db

package
v2.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 18, 2026 License: Apache-2.0 Imports: 47 Imported by: 1

Documentation

Index

Constants

View Source 
const (
	FieldApiSessionCertificateApiSession  = "apiSession"
	FieldApiSessionCertificateSubject     = "subject"
	FieldApiSessionCertificateFingerprint = "fingerprint"
	FieldApiSessionCertificateValidAfter  = "validAfter"
	FieldApiSessionCertificateValidBefore = "validBefore"
	FieldApiSessionCertificatePem         = "pem"
)
View Source 
const (
	FieldApiSessionIdentity                = "identity"
	FieldApiSessionToken                   = "token"
	FieldApiSessionConfigTypes             = "configTypes"
	FieldApiSessionIPAddress               = "ipAddress"
	FieldApiSessionTotpComplete            = "mfaComplete" //"mfa" is a hold over from when TOTP was the only factor
	FieldApiSessionTotpRequired            = "mfaRequired"
	FieldApiSessionLastActivityAt          = "lastActivityAt"
	FieldApiSessionAuthenticator           = "authenticator"
	FieldApiSessionIsCertExtendable        = "isCertExtendable"
	FieldApiSessionImproperClientCertChain = "improperClientCertChain"

	EventFullyAuthenticated events.EventName = "FULLY_AUTHENTICATED"

	EventualEventApiSessionDelete = "ApiSessionDelete"
)
View Source 
const (
	DefaultUpdbMinPasswordLength = int64(5)
	DefaultUpdbMaxAttempts       = int64(5)
	DefaultAuthPolicyId          = "default"

	UpdbIndefiniteLockout      = int64(0)
	UpdbUnlimitedAttemptsLimit = int64(0)

	FieldAuthPolicyPrimaryCertAllowed           = "primary.cert.allowed"
	FieldAuthPolicyPrimaryCertAllowExpiredCerts = "primary.cert.allowExpiredCerts"

	FieldAuthPolicyPrimaryUpdbAllowed                = "primary.updb.allowed"
	FiledAuthPolicyPrimaryUpdbMinPasswordLength      = "primary.updb.minPasswordLength"
	FieldAuthPolicyPrimaryUpdbRequireSpecialChar     = "primary.updb.requireSpecialChar"
	FieldAuthPolicyPrimaryUpdbRequireNumberChar      = "primary.updb.requireNumberChar"
	FieldAuthPolicyPrimaryUpdbRequireMixedCase       = "primary.updb.requireMixedCase"
	FieldAuthPolicyPrimaryUpdbMaxAttempts            = "primary.updb.maxAttempts"
	FieldAuthPolicyPrimaryUpdbLockoutDurationMinutes = "primary.updb.lockoutDurationMinutes"

	FieldAuthPolicyPrimaryExtJwtAllowed        = "primary.extJwt.allowed"
	FieldAuthPolicyPrimaryExtJwtAllowedSigners = "primary.extJwt.allowedSigners"

	FieldAuthSecondaryPolicyRequireTotp          = "secondary.requireTotp"
	FieldAuthSecondaryPolicyRequiredExtJwtSigner = "secondary.requireExtJwtSigner"
)
View Source 
const (
	FieldAuthenticatorMethod   = "method"
	FieldAuthenticatorIdentity = "identity"

	FieldAuthenticatorCertFingerprint            = "certFingerprint"
	FieldAuthenticatorCertPem                    = "certPem"
	FieldAuthenticatorCertIsIssuedByNetwork      = "isIssuedByNetwork"
	FieldAuthenticatorCertIsExtendRequested      = "isExtendRequested"
	FieldAuthenticatorCertIsKeyRollRequested     = "isKeyRollRequested"
	FieldAuthenticatorCertExtendRequestedAt      = "extendRequestedAt"
	FieldAuthenticatorCertPublicKeyPrint         = "publicKeyPrint"
	FieldAuthenticatorCertLastAuthResolvedToRoot = "lastAuthResolvedToRoot"
	FieldAuthenticatorCertLastExtendRolledKeys   = "lastExtendRolledKeys"

