authorizer

package
v2.42.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 10, 2025 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AccessGroup 

type AccessGroup struct {
	ID                               string `json:"id,omitempty"`
	Name                             string `json:"name,omitempty"`
	Comment                          string `json:"comment,omitempty"`
	HostCertificateTrustAnchors      string `json:"host_certificate_trust_anchors"`
	WinRMHostCertificateTrustAnchors string `json:"winrm_host_certificate_trust_anchors"`
	DBHostCertificateTrustAnchors    string `json:"db_host_certificate_trust_anchors"`
	CAID                             string `json:"ca_id,omitempty"`
	PrimaryCAID                      string `json:"primary_ca_id"`
	Author                           string `json:"author,omitempty"`
	Created                          string `json:"created,omitempty"`
	Updated                          string `json:"updated,omitempty"`
	UpdatedBy                        string `json:"updated_by,omitempty"`
	Default                          bool   `json:"default,omitempty"`
	CAKeyType                        string `json:"key_type"`
}

AccessGroup access group definition.

type AccessGroupCARenewal added in v2.40.1 

type AccessGroupCARenewal struct {
	CAKeyType string `json:"key_type"`
}

AccessGroupCARenewal access group ca renewal request body definition. Optionally passed in the access group CA renewal request body.

type AccessGroupSearch 

type AccessGroupSearch struct {
	Keywords string `json:"keywords,omitempty"`
}

AccessGroupSearch access group request search body definition.

type AccountSecretSearch 

type AccountSecretSearch struct {
	Keywords string `json:"keywords"`
	HostID   string `json:"host_id,omitempty"`
	Username string `json:"username,omitempty"`
}

AccountSecretSearch account secret search request definition.

type ApiCertificate 

type ApiCertificate struct {
	Type              string `json:"type,omitempty"`
	ID                string `json:"id,omitempty"`
	Serial            string `json:"serial"`
	OwnerID           string `json:"owner_id,omitempty"`
	Revoked           string `json:"revoked,omitempty"`
	RevocationReason  string `json:"revocation_reason,omitempty"`
	Cert              string `json:"cert,omitempty"`
	Chain             string `json:"chain,omitempty"`
	Issuer            string `json:"issuer,omitempty"`
	Subject           string `json:"subject,omitempty"`
	NotBefore         string `json:"not_before,omitempty"`
	NotAfter          string `json:"not_after,omitempty"`
	KeyUsage          string `json:"key_usage,omitempty"`
	BasicConstraints  string `json:"basic_constraints,omitempty"`
	Extensions        string `json:"extensions,omitempty"`
	FingerPrintSHA1   string `json:"fingerprint_sha1,omitempty"`
	FingerPrintSHA256 string `json:"fingerprint_sha256,omitempty"`
	SubjectKeyID      string `json:"subject_key_id,omitempty"`
	AuthorityKeyID    string `json:"authority_key_id,omitempty"`
	Status            string `json:"status"`
}

ApiCertificate api certificate definition.

type ApiCertificateSearch 

type ApiCertificateSearch struct {
	Type           string `json:"type"`
	ID             string `json:"id,omitempty"`
	KeyID          string `json:"key_id,omitempty"`
	OwnerID        string `json:"owner_id,omitempty"`
	Subject        string `json:"subject,omitempty"`
	Issuer         string `json:"issuer,omitempty"`
	NotBefore      string `json:"not_before,omitempty"`
	NotAfter       string `json:"not_after,omitempty"`
	IncludeRevoked bool   `json:"include_revoked,omitempty"`
	IncludeExpired bool   `json:"include_expired,omitempty"`
}

ApiCertificateSearch api certificate search definition.

type ApiIdentities 

type ApiIdentities struct {
	PublicKey string `json:"public_key,omitempty"`
	HostID    string `json:"host_id,omitempty"`
	Hostname  string `json:"hostname,omitempty"`
	Username  string `json:"username,omitempty"`
	Service   string `json:"service,omitempty"`
	RoleID    string `json:"role_id,omitempty"`
}

