persistence

package
v0.24.442 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 8, 2023 License: Apache-2.0 Imports: 40 Imported by: 1

Documentation

Index

Constants

View Source 
const (
	FieldApiSessionCertificateApiSession  = "apiSession"
	FieldApiSessionCertificateSubject     = "subject"
	FieldApiSessionCertificateFingerprint = "fingerprint"
	FieldApiSessionCertificateValidAfter  = "validAfter"
	FieldApiSessionCertificateValidBefore = "validBefore"
	FieldApiSessionCertificatePem         = "pem"
)
View Source 
const (
	FieldApiSessionIdentity       = "identity"
	FieldApiSessionToken          = "token"
	FieldApiSessionConfigTypes    = "configTypes"
	FieldApiSessionIPAddress      = "ipAddress"
	FieldApiSessionMfaComplete    = "mfaComplete"
	FieldApiSessionMfaRequired    = "mfaRequired"
	FieldApiSessionLastActivityAt = "lastActivityAt"
	FieldApiSessionAuthenticator  = "authenticator"

	EventFullyAuthenticated events.EventName = "FULLY_AUTHENTICATED"

	EventualEventApiSessionDelete = "ApiSessionDelete"
)
View Source 
const (
	DefaultUpdbMinPasswordLength = int64(5)
	DefaultUpdbMaxAttempts       = int64(5)
	DefaultAuthPolicyId          = "default"

	UpdbIndefiniteLockout      = int64(0)
	UpdbUnlimitedAttemptsLimit = int64(0)

	FieldAuthPolicyPrimaryCertAllowed           = "primary.cert.allowed"
	FieldAuthPolicyPrimaryCertAllowExpiredCerts = "primary.cert.allowExpiredCerts"

	FieldAuthPolicyPrimaryUpdbAllowed                = "primary.updb.allowed"
	FiledAuthPolicyPrimaryUpdbMinPasswordLength      = "primary.updb.minPasswordLength"
	FieldAuthPolicyPrimaryUpdbRequireSpecialChar     = "primary.updb.requireSpecialChar"
	FieldAuthPolicyPrimaryUpdbRequireNumberChar      = "primary.updb.requireNumberChar"
	FieldAuthPolicyPrimaryUpdbRequireMixedCase       = "primary.updb.requireMixedCase"
	FieldAuthPolicyPrimaryUpdbMaxAttempts            = "primary.updb.maxAttempts"
	FieldAuthPolicyPrimaryUpdbLockoutDurationMinutes = "primary.updb.lockoutDurationMinutes"

	FieldAuthPolicyPrimaryExtJwtAllowed        = "primary.extJwt.allowed"
	FieldAuthPolicyPrimaryExtJwtAllowedSigners = "primary.extJwt.allowedSigners"

	FieldAuthSecondaryPolicyRequireTotp          = "secondary.requireTotp"
	FieldAuthSecondaryPolicyRequiredExtJwtSigner = "secondary.requireExtJwtSigner"
)
View Source 
const (
	FieldAuthenticatorMethod   = "method"
	FieldAuthenticatorIdentity = "identity"

	FieldAuthenticatorCertFingerprint = "certFingerprint"
	FieldAuthenticatorCertPem         = "certPem"

	FieldAuthenticatorUnverifiedCertPem         = "unverifiedCertPem"
	FieldAuthenticatorUnverifiedCertFingerprint = "unverifiedCertFingerprint"

	FieldAuthenticatorUpdbUsername = "updbUsername"
	FieldAuthenticatorUpdbPassword = "updbPassword"
	FieldAuthenticatorUpdbSalt     = "updbSalt"

	MethodAuthenticatorUpdb = "updb"
	MethodAuthenticatorCert = "cert"
	// MethodAuthenticatorCertCaExternalId represents authentication with a certificate that isn't directly
	// registered with an authenticator. Instead, it uses `externalId` values on identities and matches them to a
	// "x509 claim" (custom values stuffed into SANs or other x509 properties). This type will never actually
	// be stored for persistence and is defined here for as tobe near the other authenticator methods.
	MethodAuthenticatorCertCaExternalId = "certCaExternalId"
)
View Source 
const (
	EntityTypeApiSessions               = "apiSessions"
	EntityTypeApiSessionCertificates    = "apiSessionCertificates"
	EntityTypeAuthPolicies              = "authPolicies"
	EntityTypeEventualEvents            = "eventualEvents"
	EntityTypeCas                       = "cas"
	EntityTypeConfigs                   = "configs"
	EntityTypeConfigTypes               = "configTypes"
	EntityTypeEdgeRouterPolicies        = "edgeRouterPolicies"
	EntityTypeExternalJwtSigners        = "externalJwtSigners"
	EntityTypeIdentities                = "identities"
	EntityTypeIdentityTypes             = "identityTypes"
	EntityTypeMfas                      = "mfas"
	EntityTypeRevocations               = "revocations"
	EntityTypeServicePolicies           = "servicePolicies"
	EntityTypeServiceEdgeRouterPolicies = "serviceEdgeRouterPolicies"
	EntityTypeSessions                  = "sessions"
	EntityTypeSessionCerts              = "sessionCerts"
	EntityTypeEnrollments               = "enrollments"
	EntityTypeAuthenticators            = "authenticators"
	EntityTypePostureChecks             = "postureChecks"
	EntityTypePostureCheckTypes         = "postureCheckTypes"
	EdgeBucket                          = "edge"

	FieldName           = "name"
	FieldSemantic       = "semantic"
	FieldRoleAttributes = "roleAttributes"

	FieldEdgeRouterRoles   = "edgeRouterRoles"
	FieldIdentityRoles     = "identityRoles"
	FieldServiceRoles      = "serviceRoles"
	FieldPostureCheckRoles = "postureCheckRoles"

	SemanticAllOf = "AllOf"
	SemanticAnyOf = "AnyOf"
)
View Source 
const (
	FieldCaFingerprint                    = "fingerprint"
	FieldCaCertPem                        = "certPem"
	FieldCaIsVerified                     = "isVerified"
	FieldCaVerificationToken              = "verificationToken"
	FieldCaIsAutoCaEnrollmentEnabled      = "isAutoCaEnrollmentEnabled"
	FieldCaIsOttCaEnrollmentEnabled       = "isOttCaEnrollmentEnabled"
	FieldCaIsAuthEnabled                  = "isAuthEnabled"
	FieldCaIdentityNameFormat             = "identityNameFormat"
	FieldCaEnrollments                    = "enrollments"
	FieldCaExternalIdClaim                = "externalIdClaim"
	FieldCaExternalIdClaimLocation        = "externalIdClaim.location"
	FieldCaExternalIdClaimIndex           = "externalIdClaim.index"
	FieldCaExternalIdClaimMatcher         = "externalIdClaim.matcher"
	FieldCaExternalIdClaimMatcherCriteria = "externalIdClaim.matcherCriteria"
	FieldCaExternalIdClaimParser          = "externalIdClaim.parser"
	FieldCaExternalIdClaimParserCriteria  = "externalIdClaim.parserSeparator"
)
View Source 
const (
	ExternalIdClaimLocCommonName = "COMMON_NAME"
	ExternalIdClaimLocSanUri     = "SAN_URI"
	ExternalIdClaimLocSanEmail   = "SAN_EMAIL"

	ExternalIdClaimMatcherAll    = "ALL"
	ExternalIdClaimMatcherSuffix = "SUFFIX"
	ExternalIdClaimMatcherPrefix = "PREFIX"
	ExternalIdClaimMatcherScheme = "SCHEME"

	ExternalIdClaimParserNone  = "NONE"
	ExternalIdClaimParserSplit = "SPLIT"
)
View Source 
const (
	FieldConfigData            = "data"
	FieldConfigType            = "type"
	FieldConfigIdentityService = "identityServices"
)
View Source 
const (
	FieldEdgeRouters                     = "edgeRouters"
	FieldEdgeRouterCertPEM               = "certPem"
	FieldEdgeRouterUnverifiedCertPEM     = "unverifiedCertPem"
	FieldEdgeRouterUnverifiedFingerprint = "unverifiedFingerprint"
	FieldEdgeRouterIsVerified            = "isVerified"
	FieldEdgeRouterIsTunnelerEnabled     = "isTunnelerEnabled"
	FieldEdgeRouterAppData               = "appData"
)
View Source 
const (
	FieldEdgeServiceDialIdentities = "dialIdentities"
	FieldEdgeServiceBindIdentities = "bindIdentities"
	FieldServiceEncryptionRequired = "encryptionRequired"
)
View Source 
const (
	FieldEnrollmentToken     = "token"
	FieldEnrollmentMethod    = "method"
	FieldEnrollIdentity      = "identity"
	FieldEnrollEdgeRouter    = "edgeRouter"
	FieldEnrollTransitRouter = "transitRouter"
	FieldEnrollmentExpiresAt = "expiresAt"
	FieldEnrollmentIssuedAt  = "issuedAt"
	FieldEnrollmentCaId      = "caId"
	FieldEnrollmentUsername  = "username"
	FieldEnrollmentJwt       = "jwt"

	MethodEnrollOtt   = "ott"
	MethodEnrollOttCa = "ottca"
	MethodEnrollCa    = "ca"
	MethodEnrollUpdb  = "updb"
)
View Source 
const (
	FieldEventualEventType = "type"
	FieldEventualEventData = "data"
)
View Source 
const (
	// EventualEventAddedName is emitted when a new event is added via AddEventualEvent().
	//
	// Event arguments:
	//	0 - an EventualEventAdded struct
	EventualEventAddedName = events.EventName("EventualEventAdded")

	// EventualEventRemovedName is emitted when a previously added eventual event is processed
	//
	// Event arguments:
	//	0 - an EventualEventRemoved struct
	EventualEventRemovedName = events.EventName("EventualEventRemoved")

	// EventualEventProcessingStartName is emitted as the first action during processing
	// Event arguments:
	//	0 - an EventualEventProcessingStart struct
	EventualEventProcessingStartName = events.EventName("EventualEventProcessingStart")

	// EventualEventProcessingBatchStartName is emitted as the first set of events are processed
	// after EventualEventProcessingStartName. It is possible for 0+ batches to be processed. Each
	// patch should contain 1+ events.
	//
	// Event arguments:
	//	0 - an EventualEventProcessingBatchStart struct
	EventualEventProcessingBatchStartName = events.EventName("EventualEventProcessingBatchStart")

	// EventualEventProcessingListenerStartName is emitted for each function listener invoked
	// on each event.
	//
	// Event arguments:
	//	0 - an EventualEventProcessingListenerStart struct
	EventualEventProcessingListenerStartName = events.EventName("EventualEventProcessingListenerStart")

	// EventualEventProcessingListenerDoneName is emitted for each function listener after invocation
	//
	// Event arguments:
	//	0 - an EventualEventProcessingListenerDone struct
	EventualEventProcessingListenerDoneName = events.EventName("EventualEventProcessingListenerDone")

	// EventualEventProcessingBatchDoneName is emitted after the last event processed in a batch.
	//
	// Event arguments:
	//	0 - an EventualEventProcessingBatchDone struct
	EventualEventProcessingBatchDoneName = events.EventName("EventualEventProcessingBatchDone")

	// EventualEventProcessingDoneName is emitted as the last action during processing after
	// all events and batches.
	//
	// Event arguments:
	//	0 - an EventualEventProcessingDone struct
	EventualEventProcessingDoneName = events.EventName("EventualEventProcessingDone")
)
View Source 
const (
	FieldExternalJwtSignerFingerprint     = "fingerprint"
	FieldExternalJwtSignerCertPem         = "certPem"
	FieldExternalJwtSignerJwksEndpoint    = "jwksEndpoint"
	FieldExternalJwtSignerCommonName      = "commonName"
	FieldExternalJwtSignerNotAfter        = "notAfter"
	FieldExternalJwtSignerNotBefore       = "notBefore"
	FieldExternalJwtSignerEnabled         = "enabled"
	FieldExternalJwtSignerExternalAuthUrl = "externalAuthUrl"
	FieldExternalJwtSignerAuthPolicies    = "authPolicies"
	FieldExternalJwtSignerClaimsProperty  = "claimsProperty"
	FieldExternalJwtSignerUseExternalId   = "useExternalId"
	FieldExternalJwtSignerKid             = "kid"
	FieldExternalJwtSignerIssuer          = "issuer"
	FieldExternalJwtSignerAudience        = "audience"

	DefaultClaimsProperty = "sub"
)
View Source 
const (
	FieldIdentityType           = "type"
	FieldIdentityIsDefaultAdmin = "isDefaultAdmin"
	FieldIdentityIsAdmin        = "isAdmin"
	FieldIdentityEnrollments    = "enrollments"
	FieldIdentityAuthenticators = "authenticators"
	FieldIdentityServiceConfigs = "serviceConfigs"

	FieldIdentityEnvInfoArch       = "envInfoArch"
	FieldIdentityEnvInfoOs         = "envInfoOs"
	FieldIdentityEnvInfoOsRelease  = "envInfoRelease"
	FieldIdentityEnvInfoOsVersion  = "envInfoVersion"
	FieldIdentitySdkInfoBranch     = "sdkInfoBranch"
	FieldIdentitySdkInfoRevision   = "sdkInfoRevision"
	FieldIdentitySdkInfoType       = "sdkInfoType"
	FieldIdentitySdkInfoVersion    = "sdkInfoVersion"
	FieldIdentitySdkInfoAppId      = "sdkInfoAppId"
	FieldIdentitySdkInfoAppVersion = "sdkInfoAppVersion"

	FieldIdentityBindServices              = "bindServices"
	FieldIdentityDialServices              = "dialServices"
	FieldIdentityDefaultHostingPrecedence  = "defaultHostingPrecedence"
	FieldIdentityDefaultHostingCost        = "defaultHostingCost"
	FieldIdentityServiceHostingPrecedences = "serviceHostingPrecedences"
	FieldIdentityServiceHostingCosts       = "serviceHostingCosts"
	FieldIdentityAppData                   = "appData"
	FieldIdentityAuthPolicyId              = "authPolicyId"
	FieldIdentityExternalId                = "externalId"
	FieldIdentityDisabledAt                = "disabledAt"
	FieldIdentityDisabledUntil             = "disabledUntil"
)
View Source 
const (
	RouterIdentityType  = "Router"
	DefaultIdentityType = "Default"
)
View Source 
const (
	FieldMfaIdentity      = "identity"
	FieldMfaIsVerified    = "isVerified"
	FieldMfaRecoveryCodes = "recoveryCodes"
	FieldMfaSecret        = "secret"
	FieldMfaSalt          = "salt"
)
View Source 
const (
	CurrentDbVersion = 34
	FieldVersion     = "version"
)
View Source 
const (
	FieldPostureCheckMfaTimeoutSeconds        = "timeoutSeconds"
	FieldPostureCheckMfaPromptOnWake          = "promptOnWake"
	FieldPostureCheckMfaPromptOnUnlock        = "promptOnUnlock"
	FieldPostureCheckMfaIgnoreLegacyEndpoints = "ignoreLegacyEndpoints"
)
View Source 
const (
	FieldPostureCheckOsType     = "osType"
	FieldPostureCheckOsVersions = "osVersions"
)
View Source 
const (
	FieldPostureCheckProcessOs          = "os"
	FieldPostureCheckProcessPath        = "path"
	FieldPostureCheckProcessHashes      = "hashes"
	FieldPostureCheckProcessFingerprint = "fingerprint"
)
View Source 
const (
	FieldPostureCheckProcessMultiOsType             = "osType"
	FieldPostureCheckProcessMultiPath               = "path"
	FieldPostureCheckProcessMultiHashes             = "hashes"
	FieldPostureCheckProcessMultiSignerFingerprints = "signerFingerprints"
	FieldPostureCheckProcessMultiProcesses          = "processes"
)
View Source 
const (
	//Fields
	FieldPostureCheckTypeId       = "typeId"
	FieldPostureCheckVersion      = "version"
	FieldPostureCheckBindServices = "bindServices"
	FieldPostureCheckDialServices = "dialServices"
)
View Source 
const (
	PostureCheckTypeOs           = "OS"
	PostureCheckTypeDomain       = "DOMAIN"
	PostureCheckTypeProcess      = "PROCESS"
	PostureCheckTypeProcessMulti = "PROCESS_MULTI"
	PostureCheckTypeMAC          = "MAC"
	PostureCheckTypeMFA          = "MFA"
)
View Source 
const (
	FieldServicePolicyType = "type"