	FieldAuthenticatorUnverifiedCertPem         = "unverifiedCertPem"
	FieldAuthenticatorUnverifiedCertFingerprint = "unverifiedCertFingerprint"

	FieldAuthenticatorUpdbUsername = "updbUsername"
	FieldAuthenticatorUpdbPassword = "updbPassword"
	FieldAuthenticatorUpdbSalt     = "updbSalt"

	MethodAuthenticatorUpdb = "updb"
	MethodAuthenticatorCert = "cert"
	// MethodAuthenticatorCertCaExternalId represents authentication with a certificate that isn't directly
	// registered with an authenticator. Instead, it uses `externalId` values on identities and matches them to a
	// "x509 claim" (custom values stuffed into SANs or other x509 properties). This type will never actually
	// be stored for persistence and is defined here for as tobe near the other authenticator methods.
	MethodAuthenticatorCertCaExternalId = "certCaExternalId"
)
View Source 
const (
	EntityTypeApiSessions               = "apiSessions"
	EntityTypeApiSessionCertificates    = "apiSessionCertificates"
	EntityTypeAuthPolicies              = "authPolicies"
	EntityTypeEventualEvents            = "eventualEvents"
	EntityTypeCas                       = "cas"
	EntityTypeConfigs                   = "configs"
	EntityTypeConfigTypes               = "configTypes"
	EntityTypeControllers               = "controllers"
	EntityTypeEdgeRouterPolicies        = "edgeRouterPolicies"
	EntityTypeExternalJwtSigners        = "externalJwtSigners"
	EntityTypeIdentities                = "identities"
	EntityTypeIdentityTypes             = "identityTypes"
	EntityTypeMfas                      = "mfas"
	EntityTypeRevocations               = "revocations"
	EntityTypeServicePolicies           = "servicePolicies"
	EntityTypeServiceEdgeRouterPolicies = "serviceEdgeRouterPolicies"
	EntityTypeSessions                  = "sessions"
	EntityTypeSessionCerts              = "sessionCerts"
	EntityTypeEnrollments               = "enrollments"
	EntityTypeAuthenticators            = "authenticators"
	EntityTypePostureChecks             = "postureChecks"
	EntityTypePostureCheckTypes         = "postureCheckTypes"
	EdgeBucket                          = "edge"

	FieldName           = "name"
	FieldSemantic       = "semantic"
	FieldRoleAttributes = "roleAttributes"

	FieldEdgeRouterRoles   = "edgeRouterRoles"
	FieldIdentityRoles     = "identityRoles"
	FieldServiceRoles      = "serviceRoles"
	FieldPostureCheckRoles = "postureCheckRoles"

	SemanticAllOf = "AllOf"
	SemanticAnyOf = "AnyOf"
)
View Source 
const (
	FieldCaFingerprint                    = "fingerprint"
	FieldCaCertPem                        = "certPem"
	FieldCaIsVerified                     = "isVerified"
	FieldCaVerificationToken              = "verificationToken"
	FieldCaIsAutoCaEnrollmentEnabled      = "isAutoCaEnrollmentEnabled"
	FieldCaIsOttCaEnrollmentEnabled       = "isOttCaEnrollmentEnabled"
	FieldCaIsAuthEnabled                  = "isAuthEnabled"
	FieldCaIdentityNameFormat             = "identityNameFormat"
	FieldCaEnrollments                    = "enrollments"
	FieldCaExternalIdClaim                = "externalIdClaim"
	FieldCaExternalIdClaimLocation        = "externalIdClaim.location"
	FieldCaExternalIdClaimIndex           = "externalIdClaim.index"
	FieldCaExternalIdClaimMatcher         = "externalIdClaim.matcher"
	FieldCaExternalIdClaimMatcherCriteria = "externalIdClaim.matcherCriteria"
	FieldCaExternalIdClaimParser          = "externalIdClaim.parser"
	FieldCaExternalIdClaimParserCriteria  = "externalIdClaim.parserSeparator"
)
View Source 
const (
	ExternalIdClaimLocCommonName = "COMMON_NAME"
	ExternalIdClaimLocSanUri     = "SAN_URI"
	ExternalIdClaimLocSanEmail   = "SAN_EMAIL"

