rolestore

package
v0.6.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 28, 2021 License: Apache-2.0 Imports: 3 Imported by: 4

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types 

type AWSRoleLink struct {
	ID          string    `json:"id,omitempty"`
	Name        string    `json:"name,omitempty"`
	ARN         string    `json:"arn,omitempty"`
	Updated     string    `json:"updated,omitempty"`
	Description string    `json:"description,omitempty"`
	Source      string    `json:"source,omitempty"`
	Status      string    `json:"status,omitempty"`
	Roles       []RoleRef `json:"roles,omitempty"`
}

AWSRoleLink aws role definition.

type AWSToken added in v0.6.0 

type AWSToken struct {
	AccessKeyID     string   `json:"access_key_id,omitempty"`
	SecretAccessKey string   `json:"secret_access_key,omitempty"`
	SessionToken    string   `json:"session_token,omitempty"`
	Expires         string   `json:"expires,omitempty"`
	Descriptions    []string `json:"descriptions,omitempty"`
}

AWSToken aws token definition

type AuthorizedKey added in v0.6.0 

type AuthorizedKey struct {
	ID            string   `json:"id,omitempty"`
	Username      string   `json:"username,omitempty"`
	UserID        string   `json:"user_id,omitempty"`
	Name          string   `json:"name,omitempty"`
	Comment       string   `json:"comment,omitempty"`
	PublicKey     string   `json:"public_key,omitempty"`
	NotBefore     string   `json:"not_before,omitempty"`
	NotAfter      string   `json:"not_after,omitempty"`
	SourceAddress []string `json:"source_address,omitempty"`
}

AuthorizedKey authorizednal key definition

type Connection added in v0.6.0 

type Connection struct {
	Type                   string   `json:"type,omitempty"`
	Address                string   `json:"address,omitempty"`
	AccessKeyID            string   `json:"iam_access_key_id,omitempty"`
	SecretKey              string   `json:"iam_secret_access_key,omitempty"`
	SessionToken           string   `json:"iam_session_token,omitempty"`
	FetchRolePathPrefix    string   `json:"iam_fetch_role_path_prefix,omitempty"`
	GCConfig               string   `json:"google_cloud_config_json,omitempty"`
	OpenstackVersion       string   `json:"openstack_version,omitempty"`
	OpenStackEndpoint      string   `json:"openstack_endpoint,omitempty"`
	OpenStackUsername      string   `json:"openstack_username,omitempty"`
	OpenStackUserID        string   `json:"openstack_user_id,omitempty"`
	OpenStackPassword      string   `json:"openstack_password,omitempty"`
	OpenStackAPIkey        string   `json:"openstack_apikey,omitempty"`
	OpenStackDomainName    string   `json:"openstack_domainname,omitempty"`
	OpenStackDomainID      string   `json:"openstack_domainid,omitempty"`
	OpenStackTokenID       string   `json:"openstack_token_id,omitempty"`
	AzureBaseURL           string   `json:"azure_base_url,omitempty"`
	AzureSubscriptionID    string   `json:"azure_subscription_id,omitempty"`
	AzureTenantID          string   `json:"azure_tenant_id,omitempty"`
	AzureClientID          string   `json:"azure_client_id,omitempty"`
	AzureClientSecret      string   `json:"azure_client_secret,omitempty"`
	LDAPProtocol           string   `json:"ldap_protocol,omitempty"`
	LDAPBase               string   `json:"ldap_base,omitempty"`
	LDAPUserFilter         string   `json:"ldap_user_filter,omitempty"`
	LDAPBindDN             string   `json:"ldap_bind_dn,omitempty"`
	LDAPBindPassword       string   `json:"ldap_bind_password,omitempty"`
	LDAPUserDNPattern      string   `json:"ldap_user_dn_pattern,omitempty"`
	GoogleGsuiteDomain     string   `json:"google_gsuite_domain,omitempty"`
	GoogleGsuiteAdminEmail string   `json:"google_gsuite_domain_admin_email,omitempty"`
	OIDCIssuer             string   `json:"oidc_issuer,omitempty"`
	OIDCButtonTitle        string   `json:"oidc_button_title,omitempty"`
	OIDCClientID           string   `json:"oidc_client_id,omitempty"`
	OIDCClientSecret       string   `json:"oidc_client_secret,omitempty"`
	OIDCTagsAttributeName  string   `json:"oidc_tags_attribute_name,omitempty"`
	MFAType                string   `json:"mfa_type,omitempty"`
	MFAAddress             string   `json:"mfa_address,omitempty"`
	MFABaseDN              string   `json:"mfa_base_dn,omitempty"`
	DomainControllerFQDN   string   `json:"domain_controller_fqdn,omitempty"`
	KerberosTicket         string   `json:"kerberos_ticket,omitempty"`
	DomainControllerPort   int      `json:"domain_controller_port,omitempty"`
	MFAPort                int      `json:"mfa_port,omitempty"`
	Port                   int      `json:"port,omitempty"`
	EnableMachineAuth      bool     `json:"enable_machine_authentication,omitempty"`
	EnableUserAuth         bool     `json:"enable_user_authentication,omitempty"`
	OIDCEnabled            bool     `json:"oidc_enabled,omitempty"`
	FetchRoles             bool     `json:"iam_fetch_roles,omitempty"`
	AutoUpdate             bool     `json:"service_address_auto_update,omitempty"`
	OIDCScopesSecret       []string `json:"oidc_additional_scopes_secret,omitempty"`
	GCProjectIDs           []string `json:"google_cloud_project_ids,omitempty"`
	OpenStackTenantIDs     []string `json:"openstack_tenant_ids,omitempty"`
	OpenStackTenantNames   []string `json:"openstack_tenant_names,omitempty"`
}