	PolicyTypeInvalidName = "Invalid"
	PolicyTypeDialName    = "Dial"
	PolicyTypeBindName    = "Bind"

	PolicyTypeInvalid PolicyType = PolicyTypeInvalidName
	PolicyTypeDial    PolicyType = PolicyTypeDialName
	PolicyTypeBind    PolicyType = PolicyTypeBindName
)
View Source 
const (
	FieldSessionToken           = "token"
	FieldSessionApiSession      = "apiSession"
	FieldSessionService         = "service"
	FieldSessionIdentity        = "identity"
	FieldSessionType            = "type"
	FieldSessionServicePolicies = "servicePolicies"

	SessionTypeDial = "Dial"
	SessionTypeBind = "Bind"
)
View Source 
const (
	TransitRouterPath             = "transitRouter"
	FieldTransitRouterIsVerified  = "isVerified"
	FieldTransitRouterEnrollments = "enrollments"
)
View Source 
const (
	RolePrefix   = "#"
	EntityPrefix = "@"
	AllRole      = "#all"
)
View Source 
const (
	FieldConfigTypeSchema = "schema"
)
View Source 
const (
	FieldPostureCheckDomains = "domains"
)
View Source 
const (
	FieldPostureCheckMacAddresses = "macAddresses"
)
View Source 
const (
	FieldPostureCheckTypeOperatingSystems = "operatingSystems"
)
View Source 
const (
	FieldRevocationExpiresAt = "expiresAt"
)

Variables

View Source 
var IdentityTypesV1 = map[string]string{
	"Default": "Default",
	"Router":  "Router",
}
View Source 
var ServiceEvents = &ServiceEventsRegistry{
	handlers: cowslice.NewCowSlice(make([]ServiceEventHandler, 0)),
}

Functions

func EvaluatePolicy added in v0.15.27 

func EvaluatePolicy(ctx *roleAttributeChangeContext, policy Policy, roleAttributesSymbol boltz.EntitySetSymbol)

func FieldValuesToIds 

func FieldValuesToIds(new []boltz.FieldTypeAndValue) []string

func ProcessEntityPolicyMatched added in v0.15.27 

func ProcessEntityPolicyMatched(ctx *roleAttributeChangeContext, entityId, policyId []byte) bool

func ProcessEntityPolicyUnmatched added in v0.15.27 

func ProcessEntityPolicyUnmatched(ctx *roleAttributeChangeContext, entityId, policyId []byte) bool

func RunMigrations 

func RunMigrations(db boltz.Db, stores *Stores) error

func UpdateRelatedRoles 

func UpdateRelatedRoles(ctx *roleAttributeChangeContext, entityId []byte, newRoleAttributes []boltz.FieldTypeAndValue, semanticSymbol boltz.EntitySymbol)

Types

type ApiSession 

type ApiSession struct {
	boltz.BaseExtEntity
	IdentityId      string    `json:"identityId"`
	Token           string    `json:"-"`
	IPAddress       string    `json:"ipAddress"`
	ConfigTypes     []string  `json:"configTypes"`
	MfaComplete     bool      `json:"mfaComplete"`
	MfaRequired     bool      `json:"mfaRequired"`
	LastActivityAt  time.Time `json:"lastActivityAt"`
	AuthenticatorId string    `json:"authenticatorId"`
}

func NewApiSession 

func NewApiSession(identityId string) *ApiSession

func (*ApiSession) GetEntityType 

func (entity *ApiSession) GetEntityType() string

type ApiSessionCertificate added in v0.17.30 

type ApiSessionCertificate struct {
	boltz.BaseExtEntity
	ApiSessionId string     `json:"apiSessionId"`
	Subject      string     `json:"subject"`
	Fingerprint  string     `json:"fingerprint"`
	ValidAfter   *time.Time `json:"validAfter"`
	ValidBefore  *time.Time `json:"validBefore"`
	PEM          string     `json:"pem"`
}

func (*ApiSessionCertificate) GetEntityType added in v0.17.30 

func (entity *ApiSessionCertificate) GetEntityType() string

type ApiSessionCertificateStore added in v0.17.30 

type ApiSessionCertificateStore interface {
	Store[*ApiSessionCertificate]
}

type ApiSessionCertificateStoreImpl added in v0.17.30 

type ApiSessionCertificateStoreImpl struct {
	// contains filtered or unexported fields
}

func (*ApiSessionCertificateStoreImpl) FillEntity added in v0.24.249 

func (store *ApiSessionCertificateStoreImpl) FillEntity(entity *ApiSessionCertificate, bucket *boltz.TypedBucket)

func (ApiSessionCertificateStoreImpl) GetName added in v0.17.30 

func (store ApiSessionCertificateStoreImpl) GetName(tx *bbolt.Tx, id string) *string

func (ApiSessionCertificateStoreImpl) LoadOneById added in v0.17.30 

func (store ApiSessionCertificateStoreImpl) LoadOneById(tx *bbolt.Tx, id string) (E, error)

func (*ApiSessionCertificateStoreImpl) NewEntity added in v0.24.249 

func (store *ApiSessionCertificateStoreImpl) NewEntity() *ApiSessionCertificate

func (*ApiSessionCertificateStoreImpl) PersistEntity added in v0.24.249 

func (store *ApiSessionCertificateStoreImpl) PersistEntity(entity *ApiSessionCertificate, ctx *boltz.PersistContext)

type ApiSessionStore 

type ApiSessionStore interface {
	Store[*ApiSession]
	LoadOneByToken(tx *bbolt.Tx, token string) (*ApiSession, error)
	GetTokenIndex() boltz.ReadIndex
	GetCachedSessionId(tx *bbolt.Tx, apiSessionId, sessionType, serviceId string) *string
	GetEventsEmitter() events.EventEmmiter
}

type AuthPolicy added in v0.21.153 

type AuthPolicy struct {
	boltz.BaseExtEntity
	Name string `json:"name"`

	Primary   AuthPolicyPrimary   `json:"primary"`
	Secondary AuthPolicySecondary `json:"secondary"`
}

func (*AuthPolicy) GetEntityType added in v0.21.153 

func (entity *AuthPolicy) GetEntityType() string

func (*AuthPolicy) GetName added in v0.21.153 

func (entity *AuthPolicy) GetName() string

type AuthPolicyCert added in v0.21.153 

type AuthPolicyCert struct {
	Allowed           bool `json:"allowed"`
	AllowExpiredCerts bool `json:"allowExpiredCerts"`
}

type AuthPolicyExtJwt added in v0.21.153 

type AuthPolicyExtJwt struct {
	Allowed              bool     `json:"allowed"`
	AllowedExtJwtSigners []string `json:"allowedExtJwtSigners"`
}

type AuthPolicyPrimary added in v0.21.153 

type AuthPolicyPrimary struct {
	Cert   AuthPolicyCert   `json:"cert"`
	Updb   AuthPolicyUpdb   `json:"updb"`
	ExtJwt AuthPolicyExtJwt `json:"extJwt"`
}

type AuthPolicySecondary added in v0.21.153 

type AuthPolicySecondary struct {
	RequireTotp          bool    `json:"requireTotp"`
	RequiredExtJwtSigner *string `json:"requiredExtJwtSigner"`
}