	ExternalIdClaimMatcherAll    = "ALL"
	ExternalIdClaimMatcherSuffix = "SUFFIX"
	ExternalIdClaimMatcherPrefix = "PREFIX"
	ExternalIdClaimMatcherScheme = "SCHEME"

	ExternalIdClaimParserNone  = "NONE"
	ExternalIdClaimParserSplit = "SPLIT"
)
View Source 
const (
	FieldConfigData            = "data"
	FieldConfigType            = "type"
	FieldConfigIdentityService = "identityServices"
)
View Source 
const (
	FieldControllerCtrlAddress       = "ctrlAddress"
	FieldControllerCertPem           = "certPem"
	FieldControllerFingerprint       = "fingerprint"
	FieldControllerIsOnline          = "isOnline"
	FieldControllerLastJoinedAt      = "lastJoinedAt"
	FieldControllerApiAddresses      = "apiAddresses"
	FieldControllerApiAddressVersion = "apiAddresses.version"
	FieldControllerApiAddressUrl     = "apiAddresses.url"
	FieldControllerIsPreferredLeader = "isPreferredLeader"
)
View Source 
const (
	RootBucket     = "ziti"
	MetadataBucket = "metadata"
	FieldRaftIndex = "raftIndex"
	FieldClusterId = "clusterId"

	AppEnvKey = appEnvKey("AppEnvKey")
)
View Source 
const (
	FieldEdgeRouters                     = "edgeRouters"
	FieldEdgeRouterCertPEM               = "certPem"
	FieldEdgeRouterUnverifiedCertPEM     = "unverifiedCertPem"
	FieldEdgeRouterUnverifiedFingerprint = "unverifiedFingerprint"
	FieldEdgeRouterIsVerified            = "isVerified"
	FieldEdgeRouterIsTunnelerEnabled     = "isTunnelerEnabled"
	FieldEdgeRouterAppData               = "appData"
)
View Source 
const (
	FieldEdgeServiceDialIdentities = "dialIdentities"
	FieldEdgeServiceBindIdentities = "bindIdentities"
	FieldServiceEncryptionRequired = "encryptionRequired"
	FieldServiceIdentityService    = "identityServices"
)
View Source 
const (
	FieldEnrollmentToken     = "token"
	FieldEnrollmentMethod    = "method"
	FieldEnrollIdentity      = "identity"
	FieldEnrollEdgeRouter    = "edgeRouter"
	FieldEnrollTransitRouter = "transitRouter"
	FieldEnrollmentExpiresAt = "expiresAt"
	FieldEnrollmentIssuedAt  = "issuedAt"
	FieldEnrollmentCaId      = "caId"
	FieldEnrollmentUsername  = "username"
	FieldEnrollmentJwt       = "jwt"

	MethodEnrollOtt   = "ott"
	MethodEnrollOttCa = "ottca"
	MethodEnrollCa    = "ca"
	MethodEnrollToken = "token"
	MethodEnrollUpdb  = "updb"
)
View Source 
const (
	FieldEventualEventType = "type"
	FieldEventualEventData = "data"
)
View Source 
const (
	// EventualEventAddedName is emitted when a new event is added via AddEventualEvent().
	//
	// Event arguments:
	//	0 - an EventualEventAdded struct
	EventualEventAddedName = events.EventName("EventualEventAdded")

	// EventualEventRemovedName is emitted when a previously added eventual event is processed
	//
	// Event arguments:
	//	0 - an EventualEventRemoved struct
	EventualEventRemovedName = events.EventName("EventualEventRemoved")

	// EventualEventProcessingStartName is emitted as the first action during processing
	// Event arguments:
	//	0 - an EventualEventProcessingStart struct
	EventualEventProcessingStartName = events.EventName("EventualEventProcessingStart")

	// EventualEventProcessingBatchStartName is emitted as the first set of events are processed
	// after EventualEventProcessingStartName. It is possible for 0+ batches to be processed. Each
	// patch should contain 1+ events.
	//
	// Event arguments:
	//	0 - an EventualEventProcessingBatchStart struct
	EventualEventProcessingBatchStartName = events.EventName("EventualEventProcessingBatchStart")

