Documentation
¶
Overview ¶
Package primitive contains definitions of the primitive types used in ag.
Index ¶
- Constants
- Variables
- type AuthMechanism
- type BaseCredential
- type BaseKeyring
- type BaseUser
- type Claim
- type ClaimType
- type Credential
- type CredentialV1
- type CredentialValue
- type Environment
- type KeyRevocationRevocationParams
- type KeyType
- type Keyring
- type KeyringMember
- type KeyringMemberClaim
- type KeyringMemberClaimReason
- type KeyringMemberKey
- type KeyringMemberRevocationParams
- type KeyringMemberRevocationType
- type KeyringMemberV1
- type KeyringV1
- type LoginPublicKey
- type MEKShare
- type Machine
- type MachineDestroyRevocationParams
- type MachineToken
- type MachineTokenDestroyRevocationParams
- type MasterKey
- type Membership
- type Org
- type OrgInvite
- type Policy
- type PolicyAction
- type PolicyAttachment
- type PolicyEffect
- type PolicyStatement
- type PrivateKey
- type PrivateKeyValue
- type Project
- type PublicKey
- type PublicKeyValue
- type Service
- type Signature
- type Team
- type TeamType
- type Token
- type TokenType
- type User
- type UserPassword
- type UserV1
Constants ¶
const ( OrgInvitePendingState = "pending" OrgInviteAssociatedState = "associated" OrgInviteAcceptedState = "accepted" OrgInviteApprovedState = "approved" )
Org Invitations exist in four states: pending, associated, accepted, and approved.
const ( MachineActiveState = "active" MachineDestroyedState = "destroyed" )
Machines can be in one of two states: active or destroyed
const ( MachineTokenActiveState = "active" MachineTokenDestroyedState = "destroyed" )
MachineTokens can be in one of two states: active or destroyed
const ( PolicyEffectAllow = true PolicyEffectDeny = false )
These are the two policy effect types
const ( PolicyActionCreate = 1 << iota PolicyActionRead PolicyActionUpdate PolicyActionDelete PolicyActionList )
These are all the possible PolicyActions
const ( AdminTeamName = "admin" OwnerTeamName = "owner" MemberTeamName = "member" MachineTeamName = "machine" )
Teams are used to represent a group of identities and their associated access control policies
const (
DerivableMachineTeamSymbol = 0x04
)
Team IDs for certain system teams can be derived based on their OrgID.
Variables ¶
var SystemTeams = map[string]int{ OwnerTeamName: 0, AdminTeamName: 1, MemberTeamName: 2, }
SystemTeams is an ordering of importance of system teams
Functions ¶
This section is empty.
Types ¶
type AuthMechanism ¶ added in v0.22.0
type AuthMechanism string
AuthMechanism represents the different authentication mechanisms used for granting Tokens of type AuthToken
const ( HMACAuth AuthMechanism = "hmac" EdDSAAuth AuthMechanism = "eddsa" UpgradeEdDSAAuth AuthMechanism = "upgrade-eddsa" )
Types of mechanisms used to authenticate a user or machine
type BaseCredential ¶ added in v0.11.0
type BaseCredential struct {
Credential *CredentialValue `json:"credential"`
KeyringID *identity.ID `json:"keyring_id"`
Name string `json:"name"`
Nonce *base64.Value `json:"nonce"`
OrgID *identity.ID `json:"org_id"`
PathExp *pathexp.PathExp `json:"pathexp"`
Previous *identity.ID `json:"previous"`
ProjectID *identity.ID `json:"project_id"`
CredentialVersion int `json:"version"`
}
BaseCredential is a secret value shared between a group of services based on users identity, operating environment, project, and organization
type BaseKeyring ¶ added in v0.12.0
type BaseKeyring struct {
Created time.Time `json:"created_at"`
OrgID *identity.ID `json:"org_id"`
PathExp *pathexp.PathExp `json:"pathexp"`
Previous *identity.ID `json:"previous"`
ProjectID *identity.ID `json:"project_id"`
KeyringVersion int `json:"version"`
// contains filtered or unexported fields
}
BaseKeyring is the shared structure between keyring schema versions.