type AuthPolicyStore added in v0.21.153 

type AuthPolicyStore interface {
	NameIndexed
	Store[*AuthPolicy]
}

type AuthPolicyStoreImpl added in v0.21.153 

type AuthPolicyStoreImpl struct {
	// contains filtered or unexported fields
}

func (*AuthPolicyStoreImpl) FillEntity added in v0.24.249 

func (store *AuthPolicyStoreImpl) FillEntity(entity *AuthPolicy, bucket *boltz.TypedBucket)

func (AuthPolicyStoreImpl) GetName added in v0.21.153 

func (store AuthPolicyStoreImpl) GetName(tx *bbolt.Tx, id string) *string

func (*AuthPolicyStoreImpl) GetNameIndex added in v0.21.153 

func (store *AuthPolicyStoreImpl) GetNameIndex() boltz.ReadIndex

func (AuthPolicyStoreImpl) LoadOneById added in v0.21.153 

func (store AuthPolicyStoreImpl) LoadOneById(tx *bbolt.Tx, id string) (E, error)

func (*AuthPolicyStoreImpl) NewEntity added in v0.24.249 

func (store *AuthPolicyStoreImpl) NewEntity() *AuthPolicy

func (*AuthPolicyStoreImpl) PersistEntity added in v0.24.249 

func (store *AuthPolicyStoreImpl) PersistEntity(entity *AuthPolicy, ctx *boltz.PersistContext)

type AuthPolicyUpdb added in v0.21.153 

type AuthPolicyUpdb struct {
	Allowed                bool  `json:"allowed"`
	MinPasswordLength      int64 `json:"minPasswordLength"`
	RequireSpecialChar     bool  `json:"requireSpecialChar"`
	RequireNumberChar      bool  `json:"requireNumberChar"`
	RequireMixedCase       bool  `json:"requireMixedCase"`
	MaxAttempts            int64 `json:"maxAttempts"`
	LockoutDurationMinutes int64 `json:"lockoutDurationMinutes"`
}

type Authenticator 

type Authenticator struct {
	boltz.BaseExtEntity
	Type       string               `json:"type"`
	IdentityId string               `json:"identityId"`
	SubType    AuthenticatorSubType `json:"subType"`
}

func (*Authenticator) GetEntityType 

func (entity *Authenticator) GetEntityType() string

func (*Authenticator) ToCert 

func (entity *Authenticator) ToCert() *AuthenticatorCert

func (*Authenticator) ToSubType 

func (entity *Authenticator) ToSubType() AuthenticatorSubType

func (*Authenticator) ToUpdb 

func (entity *Authenticator) ToUpdb() *AuthenticatorUpdb

type AuthenticatorCert 

type AuthenticatorCert struct {
	Authenticator `json:"-"`
	Fingerprint   string `json:"fingerprint"`
	Pem           string `json:"pem"`

	UnverifiedPem         string `json:"unverifiedPem"`
	UnverifiedFingerprint string `json:"unverifiedFingerprint"`
}

func (*AuthenticatorCert) Fingerprints 

func (entity *AuthenticatorCert) Fingerprints() []string

type AuthenticatorStore 

type AuthenticatorStore interface {
	Store[*Authenticator]
}

type AuthenticatorSubType 

type AuthenticatorSubType interface {
	Fingerprints() []string
}

type AuthenticatorUpdb 

type AuthenticatorUpdb struct {
	Authenticator `json:"-"`
	Username      string `json:"username"`
	Password      string `json:"password"`
	Salt          string `json:"salt"`
}

func (*AuthenticatorUpdb) Fingerprints 

func (entity *AuthenticatorUpdb) Fingerprints() []string

type Ca 

type Ca struct {
	boltz.BaseExtEntity
	Name                      string           `json:"name"`
	Fingerprint               string           `json:"fingerprint"`
	CertPem                   string           `json:"certPem"`
	IsVerified                bool             `json:"isVerified"`
	VerificationToken         string           `json:"verificationToken"`
	IsAutoCaEnrollmentEnabled bool             `json:"isAutoCaEnrollmentEnabled"`
	IsOttCaEnrollmentEnabled  bool             `json:"isOttCaEnrollmentEnabled"`
	IsAuthEnabled             bool             `json:"isAuthEnabled"`
	IdentityRoles             []string         `json:"identityRoles"`
	IdentityNameFormat        string           `json:"identityNameFormat"`
	ExternalIdClaim           *ExternalIdClaim `json:"externalIdClaim"`
}

func (*Ca) GetEntityType 

func (entity *Ca) GetEntityType() string

func (*Ca) GetName 

func (entity *Ca) GetName() string

type CaStore 

type CaStore interface {
	Store[*Ca]
}

type Config 

type Config struct {
	boltz.BaseExtEntity
	Name string                 `json:"name"`
	Type string                 `json:"type"`
	Data map[string]interface{} `json:"data"`
}

func (*Config) GetEntityType 

func (entity *Config) GetEntityType() string

func (*Config) GetName 

func (entity *Config) GetName() string

type ConfigStore 

type ConfigStore interface {
	Store[*Config]
	NameIndexed
}

type ConfigType 

type ConfigType struct {
	boltz.BaseExtEntity
	Name   string                 `json:"name"`
	Schema map[string]interface{} `json:"schema"`
}

func (*ConfigType) GetEntityType 

func (entity *ConfigType) GetEntityType() string

func (*ConfigType) GetName 

func (entity *ConfigType) GetName() string

type ConfigTypeStore 

type ConfigTypeStore interface {
	Store[*ConfigType]
	NameIndexed
	LoadOneByName(tx *bbolt.Tx, name string) (*ConfigType, error)
	GetName(tx *bbolt.Tx, id string) *string
}

type DbProvider 

type DbProvider interface {
	GetDb() boltz.Db
	GetStores() *db.Stores
	GetManagers() *network.Managers
}

type EdgeRouter 

type EdgeRouter struct {
	db.Router
	IsVerified            bool                   `json:"isVerified"`
	CertPem               *string                `json:"certPem"`
	UnverifiedCertPem     *string                `json:"unverifiedCertPem"`
	UnverifiedFingerprint *string                `json:"unverifiedFingerprint"`
	RoleAttributes        []string               `json:"roleAttributes"`
	IsTunnelerEnabled     bool                   `json:"isTunnelerEnabled"`
	AppData               map[string]interface{} `json:"appData"`
}

func (*EdgeRouter) GetName 

func (entity *EdgeRouter) GetName() string

type EdgeRouterPolicy 

type EdgeRouterPolicy struct {
	boltz.BaseExtEntity
	Name            string   `json:"name"`
	Semantic        string   `json:"semantic"`
	IdentityRoles   []string `json:"identityRoles"`
	EdgeRouterRoles []string `json:"edgeRouterRoles"`
}

func (*EdgeRouterPolicy) GetEntityType 

func (entity *EdgeRouterPolicy) GetEntityType() string

func (*EdgeRouterPolicy) GetName 

func (entity *EdgeRouterPolicy) GetName() string

func (*EdgeRouterPolicy) GetSemantic added in v0.15.27 

func (entity *EdgeRouterPolicy) GetSemantic() string

type EdgeRouterPolicyStore 

type EdgeRouterPolicyStore interface {
	NameIndexed
	Store[*EdgeRouterPolicy]
}

type EdgeRouterStore 

type EdgeRouterStore interface {
	NameIndexed
	Store[*EdgeRouter]
	GetRoleAttributesIndex() boltz.SetReadIndex
	GetRoleAttributesCursorProvider(values []string, semantic string) (ast.SetCursorProvider, error)
}

type EdgeService 

type EdgeService struct {
	db.Service
	RoleAttributes     []string `json:"roleAttributes"`
	Configs            []string `json:"configs"`
	EncryptionRequired bool     `json:"encryptionRequired"`
}

type EdgeServiceStore 

type EdgeServiceStore interface {
	NameIndexed
	Store[*EdgeService]