ApiIdentities end user authorization request definition.

type ApiIdentitiesResponse 

type ApiIdentitiesResponse struct {
	Certificates  []ApiSshCertificate `json:"certificates"`
	PrincipalKeys []ApiSshKey         `json:"principal_keys"`
	Passphrase    string              `json:"passphrase,omitempty"`
	ResponseCode  int                 `json:"response_code"`
	Message       string              `json:"message"`
}

ApiIdentitiesResponse api identities response definition.

type ApiSshCertificate 

type ApiSshCertificate struct {
	Type       string   `json:"type"`
	Data       string   `json:"data"`
	DataString string   `json:"data_string"`
	Chain      []string `json:"chain"`
}

ApiSshCertificate api ssh certificate definition.

type ApiSshKey 

type ApiSshKey struct {
	ID              string `json:"id"`
	GroupID         string `json:"group_id,omitempty"`
	Type            string `json:"type,omitempty"`
	Comment         string `json:"comment,omitempty"`
	PublicKey       string `json:"public_key,omitempty"`
	PublicKeyString string `json:"public_key_string,omitempty"`
	Size            int    `json:"size,omitempty"`
}

ApiSshKey api ssh key definition.

type Authorizer 

type Authorizer struct {
	// contains filtered or unexported fields
}

Authorizer is a authorizer client instance.

func New 

func New(api restapi.Connector) *Authorizer

New authorizer client constructor.

func (*Authorizer) CAConfig 

func (c *Authorizer) CAConfig(caType string) (ComponentCaConfig, error)

CAConfig get authorizers root certificate config by ca type.

func (*Authorizer) CheckoutAccountSecret 

func (c *Authorizer) CheckoutAccountSecret(checkout CheckoutRequest) (*response.ResultSet[Checkout], error)

CheckoutAccountSecret checkout account secret.

func (*Authorizer) CreateAccessGroup 

func (c *Authorizer) CreateAccessGroup(accessGroup *AccessGroup) (response.Identifier, error)

CreateAccessGroup create access group.

func (*Authorizer) CreatePrincipalKey 

func (c *Authorizer) CreatePrincipalKey(groupID string) (*Principal, error)

CreatePrincipalKey create a principal key pair.

func (*Authorizer) DeleteAccessGroup 

func (c *Authorizer) DeleteAccessGroup(accessGroupID string) error

DeleteAccessGroup delete access group by id.

func (*Authorizer) DeletePrincipalKey 

func (c *Authorizer) DeletePrincipalKey(groupID string, opts ...filters.Option) error

DeletePrincipalKey delete the principal key by its group id.

func (*Authorizer) DownloadCACertificate 

func (c *Authorizer) DownloadCACertificate(caID, filename string) error

DownloadCACertificate fetch authorizers root certificate as a download object.

func (*Authorizer) DownloadCarrierConfig 

func (c *Authorizer) DownloadCarrierConfig(trustedClientID, sessionID, filename string) error

DownloadCarrierConfig fetch a pre-configured carrier config.

func (*Authorizer) DownloadCertificateRevocationList 

func (c *Authorizer) DownloadCertificateRevocationList(caID, filename string) error

DownloadCertificateRevocationList fetch authorizer CA certificate revocation list as a download object.

func (*Authorizer) DownloadDeployScript 

func (c *Authorizer) DownloadDeployScript(trustedClientID, sessionID, filename string) error

DownloadDeployScript fetch a pre-configured deployment script.

func (*Authorizer) DownloadExtenderCACertificate 

func (c *Authorizer) DownloadExtenderCACertificate(filename, id string) error

DownloadExtenderCACertificate fetch authorizers extender CA certificate by id as a download object.

func (*Authorizer) DownloadExtenderCertificateCRL 

func (c *Authorizer) DownloadExtenderCertificateCRL(filename, id string) error

DownloadExtenderCertificateCRL fetch authorizer CA certificate revocation list as a download object.