Connection source connection definition

type Context 

type Context struct {
	Enabled   bool   `json:"enabled"`
	BlockRole bool   `json:"block_role"`
	StartTime string `json:"start_time"`
	EndTime   string `json:"end_time"`
	Timezone  string `json:"timezone"`
}

Context defines the context information for a role.

type EUM added in v0.6.0 

type EUM struct {
	SourceID           string `json:"source_id,omitempty"`
	SourceSeaerchField string `json:"source_search_field,omitempty"`
}

EUM external user mapping definition

type LogconfCollector added in v0.6.0 

type LogconfCollector struct {
	ID                       string `json:"id,omitempty"`
	Name                     string `json:"name,omitempty"`
	Type                     string `json:"type,omitempty"`
	Updated                  string `json:"updated,omitempty"`
	StatusCode               string `json:"status_code,omitempty"`
	StatusText               string `json:"status_text,omitempty"`
	AWSLogRegion             string `json:"aws_log_region,omitempty"`
	IAMAccessKeyID           string `json:"iam_access_key_id,omitempty"`
	IAMSecretAccessKey       string `json:"iam_secret_access_key,omitempty"`
	IAMSessionToken          string `json:"iam_session_token,omitempty"`
	AzureEventHubsNamespace  string `json:"azure_event_hubs_namespace,omitempty"`
	AzureResourceGroupName   string `json:"azure_resource_group_name,omitempty"`
	AzureSubscriptionID      string `json:"azure_subscription_id,omitempty"`
	AzureEventHubName        string `json:"azure_event_hub_name,omitempty"`
	AzureTenantID            string `json:"azure_tenant_id,omitempty"`
	AzureClientID            string `json:"azure_client_id,omitempty"`
	AzureClientSecret        string `json:"azure_client_secret,omitempty"`
	AzureSasConnectionString string `json:"azure_sas_connection_string,omitempty"`
	Enabled                  bool   `json:"enabled,omitempty"`
}

LogconfCollector logconf collectors definition

type MFA added in v0.6.0 

type MFA struct {
	Status string `json:"status,omitempty"`
	Seed   Seed   `json:"seed,omitempty"`
}

MFA multifactor authentication definition

type Params added in v0.6.0 

type Params struct {
	Sortdir   string `json:"sortdir,omitempty"`
	Sortkey   string `json:"sortkey,omitempty"`
	Tokencode string `json:"tokencode,omitempty"`
	Refresh   bool   `json:"refresh,omitempty"`
	Offset    int    `json:"offset,omitempty"`
	Limit     int    `json:"limit,omitempty"`
	TTL       int    `json:"ttl,omitempty"`
}

Params struct for pagination queries.

type PrincipalKey added in v0.6.0 

type PrincipalKey struct {
	ID        string `json:"id,omitempty"`
	PublicKey string `json:"public_key,omitempty"`
}

PrincipalKey principal key definition

type PrivateKey added in v0.6.0 

type PrivateKey struct {
	ID         string `json:"id,omitempty"`
	PrivateKey string `json:"private_key,omitempty"`
}

PrivateKey principal privat key definition

type ResolveAuthorizedKey added in v0.6.0 

type ResolveAuthorizedKey struct {
	Username  string `json:"username,omitempty"`
	PublicKey string `json:"public_key,omitempty"`
}