	// EventualEventProcessingListenerStartName is emitted for each function listener invoked
	// on each event.
	//
	// Event arguments:
	//	0 - an EventualEventProcessingListenerStart struct
	EventualEventProcessingListenerStartName = events.EventName("EventualEventProcessingListenerStart")

	// EventualEventProcessingListenerDoneName is emitted for each function listener after invocation
	//
	// Event arguments:
	//	0 - an EventualEventProcessingListenerDone struct
	EventualEventProcessingListenerDoneName = events.EventName("EventualEventProcessingListenerDone")

	// EventualEventProcessingBatchDoneName is emitted after the last event processed in a batch.
	//
	// Event arguments:
	//	0 - an EventualEventProcessingBatchDone struct
	EventualEventProcessingBatchDoneName = events.EventName("EventualEventProcessingBatchDone")

	// EventualEventProcessingDoneName is emitted as the last action during processing after
	// all events and batches.
	//
	// Event arguments:
	//	0 - an EventualEventProcessingDone struct
	EventualEventProcessingDoneName = events.EventName("EventualEventProcessingDone")
)
View Source 
const (
	FieldExternalJwtSignerFingerprint                   = "fingerprint"
	FieldExternalJwtSignerCertPem                       = "certPem"
	FieldExternalJwtSignerJwksEndpoint                  = "jwksEndpoint"
	FieldExternalJwtSignerCommonName                    = "commonName"
	FieldExternalJwtSignerNotAfter                      = "notAfter"
	FieldExternalJwtSignerNotBefore                     = "notBefore"
	FieldExternalJwtSignerEnabled                       = "enabled"
	FieldExternalJwtSignerExternalAuthUrl               = "externalAuthUrl"
	FieldExternalJwtSignerAuthPolicies                  = "authPolicies"
	FieldExternalJwtSignerIdentityIdClaimSelector       = "claimsProperty"
	FieldExternalJwtSignerUseExternalId                 = "useExternalId"
	FieldExternalJwtSignerKid                           = "kid"
	FieldExternalJwtSignerIssuer                        = "issuer"
	FieldExternalJwtSignerAudience                      = "audience"
	FieldExternalJwtSignerClientId                      = "clientId"
	FieldExternalJwtSignerScopes                        = "scopes"
	FieldExternalJwtSignerTargetToken                   = "targetToken"
	FieldExternalJwtSignerEnrollmentToCertEnabled       = "enrollToCertEnabled"
	FieldExternalJwtSignerEnrollToTokenEnabled          = "enrollToTokenEnabled"
	FieldExternalJwtSignerEnrollAttributeClaimsSelector = "enrollAttributeClaimsSelector"
	FieldExternalJwtSignerEnrollNameClaimsSelector      = "enrollNameClaimsSelector"
	FieldExternalJwtSignerEnrollAuthPolicyId            = "enrollAuthPolicyId"

	DefaultIdentityIdClaimsSelector        = "/sub"
	DefaultEnrollIdentityNameClaimSelector = "/sub"

	TargetTokenAccess = "ACCESS"
)
View Source 
const (
	FieldIdentityType           = "type"
	FieldIdentityIsDefaultAdmin = "isDefaultAdmin"
	FieldIdentityIsAdmin        = "isAdmin"
	FieldIdentityEnrollments    = "enrollments"
	FieldIdentityAuthenticators = "authenticators"
	FieldIdentityServiceConfigs = "serviceConfigs"

	FieldIdentityEnvInfoArch       = "envInfoArch"
	FieldIdentityEnvInfoOs         = "envInfoOs"
	FieldIdentityEnvInfoOsRelease  = "envInfoRelease"
	FieldIdentityEnvInfoOsVersion  = "envInfoVersion"
	FieldIdentityEnvInfoDomain     = "envInfoDomain"
	FieldIdentityEnvInfoHostname   = "envInfoHostname"
	FieldIdentitySdkInfoBranch     = "sdkInfoBranch"
	FieldIdentitySdkInfoRevision   = "sdkInfoRevision"
	FieldIdentitySdkInfoType       = "sdkInfoType"
	FieldIdentitySdkInfoVersion    = "sdkInfoVersion"
	FieldIdentitySdkInfoAppId      = "sdkInfoAppId"
	FieldIdentitySdkInfoAppVersion = "sdkInfoAppVersion"