func (*Authorizer) DownloadExtenderConfig 

func (c *Authorizer) DownloadExtenderConfig(trustedClientID, sessionID, filename string) error

DownloadExtenderConfig fetch a pre-configured extender config as a download object.

func (*Authorizer) DownloadPrincipalCommandScript 

func (c *Authorizer) DownloadPrincipalCommandScript(filename string) error

DownloadPrincipalCommandScript fetch the principals_command.sh script.

func (*Authorizer) DownloadWebProxyCertificateCRL 

func (c *Authorizer) DownloadWebProxyCertificateCRL(filename, id string) error

DownloadWebProxyCertificateCRL fetch authorizer CA certificate revocation list as a download object.

func (*Authorizer) DownloadWebProxyConfig 

func (c *Authorizer) DownloadWebProxyConfig(trustedClientID, sessionID, filename string) error

DownloadWebProxyConfig fetch a pre-configured web proxy config as a download object.

func (*Authorizer) GetAccessGroup 

func (c *Authorizer) GetAccessGroup(accessGroupID string) (*AccessGroup, error)

GetAccessGroup get access group by id.

func (*Authorizer) GetAccessGroups 

func (c *Authorizer) GetAccessGroups(opts ...filters.Option) (*response.ResultSet[AccessGroup], error)

MARK: Access Groups GetAccessGroups get all access group.

func (*Authorizer) GetAccountSecrets 

func (c *Authorizer) GetAccountSecrets(opts ...filters.Option) (*response.ResultSet[HostAccountSecret], error)

MARK: Secrets GetAccountSecrets get all account secrets.

func (*Authorizer) GetAllCertificates 

func (c *Authorizer) GetAllCertificates() (*response.ResultSet[ApiCertificate], error)

GetAllCertificates get all certificates.

func (*Authorizer) GetCACertificates 

func (c *Authorizer) GetCACertificates(opts ...filters.Option) (*response.ResultSet[CA], error)

MARK: CAS GetCACertificates get authorizers root certificates. Note, the v1 endpoint doesn't return the count as part of the response body, this will change with v2. Until then, we will handle it internally within the SDK.

func (*Authorizer) GetCarrierConfigSessions 

func (c *Authorizer) GetCarrierConfigSessions(trustedClientID string) (*SessionIDResponse, error)

MARK: Carrier // GetCarrierConfigSessions get carrier config session ids.

func (*Authorizer) GetCert 

func (c *Authorizer) GetCert(certID string) (*ApiCertificate, error)

GetCert get certificate by id.

func (*Authorizer) GetCertTemplates 

func (c *Authorizer) GetCertTemplates(opts ...filters.Option) (*response.ResultSet[CertTemplate], error)

MARK: Templates GetCertTemplates returns the certificate authentication templates.

func (*Authorizer) GetDeployScriptSessions 

func (c *Authorizer) GetDeployScriptSessions(trustedClientID string) (*SessionIDResponse, error)

MARK: Deploy GetDeployScriptSessions get deploy script session ids.

func (*Authorizer) GetExtenderCACertificates 

func (c *Authorizer) GetExtenderCACertificates(opts ...filters.Option) (*response.ResultSet[CA], error)

MARK: Extender GetExtenderCACertificates gets authorizers extender CA certificates. Note, the v1 endpoint doesn't return the count as part of the response body, this will change with v2. Until then, we will handle it internally within the SDK.

func (*Authorizer) GetExtenderConfigSessions 

func (c *Authorizer) GetExtenderConfigSessions(trustedClientID string) (*SessionIDResponse, error)

GetExtenderConfigSessions get extenders config session ids.

func (*Authorizer) GetExtenderTrustAnchor 

func (c *Authorizer) GetExtenderTrustAnchor() (*TrustAnchor, error)

GetExtenderTrustAnchor returns the extender trust anchor.

func (*Authorizer) GetPrincipal 

func (c *Authorizer) GetPrincipal(groupID string, opts ...filters.Option) (*Principal, error)

