Documentation
¶
Index ¶
- Constants
- Variables
- func LogInjectGroups(ctx context.Context, groups []*Group) context.Context
- func LogInjectKey(ctx context.Context, key *Key) context.Context
- func LogInjectSystem(ctx context.Context, sys *System) context.Context
- func LogInjectTenant(ctx context.Context, tenant *Tenant) context.Context
- func NewIAMIdentifier(name string, tenantID string) string
- func ValidateAll(v ...Validator) error
- type AutoTimeModel
- type BaseLabel
- type Certificate
- type CertificatePurpose
- type CertificateState
- type Event
- type Group
- type ImportParams
- type JoinSystem
- type Key
- type KeyAccessData
- type KeyConfiguration
- type KeyLabel
- type KeyVersion
- type Keystore
- type KeystoreAccessData
- type KeystoreConfig
- type RequestCertArgs
- type System
- type SystemProperty
- type Tag
- type Tenant
- type TenantConfig
- type TenantRole
- type TenantStatus
- type Validator
- type Workflow
- type WorkflowApprover
- type WorkflowConfig
Constants ¶
View Source
const ( MaxIAMIdentifierLength = 128 MaxNameLength = 64 // ValidTextPattern is a pattern matching // alphanumeric, "_" and "-" ValidTextPattern = `^[a-zA-Z0-9 _-]+$` )
View Source
const ResourceID = "resource_id"
View Source
const WorkflowID = "workflow_id"
Variables ¶
View Source
var ( ErrInvalidIAMIdentifier = errors.New("invalid group IAMIdentifier") ErrInvalidName = errors.New("invalid group name") )
View Source
var (
ErrInvalidTenantRole = errors.New("tenant role is not valid")
)
View Source
var (
ErrInvalidTenantStatus = errors.New("tenant status is not valid")
)
View Source
var TenantTableName = "public.tenants"
Functions ¶
func NewIAMIdentifier ¶
func ValidateAll ¶
ValidateAll goes through the given validators and calls their Validate method. It stops and returns at the first error encountered, if any. If all validate successfully, it returns nil.
Types ¶
type AutoTimeModel ¶
type AutoTimeModel struct {
CreatedAt time.Time `gorm:"not null"`
UpdatedAt time.Time `gorm:"not null"`
}
func (*AutoTimeModel) BeforeCreate ¶
func (b *AutoTimeModel) BeforeCreate(_ *gorm.DB) error
BeforeCreate ensures timestamps are set before creating a record
func (*AutoTimeModel) BeforeUpdate ¶
func (b *AutoTimeModel) BeforeUpdate(_ *gorm.DB) error
BeforeUpdate ensures UpdatedAt is set before updating a record
type Certificate ¶
type Certificate struct {
ID uuid.UUID `gorm:"type:uuid;primaryKey"`
Fingerprint string `gorm:"type:text;not null"`
CommonName string `gorm:"type:varchar(64);not null"`
State CertificateState `gorm:"type:varchar(255)"`
Purpose CertificatePurpose `gorm:"type:varchar(255)"`
CreationDate time.Time `gorm:"not null"`
ExpirationDate time.Time `gorm:"not null"`
CertPEM string `gorm:"type:text"` // Base64 encoded PEM certificate
PrivateKeyPEM string `gorm:"type:text"` // Base64 encoded PEM private key
AutoRotate bool `gorm:"not null;default:true"`
SupersedesID *uuid.UUID `gorm:"foreignKey:CertificateID"`
}
func (Certificate) IsSharedModel ¶
func (Certificate) IsSharedModel() bool
func (Certificate) TableName ¶
func (Certificate) TableName() string
TableName returns the table name for Certificate
type CertificatePurpose ¶
type CertificatePurpose string
const ( CertificatePurposeGeneric CertificatePurpose = "GENERIC" CertificatePurposeTenantDefault CertificatePurpose = "TENANT_DEFAULT" CertificatePurposeKeystoreDefault CertificatePurpose = "KEYSTORE_DEFAULT" CertificatePurposeCrypto CertificatePurpose = "CRYPTO" )
type CertificateState ¶
type CertificateState string
const ( CertificateStateActive CertificateState = "ACTIVE" CertificateStateExpired CertificateState = "EXPIRED" )
type Event ¶
type Event struct {
AutoTimeModel
