isp

package

v1.5.0 Latest Latest Go to latest Published: Sep 14, 2025 License: Apache-2.0 Imports: 11 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/cyberark/ark-sdk-golang

Links

Open Source Insights

Documentation ¶

Overview ¶

Package isp provides ISP (Identity Service Provider) client functionality for the ARK SDK.

This package contains the ArkISPServiceClient which handles authentication and service URL resolution for ISP-based services. It provides functionality to create clients, resolve service URLs based on tenant information, and manage JWT token-based authentication with cookie support.

Index ¶

func RefreshClient(client *common.ArkClient, ispAuth *auth.ArkISPAuth) error
type ArkISPServiceClient
- func FromISPAuth(ispAuth *auth.ArkISPAuth, serviceName string, separator string, ...) (*ArkISPServiceClient, error)
- func NewArkISPServiceClient(serviceName string, tenantSubdomain string, baseTenantURL string, ...) (*ArkISPServiceClient, error)
- func (client *ArkISPServiceClient) TenantEnv() commonmodels.AwsEnv
- func (client *ArkISPServiceClient) TenantID() (string, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func RefreshClient ¶

func RefreshClient(client *common.ArkClient, ispAuth *auth.ArkISPAuth) error

RefreshClient refreshes the ArkISPServiceClient with the latest authentication token and cookies.

This function updates an existing ArkClient with fresh authentication credentials by loading the latest authentication token from the provided ArkISPAuth instance. It updates both the authentication token and any associated cookies stored in the token metadata. The cookies are base64 decoded and applied to the client.

Parameters:

client: The ArkClient instance to refresh with new credentials
ispAuth: The ArkISPAuth instance to load fresh authentication from

Returns any error that occurred during authentication loading, token updating, or cookie processing. The function performs forced authentication refresh by passing true as the refresh parameter to LoadAuthentication.

Example:

err := RefreshClient(client.ArkClient, ispAuth)
if err != nil {
    return fmt.Errorf("failed to refresh client: %w", err)
}

Types ¶

type ArkISPServiceClient ¶

type ArkISPServiceClient struct {
	*common.ArkClient
	// contains filtered or unexported fields
}

ArkISPServiceClient is a struct that represents a client for the Ark ISP service.

This client extends the common ArkClient with ISP-specific functionality including tenant environment management and JWT token parsing for service URL resolution. It handles authentication headers, cookies, and maintains connection state for ISP-based services.

func FromISPAuth ¶

func FromISPAuth(ispAuth *auth.ArkISPAuth, serviceName string, separator string, basePath string, refreshConnectionCallback func(*common.ArkClient) error) (*ArkISPServiceClient, error)

FromISPAuth creates a new ArkISPServiceClient from an ArkISPAuth instance.

This function creates an ISP service client using authentication information from an existing ArkISPAuth instance. It extracts tenant environment information from the auth token's username or metadata, decodes and sets up cookies from the token metadata, and initializes the client with the appropriate configuration.

Parameters:

ispAuth: The ArkISPAuth instance containing authentication information and tokens
serviceName: The name of the service to connect to
separator: The separator character used in URL construction
basePath: Additional base path to append to the service URL
refreshConnectionCallback: Callback function for connection refresh operations

Returns a configured ArkISPServiceClient and any error that occurred during client creation, cookie unmarshaling, or service URL resolution.

Example:

client, err := FromISPAuth(
    ispAuth,
    "api",
    "-",
    "v1",
    refreshCallback,
)
if err != nil {
    return fmt.Errorf("failed to create client: %w", err)
}

func NewArkISPServiceClient ¶

func NewArkISPServiceClient(
	serviceName string,
	tenantSubdomain string,
	baseTenantURL string,
	tenantEnv commonmodels.AwsEnv,
	token string,
	authHeaderName string,
	separator string,
	basePath string,
	cookieJar *cookiejar.Jar,
	refreshConnectionCallback func(*common.ArkClient) error,
) (*ArkISPServiceClient, error)

NewArkISPServiceClient creates a new instance of ArkISPServiceClient.

This function initializes a new ISP service client with the provided configuration. It resolves the service URL based on the tenant information and JWT token, sets up the underlying ArkClient with appropriate headers, and configures authentication. If tenantEnv is empty, it attempts to resolve it from environment variables or defaults to production.

Parameters:

serviceName: The name of the service to connect to (e.g., "api", "portal")
tenantSubdomain: The tenant subdomain to use for URL construction
baseTenantURL: The base tenant URL to use if subdomain resolution fails
tenantEnv: The AWS environment (dev, staging, prod) - uses DEPLOY_ENV if empty
token: The JWT authentication token for the service
authHeaderName: The name of the authorization header (typically "Authorization")
separator: The separator character used between tenant and service name in URLs
basePath: Additional base path to append to the service URL
cookieJar: The cookie jar for maintaining session state
refreshConnectionCallback: Callback function to refresh the connection when needed

Returns a configured ArkISPServiceClient instance and any error that occurred during initialization, particularly from URL parsing or service URL resolution.

Example:

client, err := NewArkISPServiceClient(
    "api",
    "mytenant",
    "https://mytenant.cyberark.cloud",
    commonmodels.Prod,
    jwtToken,
    "Authorization",
    "-",
    "v1",
    cookieJar,
    refreshCallback,
)

func (*ArkISPServiceClient) TenantEnv ¶

func (client *ArkISPServiceClient) TenantEnv() commonmodels.AwsEnv

TenantEnv returns the tenant environment of the ArkISPServiceClient.

This method provides access to the AWS environment (dev, staging, prod) that was resolved during client initialization. The environment is determined from the JWT token, explicit parameter, or environment variables during client creation.

Returns the commonmodels.AwsEnv value representing the current tenant environment.

Example:

env := client.TenantEnv()
if env == commonmodels.Prod {
    // Handle production environment logic
}

func (*ArkISPServiceClient) TenantID ¶

func (client *ArkISPServiceClient) TenantID() (string, error)

TenantID returns the tenant ID from the JWT token of the ArkISPServiceClient.

This method extracts the tenant ID from the JWT token claims stored in the client. It parses the token without verification to access the tenant_id claim. The method requires a valid JWT token to be present in the client.

Returns the tenant ID as a string and any error that occurred during JWT token parsing. Returns an error if no token is available or if the token cannot be parsed. Note: This method performs type assertion on the tenant_id claim and may panic if the claim is not a string type.

Example:

tenantID, err := client.TenantID()
if err != nil {
    log.Printf("Failed to get tenant ID: %v", err)
    return
}
fmt.Printf("Current tenant: %s", tenantID)

Source Files ¶

View all Source files

ark_isp_service_client.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL