Documentation ¶
Index ¶
- func LoginPairFromEnv() (*authn.LoginPair, error)
- func LoginPairFromNetRC(config Config) (*authn.LoginPair, error)
- func ReadResponseBody(response io.ReadCloser) ([]byte, error)
- type Authenticator
- type Client
- func NewClient(config Config) (*Client, error)
- func NewClientFromEnvironment(config Config) (*Client, error)
- func NewClientFromKey(config Config, loginPair authn.LoginPair) (*Client, error)
- func NewClientFromToken(config Config, token string) (*Client, error)
- func NewClientFromTokenFile(config Config, tokenFile string) (*Client, error)
- func (c *Client) AddSecret(variableID string, secretValue string) error
- func (c *Client) AddSecretRequest(variableID, secretValue string) (*http.Request, error)
- func (c *Client) Authenticate(loginPair authn.LoginPair) ([]byte, error)
- func (c *Client) AuthenticateReader(loginPair authn.LoginPair) (io.ReadCloser, error)
- func (c *Client) AuthenticateRequest(loginPair authn.LoginPair) (*http.Request, error)
- func (c *Client) CheckPermission(resourceID, privilege string) (bool, error)
- func (c *Client) CheckPermissionRequest(resourceID string, privilege string) (*http.Request, error)
- func (c *Client) GetAuthenticator() Authenticator
- func (c *Client) GetConfig() Config
- func (c *Client) GetHttpClient() *http.Client
- func (c *Client) InternalAuthenticate() ([]byte, error)
- func (c *Client) LoadPolicy(mode PolicyMode, policyID string, policy io.Reader) (*PolicyResponse, error)
- func (c *Client) LoadPolicyRequest(mode PolicyMode, policyID string, policy io.Reader) (*http.Request, error)
- func (c *Client) Login(login string, password string) ([]byte, error)
- func (c *Client) LoginRequest(login string, password string) (*http.Request, error)
- func (c *Client) NeedsTokenRefresh() bool
- func (c *Client) RefreshToken() (err error)
- func (c *Client) Resource(resourceID string) (resource map[string]interface{}, err error)
- func (c *Client) ResourceIDs(filter *ResourceFilter) ([]string, error)
- func (c *Client) ResourceRequest(resourceID string) (*http.Request, error)
- func (c *Client) Resources(filter *ResourceFilter) (resources []map[string]interface{}, err error)
- func (c *Client) ResourcesRequest(filter *ResourceFilter) (*http.Request, error)
- func (c *Client) RetrieveBatchSecrets(variableIDs []string) (map[string][]byte, error)
- func (c *Client) RetrieveBatchSecretsRequest(variableIDs []string, base64Flag bool) (*http.Request, error)
- func (c *Client) RetrieveBatchSecretsSafe(variableIDs []string) (map[string][]byte, error)
- func (c *Client) RetrieveSecret(variableID string) ([]byte, error)
- func (c *Client) RetrieveSecretReader(variableID string) (io.ReadCloser, error)
- func (c *Client) RetrieveSecretRequest(variableID string) (*http.Request, error)
- func (c *Client) RotateAPIKey(roleID string) ([]byte, error)
- func (c *Client) RotateAPIKeyReader(roleID string) (io.ReadCloser, error)
- func (c *Client) RotateAPIKeyRequest(roleID string) (*http.Request, error)
- func (c *Client) RotateHostAPIKey(hostID string) ([]byte, error)
- func (c *Client) RotateUserAPIKey(userID string) ([]byte, error)
- func (c *Client) SetAuthenticator(authenticator Authenticator)
- func (c *Client) SetHttpClient(httpClient *http.Client)
- func (c *Client) SubmitRequest(req *http.Request) (resp *http.Response, err error)
- func (c *Client) WhoAmI() ([]byte, error)
- func (c *Client) WhoAmIRequest() (*http.Request, error)
- type Config
- type CreatedRole
- type PolicyMode
- type PolicyResponse
- type ResourceFilter
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func LoginPairFromEnv ¶
func ReadResponseBody ¶
func ReadResponseBody(response io.ReadCloser) ([]byte, error)
ReadResponseBody fully reads a response and closes it.
Types ¶
type Authenticator ¶
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
func NewClientFromEnvironment ¶
TODO: Create a version of this function for creating an authenticator from environment
func NewClientFromKey ¶
func NewClientFromTokenFile ¶
func (*Client) AddSecret ¶
AddSecret adds a secret value to a variable.