	IsBindableByIdentity(tx *bbolt.Tx, id string, identityId string) bool
	IsDialableByIdentity(tx *bbolt.Tx, id string, identityId string) bool
	GetRoleAttributesIndex() boltz.SetReadIndex
	GetRoleAttributesCursorProvider(values []string, semantic string) (ast.SetCursorProvider, error)
}

type Enrollment 

type Enrollment struct {
	boltz.BaseExtEntity
	Token           string     `json:"token"`
	Method          string     `json:"method"`
	IdentityId      *string    `json:"identityId"`
	TransitRouterId *string    `json:"transitRouterId"`
	EdgeRouterId    *string    `json:"edgeRouterId"`
	ExpiresAt       *time.Time `json:"expiresAt"`
	IssuedAt        *time.Time `json:"issuedAt"`
	CaId            *string    `json:"caId"`
	Username        *string    `json:"username"`
	Jwt             string     `json:"-"`
}

func (*Enrollment) GetEntityType 

func (entity *Enrollment) GetEntityType() string

type EnrollmentStore 

type EnrollmentStore interface {
	Store[*Enrollment]
	LoadOneByToken(tx *bbolt.Tx, token string) (*Enrollment, error)
}

type EnvInfo 

type EnvInfo struct {
	Arch      string `json:"arch"`
	Os        string `json:"os"`
	OsRelease string `json:"osRelease"`
	OsVersion string `json:"osVersion"`
}

type EventListenerFunc added in v0.21.45 

type EventListenerFunc func(name string, data []byte)

EventListenerFunc is a function handler that will be triggered asynchronously some point in the future

type EventualEvent added in v0.21.45 

type EventualEvent struct {
	boltz.BaseExtEntity
	Type string `json:"type"`
	Data []byte `json:"data"`
}

func (*EventualEvent) GetEntityType added in v0.21.45 

func (entity *EventualEvent) GetEntityType() string

type EventualEventAdded added in v0.21.45 

type EventualEventAdded struct {
	// Id is a unique id for the event created
	Id string

	// Total is the total number of eventual events awaiting processing
	Total int64
}

type EventualEventProcessingBatchDone added in v0.21.45 

type EventualEventProcessingBatchDone struct {
	// Id is a unique id for the batch
	Id string

	// Id is the unique processing run this batch is a member of
	ProcessId string

	// Count is the number of events in the current batch
	Count int

	// BatchSize is the batch size for the current batch (the maximum value of Count)
	BatchSize int

	// StartTime the time the batch was started
	StartTime time.Time

	// EndTime the time the batch ended
	EndTime time.Time
}

type EventualEventProcessingBatchStart added in v0.21.45 

type EventualEventProcessingBatchStart struct {
	// Id is a unique id for the batch
	Id string

	// Id is the unique processing run this batch is a member of
	ProcessId string

	// Count is the number of events in the current batch
	Count int

	// BatchSize is the batch size for the current batch (the maximum value of Count)
	BatchSize int

	// StartTime the time when the batch started processing
	StartTime time.Time
}

type EventualEventProcessingDone added in v0.21.45 

type EventualEventProcessingDone struct {
	// Id is a unique id for processing run
	Id string

	// TotalBatches is the total number of batches executed during processing
	TotalBatches int64

	// TotalEvent is the total number of events processed
	TotalEvents int64

	// TotalListenersExecuted is the total number of listeners executed during processing
	TotalListenersExecuted int64

	// StartTime is the time when the processing began
	StartTime time.Time

	// EndTime is the time when the processing ended
	EndTime time.Time
}

type EventualEventProcessingListenerDone added in v0.21.45 

type EventualEventProcessingListenerDone struct {
	// Id is a unique id for the triggering of a listener
	Id string

	// BatchId is the unique id of the batch being processed
	BatchId string

	// ProcessId is the unique id of the currently executing process
	ProcessId string

	// ListenerFunc is the listener that was executed
	ListenerFunc EventListenerFunc

	// BatchEventIndex is the zero based offset of the currently executing event
	BatchEventIndex int64

	// TotalEventIndex is the total index across all batches of the currently executing event
	TotalEventIndex int64

	// Error is nil if no error occurred during execution, otherwise an error value
	Error error

	// EventType is the typeof the event that triggered the listener
	EventType string

	// StartTime is the time when the listener started execution
	StartTime time.Time

	// EndTime is the time when the listener ended execution
	EndTime time.Time
}

type EventualEventProcessingListenerStart added in v0.21.45 

type EventualEventProcessingListenerStart struct {
	// Id is a unique id for the triggering of a listener
	Id string

	// BatchId is the unique id of the batch being processed
	BatchId string

	// ProcessId is the unique id of the currently executing process
	ProcessId string

	// ListenerFunc is the listener that was executed
	ListenerFunc EventListenerFunc

	// BatchEventIndex is the zero based offset of the currently executing event
	BatchEventIndex int64

	// TotalEventIndex is the total index across all batches of the currently executing event
	TotalEventIndex int64

	// EventType is the typeof the event that is triggering the listener
	EventType string

	// StartTime is the time when the listener was started
	StartTime time.Time
}

type EventualEventProcessingStart added in v0.21.45 

type EventualEventProcessingStart struct {
	// Id is a unique id for processing run
	Id string

	// StartTime is the time the processing began
	StartTime time.Time
}

type EventualEventRemoved added in v0.21.45 

type EventualEventRemoved struct {
	// Id is a unique id for the event deleted
	Id string

	// Total is the total number of eventual events awaiting processing
	Total int64
}

type EventualEventStore added in v0.21.45 

type EventualEventStore interface {
	Store[*EventualEvent]
}

type EventualEventer added in v0.21.45 

type EventualEventer interface {
	// EventEmmiter is used to provide processing event status on processing state, which is useful
	// for instrumenting an EventualEventer for metric purposes (process runtime, process batch runtime,
	// event counts, etc.)
	events.EventEmmiter

	// AddEventualEvent adds an eventual event with a specific name and byte array data payload. Interpretation
	// of the event's data payload is upto the event emitter and consumer.
	AddEventualEvent(eventType string, data []byte)

	// AddEventualListener adds a function as call back when an eventual event is processed.
	AddEventualListener(eventType string, handler EventListenerFunc)

	// Start should be called at the start of the lifetime of the EventualEventer.
	// A closeNotify channel must be supplied for application shutdown eventing.
	//
	// If an EventualEventer has already been started, it will return an error.
	// Errors may be returned for other reasons causing Start to fail.
	Start(closeNotify <-chan struct{}) error

	// Stop may be called to manually end of the lifetime of the EventualEventer outside the
	// closeNotify signaling provided in the Start call. If not started, an error will be returned.
	// Errors may be returned for other reasons causing Stop to fail.
	Stop() error

	// Trigger forces an EventualEventer to check for work to be processed. Beyond this method,
	// it is the implementation's responsibility to provide other mechanisms or logic to determine
	// when work is performed (timers, events, etc.) which may be setup/torn down during Start/Stop.
	//
	// If the EventualEventer is not currently running or can't process work and error will
	// be returned. If it is running a channel will be returned which will be closed after
	// the current or next iteration of the event processor has completed.
	Trigger() (<-chan struct{}, error)
}

An EventualEventer provides a method for storing events in a persistent manner that will be processed at a later date. Processing may include time intensive processing such as bulk deletion of other entities. Event persistence strategy, processing order, and processing synchronization are up to the implementation to decide.

EventualEventers are also required to emit a series of events via the events.EventEmitter interface. See EventualEventAdded and subsequent events for more details.

type EventualEventerBbolt added in v0.21.45 

type EventualEventerBbolt struct {
	events.EventEmmiter

	Interval time.Duration
	// contains filtered or unexported fields
}

EventualEventerBbolt implements EventualEventer with a bbolt back storage mechanism. Work is performed on a configurable basis via the Interval property in FIFO order.