ResolveAuthorizedKey struct for resolving authorized key.

type Role 

type Role struct {
	ID             string     `json:"id"`
	Name           string     `json:"name"`
	GrantType      string     `json:"grant_type"`
	Comment        string     `json:"comment"`
	AccessGroupID  string     `json:"access_group_id"`
	GrantStart     string     `json:"grant_start"`
	GrantEnd       string     `json:"grant_end"`
	Permissions    []string   `json:"permissions"`
	PublicKey      []string   `json:"principal_public_key_strings"`
	MemberCount    int        `json:"member_count"`
	FloatingLength int        `json:"floating_length"`
	Explicit       bool       `json:"explicit" tabulate:"@userCtx"`
	Implicit       bool       `json:"implicit" tabulate:"@userCtx"`
	System         bool       `json:"system"`
	PermitAgent    bool       `json:"permit_agent"`
	Context        *Context   `json:"context"`
	SourceRule     SourceRule `json:"source_rules"`
}

Role contains PrivX role information.

type RoleRef 

type RoleRef struct {
	ID   string `json:"id"`
	Name string `json:"name"`
}

RoleRef is a reference to role object

type RoleStore 

type RoleStore struct {
	// contains filtered or unexported fields
}

RoleStore is a role-store client instance.

func New 

func New(api restapi.Connector) *RoleStore

New creates a new role-store client instance, using the argument SDK API client. 

func (store *RoleStore) AWSRoleLink(awsroleID string) (*AWSRoleLink, error)

AWSRoleLink returns existing single aws role 

func (store *RoleStore) AWSRoleLinks(refresh bool) ([]AWSRoleLink, error)

AWSRoleLinks returns all aws roles.

func (*RoleStore) AWSToken added in v0.6.0 

func (store *RoleStore) AWSToken(roleID, tokencode string, ttl int) ([]AWSToken, error)

AWSToken returns AWS token for a specified role

func (*RoleStore) AllAuthorizedKeys added in v0.6.0 

func (store *RoleStore) AllAuthorizedKeys(offset, limit int, sortdir, sortkey string) ([]AuthorizedKey, error)

AllAuthorizedKeys returns all authorized keys

func (*RoleStore) AuthorizedKey added in v0.6.0 

func (store *RoleStore) AuthorizedKey(userID, keyID string) (*AuthorizedKey, error)

AuthorizedKey return user's authorized key

func (*RoleStore) AuthorizedKeys added in v0.6.0 

func (store *RoleStore) AuthorizedKeys(userID string) ([]AuthorizedKey, error)

AuthorizedKeys return user's authorized keys

func (*RoleStore) CreateAuthorizedKey added in v0.6.0 

func (store *RoleStore) CreateAuthorizedKey(key AuthorizedKey, userID string) (string, error)

CreateAuthorizedKey register an authorized key for user

func (*RoleStore) CreateLogconfCollector added in v0.6.0 

func (store *RoleStore) CreateLogconfCollector(conf LogconfCollector) (string, error)

CreateLogconfCollector create a logconf collector

func (*RoleStore) CreateRole 

func (store *RoleStore) CreateRole(role Role) (string, error)

CreateRole creates new role

func (*RoleStore) CreateSource added in v0.6.0 

func (store *RoleStore) CreateSource(source Source) (string, error)

CreateSource create a new source 

func (store *RoleStore) DeleteAWSRoleLInk(awsroleID string) error

DeleteAWSRoleLInk delete a aws role

func (*RoleStore) DeleteAuthorizedKey added in v0.6.0 

func (store *RoleStore) DeleteAuthorizedKey(userID, keyID string) error

DeleteAuthorizedKey delete a user's authorized key

func (*RoleStore) DeleteLogconfCollector added in v0.6.0 

func (store *RoleStore) DeleteLogconfCollector(collectorID string) error

DeleteLogconfCollector delete a logconf collector

func (*RoleStore) DeletePrincipalKey added in v0.6.0 

func (store *RoleStore) DeletePrincipalKey(roleID, keyID string) error

DeletePrincipalKey delete a role's principal key

func (*RoleStore) DeleteRole added in v0.6.0 

func (store *RoleStore) DeleteRole(roleID string) error

DeleteRole delete a role

func (*RoleStore) DeleteSource added in v0.6.0 

func (store *RoleStore) DeleteSource(sourceID string) error

DeleteSource delete a source

func (*RoleStore) DisableMFA added in v0.6.0 

func (store *RoleStore) DisableMFA(userIDs []string) error

DisableMFA disable multifactor authentication

func (*RoleStore) EnableMFA added in v0.6.0 

func (store *RoleStore) EnableMFA(userIDs []string) error

EnableMFA enable multifactor authentication

func (*RoleStore) EvaluateRole added in v0.6.0 

func (store *RoleStore) EvaluateRole(role *Role) ([]User, error)

