Documentation
¶
Overview ¶
Package models defines SCA API request and response types.
Index ¶
- Constants
- type AWSCredentials
- type CSP
- type ElevateAccessResult
- type ElevateRequest
- type ElevateResponse
- type ElevateTarget
- type ElevateTargetResult
- type EligibilityResponse
- type EligibleTarget
- type ErrorInfo
- type GroupsElevateRequest
- type GroupsElevateResponse
- type GroupsElevateTarget
- type GroupsElevateTargetResult
- type GroupsEligibilityResponse
- type GroupsEligibleTarget
- type RevocationResult
- type RevokeRequest
- type RevokeResponse
- type RoleInfo
- type SessionInfo
- type SessionTarget
- type SessionsResponse
- type WorkspaceType
Constants ¶
const ( RevocationSuccessful = "SUCCESSFULLY_REVOKED" RevocationInProgress = "REVOCATION_IN_PROGRESS" )
const ( // TargetTypeGroups indicates an Entra ID group membership session. TargetTypeGroups = "groups" // TargetTypeCloudConsole indicates a cloud console elevation session. TargetTypeCloudConsole = "cloud_console" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AWSCredentials ¶ added in v0.2.0
type AWSCredentials struct {
AccessKeyID string `json:"aws_access_key"`
SecretAccessKey string `json:"aws_secret_access_key"`
SessionToken string `json:"aws_session_token"`
}
AWSCredentials contains temporary AWS credentials returned by SCA elevation.
func ParseAWSCredentials ¶ added in v0.2.0
func ParseAWSCredentials(s string) (*AWSCredentials, error)
ParseAWSCredentials parses an accessCredentials JSON string into AWSCredentials.
type ElevateAccessResult ¶
type ElevateAccessResult struct {
CSP CSP `json:"csp"`
OrganizationID string `json:"organizationId"`
Results []ElevateTargetResult `json:"results"`
}
ElevateAccessResult contains the overall elevation response.
type ElevateRequest ¶
type ElevateRequest struct {
CSP CSP `json:"csp"`
OrganizationID string `json:"organizationId"`
Targets []ElevateTarget `json:"targets"`
}
ElevateRequest is the request body for POST /api/access/elevate.
type ElevateResponse ¶
type ElevateResponse struct {
Response ElevateAccessResult `json:"response"`
}
ElevateResponse is the response from POST /api/access/elevate.
type ElevateTarget ¶
type ElevateTarget struct {
WorkspaceID string `json:"workspaceId"`
RoleID string `json:"roleId,omitempty"`
RoleName string `json:"roleName,omitempty"`
}
ElevateTarget represents a single target for elevation.
type ElevateTargetResult ¶
type ElevateTargetResult struct {
WorkspaceID string `json:"workspaceId"`
RoleID string `json:"roleId"`
SessionID string `json:"sessionId"`
AccessCredentials *string `json:"accessCredentials"`
ErrorInfo *ErrorInfo `json:"errorInfo"`
}
ElevateTargetResult is the per-target result of an elevation request.
type EligibilityResponse ¶
type EligibilityResponse struct {
Response []EligibleTarget `json:"response"`
NextToken *string `json:"nextToken"`
Total int `json:"total"`
}
EligibilityResponse is the response from GET /api/access/{CSP}/eligibility.
type EligibleTarget ¶ added in v0.2.0
type EligibleTarget struct {
CSP CSP `json:"-"` // Set programmatically after fetch, not from API
OrganizationID string `json:"organizationId"`
WorkspaceID string `json:"workspaceId"`
WorkspaceName string `json:"workspaceName"`
WorkspaceType WorkspaceType `json:"workspaceType"`
RoleInfo RoleInfo `json:"roleInfo"`
}
EligibleTarget represents a cloud workspace target the user is eligible to elevate to.
func (*EligibleTarget) UnmarshalJSON ¶ added in v0.2.0
func (t *EligibleTarget) UnmarshalJSON(data []byte) error
UnmarshalJSON implements custom unmarshaling to handle both "roleInfo" (live API) and "role" (OpenAPI spec) field names.
type ErrorInfo ¶
type ErrorInfo struct {
Code string `json:"code"`
Message string `json:"message"`
Description string `json:"description"`
Link string `json:"link,omitempty"`
}
ErrorInfo describes the reason for an elevation failure.
type GroupsElevateRequest ¶ added in v0.3.0
type GroupsElevateRequest struct {
DirectoryID string `json:"directoryId"`
CSP CSP `json:"csp"`
Targets []GroupsElevateTarget `json:"targets"`
}
GroupsElevateRequest is the request body for POST /api/access/elevate/groups.