Identifier string `gorm:"type:varchar(255);primaryKey"`
Type string `gorm:"type:varchar(255);not null"`
Data json.RawMessage `gorm:"type:jsonb;not null"`
Status orbital.JobStatus `gorm:"type:varchar(255);not null"`
// PreviousItemStatus represents the state an item was before the event was sent
// This is used for cancel actions to recover an item to it's previous state
PreviousItemStatus string `gorm:"type:varchar(255)"`
}
Event is a model that holds the result of the latest sent events that terminated unsuccessfully
func (Event) IsSharedModel ¶
type Group ¶
type Group struct {
ID uuid.UUID `gorm:"type:uuid;primaryKey"`
Name string `gorm:"type:varchar(64);not null;unique"`
Description string `gorm:"type:text"`
Role constants.Role `gorm:"type:varchar(255);not null"`
IAMIdentifier string `gorm:"type:varchar(128);not null;unique"`
}
func (*Group) BeforeSave ¶
BeforeSave is ran before any creating/updating the group but before finishing the transaction If this step fails the transaction should be aborted
func (Group) IsSharedModel ¶
type ImportParams ¶
type ImportParams struct {
AutoTimeModel
KeyID uuid.UUID `gorm:"type:uuid;primaryKey"`
WrappingAlg string `gorm:"type:varchar(50);not null"`
HashFunction string `gorm:"type:varchar(50);not null"`
PublicKeyPEM string `gorm:"type:text;not null"`
Expires *time.Time
ProviderParameters json.RawMessage `gorm:"type:jsonb"`
}
ImportParams represents the parameters for a Bring Your Own Key (BYOK) configuration.
func (ImportParams) IsExpired ¶
func (b ImportParams) IsExpired() bool
IsExpired checks if the ImportParams has expired based on the Expires field.
func (ImportParams) IsSharedModel ¶
func (ImportParams) IsSharedModel() bool
func (ImportParams) TableName ¶
func (ImportParams) TableName() string
TableName returns the table name for ImportParams
type JoinSystem ¶
type Key ¶
type Key struct {
AutoTimeModel
ID uuid.UUID `gorm:"type:uuid;primaryKey"`
KeyConfigurationID uuid.UUID `gorm:"type:uuid;not null;uniqueindex:keyname,priority:1"`
Name string `gorm:"type:varchar(255);not null;uniqueindex:keyname,priority:2"`
KeyType string `gorm:"type:varchar(50);not null"`
Description string `gorm:"type:text"`
Algorithm string `gorm:"type:varchar(50);not null"`
Provider string `gorm:"type:varchar(50);not null"`
Region string `gorm:"type:varchar(50);not null"`
State string `gorm:"type:varchar(50);not null;default:'ENABLED'"`
KeyVersions []KeyVersion `gorm:"foreignKey:KeyID"`
ImportParams *ImportParams `gorm:"foreignKey:KeyID;references:ID;constraint:OnDelete:CASCADE"`
NativeID *string `gorm:"type:varchar(255)"`
KeyLabels []KeyLabel `gorm:"foreignKey:ResourceID"`
LastUsed *time.Time
ManagementAccessData json.RawMessage `gorm:"type:jsonb"`
CryptoAccessData json.RawMessage `gorm:"type:jsonb"`
IsPrimary bool `gorm:"type:bool"`
}
func (*Key) GetCryptoAccessData ¶
func (k *Key) GetCryptoAccessData() KeyAccessData
func (*Key) GetManagementAccessData ¶
func (Key) IsSharedModel ¶
func (Key) MaxVersion ¶
func (*Key) SetCryptoAccessData ¶
func (k *Key) SetCryptoAccessData(data KeyAccessData) error
func (Key) Version ¶
func (k Key) Version() *KeyVersion
type KeyAccessData ¶
type KeyConfiguration ¶
type KeyConfiguration struct {
AutoTimeModel
ID uuid.UUID `gorm:"type:uuid;primaryKey"`
Name string `gorm:"type:varchar(255);not null;unique"`
Description string `gorm:"type:text"`
AdminGroupID uuid.UUID `gorm:"type:uuid;not null"`
AdminGroup Group `gorm:"foreignKey:AdminGroupID"`
CreatorID string `gorm:"type:varchar(255);not null"`
CreatorName string `gorm:"type:varchar(255);not null"`
PrimaryKeyID *uuid.UUID
TotalKeys int `gorm:"->;-:migration"`
TotalSystems int `gorm:"->;-:migration"`
}
KeyConfiguration represents a key configuration in the database.