EvaluateRole evaluate a new role definition

func (*RoleStore) GeneratePrincipalKey added in v0.6.0 

func (store *RoleStore) GeneratePrincipalKey(roleID string) (string, error)

GeneratePrincipalKey generate new principal key for existing role

func (*RoleStore) GetRoleMembers 

func (store *RoleStore) GetRoleMembers(roleID string) ([]User, error)

GetRoleMembers gets all members (users) of the argument role ID.

func (*RoleStore) GrantUserRole added in v0.6.0 

func (store *RoleStore) GrantUserRole(userID, roleID string) error

GrantUserRole adds the specified role for the user. If the user already has the role, this function does nothing.

func (*RoleStore) ImportPrincipalKey added in v0.6.0 

func (store *RoleStore) ImportPrincipalKey(key PrivateKey, roleID string) (string, error)

ImportPrincipalKey import new principal key for existing role

func (*RoleStore) LinkedRoles added in v0.6.0 

func (store *RoleStore) LinkedRoles(awsroleID string) ([]AWSRoleLink, error)

LinkedRoles return AWS role granting PrivX roles

func (*RoleStore) LogconfCollector added in v0.6.0 

func (store *RoleStore) LogconfCollector(collectorID string) (*LogconfCollector, error)

LogconfCollector returns existing single logconf collector

func (*RoleStore) LogconfCollectors added in v0.6.0 

func (store *RoleStore) LogconfCollectors() ([]LogconfCollector, error)

LogconfCollectors returns all logconf collectors

func (*RoleStore) PrincipalKey added in v0.6.0 

func (store *RoleStore) PrincipalKey(roleID, keyID string) (*PrincipalKey, error)

PrincipalKey returns a role's principal key object.

func (*RoleStore) PrincipalKeys added in v0.6.0 

func (store *RoleStore) PrincipalKeys(roleID string) ([]PrincipalKey, error)

PrincipalKeys returns all principal keys

func (*RoleStore) RefreshSources added in v0.6.0 

func (store *RoleStore) RefreshSources(sourceIDs []string) error

RefreshSources refresh all host and user sources

func (*RoleStore) ResetMFA added in v0.6.0 

func (store *RoleStore) ResetMFA(userIDs []string) error

ResetMFA reset multifactor authentication

func (*RoleStore) ResolveAuthorizedKey added in v0.6.0 

func (store *RoleStore) ResolveAuthorizedKey(resolve ResolveAuthorizedKey) ([]AuthorizedKey, error)

ResolveAuthorizedKey resolve authorized keys

func (*RoleStore) ResolveRoles 

func (store *RoleStore) ResolveRoles(names []string) ([]RoleRef, error)

ResolveRoles searches give role name and returns corresponding ids

func (*RoleStore) ResolveUser added in v0.6.0 

func (store *RoleStore) ResolveUser(userID string) (*User, error)

ResolveUser resolve users role

func (*RoleStore) RevokeUserRole added in v0.6.0 

func (store *RoleStore) RevokeUserRole(userID, roleID string) error

RevokeUserRole removes the specified role from the user. If the user does not have the role, this function does nothing.

func (*RoleStore) Role 

func (store *RoleStore) Role(roleID string) (*Role, error)

Role gets information about the argument role ID.

func (*RoleStore) Roles 

func (store *RoleStore) Roles() ([]Role, error)

Roles gets all configured roles.

func (*RoleStore) SearchUsers 

func (store *RoleStore) SearchUsers(keywords, source string) ([]User, error)

SearchUsers searches for users, matching the keywords and source criteria.

func (*RoleStore) SearchUsersExternal added in v0.6.0 

func (store *RoleStore) SearchUsersExternal(keywords, sourceID string) ([]User, error)

SearchUsersExternal searche users with user search parameters.

func (*RoleStore) Source added in v0.6.0 

func (store *RoleStore) Source(sourceID string) (*Source, error)

Source returns a source

func (*RoleStore) Sources added in v0.6.0 

func (store *RoleStore) Sources() ([]Source, error)

Sources get all sources. 

func (store *RoleStore) UpdateAWSRoleLink(awsRoleID string, roles []RoleRef) error