Events are stored in the following format: 

		id   - CUID   - a monotonic reference id
     name - string - an event name, used for log output
     data - []byte - a string array of arguments

func NewEventualEventerBbolt added in v0.21.45 

func NewEventualEventerBbolt(dbProvider DbProvider, store EventualEventStore, interval time.Duration, batchSize int) *EventualEventerBbolt

NewEventualEventerBbolt creates a new bbolt backed asynchronous eventer that will check for new events at the given interval or when triggered. On each interval/trigger, the number of events processed is determined by batchSize.

func (*EventualEventerBbolt) AddEventualEvent added in v0.21.45 

func (a *EventualEventerBbolt) AddEventualEvent(eventType string, data []byte)

func (*EventualEventerBbolt) AddEventualEventWithCtx added in v0.21.45 

func (a *EventualEventerBbolt) AddEventualEventWithCtx(ctx boltz.MutateContext, eventType string, data []byte)

func (*EventualEventerBbolt) AddEventualListener added in v0.21.45 

func (a *EventualEventerBbolt) AddEventualListener(eventType string, listener EventListenerFunc)

func (*EventualEventerBbolt) Start added in v0.21.45 

func (a *EventualEventerBbolt) Start(closeNotify <-chan struct{}) error

func (*EventualEventerBbolt) Stop added in v0.21.45 

func (a *EventualEventerBbolt) Stop() error

func (*EventualEventerBbolt) Trigger added in v0.21.45 

func (a *EventualEventerBbolt) Trigger() (<-chan struct{}, error)

type ExternalIdClaim added in v0.21.221 

type ExternalIdClaim struct {
	Location        string `json:"location"`
	Matcher         string `json:"matcher"`
	MatcherCriteria string `json:"matcherCriteria"`
	Parser          string `json:"parser"`
	ParserCriteria  string `json:"parserCriteria"`
	Index           int64  `json:"index"`
}

type ExternalJwtSigner added in v0.21.148 

type ExternalJwtSigner struct {
	boltz.BaseExtEntity
	Name            string     `json:"name"`
	Fingerprint     *string    `json:"fingerprint"`
	Kid             *string    `json:"kid"`
	CertPem         *string    `json:"certPem"`
	JwksEndpoint    *string    `json:"jwksEndpoint"`
	CommonName      string     `json:"commonName"`
	NotAfter        *time.Time `json:"notAfter"`
	NotBefore       *time.Time `json:"notBefore"`
	Enabled         bool       `json:"enabled"`
	ExternalAuthUrl *string    `json:"externalAuthUrl"`
	ClaimsProperty  *string    `json:"claimsProperty"`
	UseExternalId   bool       `json:"useExternalId"`
	Issuer          *string    `json:"issuer"`
	Audience        *string    `json:"audience"`
}

func (*ExternalJwtSigner) GetEntityType added in v0.21.148 

func (entity *ExternalJwtSigner) GetEntityType() string

func (*ExternalJwtSigner) GetName added in v0.21.148 

func (entity *ExternalJwtSigner) GetName() string

type ExternalJwtSignerStore added in v0.21.148 

type ExternalJwtSignerStore interface {
	Store[*ExternalJwtSigner]
}

type Identity 

type Identity struct {
	boltz.BaseExtEntity
	Name                      string                     `json:"name"`
	IdentityTypeId            string                     `json:"identityTypeId"`
	IsDefaultAdmin            bool                       `json:"isDefaultAdmin"`
	IsAdmin                   bool                       `json:"isAdmin"`
	Enrollments               []string                   `json:"enrollments"`
	Authenticators            []string                   `json:"authenticators"`
	RoleAttributes            []string                   `json:"roleAttributes"`
	SdkInfo                   *SdkInfo                   `json:"sdkInfo"`
	EnvInfo                   *EnvInfo                   `json:"envInfo"`
	DefaultHostingPrecedence  ziti.Precedence            `json:"defaultHostingPrecedence"`
	DefaultHostingCost        uint16                     `json:"defaultHostingCost"`
	ServiceHostingPrecedences map[string]ziti.Precedence `json:"serviceHostingPrecedences"`
	ServiceHostingCosts       map[string]uint16          `json:"serviceHostingCosts"`
	AppData                   map[string]interface{}     `json:"appData"`
	AuthPolicyId              string                     `json:"authPolicyId"`
	ExternalId                *string                    `json:"externalId"`
	DisabledAt                *time.Time                 `json:"disabledAt"`
	DisabledUntil             *time.Time                 `json:"disabledUntil"`
	Disabled                  bool                       `json:"disabled"`
}

func (*Identity) GetEntityType 

func (entity *Identity) GetEntityType() string

func (*Identity) GetName 

func (entity *Identity) GetName() string

type IdentityServicesCursorProvider added in v0.24.228 

type IdentityServicesCursorProvider struct {
	// contains filtered or unexported fields
}

func (*IdentityServicesCursorProvider) Cursor added in v0.24.228 

func (self *IdentityServicesCursorProvider) Cursor(tx *bbolt.Tx, forward bool) ast.SetCursor

type IdentityStore 

type IdentityStore interface {
	NameIndexed
	Store[*Identity]

	GetRoleAttributesIndex() boltz.SetReadIndex
	GetRoleAttributesCursorProvider(values []string, semantic string) (ast.SetCursorProvider, error)

	AssignServiceConfigs(tx *bbolt.Tx, identityId string, serviceConfigs ...ServiceConfig) error
	RemoveServiceConfigs(tx *bbolt.Tx, identityId string, serviceConfigs ...ServiceConfig) error
	GetServiceConfigs(tx *bbolt.Tx, identityId string) ([]ServiceConfig, error)
	LoadServiceConfigsByServiceAndType(tx *bbolt.Tx, identityId string, configTypes map[string]struct{}) map[string]map[string]map[string]interface{}
	GetIdentityServicesCursorProvider(identityId string) ast.SetCursorProvider
}

type IdentityType 

type IdentityType struct {
	boltz.BaseExtEntity
	Name string `json:"name"`
}

func (*IdentityType) GetEntityType 

func (entity *IdentityType) GetEntityType() string

func (*IdentityType) GetName 

func (entity *IdentityType) GetName() string

type IdentityTypeStore 

type IdentityTypeStore interface {
	NameIndexed
	Store[*IdentityType]
}

type IdentityTypeStoreImpl 

type IdentityTypeStoreImpl struct {
	// contains filtered or unexported fields
}

func (*IdentityTypeStoreImpl) FillEntity added in v0.24.249 

func (store *IdentityTypeStoreImpl) FillEntity(entity *IdentityType, bucket *boltz.TypedBucket)

func (IdentityTypeStoreImpl) GetName 

func (store IdentityTypeStoreImpl) GetName(tx *bbolt.Tx, id string) *string

func (*IdentityTypeStoreImpl) GetNameIndex 

func (store *IdentityTypeStoreImpl) GetNameIndex() boltz.ReadIndex

func (IdentityTypeStoreImpl) LoadOneById 

func (store IdentityTypeStoreImpl) LoadOneById(tx *bbolt.Tx, id string) (E, error)

func (*IdentityTypeStoreImpl) NewEntity added in v0.24.249 

func (store *IdentityTypeStoreImpl) NewEntity() *IdentityType

func (*IdentityTypeStoreImpl) PersistEntity added in v0.24.249 

func (store *IdentityTypeStoreImpl) PersistEntity(entity *IdentityType, ctx *boltz.PersistContext)

type Mfa added in v0.17.52 

type Mfa struct {
	boltz.BaseExtEntity
	IdentityId    string   `json:"identityId"`
	IsVerified    bool     `json:"isVerified"`
	Secret        string   `json:"secret"`
	Salt          string   `json:"salt"`
	RecoveryCodes []string `json:"recoveryCodes"`
}

func NewMfa added in v0.17.52 

func NewMfa(identityId string) *Mfa

func (*Mfa) GetEntityType added in v0.17.52 

func (entity *Mfa) GetEntityType() string

type MfaStore added in v0.17.52 

type MfaStore interface {
	Store[*Mfa]
}

type MfaStoreImpl added in v0.17.52 

type MfaStoreImpl struct {
	// contains filtered or unexported fields
}

func (*MfaStoreImpl) FillEntity added in v0.24.249 

func (store *MfaStoreImpl) FillEntity(entity *Mfa, bucket *boltz.TypedBucket)