	FieldIdentityBindServices              = "bindServices"
	FieldIdentityDialServices              = "dialServices"
	FieldIdentityDefaultHostingPrecedence  = "defaultHostingPrecedence"
	FieldIdentityDefaultHostingCost        = "defaultHostingCost"
	FieldIdentityServiceHostingPrecedences = "serviceHostingPrecedences"
	FieldIdentityServiceHostingCosts       = "serviceHostingCosts"
	FieldIdentityAppData                   = "appData"
	FieldIdentityAuthPolicyId              = "authPolicyId"
	FieldIdentityExternalId                = "externalId"
	FieldIdentityDisabledAt                = "disabledAt"
	FieldIdentityDisabledUntil             = "disabledUntil"
	FieldIdentityPermissions               = "permissions"
)
View Source 
const (
	RouterIdentityType  = "Router"
	DefaultIdentityType = "Default"
)
View Source 
const (
	FieldInterfaces               = "interfaces"
	FieldInterfaceHardwareAddress = "addr"
	FieldInterfaceMtu             = "mtu"
	FieldInterfaceIndex           = "index"
	FieldInterfaceFlags           = "flags"
	FieldInterfaceAddresses       = "addrs"
)
View Source 
const (
	FieldMfaIdentity      = "identity"
	FieldMfaIsVerified    = "isVerified"
	FieldMfaRecoveryCodes = "recoveryCodes"
	FieldMfaSecret        = "secret"
	FieldMfaSalt          = "salt"
)
View Source 
const (
	CurrentDbVersion = 44
	FieldVersion     = "version"
)
View Source 
const (
	FieldPostureCheckMfaTimeoutSeconds        = "timeoutSeconds"
	FieldPostureCheckMfaPromptOnWake          = "promptOnWake"
	FieldPostureCheckMfaPromptOnUnlock        = "promptOnUnlock"
	FieldPostureCheckMfaIgnoreLegacyEndpoints = "ignoreLegacyEndpoints"
)
View Source 
const (
	FieldPostureCheckOsType     = "osType"
	FieldPostureCheckOsVersions = "osVersions"
)
View Source 
const (
	FieldPostureCheckProcessOs          = "os"
	FieldPostureCheckProcessPath        = "path"
	FieldPostureCheckProcessHashes      = "hashes"
	FieldPostureCheckProcessFingerprint = "fingerprint"
)
View Source 
const (
	FieldPostureCheckProcessMultiOsType             = "osType"
	FieldPostureCheckProcessMultiPath               = "path"
	FieldPostureCheckProcessMultiHashes             = "hashes"
	FieldPostureCheckProcessMultiSignerFingerprints = "signerFingerprints"
	FieldPostureCheckProcessMultiProcesses          = "processes"
)
View Source 
const (
	//Fields
	FieldPostureCheckTypeId       = "typeId"
	FieldPostureCheckVersion      = "version"
	FieldPostureCheckBindServices = "bindServices"
	FieldPostureCheckDialServices = "dialServices"
)
View Source 
const (
	PostureCheckTypeOs           = "OS"
	PostureCheckTypeDomain       = "DOMAIN"
	PostureCheckTypeProcess      = "PROCESS"
	PostureCheckTypeProcessMulti = "PROCESS_MULTI"
	PostureCheckTypeMAC          = "MAC"
	PostureCheckTypeMFA          = "MFA"
)
View Source 
const (
	FieldRevocationExpiresAt = "expiresAt"
	FieldRevocationType      = "type"
)
View Source 
const (
	EntityTypeRouters            = "routers"
	FieldRouterFingerprint       = "fingerprint"
	FieldRouterCost              = "cost"
	FieldRouterNoTraversal       = "noTraversal"
	FieldRouterDisabled          = "disabled"
	FieldRouterCtrlChanListeners = "ctrlChanListeners"
)
View Source 
const (
	FieldServicePolicyType = "type"

