DeviceOS ¶
type DeviceOS struct {
OSName string `json:"osName"` //(OS Name) iOS: "iOS" on newer iOS devices "iPhone OS" on older devices, including older iPad's. // Android: "Android"
OSVersion string `json:"osVersion"` //(OS version) iOS: "11.0" // Android: "7.1.1"
KernelType string `json:"kernelType"`
KernelVersion string `json:"kernelVersion"`
ReadableVersion string `json:"readableVersion"`
LatestSecurityPatch string `json:"latestSecurityPatch"` //// "2018-07-05"
AutoUpdate bool `json:"autoUpdate"`
PendingUpdates []string `json:"pendingUpdates"`
JailBroken bool `json:"jailBroken"`
DebugModeEnabled bool `json:"debugModeEnabled"` // only for mobile device
IsEmulator bool `json:"isEmulator"` // only for mobile device
}
DeviceOS
type DevicePolicy ¶
type DevicePolicy struct {
BlockUntrustedDevices bool `json:"blockUntrustedDevices"`
//May not/ does not work
BlockAutologinEnabled bool `json:"blockAutologinEnabled"`
BlockTfaNotConfigured bool `json:"blockTfaNotConfigured"`
BlockJailBroken bool `json:"blockJailBroken"`
BlockDebuggingEnabled bool `json:"blockDebuggingEnabled"`
BlockEmulated bool `json:"blockEmulated"`
BlockOpenWifiConn bool `json:"blockOpenWifiConn"`
//Works
BlockIdleScreenLockDisabled bool `json:"blockIdleScreenLockDisabled"`
BlockRemoteLoginEnabled bool `json:"blockRemoteLoginEnabled"`
BlockEncryptionNotSet bool `json:"blockEncryptionNotSet"`
BlockFirewallDisabled bool `json:"blockFirewallDisabled"`
//BlockPendingUpdates bool `json:"blockPendingUpdates"`
BlockCriticalAutoUpdateDisabled bool `json:"blockCriticalAutoUpdateDisabled"`
BlockAntivirusDisabled bool `json:"blockAntivirusDisabled"`
}
func (*DevicePolicy) Scan ¶
func (d *DevicePolicy) Scan(src interface{}) error
type DevicePolicyMaker ¶
type DevicePolicyMaker struct {
RuleID string `json:"ruleID"`
OrgID string `json:"orgID"`
Name string `json:"name"`
ConstName string `json:"constName"`
Description string `json:"description"`
Scope string `json:"scope"` // eg. ALL_DEVICE, MOBILE, WORKSTATION
Constraint string `json:"constraint"` // Constraint can be version, name or certain value
ConstraintType string `json:"constraintType"` // Type can be EQ, LT, GT (equal to, less than, greater than, boolean)
ConsraintValue string `json:"contraintValue"` // eg. 10, windows xp,
Status bool `json:"status"` // enabled or disabled
Source string `json:"source"` // source of event
Action string `json:"action"` // action to take. eg. BLOCK, ALERT
CreatedBy string `json:"createdBy"`
CreatedAt int64 `json:"createdAt"`
LastModified int64 `json:"lastModified"`
}
type EmailAdhoc ¶
type EmailAdhoc struct {
Requester string `json:"requester"`
Requestee string `json:"requestee"`
ReceiverEmail string `json:"receiverEmail"`
CC []string `json:"cc"`
DashLink string `json:"dashLink"`
App string `json:"app"`
Reason string `json:"reason"`
Status string `json:"status"`
Time string `json:"time"`
Subject string `json:"subject"`
Req bool `json:"req"`
}
type EmailDynamicAccess ¶
type EmailIntegrationConfig ¶
type EmailIntegrationConfig struct {
IntegrationType string `json:"integrationType"`
// AuthEmailAddr and AuthEmailPass is email:pass that will be used for smtp authentication.
// Incase of api integration, this holds api key and api keyvalue respectively .
AuthKey string `json:"authKey"`
AuthPass string `json:"authPass"`
ServerAddress string `json:"serverAddress"`
ServerPort string `json:"serverPort"`
SenderAddress string `json:"senderAddress"`
}
type EmailSecurityAlert ¶
type EmailUserCrud ¶
type EncryptionKeyLog ¶
type EndpointSecurity ¶
type EndpointSecurity struct {
EpsConfigured bool `json:"epsConfigured"` // endpoint security enabled
EpsVendorName string `json:"epsVendorName"` // endpoint security vendor name. eg. win defender, avira
EpsVersion string `json:"epsVersion"` // version of endpoint security sute
EpsMeta string `json:"epsMeta"`
FirewallEnabled bool `json:"firewallEnabled"`
FirewallPolicy string `json:"firewallPolicy"` // FirewallPolicy stores firewall config policy found on user device
DeviceEncryptionEnabled bool `json:"deviceEncryptionEnabled"`
DeviceEncryptionMeta string `json:"deviceEncryptionMeta"` // DeviceEncryptionMeta stores metadata related to disk encryption (only if enabled)
}
AntiVirus collects data of installed antivirus or antimalware or any endpoint protection agent available in user device. eg window defender, crowdstrike, kaspersky.
type ErrorStrings ¶
type GeoLocation ¶
type GeoLocation struct {
IsoCountryCode string `json:"isoCountryCode"`
City string `json:"city"`
Country string `json:"country"`
TimeZone string `json:"timeZone"`
Location []float64 `json:"location"`
}
func (*GeoLocation) Scan ¶
func (a *GeoLocation) Scan(value interface{}) error
Make the Attrs struct implement the sql.Scanner interface. This method simply decodes a JSON-encoded value into the struct fields.
type GlobalDynamicAccessSettings ¶
type GlobalDynamicAccessSettings struct {
Status bool `json:"status"`
PolicyID string `json:"policyID"`
UserGroups []string `json:"userGroups"`
}
GlobalDynamicAccessSettings is dynamic access setting struct
type GlobalEmailSetting ¶
type GlobalEmailSetting struct {
EmailSettingID string `json:"emailSettingID"`
IntegrationType string `json:"integrationType"`
IntegrationConfig EmailIntegrationConfig `json:"emailIntegrationConfig"`
IsEnabled bool `json:"isEnabled"`
UpdatedAt int64 `json:"updatedAt"`
}
type GlobalSettings ¶
type GlobalSettings struct {
SettingID string `json:"settingID"`
OrgID string `json:"orgID"`
// Status is either active or disabled based on boolean value
Status bool `json:"status"`
// SettingType is name of setting
SettingType string `json:"settingType"`
// SettingValue holds json object of settings
SettingValue string `json:"settingValue"`
// UpdatedBy should be userID of user that updated this setting
UpdatedBy string `json:"updatedBy"`
UpdatedOn int64 `json:"updatedOn"`
}
GlobalSettings holds model for global settings that can be applied to users in TRASA (not appusers. appusers can be managed from policy or compliance settings) multiple settings can be applied to global user settings. These settings should dictate user login behaviours, lock outs, password rotations etc... A minimun threshould settings should be auto generated and stored in database. Administrators should be able to modify these settings later on.