func (MfaStoreImpl) GetName added in v0.17.52 

func (store MfaStoreImpl) GetName(tx *bbolt.Tx, id string) *string

func (MfaStoreImpl) LoadOneById added in v0.17.52 

func (store MfaStoreImpl) LoadOneById(tx *bbolt.Tx, id string) (E, error)

func (*MfaStoreImpl) NewEntity added in v0.24.249 

func (store *MfaStoreImpl) NewEntity() *Mfa

func (*MfaStoreImpl) PersistEntity added in v0.24.249 

func (store *MfaStoreImpl) PersistEntity(entity *Mfa, ctx *boltz.PersistContext)

type Migrations 

type Migrations struct {
	// contains filtered or unexported fields
}

type NameIndexed added in v0.24.249 

type NameIndexed interface {
	GetNameIndex() boltz.ReadIndex
}

type OperatingSystem added in v0.16.48 

type OperatingSystem struct {
	OsType     string   `json:"osType"`
	OsVersions []string `json:"osVersions"`
}

type Policy added in v0.15.27 

type Policy interface {
	boltz.NamedExtEntity
}

type PolicyType added in v0.17.36 

type PolicyType string

func GetPolicyTypeForId added in v0.24.250 

func GetPolicyTypeForId(policyTypeId int32) PolicyType

func (PolicyType) Id added in v0.24.250 

func (self PolicyType) Id() int32

func (PolicyType) String added in v0.17.36 

func (self PolicyType) String() string

type PostureCheck added in v0.16.46 

type PostureCheck struct {
	boltz.BaseExtEntity
	Name           string              `json:"name"`
	TypeId         string              `json:"typeId"`
	Version        int64               `json:"version"`
	RoleAttributes []string            `json:"roleAttributes"`
	SubType        PostureCheckSubType `json:"subType"`
}

func (*PostureCheck) GetEntityType added in v0.16.46 

func (entity *PostureCheck) GetEntityType() string

func (*PostureCheck) GetName added in v0.16.46 

func (entity *PostureCheck) GetName() string

type PostureCheckMacAddresses added in v0.16.48 

type PostureCheckMacAddresses struct {
	MacAddresses []string `json:"macAddresses"`
}

func (*PostureCheckMacAddresses) LoadValues added in v0.16.48 

func (entity *PostureCheckMacAddresses) LoadValues(bucket *boltz.TypedBucket)

func (*PostureCheckMacAddresses) SetValues added in v0.16.48 

func (entity *PostureCheckMacAddresses) SetValues(ctx *boltz.PersistContext, bucket *boltz.TypedBucket)

type PostureCheckMfa added in v0.17.52 

type PostureCheckMfa struct {
	TimeoutSeconds        int64 `json:"timeoutSeconds"`
	PromptOnWake          bool  `json:"promptOnWake"`
	PromptOnUnlock        bool  `json:"promptOnUnlock"`
	IgnoreLegacyEndpoints bool  `json:"ignoreLegacyEndpoints"`
}

func (*PostureCheckMfa) LoadValues added in v0.17.52 

func (entity *PostureCheckMfa) LoadValues(bucket *boltz.TypedBucket)

func (*PostureCheckMfa) SetValues added in v0.17.52 

func (entity *PostureCheckMfa) SetValues(ctx *boltz.PersistContext, bucket *boltz.TypedBucket)

type PostureCheckOperatingSystem added in v0.16.48 

type PostureCheckOperatingSystem struct {
	OperatingSystems []OperatingSystem `json:"operatingSystems"`
}

func (*PostureCheckOperatingSystem) LoadValues added in v0.16.48 

func (entity *PostureCheckOperatingSystem) LoadValues(bucket *boltz.TypedBucket)

func (*PostureCheckOperatingSystem) SetValues added in v0.16.48 

func (entity *PostureCheckOperatingSystem) SetValues(ctx *boltz.PersistContext, bucket *boltz.TypedBucket)

type PostureCheckProcess added in v0.16.48 

type PostureCheckProcess struct {
	OperatingSystem string   `json:"operatingSystem"`
	Path            string   `json:"path"`
	Hashes          []string `json:"hashes"`
	Fingerprint     string   `json:"fingerprint"`
}

func (*PostureCheckProcess) LoadValues added in v0.16.48 

func (entity *PostureCheckProcess) LoadValues(bucket *boltz.TypedBucket)

func (*PostureCheckProcess) SetValues added in v0.16.48 

func (entity *PostureCheckProcess) SetValues(ctx *boltz.PersistContext, bucket *boltz.TypedBucket)

type PostureCheckProcessMulti added in v0.19.93 

type PostureCheckProcessMulti struct {
	Semantic  string          `json:"semantic"`
	Processes []*ProcessMulti `json:"processes"`
}

func (*PostureCheckProcessMulti) LoadValues added in v0.19.93 

func (entity *PostureCheckProcessMulti) LoadValues(bucket *boltz.TypedBucket)

func (*PostureCheckProcessMulti) SetValues added in v0.19.93 

func (entity *PostureCheckProcessMulti) SetValues(ctx *boltz.PersistContext, bucket *boltz.TypedBucket)

type PostureCheckStore added in v0.16.46 

type PostureCheckStore interface {
	Store[*PostureCheck]
	LoadOneById(tx *bbolt.Tx, id string) (*PostureCheck, error)
	GetRoleAttributesIndex() boltz.SetReadIndex
	GetRoleAttributesCursorProvider(filters []string, semantic string) (ast.SetCursorProvider, error)
}

type PostureCheckSubType added in v0.16.48 

type PostureCheckSubType interface {
	LoadValues(bucket *boltz.TypedBucket)
	SetValues(ctx *boltz.PersistContext, bucket *boltz.TypedBucket)
}

type PostureCheckType added in v0.16.48 

type PostureCheckType struct {
	boltz.BaseExtEntity
	Name             string            `json:"name"`
	OperatingSystems []OperatingSystem `json:"operatingSystems"`
}

func (*PostureCheckType) GetEntityType added in v0.16.48 

func (entity *PostureCheckType) GetEntityType() string

func (*PostureCheckType) GetName added in v0.16.48 

func (entity *PostureCheckType) GetName() string

type PostureCheckTypeStore added in v0.16.48 

type PostureCheckTypeStore interface {
	NameIndexed
	Store[*PostureCheckType]
}

type PostureCheckWindowsDomains added in v0.16.48 

type PostureCheckWindowsDomains struct {
	Domains []string `json:"domains"`
}

func (*PostureCheckWindowsDomains) LoadValues added in v0.16.48 

func (entity *PostureCheckWindowsDomains) LoadValues(bucket *boltz.TypedBucket)

func (*PostureCheckWindowsDomains) SetValues added in v0.16.48 

func (entity *PostureCheckWindowsDomains) SetValues(ctx *boltz.PersistContext, bucket *boltz.TypedBucket)

type ProcessMulti added in v0.19.93 

type ProcessMulti struct {
	OsType             string   `json:"osType"`
	Path               string   `json:"path"`
	Hashes             []string `json:"hashes"`
	SignerFingerprints []string `json:"signerFingerprints"`
}

type Revocation added in v0.24.373 

type Revocation struct {
	boltz.BaseExtEntity
	ExpiresAt time.Time `json:"expiresAt"`
}

func (Revocation) GetEntityType added in v0.24.373 

func (r Revocation) GetEntityType() string

type RevocationStore added in v0.24.373 

type RevocationStore interface {
	Store[*Revocation]
}

type SdkInfo 

type SdkInfo struct {
	Branch     string `json:"branch"`
	Revision   string `json:"revision"`
	Type       string `json:"type"`
	Version    string `json:"version"`
	AppId      string `json:"appId"`
	AppVersion string `json:"appVersion"`
}