	PolicyTypeInvalidName = "Invalid"
	PolicyTypeDialName    = "Dial"
	PolicyTypeBindName    = "Bind"

	PolicyTypeInvalid PolicyType = PolicyTypeInvalidName
	PolicyTypeDial    PolicyType = PolicyTypeDialName
	PolicyTypeBind    PolicyType = PolicyTypeBindName
)
View Source 
const (
	EntityTypeServices             = "services"
	FieldServiceTerminatorStrategy = "terminatorStrategy"
	FieldServiceMaxIdleTime        = "maxIdleTime"
)
View Source 
const (
	FieldSessionToken           = "token"
	FieldSessionApiSession      = "apiSession"
	FieldSessionService         = "service"
	FieldSessionIdentity        = "identity"
	FieldSessionType            = "type"
	FieldSessionServicePolicies = "servicePolicies"

	SessionTypeDial = "Dial"
	SessionTypeBind = "Bind"
)
View Source 
const (
	EntityTypeTerminators          = "terminators"
	FieldTerminatorService         = "service"
	FieldTerminatorRouter          = "router"
	FieldTerminatorBinding         = "binding"
	FieldTerminatorAddress         = "address"
	FieldTerminatorInstanceId      = "instanceId"
	FieldTerminatorInstanceSecret  = "instanceSecret"
	FieldTerminatorCost            = "cost"
	FieldTerminatorPrecedence      = "precedence"
	FieldServerPeerData            = "peerData"
	FieldTerminatorHostId          = "hostId"
	FieldTerminatorSavedPrecedence = "savedPrecedence"
	FieldTerminatorsSourceCtrl     = "sourceCtrl"
)
View Source 
const (
	TransitRouterPath             = "transitRouter"
	FieldTransitRouterIsVerified  = "isVerified"
	FieldTransitRouterEnrollments = "enrollments"
)
View Source 
const (
	RolePrefix   = "#"
	EntityPrefix = "@"
	AllRole      = "#all"
)
View Source 
const (
	FieldConfigTypeSchema = "schema"
)
View Source 
const (
	FieldPostureCheckDomains = "domains"
)
View Source 
const (
	FieldPostureCheckMacAddresses = "macAddresses"
)
View Source 
const (
	FieldPostureCheckTypeOperatingSystems = "operatingSystems"
)

Variables

View Source 
var HostInterfacesV1TypeId = "host-interfaces.v1"
View Source 
var IdentityTypesV1 = map[string]string{
	"Default": "Default",
	"Router":  "Router",
}
View Source 
var InterfacesV1TypeId = "interfaces.v1"
View Source 
var ProxyV1TypeId = "proxy.v1"
View Source 
var ServiceEvents = &ServiceEventsRegistry{
	handlers: cowslice.NewCowSlice(make([]ServiceEventHandler, 0)),
}

Functions

func EvaluatePolicy 

func EvaluatePolicy(ctx *roleAttributeChangeContext, policy Policy, roleAttributesSymbol boltz.EntitySetSymbol)

func FieldValuesToIds 

func FieldValuesToIds(new []boltz.FieldTypeAndValue) []string

func InitClusterId 

func InitClusterId(db boltz.Db, ctx boltz.MutateContext, clusterId string) error

func LoadClusterId 

func LoadClusterId(db boltz.Db) (string, error)

func LoadCurrentRaftIndex 

func LoadCurrentRaftIndex(tx *bbolt.Tx) uint64

func NewStoreDefinition 

func NewStoreDefinition[E boltz.ExtEntity](strategy boltz.EntityStrategy[E]) boltz.StoreDefinition[E]

func Open 

func Open(path string) (boltz.Db, error)

func ProcessEntityPolicyMatched 

func ProcessEntityPolicyMatched(ctx *roleAttributeChangeContext, entityId, policyId []byte, log *logrus.Entry) bool

func ProcessEntityPolicyUnmatched 

func ProcessEntityPolicyUnmatched(ctx *roleAttributeChangeContext, entityId, policyId []byte, log *logrus.Entry) bool

func RunMigrations 

func RunMigrations(db boltz.Db, stores *Stores, signingCert *x509.Certificate) error

func UpdateRelatedRoles 

func UpdateRelatedRoles(ctx *roleAttributeChangeContext, entityId []byte, newRoleAttributes []boltz.FieldTypeAndValue, semanticSymbol boltz.EntitySymbol)