type GlobalTrasaSshAuth ¶
type GlobalTrasaSshAuth struct {
MandatoryCertAuth bool `json:"mandatoryCertAuth"`
}
type Group ¶
type Group struct {
GroupID string `json:"groupID"`
OrgID string `json:"orgID"`
GroupType string `json:"groupType"`
GroupName string `json:"groupName"`
Status bool `json:"status"`
MemberCount int `json:"memberCount"`
CreatedAt int64 `json:"createdAt"`
UpdatedAt int64 `json:"updatedAt"`
}
Group can be user or service group
type IPDetails ¶
type IPDetails struct {
IpAddress string `json:"IPAddr"`
NetMask string `json:"netMask"`
DefaultGateway string `json:"defaultGateway"`
}
type IdentityProvider ¶
type IdentityProvider struct {
IdpID string `json:"idpID"`
OrgID string `json:"orgID"`
IdpName string `json:"idpName"`
// IdpType can be saml2 or openID or ldap provider
IdpType string `json:"idpType"`
// IDP meta can be saml2 xml metadata for saml or base for ldap
IdpMeta string `json:"idpMeta"`
IsEnabled bool `json:"isEnabled"`
// Client ID and secret can be openid(oauth) credentials or ldap service account credentials
ClientID string `json:"clientID"`
ClientSecret string `json:"clientSecret"`
//AudienceURI for saml2 or user search base for ldap
AudienceURI string `json:"audienceURI"`
// RedirectURL is where idp would return code or callback
RedirectURL string `json:"redirectURL"`
// Endpoint can be openid endpoint or saml embed link
Endpoint string `json:"endpoint"`
IntegrationType string `json:"string"`
SCIMEndpoint string `json:"scimEndpoint"`
ApiKey string `json:"apiKey"`
// CreatedBy holds administrator user id
CreatedBy string `json:"createdBy"`
LastUpdated int64 `json:"lastUpdated"`
}
IdentityProvider holds details for OpenID connect Identity Provider CONSTRAINT unique_appproxy UNIQUE(org_id,service_id)
type InAppNotification ¶
type InAppNotification struct {
NotificationID string `json:"notificationID"`
UserID string `json:"userID"`
EmitterID string `json:"emitterID"`
OrgID string `json:"orgID"`
NotificationLabel string `json:"notificationLabel"`
NotificationText string `json:"notificationText"`
CreatedOn int64 `json:"createdOn"`
IsResolved bool `json:"isResolved"`
ResolvedOn int64 `json:"resolvedOn"`
}
type InAppTrail ¶
type InAppTrail struct {
EventID string `json:"eventID"`
Status bool `json:"status"`
OrgID string `json:"orgID"`
UserID string `json:"userID"`
Email string `json:"email"`
Description string `json:"description"`
UserAgent string `json:"userAgent"`
RequestDump interface{} `json:"requestDump"`
ResponseDump interface{} `json:"responseDump"`
EventType string `json:"eventType"`
EventTime int64 `json:"eventTime"`
ClientIP string `json:"clientIP"`
}
InAppTrail is struct of inapp audit log of trasa
type InitSignup ¶
type InitSignup struct {
OrgID string `json:"orgID"`
UserID string `json:"userID"`
OrgName string `json:"orgName"`
PrimaryContact string `json:"primaryContact" valid:"email"`
UserName string `json:"userName" valid:"alphanum"`
FirstName string `json:"firstName" valid:"alpha"`
MiddleName string `json:"middleName" valid:"alpha"`
LastName string `json:"lastName" valid:"alpha"`
Email string `json:"email" valid:"email"`
Password string `json:"password"`
UserRole string `json:"userRole"`
Company string `json:"companyName"`
JobTitle string `json:"jobTitle"`
PhoneNumber string `json:"phoneNumber"`
Country string `json:"country"`
Timezone string `json:"timezone"`
Reference string `json:"reference"`
LicenseType string `json:"licenseType"`
CreatedAt string
UpdatedAt string
DeletedAt string
}
type KeyStore ¶
type KeyStore struct {
KeyID string `json:"keyID"`
OrgID string `json:"orgID"`
Key string `json:"key"`
CreatedAt int64 `json:"createdAt"`
LastUpdated int64 `json:"lastUpdated"`
}
KeyStore stores encryption keys
type KeysHolder ¶
type KeysHolder struct {
KeyID string `json:"keyID"`
OrgID string `json:"orgID"`
KeyTag string `json:"keyTag"`
KeyName string `json:"keyName"`
//KeyVal string `json:"keyVal"`
KeyVal []byte `json:"keyVal"`
AddedBy string `json:"addedBy"`
AddedAt int64 `json:"addedAt"`
}
KeysHolder stores access key supplied by administrators for managing external resources. E.g. api keys, tokens etc.