type SecretStore added in v0.17.52 

type SecretStore interface {
	GetSecret() []byte
}

type ServiceConfig 

type ServiceConfig struct {
	ServiceId string
	ConfigId  string
}

type ServiceEdgeRouterPolicy 

type ServiceEdgeRouterPolicy struct {
	boltz.BaseExtEntity
	Name            string   `json:"name"`
	Semantic        string   `json:"semantic"`
	ServiceRoles    []string `json:"serviceRoles"`
	EdgeRouterRoles []string `json:"edgeRouterRoles"`
}

func (*ServiceEdgeRouterPolicy) GetEntityType 

func (entity *ServiceEdgeRouterPolicy) GetEntityType() string

func (*ServiceEdgeRouterPolicy) GetName 

func (entity *ServiceEdgeRouterPolicy) GetName() string

func (*ServiceEdgeRouterPolicy) GetSemantic added in v0.15.27 

func (entity *ServiceEdgeRouterPolicy) GetSemantic() string

type ServiceEdgeRouterPolicyStore 

type ServiceEdgeRouterPolicyStore interface {
	NameIndexed
	Store[*ServiceEdgeRouterPolicy]
}

type ServiceEvent added in v0.17.36 

type ServiceEvent struct {
	Type       ServiceEventType
	IdentityId string
	ServiceId  string
}

func (*ServiceEvent) String added in v0.17.36 

func (self *ServiceEvent) String() string

type ServiceEventHandler added in v0.17.36 

type ServiceEventHandler func(event *ServiceEvent)

type ServiceEventType added in v0.17.36 

type ServiceEventType byte
const (
	ServiceDialAccessGained ServiceEventType = 1
	ServiceDialAccessLost   ServiceEventType = 2
	ServiceBindAccessGained ServiceEventType = 3
	ServiceBindAccessLost   ServiceEventType = 4
	ServiceUpdated          ServiceEventType = 5
)

func (ServiceEventType) String added in v0.17.36 

func (self ServiceEventType) String() string

type ServiceEventsRegistry added in v0.17.36 

type ServiceEventsRegistry struct {
	// contains filtered or unexported fields
}

func (*ServiceEventsRegistry) AddServiceEventHandler added in v0.17.36 

func (self *ServiceEventsRegistry) AddServiceEventHandler(listener ServiceEventHandler)

func (*ServiceEventsRegistry) RemoveServiceEventHandler added in v0.17.36 

func (self *ServiceEventsRegistry) RemoveServiceEventHandler(listener ServiceEventHandler)

type ServicePolicy 

type ServicePolicy struct {
	boltz.BaseExtEntity
	PolicyType        PolicyType `json:"policyType"`
	Name              string     `json:"name"`
	Semantic          string     `json:"semantic"`
	IdentityRoles     []string   `json:"identityRoles"`
	ServiceRoles      []string   `json:"serviceRoles"`
	PostureCheckRoles []string   `json:"postureCheckRoles"`
}

func (*ServicePolicy) GetEntityType 

func (entity *ServicePolicy) GetEntityType() string

func (*ServicePolicy) GetName 

func (entity *ServicePolicy) GetName() string

func (*ServicePolicy) GetSemantic added in v0.15.27 

func (entity *ServicePolicy) GetSemantic() string

type ServicePolicyStore 

type ServicePolicyStore interface {
	NameIndexed
	Store[*ServicePolicy]
}

type Session 

type Session struct {
	boltz.BaseExtEntity
	Token           string      `json:"-"`
	IdentityId      string      `json:"identityId"`
	ApiSessionId    string      `json:"apiSessionId"`
	ServiceId       string      `json:"serviceId"`
	Type            string      `json:"type"`
	ApiSession      *ApiSession `json:"-"`
	ServicePolicies []string    `json:"servicePolicies"`
}

func (*Session) GetEntityType 

func (entity *Session) GetEntityType() string

type SessionStore 

type SessionStore interface {
	Store[*Session]
	LoadOneByToken(tx *bbolt.Tx, token string) (*Session, error)
	GetTokenIndex() boltz.ReadIndex
}

type Store 

type Store[E boltz.ExtEntity] interface {
	boltz.EntityStore[E]

	LoadOneById(tx *bbolt.Tx, id string) (E, error)
	// contains filtered or unexported methods
}

type Stores 

type Stores struct {
	DbProvider      DbProvider
	EventualEventer EventualEventer

	// fabric stores
	Router     db.RouterStore
	Service    db.ServiceStore
	Terminator db.TerminatorStore

	ApiSession              ApiSessionStore
	ApiSessionCertificate   ApiSessionCertificateStore
	AuthPolicy              AuthPolicyStore
	EventualEvent           EventualEventStore
	ExternalJwtSigner       ExternalJwtSignerStore
	Ca                      CaStore
	Config                  ConfigStore
	ConfigType              ConfigTypeStore
	EdgeRouter              EdgeRouterStore
	EdgeRouterPolicy        EdgeRouterPolicyStore
	EdgeService             EdgeServiceStore
	Identity                IdentityStore
	IdentityType            IdentityTypeStore
	Index                   boltz.Store
	Session                 SessionStore
	Revocation              RevocationStore
	ServiceEdgeRouterPolicy ServiceEdgeRouterPolicyStore
	ServicePolicy           ServicePolicyStore
	TransitRouter           TransitRouterStore
	Enrollment              EnrollmentStore
	Authenticator           AuthenticatorStore
	PostureCheck            PostureCheckStore
	PostureCheckType        PostureCheckTypeStore
	Mfa                     MfaStore
	// contains filtered or unexported fields
}

func NewBoltStores 

func NewBoltStores(dbProvider DbProvider) (*Stores, error)

func (*Stores) GetEntityCounts added in v0.21.97 

func (stores *Stores) GetEntityCounts(dbProvider DbProvider) (map[string]int64, error)

func (*Stores) GetStoreForEntity 

func (stores *Stores) GetStoreForEntity(entity boltz.Entity) boltz.Store

func (*Stores) GetStores added in v0.24.250 

func (stores *Stores) GetStores() []boltz.Store

type TestContext 

type TestContext struct {
	boltztest.BaseTestContext
	// contains filtered or unexported fields
}

func NewTestContext 

func NewTestContext(t *testing.T) *TestContext

func (*TestContext) Cleanup added in v0.21.45 

func (ctx *TestContext) Cleanup()

func (*TestContext) CleanupAll added in v0.20.36 

func (ctx *TestContext) CleanupAll()

func (*TestContext) GetDb 

func (ctx *TestContext) GetDb() boltz.Db

func (*TestContext) GetDbProvider 

func (ctx *TestContext) GetDbProvider() DbProvider

func (*TestContext) GetNetwork added in v0.21.235 

func (ctx *TestContext) GetNetwork() *network.Network

func (*TestContext) GetStoreForEntity 

func (ctx *TestContext) GetStoreForEntity(entity boltz.Entity) boltz.Store

func (*TestContext) GetStores 

func (ctx *TestContext) GetStores() *Stores

func (*TestContext) Init 

func (ctx *TestContext) Init()

func (*TestContext) RequireNewIdentity added in v0.20.36 

func (ctx *TestContext) RequireNewIdentity(name string, isAdmin bool) *Identity

func (*TestContext) RequireNewService added in v0.20.36 

func (ctx *TestContext) RequireNewService(name string) *EdgeService

type TransitRouter 

type TransitRouter struct {
	db.Router
	IsVerified            bool     `json:"isVerified"`
	Enrollments           []string `json:"enrollments"`
	IsBase                bool     `json:"-"`
	UnverifiedCertPem     *string  `json:"unverifiedCertPem"`
	UnverifiedFingerprint *string  `json:"unverifiedFingerprint"`
}

func (*TransitRouter) GetName 

func (entity *TransitRouter) GetName() string

type TransitRouterStore 

type TransitRouterStore interface {
	NameIndexed
	Store[*TransitRouter]
}

type UpdateLastActivityAtChecker added in v0.19.39 

type UpdateLastActivityAtChecker struct{}

func (UpdateLastActivityAtChecker) IsUpdated added in v0.19.39 

func (u UpdateLastActivityAtChecker) IsUpdated(field string) bool

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.