Types

type ApiAddress 

type ApiAddress struct {
	Url     string `json:"url"`
	Version string `json:"version"`
}

type ApiSession 

type ApiSession struct {
	boltz.BaseExtEntity
	IdentityId              string    `json:"identityId"`
	Token                   string    `json:"-"`
	IPAddress               string    `json:"ipAddress"`
	ConfigTypes             []string  `json:"configTypes"`
	TotpComplete            bool      `json:"mfaComplete"`
	TotpRequired            bool      `json:"mfaRequired"`
	LastActivityAt          time.Time `json:"lastActivityAt"`
	AuthenticatorId         string    `json:"authenticatorId"`
	IsCertExtendable        bool      `json:"isCertExtendable"`
	ImproperClientCertChain bool      `json:"improperClientCertChain"`
}

func NewApiSession 

func NewApiSession(identityId string) *ApiSession

func (*ApiSession) GetEntityType 

func (entity *ApiSession) GetEntityType() string

type ApiSessionCertificate 

type ApiSessionCertificate struct {
	boltz.BaseExtEntity
	ApiSessionId string     `json:"apiSessionId"`
	Subject      string     `json:"subject"`
	Fingerprint  string     `json:"fingerprint"`
	ValidAfter   *time.Time `json:"validAfter"`
	ValidBefore  *time.Time `json:"validBefore"`
	PEM          string     `json:"pem"`
}

func (*ApiSessionCertificate) GetEntityType 

func (entity *ApiSessionCertificate) GetEntityType() string

type ApiSessionCertificateStore 

type ApiSessionCertificateStore interface {
	Store[*ApiSessionCertificate]
}

type ApiSessionCertificateStoreImpl 

type ApiSessionCertificateStoreImpl struct {
	// contains filtered or unexported fields
}

func (*ApiSessionCertificateStoreImpl) FillEntity 

func (store *ApiSessionCertificateStoreImpl) FillEntity(entity *ApiSessionCertificate, bucket *boltz.TypedBucket)

func (ApiSessionCertificateStoreImpl) GetName 

func (store ApiSessionCertificateStoreImpl) GetName(tx *bbolt.Tx, id string) *string

func (*ApiSessionCertificateStoreImpl) NewEntity 

func (store *ApiSessionCertificateStoreImpl) NewEntity() *ApiSessionCertificate

func (*ApiSessionCertificateStoreImpl) PersistEntity 

func (store *ApiSessionCertificateStoreImpl) PersistEntity(entity *ApiSessionCertificate, ctx *boltz.PersistContext)

type ApiSessionStore 

type ApiSessionStore interface {
	Store[*ApiSession]
	LoadOneByToken(tx *bbolt.Tx, token string) (*ApiSession, error)
	GetTokenIndex() boltz.ReadIndex
	GetCachedSessionId(tx *bbolt.Tx, apiSessionId, sessionType, serviceId string) *string
	GetEventsEmitter() events.EventEmmiter
}

type AuthPolicy 

type AuthPolicy struct {
	boltz.BaseExtEntity
	Name string `json:"name"`

	Primary   AuthPolicyPrimary   `json:"primary"`
	Secondary AuthPolicySecondary `json:"secondary"`
}

func (*AuthPolicy) GetEntityType 

func (entity *AuthPolicy) GetEntityType() string

func (*AuthPolicy) GetName 

func (entity *AuthPolicy) GetName() string

type AuthPolicyCert 

type AuthPolicyCert struct {
	Allowed           bool `json:"allowed"`
	AllowExpiredCerts bool `json:"allowExpiredCerts"`
}

type AuthPolicyExtJwt 

type AuthPolicyExtJwt struct {
	Allowed              bool     `json:"allowed"`
	AllowedExtJwtSigners []string `json:"allowedExtJwtSigners"`
}

type AuthPolicyPrimary 

type AuthPolicyPrimary struct {
	Cert   AuthPolicyCert   `json:"cert"`
	Updb   AuthPolicyUpdb   `json:"updb"`
	ExtJwt AuthPolicyExtJwt `json:"extJwt"`
}