type KeysHolderReq ¶
type License ¶
type License struct {
Features TrasaFeatures `json:"features"`
Expires int64 `json:"expires"`
MachineID string `json:"machineID"`
AdminLimit int `json:"adminLimit"`
ProxyAppLimit int `json:"proxyAppLimit"`
NodeLimit int `json:"nodeLimit"`
UserLimit int `json:"userLimit"`
}
type LoginSecurity ¶
type LoginSecurity struct {
// checks if device requires login before console.
AutologinEnabled bool `json:"autologinEnabled" `
// value can be password/pin/pattern/faceID/fingerprint
LoginMethod string `json:"loginMethod"`
PasswordLastUpdated string `json:"passwordLastUpdated"`
TfaConfigured bool `json:"tfaConfigured"`
// IdleDeviceScreenLockTime stores if device screen lock time. value can be "never","5 minute idle",
IdleDeviceScreenLockTime string `json:"idleDeviceScreenLockTime"`
IdleDeviceScreenLock bool `json:"idleDeviceScreenLock"`
RemoteLoginEnabled bool `json:"remoteLoginEnabled"`
}
LoginSecurity is device hygiene related to login
type MobileDeviceHygiene1 ¶
type MobileDeviceHygiene1 struct {
InstalledApps string `json:"installedApps"`
DeviceName string `json:"name"` // iOS: "Becca's iPhone 6" // Android: ?
Brand string `json:"brand"` // iOS: "Apple" // Android: "xiaomi"
Manufacturer string `json:"manufacturer"` // iOS: "Apple" // Android: "Google"
OSName string `json:"osName"` //(OS Name) iOS: "iOS" on newer iOS devices "iPhone OS" on older devices, including older iPad's. // Android: "Android"
OSVersion string `json:"osVersion"` //(OS version) iOS: "11.0" // Android: "7.1.1"
DeviceModel string `json:"deviceModel"` // iOS: "iPhone7,2" // Android: "goldfish"
UserAgent string `json:"userAgent"` // iOS: "Mozilla/5.0 (iPhone; CPU iPhone OS 9_1 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13B143" // Android: ?
IsJailBroken bool `json:"isJailBroken"`
HooksDetected bool `json:"hooksDetected"`
DebugModeEnabled bool `json:"debugModeEnabled"`
DeviceID string `json:"deviceID"` // iOS: "FCDBD8EF-62FC-4ECB-B2F5-92C9E79AC7F9" // Android: "dd96dec43fb81c97"
IpAddress string `json:"ipAddress"`
MacAddress string `json:"macAddress"`
ReadableVersion string `json:"readableVersion"` //(application version+build number) iOS: 1.0.1.32 // Android: 1.0.1.234
SecurityPatch string `json:"securityPatch"` //// "2018-07-05"
AppVersion string `json:"appVersion"` //Gets the application version.