UpdateAWSRoleLink update existing aws role

func (*RoleStore) UpdateAuthorizedKey added in v0.6.0 

func (store *RoleStore) UpdateAuthorizedKey(key *AuthorizedKey, userID, keyID string) error

UpdateAuthorizedKey update authorized key for user

func (*RoleStore) UpdateLogconfCollector added in v0.6.0 

func (store *RoleStore) UpdateLogconfCollector(collectorID string, conf *LogconfCollector) error

UpdateLogconfCollector update existing logconf collector

func (*RoleStore) UpdateRole added in v0.6.0 

func (store *RoleStore) UpdateRole(roleID string, role *Role) error

UpdateRole update existing role

func (*RoleStore) UpdateSource added in v0.6.0 

func (store *RoleStore) UpdateSource(sourceID string, source *Source) error

UpdateSource update existing source

func (*RoleStore) UpdateUserSettings added in v0.6.0 

func (store *RoleStore) UpdateUserSettings(settings *json.RawMessage, userID string) error

UpdateUserSettings update specific user's settings

func (*RoleStore) User 

func (store *RoleStore) User(userID string) (*User, error)

User gets information about the argument user ID.

func (*RoleStore) UserRoles 

func (store *RoleStore) UserRoles(userID string) ([]Role, error)

UserRoles gets the roles of the argument user ID.

func (*RoleStore) UserSettings added in v0.6.0 

func (store *RoleStore) UserSettings(userID string) (*json.RawMessage, error)

UserSettings get specific user settings

type Seed added in v0.6.0 

type Seed struct {
	SeedString string `json:"seed_string,omitempty"`
	SeedQRCode string `json:"seed_qr_code,omitempty"`
}

Seed seed definition

type Source added in v0.6.0 

type Source struct {
	ID                  string     `json:"id,omitempty"`
	Created             string     `json:"created,omitempty"`
	Updated             string     `json:"updated,omitempty"`
	UpdatedBy           string     `json:"updated_by,omitempty"`
	Author              string     `json:"author,omitempty"`
	Name                string     `json:"name,omitempty"`
	StatusCode          string     `json:"status_code,omitempty"`
	StatusText          string     `json:"status_text,omitempty"`
	Comment             string     `json:"comment,omitempty"`
	TTL                 int        `json:"ttl,omitempty"`
	Enabled             bool       `json:"enabled,omitempty"`
	Tags                []string   `json:"tags,omitempty"`
	UsernamePattern     []string   `json:"username_pattern,omitempty"`
	ExternalUserMapping []EUM      `json:"external_user_mapping,omitempty"`
	Connection          Connection `json:"connection,omitempty"`
}

Source definitions - user and host directories

type SourceRule 

type SourceRule struct {
	Type    string       `json:"type"`
	Match   string       `json:"match"`
	Source  string       `json:"source,omitempty"`
	Pattern string       `json:"search_string,omitempty"`
	Rules   []SourceRule `json:"rules"`
}

SourceRule defines a mapping of role to object objects in directory

func SourceRuleNone 

func SourceRuleNone() SourceRule

SourceRuleNone creates an empty mapping source for the role

type User 

type User struct {
	ID                string          `json:"id,omitempty"`
	SourceUserID      string          `json:"source_user_id,omitempty"`
	Principal         string          `json:"principal,omitempty"`
	Source            string          `json:"source,omitempty"`
	FullName          string          `json:"full_name,omitempty"`
	Email             string          `json:"email,omitempty"`
	DistinguishedName string          `json:"distinguished_name,omitempty"`
	Created           string          `json:"created,omitempty"`
	Updated           string          `json:"updated,omitempty"`
	UpdatedBy         string          `json:"updated_by,omitempty"`
	Author            string          `json:"author,omitempty"`
	Comment           string          `json:"comment,omitempty"`
	GivenName         string          `json:"given_name,omitempty"`
	Job               string          `json:"job_title,omitempty"`
	Company           string          `json:"company,omitempty"`
	Department        string          `json:"department,omitempty"`
	Telephone         string          `json:"telephone,omitempty"`
	Locale            string          `json:"locale,omitempty"`
	StaleAccessToken  bool            `json:"stale_access_token,omitempty"`
	Permissions       []string        `json:"permissions,omitempty"`
	Tags              []string        `json:"tags"`
	MFA               MFA             `json:"mfa"`
	Roles             []Role          `json:"roles"`
	AuthorizedKeys    []AuthorizedKey `json:"authorized_keys,omitempty"`
}

User contains PrivX user information.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.