The authenticated user must have update privilege on the variable.
func (*Client) AddSecretRequest ¶
func (*Client) Authenticate ¶
Authenticate obtains a new access token.
func (*Client) AuthenticateReader ¶
AuthenticateReader obtains a new access token and returns it as a data stream.
func (*Client) AuthenticateRequest ¶
func (*Client) CheckPermission ¶
CheckPermission determines whether the authenticated user has a specified privilege on a resource.
func (*Client) CheckPermissionRequest ¶
func (*Client) GetAuthenticator ¶
func (c *Client) GetAuthenticator() Authenticator
func (*Client) GetHttpClient ¶
func (*Client) InternalAuthenticate ¶
Authenticate obtains a new access token using the internal authenticator.
func (*Client) LoadPolicy ¶
func (c *Client) LoadPolicy(mode PolicyMode, policyID string, policy io.Reader) (*PolicyResponse, error)
LoadPolicy submits new policy data or polciy changes to the server.
The required permission depends on the mode.
func (*Client) LoadPolicyRequest ¶
func (*Client) LoginRequest ¶
func (*Client) NeedsTokenRefresh ¶
func (*Client) RefreshToken ¶
func (*Client) ResourceIDs ¶
func (c *Client) ResourceIDs(filter *ResourceFilter) ([]string, error)
func (*Client) ResourceRequest ¶
func (*Client) Resources ¶
func (c *Client) Resources(filter *ResourceFilter) (resources []map[string]interface{}, err error)
Resources fetches user-visible resources. The set of resources can be limited by the given ResourceFilter. If filter is non-nil, only non-zero-valued members of the filter will be applied.
func (*Client) ResourcesRequest ¶
func (c *Client) ResourcesRequest(filter *ResourceFilter) (*http.Request, error)
func (*Client) RetrieveBatchSecrets ¶
RetrieveBatchSecrets fetches values for all variables in a slice using a single API call
The authenticated user must have execute privilege on all variables.
func (*Client) RetrieveBatchSecretsRequest ¶
func (*Client) RetrieveBatchSecretsSafe ¶
RetrieveBatchSecretsSafe fetches values for all variables in a slice using a single API call. This version of the method will automatically base64-encode the secrets on the server side allowing the retrieval of binary values in batch requests. Secrets are NOT base64 encoded in the returned map.
The authenticated user must have execute privilege on all variables.
func (*Client) RetrieveSecret ¶
RetrieveSecret fetches a secret from a variable.
The authenticated user must have execute privilege on the variable.
func (*Client) RetrieveSecretReader ¶
func (c *Client) RetrieveSecretReader(variableID string) (io.ReadCloser, error)
RetrieveSecretReader fetches a secret from a variable and returns it as a data stream.
The authenticated user must have execute privilege on the variable.
func (*Client) RetrieveSecretRequest ¶
func (*Client) RotateAPIKey ¶
RotateAPIKey replaces the API key of a role on the server with a new random secret.
The authenticated user must have update privilege on the role.
func (*Client) RotateAPIKeyReader ¶
func (c *Client) RotateAPIKeyReader(roleID string) (io.ReadCloser, error)
RotateAPIKeyReader replaces the API key of a role on the server with a new random secret and returns it as a data stream.
The authenticated user must have update privilege on the role.
func (*Client) RotateAPIKeyRequest ¶
func (*Client) RotateHostAPIKey ¶
RotateHostAPIKey constructs a role ID from a given host ID then replaces the API key of the role with a new random secret.
The authenticated user must have update privilege on the role.
func (*Client) RotateUserAPIKey ¶
RotateUserAPIKey constructs a role ID from a given user ID then replaces the API key of the role with a new random secret.
The authenticated user must have update privilege on the role.
func (*Client) SetAuthenticator ¶
func (c *Client) SetAuthenticator(authenticator Authenticator)
func (*Client) SetHttpClient ¶
func (*Client) SubmitRequest ¶
type Config ¶
type Config struct { Account string `yaml:"account,omitempty"` ApplianceURL string `yaml:"appliance_url,omitempty"` NetRCPath string `yaml:"netrc_path,omitempty"` SSLCert string `yaml:"-"` SSLCertPath string `yaml:"cert_file,omitempty"` AuthnType string `yaml:"authn_type,omitempty"` ServiceID string `yaml:"service_id,omitempty"` }
func LoadConfig ¶
func (*Config) ReadSSLCert ¶
type CreatedRole ¶
CreatedRole contains the full role ID and API key of a role which was created by the server when loading a policy.
type PolicyMode ¶
type PolicyMode uint
PolicyMode defines the server-sized behavior when loading a policy.
const ( // PolicyModePost appends new data to the policy. PolicyModePost PolicyMode = 1 // PolicyModePut completely replaces the policy, implicitly deleting data which is not present in the new policy. PolicyModePut PolicyMode = 2 // PolicyModePatch adds policy data and explicitly deletes policy data. PolicyModePatch PolicyMode = 3 )
type PolicyResponse ¶
type PolicyResponse struct { // Newly created roles. CreatedRoles map[string]CreatedRole `json:"created_roles"` // The version number of the policy. Version uint32 `json:"version"` }
PolicyResponse contains information about the policy update.