IsEmulator bool `json:"isEmulator"`
DeviceLockSet bool `json:"deviceLockSet"`
DeviceLockType string `json:"deviceLockType"` // pin/pattern/faceID/fingerprint
}
Mobile
type MyService ¶
type MyService struct {
AccessMapDetail
Adhoc bool `json:"adhoc"`
Usernames []string `json:"usernames"`
IsAuthorised bool `json:"isAuthorised"`
Reason consts.FailedReason `json:"reason"`
}
type MyServiceDetails ¶
type MyServiceDetails struct {
MyService
Adhoc bool `json:"adhoc"`
ServiceType string `json:"serviceType"`
Hostname string `json:"hostname"`
IsAdmin bool `json:"isAdmin"`
Usernames []string `json:"usernames"`
AuthorizedTill int64 `json:"authorizedTill"`
AuthorizedOn int64 `json:"authorizedOn"`
RequestedOn int64 `json:"requestedOn"`
IsAuthorised bool `json:"isAuthorised"`
Reason consts.FailedReason `json:"reason"`
}
type NetworkInfo ¶
type NetworkInfo struct {
Hostname string `json:"hostname"`
DomainControlled bool `json:"domainControl"`
DomainName string `json:"domainName"`
InterfaceName string `json:"interfaceName"` // Name of outgoing net interface. eg. eth0, wlaan11
IPAddress string `json:"ipAddress"`
MacAddress string `json:"macAddress"`
WirelessNetwork bool `json:"wirelessNetwork"`
OpenWifiConn bool `json:"openWifiConn"`
NetworkName string `json:"networkName"` // Name of connected network. eg. OfficeWIFI, marketingLAN
NetworkSecurity string `json:"networkSecurity"` // detail about current active connection. Eg. if using wifi, then is it open wifi? or wpa2psk wifi?
}
NetworkInfo collects network information of currently active connection during time of access
type Org ¶
type Org struct {
ID string `json:"ID"`
OrgName string `json:"orgName"`
Domain string `json:"domain"`
PrimaryContact string `json:"primaryContact"`
Timezone string `json:"timezone"`
PhoneNumber string `json:"phoneNumber"`
CreatedAt int64
PlatformBase string `json:"platformBase"`
License License `json:"license"`
}
Org stores info related to every Tenants
type PasswordPolicy ¶
type PasswordPolicy struct {
Expiry string `json:"expiry"`
MinimumChars int `json:"minimumChars"`
EnforceStrongPass bool `json:"enforceStrongPass"`
ZxcvbnScore int `json:"zxcvbnScore"`
}
PasswordPolicy represents global policy for passwords that are used to log into TRASA dashboard. This is stored as settingValue in GlobalSettings for settingType as passwordPolicy
type PasswordState ¶
type PasswordState struct {
UserID string `json:"userID"`
OrgID string `json:"orgID"`
LastPasswords []string `json:"lastPasswords"`
LastUpdated int64 `json:"lastUpdated"`
}
PasswordState holds status for user passwords
type Policy ¶
type Policy struct {
PolicyID string `json:"policyID" db:"policy_id"`
OrgID string `json:"orgID" db:"org_id"`
PolicyName string `json:"policyName" db:"policy_name"`
DayAndTime []DayAndTimePolicy `json:"dayAndTime" db:"day_time"`
TfaRequired bool `json:"tfaRequired" db:"tfa_enabled"`
RecordSession bool `json:"recordSession" db:"record_session"`
FileTransfer bool `json:"fileTransfer" db:"file_transfer"`
IPSource string `json:"ipSource" db:"ip_source"`
AllowedCountries string `json:"allowed_countries" db:"allowed_countries"`
DevicePolicy DevicePolicy `json:"devicePolicy" db:"device_policy"`
RiskThreshold float32 `json:"riskThreshold" db:"risk_threshold"`
CreatedAt int64 `json:"createdAt" db:"created_at"`
UpdatedAt int64 `json:"updatedAt" db:"updated_at"`
Expiry string `json:"expiry" db:"expiry"`
IsExpired bool `json:"isExpired"`
UsedBy int `json:"usedBy"`
}
type PolicyEnforcer ¶
type PolicyEnforcer struct {
// EnforceID is unique id for the event
EnforceID string `json:"enforceID"`
// userID represents user who is effected by this policy
UserID string `json:"userID"`
OrgID string `json:"orgID"`
// EnforceType refers to unique constant for this event type. eg change password? username?
EnforceType string `json:"enforceType"`
// Status of the event. True means pending. False means resolved.
Pending bool `json:"status"`
// AssignedBy can be either system assigned or assigned by administrator.
// In case of system assigned, use constat else the value must be userID of administrator.
AssignedBy string `json:"assignedBy"`
AssignedOn int64 `json:"assignedOn"`
ResolvedOn int64 `json:"resolvedOn"`
}
PolicyEnforcer type is generic policy enforcement model which can be used to assign and track user's for specefic enforced action that assigned user must perform. eg. change password, change username etc...
type ResponseStruct ¶
type ReverseProxy ¶
type ReverseProxy struct {
RouteRule string `json:"routeRule"`
PassHostheader bool `json:"passHostHeader"`
UpstreamServer string `json:"upstreamServer"`
StrictTLSValidation bool `json:"strictTLSValidation"`
}
ReverseProxy defines proxy config for http access proxy
func (*ReverseProxy) Scan ¶
func (r *ReverseProxy) Scan(value interface{}) error
type ScimConflict ¶ added in v1.1.4
type ScimConflict struct {
Schemas []string `json:"schemas"`
Detail string `json:"detail"`
Status int `json:"status"`
}
func (ScimConflict) New ¶ added in v1.1.4
func (c ScimConflict) New(detail string) ScimConflict
type ScimContext ¶
type ScimGroup ¶ added in v1.1.4
type ScimGroup struct {
Schemas []string `json:"schemas"`
ID string `json:"id"`
DisplayName string `json:"displayName"`
Members []ScimGroupMembers `json:"members"`
Meta ScimMeta `json:"meta"`
}
type ScimGroupMembers ¶ added in v1.1.4
type ScimGroupPatch ¶ added in v1.1.4
type ScimGroupPatch struct {
Schemas []string `json:"schemas"`
Operations []ScimGroupPatchOps `json:"Operations"`
}
type ScimGroupPatchOps ¶ added in v1.1.4
type ScimGroupPatchOps struct {
Op string `json:"op"`
Path string `json:"path"`
Value []ScimGroupMembers `json:"value,omitempty"`
}
type ScimListGroup ¶ added in v1.1.4
type ScimListUser ¶ added in v1.1.4
type ScimUser ¶ added in v1.1.4
type ScimUser struct {
Schemas []string `json:"schemas"`
ID string `json:"id"`
ExternalID string `json:"externalId"`
UserName string `json:"userName"`
UserRole string `json:"userRole"`
Name ScimUserName `json:"name"`
Emails []ScimUserEmails `json:"emails"`
Password string `json:"password"`
Groups []ScimUserGroups `json:"groups"`
X509Certificates []ScimUserX509Certificates `json:"x509Certificates"`
Active bool `json:"active"`
Meta ScimMeta `json:"meta"`
}
type ScimUserEmails ¶ added in v1.1.4
type ScimUserGroups ¶ added in v1.1.4
type ScimUserName ¶ added in v1.1.4
type ScimUserX509Certificates ¶ added in v1.1.4
type ScimUserX509Certificates struct {
Value string `json:"value"`
}
type SecurityRule ¶
type SecurityRule struct {
RuleID string `json:"ruleID"`
OrgID string `json:"orgID"`
Name string `json:"name"`
ConstName string `json:"constName"`
Description string `json:"description"`
Scope string `json:"scope"`
Condition string `json:"condition"`
Status bool `json:"status"`
Source string `json:"source"`
Action string `json:"action"`
CreatedBy string `json:"createdBy"`
CreatedAt int64 `json:"createdAt"`
LastModified int64 `json:"lastModified"`
}
type Service ¶
type Service struct {
ID string `json:"ID"`
OrgID string `json:"orgID"`
Name string `json:"serviceName" validate:"printascii"`
SecretKey string `json:"secretKey"`
Passthru bool `json:"passthru"`
Hostname string `json:"hostname" validate:"printascii,required"`
Type string `json:"serviceType" validate:"printascii,required"`
ManagedAccounts string `json:"managedAccounts"`
RemoteAppName string `json:"remoteAppName"`
Adhoc bool `json:"adhoc"`
NativeLog bool `json:"nativeLog"`
RdpProtocol string `json:"rdpProtocol"`
ProxyConfig ReverseProxy `json:"proxyConfig"`
PublicKey string `json:"publicKey"`
// ExternalProviderName is name of provider from which this Services details was fetched(eg, digital ocean, aws)
ExternalProviderName string `json:"externalProviderName"`
// ExternalID is ID of service that exists outside of trasa. (eg, digital ocean, aws)
ExternalID string `json:"externalID"`
ExternalSecurityGroup string `json:"externalSecurityGroup"`
// DistroName can be any specefic distribution version. eg ubuntu, debian, windows.
DistroName string `json:"distroName"`
DistroVersion string `json:"distroVersion"`
IPDetails IPDetails `json:"ipDetails"`
CreatedAt int64
UpdatedAt int64
DeletedAt int64
}
Here starts structures related to Services. Services are basic component of trasa. Everything is connected as piece of Oauth Services and trasa itself is 1st Service. Service structure. this holds typical Service structure also known as Oauth clients
func NewEmptyServiceStruct ¶
func NewEmptyServiceStruct() Service
NewEmptyServiceStruct returns empty struct of service
type ServiceGroupMap ¶
type ServiceGroupMap struct {
MapID string `json:"mapID"`
GroupID string `json:"groupID"`
OrgID string `json:"orgID"`
AuthserviceID string `json:"authserviceID"`
Status bool `json:"status"`
CreatedAt int64 `json:"createdAt"`
UpdatedAt int64 `json:"updated_at"`
}
ServiceGroupMap is a database relation map between Service and Group
type ServiceGroupUserGroupMap ¶
type ServiceGroupUserGroupMap struct {
MapID string `json:"mapID"`
ServiceGroupID string `json:"serviceGroupID"`
MapType string `json:"mapType"`
UserGroupID string `json:"userGroupID"`
Privilege string `json:"privilege"`
OrgID string `json:"orgID"`
PolicyID string `json:"policyID"`
CreatedAt int64 `json:"createdAt"`
}
type ServiceLogin ¶
type ServiceLogin struct {
ServiceID string `json:"serviceID"`
DynamicService bool `json:"dynamicService"`
ServiceKey string `json:"serviceKey"`
User string `json:"user"`
Password string `json:"password"`
PublicKey []byte `json:"publicKey"`
TfaMethod string `json:"tfaMethod"`
TotpCode string `json:"totpCode"`
UserIP string `json:"userIP"`
UserWorkstation string `json:"workstation"`
TrasaID string `json:"trasaID"`
SessionID string `json:"sessionID"`
AppType string `json:"appType"`
RdpProtocol string `json:"rdpProto"`
OrgID string `json:"orgID"`
Hostname string `json:"hostname"`
Skip2FA bool `json:"skip2FA"`
SignResponse u2f.SignResponse `json:"signResponse"`
DeviceHygiene DeviceHygiene `json:"deviceHygiene"`
}
ServiceLogin is a request structure which ssh logins and rdp logins generates
type ServiceSecretVault ¶
type ServiceSecretVault struct {
KeyID string `json:"keyID"`
OrgID string `json:"orgID"`
ServiceID string `json:"serviceID"`
SecretType string `json:"secretType"`
UpdatedBy string `json:"updatedBy"`
SecretID string `json:"secretID"`
Secret []byte `json:"secret"`
AddedAt int64 `json:"addedAt"`
LastUpdated int64 `json:"lastUpdated"`
}
type ServiceUserMap ¶
type SignupLog ¶
type SignupLog struct {
FirstName string `json:"firstName"`
LastName string `json:"lastName"`
Email string `json:"email"`
Company string `json:"company"`
JobTitle string `json:"jobTitle"`
Country string `json:"country"`
PhoneNumber string `json:"phoneNumber"`
Reference string `json:"reference"`
SignupTime int64 `json:"signupTime"`
}
SignupLog
type TRASAFeaturesStatus ¶
type TrasaFeatures ¶
type TrasaResponseStruct ¶
type UpstreamCreds ¶
type UpstreamCreds struct {
Password string `json:"password"`
HostCert string `json:"hostCert"`
HostCaCert string `json:"hostCaCert"`
UserCaCert string `json:"UserCaCert"`
ClientCert string `json:"clientCert"`
ClientKey string `json:"clientKey"`
SkipHostVerify bool `json:"skipHostVerify"`
MinimumChar int `json:"minimumChar"`