type BaseUser ¶ added in v0.22.0
type BaseUser struct {
Username string `json:"username"`
Name string `json:"name"`
Email string `json:"email"`
State string `json:"state"`
Password *UserPassword `json:"password"`
Master *MasterKey `json:"master"`
// contains filtered or unexported fields
}
BaseUser represents the common properties shared between all user schema versions.
type Claim ¶
type Claim struct {
Created time.Time `json:"created_at"`
OrgID *identity.ID `json:"org_id"`
OwnerID *identity.ID `json:"owner_id"`
Previous *identity.ID `json:"previous"`
PublicKeyID *identity.ID `json:"public_key_id"`
ClaimType ClaimType `json:"type"`
// contains filtered or unexported fields
}
Claim is a signature or revocation claim against a public key.
type ClaimType ¶ added in v0.18.0
type ClaimType string
ClaimType is the enumeration of all claims that can be made against public keys.
type Credential ¶
type Credential struct {
BaseCredential
State *string `json:"state"`
// contains filtered or unexported fields
}
Credential is a secret value shared between a group of services based on users identity, operating environment, project, and organization
type CredentialV1 ¶ added in v0.11.0
type CredentialV1 struct {
BaseCredential
// contains filtered or unexported fields
}
CredentialV1 is a secret value shared between a group of services based on users identity, operating environment, project, and organization
type CredentialValue ¶
type CredentialValue struct {
Algorithm string `json:"alg"`
Nonce *base64.Value `json:"nonce"`
Value *base64.Value `json:"value"`
}
CredentialValue is the secretbox encrypted value of the containing Credential.
type Environment ¶
type Environment struct {
Name string `json:"name"`
OrgID *identity.ID `json:"org_id"`
ProjectID *identity.ID `json:"project_id"`
// contains filtered or unexported fields
}
Environment is an entity that represents a group of processes
type KeyRevocationRevocationParams ¶ added in v0.23.0
KeyRevocationRevocationParams holds details for a key_revocation revocation type.
type Keyring ¶
type Keyring struct {
BaseKeyring
// contains filtered or unexported fields
}
Keyring is a mechanism for sharing a shared secret between many different users and machines at a position in the credential path.
Credentials belong to Keyrings
func NewKeyring ¶ added in v0.10.0
NewKeyring returns a new v2 Keyring, with the created time set to now
type KeyringMember ¶
type KeyringMember struct {
Created time.Time `json:"created_at"`
EncryptingKeyID *identity.ID `json:"encrypting_key_id"`
KeyringID *identity.ID `json:"keyring_id"`
OrgID *identity.ID `json:"org_id"`
OwnerID *identity.ID `json:"owner_id"`
PublicKeyID *identity.ID `json:"public_key_id"`
// contains filtered or unexported fields
}
KeyringMember is a record of sharing a master secret key with a user or machine.
This is the v2 schema version, which has a detached mekshare so it can be revoked.
KeyringMember belongs to a Keyring
type KeyringMemberClaim ¶ added in v0.10.0
type KeyringMemberClaim struct {
OrgID *identity.ID `json:"org_id"`
KeyringID *identity.ID `json:"keyring_id"`
KeyringMemberID *identity.ID `json:"keyring_member_id"`
OwnerID *identity.ID `json:"owner_id"`
Previous *identity.ID `json:"previous"`
ClaimType ClaimType `json:"type"`
Reason *KeyringMemberClaimReason `json:"reason"`
Created time.Time `json:"created_at"`
// contains filtered or unexported fields
}
KeyringMemberClaim is a claim for a keyring member. Only revocation is supported as a claim type.