func (KeyConfiguration) IsSharedModel ¶
func (KeyConfiguration) IsSharedModel() bool
func (*KeyConfiguration) SetID ¶
func (kc *KeyConfiguration) SetID(id uuid.UUID)
func (KeyConfiguration) TableName ¶
func (KeyConfiguration) TableName() string
TableName returns the table name for KeyConfiguration
type KeyLabel ¶
type KeyLabel struct {
BaseLabel
AutoTimeModel
CryptoKey Key `gorm:"foreignKey:ResourceID"`
}
func (KeyLabel) IsSharedModel ¶
type KeyVersion ¶
type KeyVersion struct {
AutoTimeModel
ExternalID string `gorm:"type:varchar(255);primaryKey"`
NativeID *string `gorm:"type:varchar(255)"`
KeyID uuid.UUID `gorm:"type:uuid;not null;uniqueindex:key_version,priority:1"`
Key Key `gorm:"foreignKey:KeyID;association_foreignkey:ID"`
Version int `gorm:"not null;default:0;uniqueindex:key_version,priority:2"`
IsPrimary bool `gorm:"not null;default:false"`
}
KeyVersion represents a version of a key in the database.
func (KeyVersion) IsSharedModel ¶
func (KeyVersion) IsSharedModel() bool
func (KeyVersion) TableName ¶
func (KeyVersion) TableName() string
TableName returns the table name for KeyVersion
type Keystore ¶
type Keystore struct {
AutoTimeModel
ID uuid.UUID `gorm:"type:uuid;primaryKey"`
Provider string `gorm:"type:varchar(50);not null"`
Config json.RawMessage `gorm:"type:jsonb;not null;unique"`
}
Keystore is an internal entity of pool item that should be persisted.
func (Keystore) IsSharedModel ¶
type KeystoreAccessData ¶
type KeystoreConfig ¶
type KeystoreConfig struct {
LocalityID string `yaml:"localityId" json:"localityId"`
CommonName string `yaml:"commonName" json:"commonName"`
ManagementAccessData KeystoreAccessData `yaml:"managementAccessData" json:"managementAccessData"`
SupportedRegions []config.Region `yaml:"supportedRegions" json:"supportedRegions"`
// contains filtered or unexported fields
}
type RequestCertArgs ¶
type RequestCertArgs struct {
CertPurpose CertificatePurpose
Supersedes *uuid.UUID
CommonName string
Locality []string
}
type System ¶
type System struct {
ID uuid.UUID `gorm:"type:uuid;primaryKey"`
Identifier string `gorm:"type:varchar(255);not null;uniqueindex:region_sys,priority:2"`
Region string `gorm:"type:varchar(50);not null;uniqueindex:region_sys,priority:1"`
Type string `gorm:"type:varchar(50);not null"`
KeyConfigurationID *uuid.UUID `gorm:"type:uuid"`
KeyConfigurationName *string `gorm:"->;-:migration"`
Properties map[string]string `gorm:"-:all"`
// Status can be 'CONNECTED', 'DISCONNECTED', 'FAILED', or 'PROCESSING'
Status cmkapi.SystemStatus `gorm:"type:varchar(50);default:'DISCONNECTED'"`
}
func (*System) AfterSave ¶
AfterSave is ran before any creating/updating the system but before finishing the transaction If this step fails the transaction should be aborted
func (*System) BeforeDelete ¶
BeforeDelete is ran before deleting the system but before finishing the transaction If this step fails the transaction should be aborted
func (System) IsSharedModel ¶
type SystemProperty ¶
type SystemProperty struct {
ID uuid.UUID `gorm:"type:uuid;primaryKey"`
Key string `gorm:"type:varchar(255);primaryKey"`
Value string `gorm:"type:varchar(255)"`
}
func (SystemProperty) IsSharedModel ¶
func (SystemProperty) IsSharedModel() bool
func (SystemProperty) TableName ¶
func (SystemProperty) TableName() string
type Tag ¶
type Tag struct {
ID uuid.UUID `gorm:"type:uuid;primaryKey"` // ID of the Item
Values json.RawMessage `gorm:"type:jsonb"`
}
func (Tag) IsSharedModel ¶
type Tenant ¶
type Tenant struct {
multitenancy.TenantModel
ID string `gorm:"type:varchar(255);not null;unique"`
Region string `gorm:"type:varchar(50);not null"`
Status TenantStatus `gorm:"type:varchar(50);not null"`
OwnerType string `gorm:"type:varchar(50);not null;default:''"`
OwnerID string `gorm:"type:varchar(255);not null;default:''"`
IssuerURL string `gorm:"type:varchar(255);not null;default:''"`
Role TenantRole `gorm:"type:varchar(50);not null;default:''"`
}
func (Tenant) IsSharedModel ¶
type TenantConfig ¶
type TenantConfig struct {
Key string `gorm:"type:varchar(255);primaryKey"`
Value json.RawMessage `gorm:"type:jsonb;not null"`
}
TenantConfig represents a key in the database.