ZxcvbnScore int `json:"zxcvbnScore"`
EnforceStrongPass bool `json:"enforceStrongPass"`
}
UpstreamCreds contains credentials/login details of upstream service
type User ¶
type User struct {
ID string `json:"ID" `
OrgID string `json:"orgId"`
UserName string `json:"userName" validate:"alphanum"`
FirstName string `json:"firstName" validate:"alpha"`
MiddleName string `json:"middleName" validate:"omitempty,alpha"`
LastName string `json:"lastName" validate:"alpha"`
Email string `json:"email" validate:"email"`
Groups []string `json:"groups"`
UserRole string `json:"userRole" valid:"alpha"`
Status bool `json:"status"`
// IdpName is name of identity provider for user. can be 'trasa' or 'okta' etc..
IdpName string `json:"idpName"`
// ExternalID is ID of service that exists outside of trasa. (eg, okta, onelogin)
ExternalID string `json:"externalID"`
CreatedAt int64
UpdatedAt int64
}
User Model stores behaviours related to single user
func CopyUserWithoutPass ¶
func CopyUserWithoutPass(user UserWithPass) User
CopyUserWithoutPass converts UserWithPass struct to User
func NewEmptyUserStruct ¶
func NewEmptyUserStruct() User
NewEmptyUserStruct returns a empty User struct
type UserDevice ¶
type UserDevice struct {
UserID string `json:"userID"`
OrgID string `json:"orgID"`
DeviceID string `json:"deviceID"`
MachineID string `json:"machineID"`
DeviceType string `json:"deviceType"`
FcmToken string `json:"fcmToken"`
TotpSec string `json:"-"`
PublicKey string `json:"publicKey"`
//Deprecated
DeviceFinger string `json:"deviceFinger"`
Trusted bool `json:"trusted"`
DeviceHygiene DeviceHygiene `json:"deviceHygiene"`
AddedAt int64 `json:"addedAt"`
}
UserDevice models devices registered to users.
type UserGroupMap ¶
type UserGroupMap struct {
MapID string `json:"mapID"`
GroupID string `json:"groupID"`
OrgID string `json:"orgID"`
UserID string `json:"userID"`
Status bool `json:"status"`
CreatedAt int64 `json:"createdAt"`
UpdatedAt int64 `json:"updated_at"`
}
UserGroupMap is a database relation map between user and group
type UserWithPass ¶
type UserWithPass struct {
User
OrgName string `json:"orgName"` //needed for org select
Password string `json:"password"`
}
UserWithPass is a user struct with password.
type VaultAccessLogs ¶
type VaultCredStorageEvent ¶
type VaultFeature ¶
type VaultFeature struct {
// CredStorage is for storing user credentials(uname:pass) or (uname:privatekey)
CredStorage string `json:"credStorage"`
// CertStorage determines where ca certificates and private eys are stored. it can be stored in cert_holder
// or external ca storage.
CertStorage string `json:"certStorage"`
}
VaultFeature stores information regarding where is the secret stored (or to be stored) For example VaultFeature.CredStorage value can be tsxvault or aws secret storage. If tsxvault is set, we store user credentials in our built in vault. if aws is set, we push secrets to aws secret storage. What happens if user wants to migrate secret from tsxvault to aws secret storage? --- migration code required... 3rd party api keys which is used by TRASA will always be stored in key_holderv1. Only one secret storage provider is supported at given time.
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.