type GroupsElevateResponse ¶ added in v0.3.0
type GroupsElevateResponse struct {
DirectoryID string `json:"directoryId"`
CSP CSP `json:"csp"`
Results []GroupsElevateTargetResult `json:"results"`
}
GroupsElevateResponse is the inner response from POST /api/access/elevate/groups. Note: The wire format wraps this in a "response" key (same as cloud elevation).
type GroupsElevateTarget ¶ added in v0.3.0
type GroupsElevateTarget struct {
GroupID string `json:"groupId"`
}
GroupsElevateTarget represents a single group target for elevation.
type GroupsElevateTargetResult ¶ added in v0.3.0
type GroupsElevateTargetResult struct {
GroupID string `json:"groupId"`
SessionID string `json:"sessionId"`
ErrorInfo *ErrorInfo `json:"errorInfo"`
}
GroupsElevateTargetResult is the per-target result of a groups elevation request.
type GroupsEligibilityResponse ¶ added in v0.3.0
type GroupsEligibilityResponse struct {
Response []GroupsEligibleTarget `json:"response"`
NextToken *string `json:"nextToken"`
Total int `json:"total"`
}
GroupsEligibilityResponse is the response from GET /api/access/{CSP}/eligibility/groups.
type GroupsEligibleTarget ¶ added in v0.3.0
type GroupsEligibleTarget struct {
DirectoryID string `json:"directoryId"`
DirectoryName string `json:"-"` // Set programmatically from cloud eligibility cross-reference
GroupID string `json:"groupId"`
GroupName string `json:"groupName"`
}
GroupsEligibleTarget represents an Entra ID group the user is eligible to join.
type RevocationResult ¶ added in v0.3.0
type RevocationResult struct {
SessionID string `json:"sessionId"`
RevocationStatus string `json:"revocationStatus"`
}
RevocationResult represents the outcome of revoking a single session.
func (*RevocationResult) UnmarshalJSON ¶ added in v0.3.0
func (r *RevocationResult) UnmarshalJSON(data []byte) error
UnmarshalJSON implements custom unmarshaling to handle both camelCase (spec) and snake_case (live API) field names.
type RevokeRequest ¶ added in v0.3.0
type RevokeRequest struct {
SessionIDs []string `json:"sessionIds"`
}
RevokeRequest is the request body for POST /api/access/sessions/revoke.
type RevokeResponse ¶ added in v0.3.0
type RevokeResponse struct {
Response []RevocationResult `json:"response"`
}
RevokeResponse is the response from POST /api/access/sessions/revoke.
type SessionInfo ¶
type SessionInfo struct {
SessionID string `json:"session_id"`
UserID string `json:"user_id"`
CSP CSP `json:"csp"`
WorkspaceID string `json:"workspace_id"`
RoleID string `json:"role_id"`
SessionDuration int `json:"session_duration"`
Target *SessionTarget `json:"target,omitempty"`
}
SessionInfo represents an active elevated session. Note: The live SCA API uses snake_case field names, which differs from the OpenAPI spec's camelCase. The role_id field contains the role display name (e.g., "User Access Administrator"), not an ARM resource path. For group sessions, role_id is absent and Target.Type is "groups".
func (SessionInfo) IsGroupSession ¶ added in v0.3.0
func (s SessionInfo) IsGroupSession() bool
IsGroupSession returns true if this session is for Entra ID group membership.
type SessionTarget ¶ added in v0.3.0
SessionTarget identifies what a session is targeting (group or cloud console). Present on group sessions; may be absent on older cloud sessions.
type SessionsResponse ¶
type SessionsResponse struct {
Response []SessionInfo `json:"response"`
NextToken *string `json:"nextToken"`
Total int `json:"total"`
}
SessionsResponse is the response from GET /api/access/sessions.
type WorkspaceType ¶
type WorkspaceType string
WorkspaceType represents the type of cloud workspace.
const ( WorkspaceTypeResource WorkspaceType = "RESOURCE" WorkspaceTypeResourceGroup WorkspaceType = "RESOURCE_GROUP" WorkspaceTypeSubscription WorkspaceType = "SUBSCRIPTION" WorkspaceTypeManagementGroup WorkspaceType = "MANAGEMENT_GROUP" WorkspaceTypeDirectory WorkspaceType = "DIRECTORY" WorkspaceTypeAccount WorkspaceType = "account" // Lowercase per AWS API spec )
Source Files