func (TenantConfig) IsSharedModel ¶
func (TenantConfig) IsSharedModel() bool
func (TenantConfig) TableName ¶
func (TenantConfig) TableName() string
TableName returns the table name for Key
type TenantRole ¶
type TenantRole string
TenantRole represents the role of the tenant.
func (TenantRole) Validate ¶
func (s TenantRole) Validate() error
Validate validates the given role of the tenant. Returns an error if the status is invalid.
type TenantStatus ¶
type TenantStatus string
TenantStatus represents the status of the tenant.
func (TenantStatus) Validate ¶
func (s TenantStatus) Validate() error
Validate validates the given status of the tenant. Returns an error if the status is invalid.
type Validator ¶
type Validator interface {
Validate() error
}
Validator defines the methods for validation.
type Workflow ¶
type Workflow struct {
AutoTimeModel
ID uuid.UUID `gorm:"type:uuid;primaryKey"`
State string `gorm:"type:varchar(50);not null"`
InitiatorID string `gorm:"type:varchar(255);not null"`
InitiatorName string `gorm:"type:varchar(255);not null"`
Approvers []WorkflowApprover `gorm:"foreignKey:WorkflowID"`
ApproverGroupIDs json.RawMessage `gorm:"type:jsonb"`
ArtifactType string `gorm:"type:varchar(50);not null"`
ArtifactID uuid.UUID `gorm:"type:uuid;not null"`
ArtifactName *string `gorm:"type:varchar(255)"` // Currently a snapshot at time of creation
ActionType string `gorm:"type:varchar(50);not null"`
Parameters string `gorm:"type:text"`
ParametersResourceName *string `gorm:"type:varchar(255)"`
ParametersResourceType *string `gorm:"type:varchar(50)"`
FailureReason string `gorm:"type:text"`
ExpiryDate *time.Time
}
Workflow is an action on a data model (artifact) and can be read as <Artifact><ActionType> Artifact type is the type of item, identified by ArtifactID and ActionType the executed action Parameters will have different values depending on the ActionType. Check API Yaml for possible Parameters
e.g. of a workflow System Link
func (Workflow) Description ¶
Description generates a human-readable description of the workflow based on its action type
func (Workflow) GetArtifactName ¶
GetArtifactName returns the artifact name or a default value if nil
func (Workflow) IsSharedModel ¶
type WorkflowApprover ¶
type WorkflowApprover struct {
WorkflowID uuid.UUID `gorm:"type:uuid;primaryKey"`
UserID string `gorm:"type:varchar(255);primaryKey"`
UserName string `gorm:"type:varchar(255);not null"`
Workflow Workflow `gorm:"foreignKey:WorkflowID"`
Approved sql.NullBool `gorm:"default:null"`
}
func (WorkflowApprover) IsSharedModel ¶
func (w WorkflowApprover) IsSharedModel() bool
func (WorkflowApprover) TableName ¶
func (w WorkflowApprover) TableName() string
type WorkflowConfig ¶
type WorkflowConfig struct {
// Enabled determines if workflows are enabled in controllers
Enabled bool
// MinimumApprovals is the minimum number of approvals required for a workflow
MinimumApprovals int
// RetentionPeriodDays is the number of days to retain workflow data
RetentionPeriodDays int
// DefaultExpiryPeriodDays is the default number of days after which pending workflows will expire
DefaultExpiryPeriodDays int
// MaxExpiryPeriodDays is the maximum settable value for the expiry period
MaxExpiryPeriodDays int
}
Source Files
Click to show internal directories.
Click to hide internal directories.