type KeyringMemberClaimReason ¶ added in v0.23.0
type KeyringMemberClaimReason struct {
Type KeyringMemberRevocationType `json:"type"`
Params KeyringMemberRevocationParams `json:"params"`
}
KeyringMemberClaimReason holds the type and optional details of the reason for a KeyringMember's revocation.
func (*KeyringMemberClaimReason) UnmarshalJSON ¶ added in v0.23.0
func (k *KeyringMemberClaimReason) UnmarshalJSON(b []byte) error
UnmarshalJSON implements the json.Unmarshaler interface.
type KeyringMemberKey ¶
type KeyringMemberKey struct {
Algorithm string `json:"alg"`
Nonce *base64.Value `json:"nonce"`
Value *base64.Value `json:"value"`
}
KeyringMemberKey is the keyring master encryption key, encrypted for the owner of a KeyringMember/MEKShare
type KeyringMemberRevocationParams ¶ added in v0.23.0
type KeyringMemberRevocationParams interface{}
KeyringMemberRevocationParams is the interface for holding additional details about a membership revocation, based on the reason type.
type KeyringMemberRevocationType ¶ added in v0.23.0
type KeyringMemberRevocationType byte
KeyringMemberRevocationType is the enumerated byte type of keyring membership revocation reasons.
const ( OrgRemovalRevocationType KeyringMemberRevocationType = iota KeyRevocationRevocationType MachineDestroyRevocationType MachineTokenDestroyRevocationType )
The keyring membership revocation reasons.
func (KeyringMemberRevocationType) MarshalText ¶ added in v0.23.0
func (k KeyringMemberRevocationType) MarshalText() ([]byte, error)
MarshalText implements the encoding.TextMarshaler interface, used for JSON marshaling.
func (KeyringMemberRevocationType) String ¶ added in v0.23.0
func (k KeyringMemberRevocationType) String() string
func (*KeyringMemberRevocationType) UnmarshalText ¶ added in v0.23.0
func (k *KeyringMemberRevocationType) UnmarshalText(b []byte) error
UnmarshalText implements the encoding.TextUnmarshaler interface, used for JSON unmarshaling.
type KeyringMemberV1 ¶ added in v0.10.0
type KeyringMemberV1 struct {
Created time.Time `json:"created_at"`
EncryptingKeyID *identity.ID `json:"encrypting_key_id"`
Key *KeyringMemberKey `json:"key"`
KeyringID *identity.ID `json:"keyring_id"`
OrgID *identity.ID `json:"org_id"`
OwnerID *identity.ID `json:"owner_id"`
ProjectID *identity.ID `json:"project_id"`
PublicKeyID *identity.ID `json:"public_key_id"`
// contains filtered or unexported fields
}
KeyringMemberV1 is a record of sharing a master secret key with a user or machine.
KeyringMember belongs to a Keyring
type KeyringV1 ¶ added in v0.10.0
type KeyringV1 struct {
BaseKeyring
// contains filtered or unexported fields
}
KeyringV1 is the old keyring format, without claims or mekshares.
type LoginPublicKey ¶ added in v0.22.0
type LoginPublicKey struct {
Alg string `json:"alg"`
Salt *base64.Value `json:"salt"`
Value *base64.Value `json:"value"`
}
LoginPublicKey represents the public component of a asymmetric key used to authenticate against the registry
type MEKShare ¶ added in v0.10.0
type MEKShare struct {
// contains filtered or unexported fields
}
MEKShare is a V2 KeyringMember's share of the keyring master encryption key.
type Machine ¶ added in v0.15.0
type Machine struct {
Name string `json:"name"`
OrgID *identity.ID `json:"org_id"`
CreatedBy *identity.ID `json:"created_by"`
Created time.Time `json:"created_at"`
DestroyedBy *identity.ID `json:"destroyed_by"`
Destroyed *time.Time `json:"destroyed_at"`
State string `json:"state"`
// contains filtered or unexported fields
}
Machine is an entity that represents a machine object
type MachineDestroyRevocationParams ¶ added in v0.23.0
MachineDestroyRevocationParams holds details for a machine_destroy revocation type.
