conjurapi

package
v1.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 15, 2022 License: MIT Imports: 22 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func LoginPairFromEnv 

func LoginPairFromEnv() (*authn.LoginPair, error)

func LoginPairFromNetRC 

func LoginPairFromNetRC(config Config) (*authn.LoginPair, error)

func ReadResponseBody 

func ReadResponseBody(response io.ReadCloser) ([]byte, error)

ReadResponseBody fully reads a response and closes it.

Types

type Authenticator 

type Authenticator interface {
	RefreshToken() ([]byte, error)
	NeedsTokenRefresh() bool
}

type Client 

type Client struct {
	// contains filtered or unexported fields
}

func NewClient 

func NewClient(config Config) (*Client, error)

func NewClientFromEnvironment 

func NewClientFromEnvironment(config Config) (*Client, error)

TODO: Create a version of this function for creating an authenticator from environment

func NewClientFromKey 

func NewClientFromKey(config Config, loginPair authn.LoginPair) (*Client, error)

func NewClientFromToken 

func NewClientFromToken(config Config, token string) (*Client, error)

func NewClientFromTokenFile 

func NewClientFromTokenFile(config Config, tokenFile string) (*Client, error)

func (*Client) AddSecret 

func (c *Client) AddSecret(variableID string, secretValue string) error

AddSecret adds a secret value to a variable.

The authenticated user must have update privilege on the variable.

func (*Client) AddSecretRequest 

func (c *Client) AddSecretRequest(variableID, secretValue string) (*http.Request, error)

func (*Client) Authenticate 

func (c *Client) Authenticate(loginPair authn.LoginPair) ([]byte, error)

Authenticate obtains a new access token.

func (*Client) AuthenticateReader 

func (c *Client) AuthenticateReader(loginPair authn.LoginPair) (io.ReadCloser, error)

AuthenticateReader obtains a new access token and returns it as a data stream.

func (*Client) AuthenticateRequest 

func (c *Client) AuthenticateRequest(loginPair authn.LoginPair) (*http.Request, error)

func (*Client) CheckPermission 

func (c *Client) CheckPermission(resourceID, privilege string) (bool, error)

CheckPermission determines whether the authenticated user has a specified privilege on a resource.

func (*Client) CheckPermissionRequest 

func (c *Client) CheckPermissionRequest(resourceID string, privilege string) (*http.Request, error)

func (*Client) GetAuthenticator 

func (c *Client) GetAuthenticator() Authenticator

func (*Client) GetConfig 

func (c *Client) GetConfig() Config

func (*Client) GetHttpClient 

func (c *Client) GetHttpClient() *http.Client

func (*Client) InternalAuthenticate 

func (c *Client) InternalAuthenticate() ([]byte, error)

Authenticate obtains a new access token using the internal authenticator.

func (*Client) LoadPolicy 

func (c *Client) LoadPolicy(mode PolicyMode, policyID string, policy io.Reader) (*PolicyResponse, error)

LoadPolicy submits new policy data or polciy changes to the server.

The required permission depends on the mode.

func (*Client) LoadPolicyRequest 

func (c *Client) LoadPolicyRequest(mode PolicyMode, policyID string, policy io.Reader) (*http.Request, error)

func (*Client) Login 

func (c *Client) Login(login string, password string) ([]byte, error)

Login obtains an API key.

func (*Client) LoginRequest 

func (c *Client) LoginRequest(login string, password string) (*http.Request, error)

func (*Client) NeedsTokenRefresh 

func (c *Client) NeedsTokenRefresh() bool

func (*Client) RefreshToken 

func (c *Client) RefreshToken() (err error)

func (*Client) Resource 

func (c *Client) Resource(resourceID string) (resource map[string]interface{}, err error)

Resource fetches a single user-visible resource by id.

func (*Client) ResourceIDs 

func (c *Client) ResourceIDs(filter *ResourceFilter) ([]string, error)

func (*Client) ResourceRequest 

func (c *Client) ResourceRequest(resourceID string) (*http.Request, error)

func (*Client) Resources 

func (c *Client) Resources(filter *ResourceFilter) (resources []map[string]interface{}, err error)

Resources fetches user-visible resources. The set of resources can be limited by the given ResourceFilter. If filter is non-nil, only non-zero-valued members of the filter will be applied.

func (*Client) ResourcesRequest 

func (c *Client) ResourcesRequest(filter *ResourceFilter) (*http.Request, error)

func (*Client) RetrieveBatchSecrets 

func (c *Client) RetrieveBatchSecrets(variableIDs []string) (map[string][]byte, error)

RetrieveBatchSecrets fetches values for all variables in a slice using a single API call

The authenticated user must have execute privilege on all variables.

func (*Client) RetrieveBatchSecretsRequest 

func (c *Client) RetrieveBatchSecretsRequest(variableIDs []string, base64Flag bool) (*http.Request, error)

func (*Client) RetrieveBatchSecretsSafe 

func (c *Client) RetrieveBatchSecretsSafe(variableIDs []string) (map[string][]byte, error)

RetrieveBatchSecretsSafe fetches values for all variables in a slice using a single API call. This version of the method will automatically base64-encode the secrets on the server side allowing the retrieval of binary values in batch requests. Secrets are NOT base64 encoded in the returned map.

The authenticated user must have execute privilege on all variables.

func (*Client) RetrieveSecret 

func (c *Client) RetrieveSecret(variableID string) ([]byte, error)

RetrieveSecret fetches a secret from a variable.

The authenticated user must have execute privilege on the variable.

func (*Client) RetrieveSecretReader 

func (c *Client) RetrieveSecretReader(variableID string) (io.ReadCloser, error)

RetrieveSecretReader fetches a secret from a variable and returns it as a data stream.

The authenticated user must have execute privilege on the variable.

func (*Client) RetrieveSecretRequest 

func (c *Client) RetrieveSecretRequest(variableID string) (*http.Request, error)

func (*Client) RotateAPIKey 

func (c *Client) RotateAPIKey(roleID string) ([]byte, error)

RotateAPIKey replaces the API key of a role on the server with a new random secret.

The authenticated user must have update privilege on the role.

func (*Client) RotateAPIKeyReader 

func (c *Client) RotateAPIKeyReader(roleID string) (io.ReadCloser, error)

RotateAPIKeyReader replaces the API key of a role on the server with a new random secret and returns it as a data stream.

The authenticated user must have update privilege on the role.

func (*Client) RotateAPIKeyRequest 

func (c *Client) RotateAPIKeyRequest(roleID string) (*http.Request, error)

func (*Client) RotateHostAPIKey 

func (c *Client) RotateHostAPIKey(hostID string) ([]byte, error)

RotateHostAPIKey constructs a role ID from a given host ID then replaces the API key of the role with a new random secret.

The authenticated user must have update privilege on the role.

func (*Client) RotateUserAPIKey 

func (c *Client) RotateUserAPIKey(userID string) ([]byte, error)

RotateUserAPIKey constructs a role ID from a given user ID then replaces the API key of the role with a new random secret.

The authenticated user must have update privilege on the role.

func (*Client) SetAuthenticator 

func (c *Client) SetAuthenticator(authenticator Authenticator)

func (*Client) SetHttpClient 

func (c *Client) SetHttpClient(httpClient *http.Client)

func (*Client) SubmitRequest 

func (c *Client) SubmitRequest(req *http.Request) (resp *http.Response, err error)

func (*Client) WhoAmI 

func (c *Client) WhoAmI() ([]byte, error)

WhoAmI obtains information on the current user.

func (*Client) WhoAmIRequest 

func (c *Client) WhoAmIRequest() (*http.Request, error)

type Config 

type Config struct {
	Account      string `yaml:"account,omitempty"`
	ApplianceURL string `yaml:"appliance_url,omitempty"`
	NetRCPath    string `yaml:"netrc_path,omitempty"`
	SSLCert      string `yaml:"-"`
	SSLCertPath  string `yaml:"cert_file,omitempty"`
	AuthnType    string `yaml:"authn_type,omitempty"`
	ServiceID    string `yaml:"service_id,omitempty"`
}

func LoadConfig 

func LoadConfig() (Config, error)

func (*Config) BaseURL 

func (c *Config) BaseURL() string

func (*Config) Conjurrc 

func (c *Config) Conjurrc() []byte

func (*Config) IsHttps 

func (c *Config) IsHttps() bool

func (*Config) ReadSSLCert 

func (c *Config) ReadSSLCert() ([]byte, error)

func (*Config) Validate 

func (c *Config) Validate() error

type CreatedRole 

type CreatedRole struct {
	ID     string `json:"id"`
	APIKey string `json:"api_key"`
}

CreatedRole contains the full role ID and API key of a role which was created by the server when loading a policy.

type PolicyMode 

type PolicyMode uint

PolicyMode defines the server-sized behavior when loading a policy. 

const (
	// PolicyModePost appends new data to the policy.
	PolicyModePost PolicyMode = 1
	// PolicyModePut completely replaces the policy, implicitly deleting data which is not present in the new policy.
	PolicyModePut PolicyMode = 2
	// PolicyModePatch adds policy data and explicitly deletes policy data.
	PolicyModePatch PolicyMode = 3
)

type PolicyResponse 

type PolicyResponse struct {
	// Newly created roles.
	CreatedRoles map[string]CreatedRole `json:"created_roles"`
	// The version number of the policy.
	Version uint32 `json:"version"`
}

PolicyResponse contains information about the policy update.

type ResourceFilter 

type ResourceFilter struct {
	Kind   string
	Search string
	Limit  int
	Offset int
}

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.