GetPrincipal get principal by its group id.

func (*Authorizer) GetPrincipals 

func (c *Authorizer) GetPrincipals() (*response.ResultSet[Principal], error)

MARK: Principals GetPrincipals get defined principals. Note, the v1 endpoint doesn't return the count as part of the response body, this will change with v2. Until then, we will handle it internally within the SDK.

func (*Authorizer) GetSSLTrustAnchor 

func (c *Authorizer) GetSSLTrustAnchor() (*TrustAnchor, error)

MARK: Trust Anchors GetSSLTrustAnchor returns the SSL trust anchor.

func (*Authorizer) GetSecretCheckout 

func (c *Authorizer) GetSecretCheckout(checkoutID string) (*Checkout, error)

GetSecretCheckout get secret checkout by id.

func (*Authorizer) GetSecretCheckouts 

func (c *Authorizer) GetSecretCheckouts(opts ...filters.Option) (*response.ResultSet[Checkout], error)

GetSecretCheckouts get secret checkouts.

func (*Authorizer) GetTargetHostCredentials 

func (c *Authorizer) GetTargetHostCredentials(request *ApiIdentities, opts ...filters.Option) (*ApiIdentitiesResponse, error)

GetTargetHostCredentials get target host credentials for the user.

func (*Authorizer) GetWebProxyCACertificate 

func (c *Authorizer) GetWebProxyCACertificate(id string) (*CA, error)

GetWebProxyCACertificate gets authorizer's web proxy CA certificate by id.

func (*Authorizer) GetWebProxyCACertificates 

func (c *Authorizer) GetWebProxyCACertificates(opts ...filters.Option) (*response.ResultSet[CA], error)

MARK: Web-Proxy GetWebProxyCACertificates gets authorizer's web proxy CA certificates. Note, the v1 endpoint doesn't return the count as part of the response body, this will change with v2. Until then, we will handle it internally within the SDK.

func (*Authorizer) GetWebProxyConfigSessions 

func (c *Authorizer) GetWebProxyConfigSessions(trustedClientID string) (*SessionIDResponse, error)

GetWebProxyConfigSessions get web proxy config session ids.

func (*Authorizer) ImportPrincipalKey 

func (c *Authorizer) ImportPrincipalKey(groupID string, key *PrincipalKeyImport) (*Principal, error)

ImportPrincipalKey import a principal key pair.

func (*Authorizer) ReleaseSecretCheckout 

func (c *Authorizer) ReleaseSecretCheckout(checkoutID string) error

ReleaseSecretCheckout release secret checkout.

func (*Authorizer) RenewAccessGroupCAKey 

func (c *Authorizer) RenewAccessGroupCAKey(accessGroupID string, renewal *AccessGroupCARenewal) (string, error)

RenewAccessGroupCAKey renew access group CA key.

func (*Authorizer) RevokeAccessGroupCAKey 

func (c *Authorizer) RevokeAccessGroupCAKey(accessGroupID string, caID string) error

RevokeAccessGroupCAKey revoke access group CA key.

func (*Authorizer) SearchAccessGroups 

func (c *Authorizer) SearchAccessGroups(search *AccessGroupSearch, opts ...filters.Option) (*response.ResultSet[AccessGroup], error)

SearchAccessGroups search for access groups.

func (*Authorizer) SearchAccountSecrets 

func (c *Authorizer) SearchAccountSecrets(search *AccountSecretSearch, opts ...filters.Option) (*response.ResultSet[HostAccountSecret], error)

SearchAccountSecrets search for account secrets.

func (*Authorizer) SearchCerts 

func (c *Authorizer) SearchCerts(search *ApiCertificateSearch, opts ...filters.Option) (*response.ResultSet[ApiCertificate], error)

MARK: Certs SearchCerts search certificates.

func (*Authorizer) SignPrincipalKey 

func (c *Authorizer) SignPrincipalKey(groupID string, sign *PrincipalKeySign, opts ...filters.Option) (*Signature, error)

SignPrincipalKey get a principal key signature.

func (*Authorizer) Status 

func (c *Authorizer) Status() (*response.ServiceStatus, error)

MARK: Status Status get authorizer microservice status.

func (*Authorizer) UpdateAccessGroup 

func (c *Authorizer) UpdateAccessGroup(accessGroupID string, update *AccessGroup) error

UpdateAccessGroup update access group by id.

func (*Authorizer) UpdateCAConfig 

func (c *Authorizer) UpdateCAConfig(caType string, caConf ComponentCaConfig) error

UpdateCAConfig update authorizers root certificate config by ca type.

type CA 

type CA struct {
	ID                string `json:"id"`
	GroupID           string `json:"group_id"`
	AccessGroupID     string `json:"access_group_id,omitempty"`
	Type              string `json:"type"`
	Size              int    `json:"size"`
	PublicKey         string `json:"public_key"`
	Comment           string `json:"comment,omitempty"`
	PublicKeyString   string `json:"public_key_string"`
	X509Certificate   string `json:"x509_certificate,omitempty"`
	Subject           string `json:"subject,omitempty"`
	Issuer            string `json:"issuer,omitempty"`
	SerialNumber      string `json:"serial,omitempty"`
	NotBefore         string `json:"not_before,omitempty"`
	NotAfter          string `json:"not_after,omitempty"`
	FingerPrintSHA1   string `json:"fingerprint_sha1,omitempty"`
	FingerPrintSHA256 string `json:"fingerprint_sha256,omitempty"`
}

CA root certificate definition.

type CAParams 

type CAParams struct {
	AccessGroupID string `url:"access_group_id"`
}

CAparams ca query parameter definition.

type CertTemplate 

type CertTemplate struct {
	Name              string   `json:"name"`
	Description       string   `json:"description"`
	Service           string   `json:"service"`
	Type              string   `json:"type"`
	KeyID             string   `json:"key_id,omitempty"`
	RsaSignatureTypes []string `json:"rsa_signature_types,omitempty"`
	Principals        []string `json:"principals,omitempty"`
	Extensions        []string `json:"extensions,omitempty"`
}

CertTemplate certification template definition

type CertTemplateParams 

type CertTemplateParams struct {
	Service string `url:"service"`
}

CertTemplateParams certificate template query parameter definition.

type CertificateEnroll 

type CertificateEnroll struct {
	CAID  string `json:"ca_id,omitempty"`
	CSR   string `json:"csr"`
	Owner string `json:"owner"`
}

CertificateEnroll certificate enroll request definition.

type CertificateEnrollResponse 

type CertificateEnrollResponse struct {
	ID   string `json:"id"`
	Cert string `json:"cert"`
	CA   string `json:"ca"`
}

CertificateEnrollResponse certificate enroll response definition.

type CertificateRevocation 

type CertificateRevocation struct {
	Reason      string   `json:"reason,omitempty"`
	Owner       string   `json:"owner,omitempty"`
	IPAddresses []net.IP `json:"ip_addresses,omitempty"`
	DNSNames    []string `json:"dns_names,omitempty"`
	Cert        string   `json:"cert,omitempty"`
}

CertificateRevocation certificate revocation request definition.

type CertificateRevocationResponse 

type CertificateRevocationResponse struct {
	IDS []string `json:"ids"`
}

CertificateRevocationResponse certificate revocation response definition.

type Checkout 

type Checkout struct {
	ID               string                            `json:"id"`
	Path             string                            `json:"path"`
	Type             string                            `json:"type"`
	Expires          string                            `json:"expires"`
	Created          string                            `json:"created"`
	ExplicitCheckout bool                              `json:"explicit_checkout"`
	Secrets          []Secrets                         `json:"secrets"`
	Username         string                            `json:"username"`
	Email            string                            `json:"email,omitempty"`
	FullName         string                            `json:"full_name,omitempty"`
	Host             HostPrincipalsHandle              `json:"host,omitempty"`
	TargetDomain     secretsmanager.TargetDomainHandle `json:"target_domain,omitempty"`
	ManagedAccountID string                            `json:"managed_account_id,omitempty"`
	UserID           string                            `json:"user_id"`
}

Checkout checkout definition.

type CheckoutRequest 

type CheckoutRequest struct {
	Path string `json:"path"`
}

CheckoutRequest checkout request definition.

type ComponentCaConfig 

type ComponentCaConfig struct {
	Name        string    `json:"name"`
	CAID        string    `json:"ca_id"`
	PrimaryCAID string    `json:"primary_ca_id"`
	Updated     time.Time `json:"updated"`
	UpdatedBy   string    `json:"updated_by,omitempty"`
}

ComponentCaConfig component ca config response definition.

type HostAccountSecret 

type HostAccountSecret struct {
	Path         string               `json:"path"`
	Type         string               `json:"type"`
	Username     string               `json:"username"`
	Email        string               `json:"email,omitempty"`
	FullName     string               `json:"full_name,omitempty"`
	TargetDomain TargetDomainHandle   `json:"target_domain,omitempty"`
	Host         HostPrincipalsHandle `json:"host,omitempty"`
	Created      string               `json:"created,omitempty"`
	Updated      string               `json:"updated,omitempty"`
}

HostAccountSecret host account secret definition.

type HostPrincipalsHandle 

type HostPrincipalsHandle struct {
	ID         string   `json:"id"`
	Addresses  []string `json:"addresses"`
	CommonName string   `json:"common_name,omitempty"`
	ExternalID string   `json:"external_id,omitempty"`
	InstanceID string   `json:"instance_id,omitempty"`
}

HostPrincipalsHandle host principals handle definition.

type Principal 

type Principal struct {
	Type            string `json:"type"`
	ID              string `json:"id"`
	GroupID         string `json:"group_id"`
	Name            string `json:"name,omitempty"`
	Comment         string `json:"comment,omitempty"`
	PublicKey       string `json:"public_key"`
	PublicKeyString string `json:"public_key_string"`
	Size            int    `json:"size"`
}

Principal principal definition.

type PrincipalKeyImport 

type PrincipalKeyImport struct {
	Algorithm string `json:"algorithm"`
	Data      string `json:"data"`
}

PrincipalKeyImport principal key import request definition.

type PrincipalKeySign 

type PrincipalKeySign struct {
	ID        string `json:"id"`
	GroupID   string `json:"group_id"`
	PublicKey string `json:"publicKey"`
	Type      string `json:"type"`
	Data      string `json:"data"`
}

PrincipalKeySign principal key sign request definition.

type PrincipalParams 

type PrincipalParams struct {
	KeyID string `url:"key_id"`
}

PrincipalParams principal query parameter definition.

type Secrets 

type Secrets struct {
	Version int       `json:"version"`
	Secret  string    `json:"secret"`
	Created time.Time `json:"created"`
}

Secrets secrets definition.

type SessionIDResponse 

type SessionIDResponse struct {
	SessionID string `json:"session_id"`
}

SessionIDResponse session id response definition.

type Signature 

type Signature struct {
	Signature    string `json:"signature"`
	ResponseCode int    `json:"response_code,omitempty"`
	Message      string `json:"message,omitempty"`
}

Signature principal key signature response definition.

type TargetDomainHandle 

type TargetDomainHandle struct {
	ID      string `json:"id"`
	Name    string `json:"name,omitempty"`
	Deleted bool   `json:"deleted,omitempty"`
}

TargetDomainHandle target domain handle definition.

type TrustAnchor 

type TrustAnchor struct {
	TrustAnchor       string `json:"trust_anchor"`
	TrustAnchorSHA1   string `json:"trust_anchor_sha1,omitempty"`
	TrustAnchorSHA256 string `json:"trust_anchor_sha256,omitempty"`
}

TrustAnchor trust anchor definition

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.