type MachineToken ¶ added in v0.15.0
type MachineToken struct {
OrgID *identity.ID `json:"org_id"`
MachineID *identity.ID `json:"machine_id"`
PublicKey *LoginPublicKey `json:"public_key"`
Master *MasterKey `json:"master"`
CreatedBy *identity.ID `json:"created_by"`
Created time.Time `json:"created_at"`
DestroyedBy *identity.ID `json:"destroyed_by"`
Destroyed *time.Time `json:"destroyed_at"`
State string `json:"state"`
// contains filtered or unexported fields
}
MachineToken is an portion of the MachineSegment object
type MachineTokenDestroyRevocationParams ¶ added in v0.23.0
type MachineTokenDestroyRevocationParams struct {
MachineTokenID *identity.ID `json:"machine_token_id"`
}
MachineTokenDestroyRevocationParams holds details for a machine_token_destroy revocation type.
type Membership ¶
type Membership struct {
OrgID *identity.ID `json:"org_id"`
OwnerID *identity.ID `json:"owner_id"`
TeamID *identity.ID `json:"team_id"`
// contains filtered or unexported fields
}
Membership is an entity that represents whether a user or machine is a part of a team in an organization.
type Org ¶
type Org struct {
Name string `json:"name"`
// contains filtered or unexported fields
}
Org is a grouping of users that collaborate with each other
type OrgInvite ¶
type OrgInvite struct {
OrgID *identity.ID `json:"org_id"`
Email string `json:"email"`
InviterID *identity.ID `json:"inviter_id"`
InviteeID *identity.ID `json:"invitee_id"`
ApproverID *identity.ID `json:"approver_id"`
State string `json:"state"`
Code *struct {
Alg string `json:"alg"`
Salt *base64.Value `json:"salt"`
Value *base64.Value `json:"value"`
} `json:"code"`
PendingTeams []identity.ID `json:"pending_teams"`
Created *time.Time `json:"created_at"`
Accepted *time.Time `json:"accepted_at"`
Approved *time.Time `json:"approved_at"`
// contains filtered or unexported fields
}
OrgInvite is an invitation for an individual to join an organization
type Policy ¶
type Policy struct {
PolicyType string `json:"type"`
Previous *identity.ID `json:"previous"`
OrgID *identity.ID `json:"org_id"`
Policy struct {
Name string `json:"name"`
Description string `json:"description"`
Statements []PolicyStatement `json:"statements"`
} `json:"policy"`
// contains filtered or unexported fields
}
Policy is an entity that represents a group of statements for acl
type PolicyAction ¶ added in v0.8.0
type PolicyAction byte
PolicyAction represents the user actions that are covered by a statement.
func (*PolicyAction) MarshalJSON ¶ added in v0.8.0
func (pa *PolicyAction) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaler interface. A PolicyAction is encoded in JSON either the string representations of its actions in a list, or a single string when there is only one action.
func (*PolicyAction) ShortString ¶ added in v0.9.0
func (pa *PolicyAction) ShortString() string
ShortString displays a single character representation of each of the policy's actions.
func (*PolicyAction) String ¶ added in v0.8.0
func (pa *PolicyAction) String() string
func (*PolicyAction) UnmarshalJSON ¶ added in v0.8.0
func (pa *PolicyAction) UnmarshalJSON(b []byte) error
UnmarshalJSON implements the json.Unmarshaler interface.
type PolicyAttachment ¶
type PolicyAttachment struct {
OwnerID *identity.ID `json:"owner_id"`
PolicyID *identity.ID `json:"policy_id"`
OrgID *identity.ID `json:"org_id"`
// contains filtered or unexported fields
}
PolicyAttachment is an entity that represents the link between policies and teams
type PolicyEffect ¶ added in v0.8.0
type PolicyEffect bool
PolicyEffect is the effect type of the statement (allow or deny)
func (*PolicyEffect) MarshalText ¶ added in v0.8.0
func (pe *PolicyEffect) MarshalText() ([]byte, error)
MarshalText implements the encoding.TextMarshaler interface, used for JSON marshaling.
func (*PolicyEffect) String ¶ added in v0.8.0
func (pe *PolicyEffect) String() string
String returns a string representation of the PolicyEffect (allow or deny)
func (*PolicyEffect) UnmarshalText ¶ added in v0.8.0
func (pe *PolicyEffect) UnmarshalText(b []byte) error
UnmarshalText implements the encoding.TextUnmarshaler interface, used for JSON unmarshaling.
type PolicyStatement ¶
type PolicyStatement struct {
Effect PolicyEffect `json:"effect"`
Action PolicyAction `json:"action"`
Resource string `json:"resource"`
}
PolicyStatement is an acl statement on a policy object
type PrivateKey ¶
type PrivateKey struct {
Key PrivateKeyValue `json:"key"`
OrgID *identity.ID `json:"org_id"`
OwnerID *identity.ID `json:"owner_id"`
PNonce *base64.Value `json:"pnonce"`
PublicKeyID *identity.ID `json:"public_key_id"`
// contains filtered or unexported fields
}
PrivateKey is the private portion of an asymetric key.
type PrivateKeyValue ¶
PrivateKeyValue holds the encrypted value of the PrivateKey.
type Project ¶
type Project struct {
Name string `json:"name"`
OrgID *identity.ID `json:"org_id"`
// contains filtered or unexported fields
}
Project is an entity that represents a group of services
type PublicKey ¶
type PublicKey struct {
Algorithm string `json:"alg"`
Created time.Time `json:"created_at"`
Expires time.Time `json:"expires_at"`
Key PublicKeyValue `json:"key"`
OrgID *identity.ID `json:"org_id"`
OwnerID *identity.ID `json:"owner_id"`
KeyType KeyType `json:"type"`
// contains filtered or unexported fields
}
PublicKey is the public portion of an asymetric key.
type PublicKeyValue ¶
PublicKeyValue is the actual value of a PublicKey.
type Service ¶
type Service struct {
Name string `json:"name"`
OrgID *identity.ID `json:"org_id"`
ProjectID *identity.ID `json:"project_id"`
// contains filtered or unexported fields
}
Service is an entity that represents a group of processes
type Signature ¶
type Signature struct {
Algorithm string `json:"alg"`
PublicKeyID *identity.ID `json:"public_key_id"`
Value *base64.Value `json:"value"`
}
Signature is an immutable object, but not technically a payload. If PublicKeyID is nil, the signature is self-signed.
type Team ¶
type Team struct {
Name string `json:"name"`
OrgID *identity.ID `json:"org_id"`
TeamType TeamType `json:"type"`
// contains filtered or unexported fields
}
Team is an entity that represents a group of users
type TeamType ¶ added in v0.20.0
type TeamType string
TeamType is the type that holds the enumeration of possible team types.
type Token ¶ added in v0.22.0
type Token struct {
TokenType TokenType `json:"type"`
Token string `json:"token"`
OwnerID *identity.ID `json:"owner_id"`
Mechanism AuthMechanism `json:"mechanism"`
// contains filtered or unexported fields
}
Token is the body of a token object
type TokenType ¶ added in v0.22.0
type TokenType string
TokenType represents the different types of tokens
type User ¶
type User struct {
BaseUser
PublicKey *LoginPublicKey `json:"public_key"`
// contains filtered or unexported fields
}
User is the body of a user object
type UserPassword ¶
type UserPassword struct {
Salt string `json:"salt"`
Value *base64.Value `json:"value"`
Alg string `json:"alg"`
}
UserPassword is the body.password object for a user
Source Files