type AuthPolicySecondary 

type AuthPolicySecondary struct {
	RequireTotp          bool    `json:"requireTotp"`
	RequiredExtJwtSigner *string `json:"requiredExtJwtSigner"`
}

type AuthPolicyStore 

type AuthPolicyStore interface {
	NameIndexed
	Store[*AuthPolicy]
}

type AuthPolicyStoreImpl 

type AuthPolicyStoreImpl struct {
	// contains filtered or unexported fields
}

func (*AuthPolicyStoreImpl) FillEntity 

func (store *AuthPolicyStoreImpl) FillEntity(entity *AuthPolicy, bucket *boltz.TypedBucket)

func (AuthPolicyStoreImpl) GetName 

func (store AuthPolicyStoreImpl) GetName(tx *bbolt.Tx, id string) *string

func (*AuthPolicyStoreImpl) GetNameIndex 

func (store *AuthPolicyStoreImpl) GetNameIndex() boltz.ReadIndex

func (*AuthPolicyStoreImpl) NewEntity 

func (store *AuthPolicyStoreImpl) NewEntity() *AuthPolicy

func (*AuthPolicyStoreImpl) PersistEntity 

func (store *AuthPolicyStoreImpl) PersistEntity(entity *AuthPolicy, ctx *boltz.PersistContext)

type AuthPolicyUpdb 

type AuthPolicyUpdb struct {
	Allowed                bool  `json:"allowed"`
	MinPasswordLength      int64 `json:"minPasswordLength"`
	RequireSpecialChar     bool  `json:"requireSpecialChar"`
	RequireNumberChar      bool  `json:"requireNumberChar"`
	RequireMixedCase       bool  `json:"requireMixedCase"`
	MaxAttempts            int64 `json:"maxAttempts"`
	LockoutDurationMinutes int64 `json:"lockoutDurationMinutes"`
}

type Authenticator 

type Authenticator struct {
	boltz.BaseExtEntity
	Type       string               `json:"type"`
	IdentityId string               `json:"identityId"`
	SubType    AuthenticatorSubType `json:"subType"`
}

func (*Authenticator) GetEntityType 

func (entity *Authenticator) GetEntityType() string

func (*Authenticator) ToCert 

func (entity *Authenticator) ToCert() *AuthenticatorCert

func (*Authenticator) ToSubType 

func (entity *Authenticator) ToSubType() AuthenticatorSubType

func (*Authenticator) ToUpdb 

func (entity *Authenticator) ToUpdb() *AuthenticatorUpdb

type AuthenticatorCert 

type AuthenticatorCert struct {
	Authenticator      `json:"-"`
	Fingerprint        string     `json:"fingerprint"`
	Pem                string     `json:"pem"`
	IsIssuedByNetwork  bool       `json:"isIssuedByNetwork"`
	IsExtendRequested  bool       `json:"isExtendRequested"`
	IsKeyRollRequested bool       `json:"isKeyRollRequested"`
	ExtendRequestedAt  *time.Time `json:"extendRequestedAt"`

	PublicKeyPrint         string `json:"publicKeyPrint"`
	LastAuthResolvedToRoot bool   `json:"lastAuthResolvedToRoot"`

	UnverifiedPem         string `json:"unverifiedPem"`
	UnverifiedFingerprint string `json:"unverifiedFingerprint"`
	LastExtendRolledKeys  bool   `json:"lastExtendRolledKeys"`
}

func (*AuthenticatorCert) Fingerprints 

func (entity *AuthenticatorCert) Fingerprints() []string

type AuthenticatorStore 

type AuthenticatorStore interface {
	Store[*Authenticator]

	GetUsernameIndex() boltz.ReadIndex
	GetFingerprintIndex() boltz.ReadIndex
}

type AuthenticatorSubType 

type AuthenticatorSubType interface {
	Fingerprints() []string
}

type AuthenticatorUpdb 

type AuthenticatorUpdb struct {
	Authenticator `json:"-"`
	Username      string `json:"username"`
	Password      string `json:"password"`
	Salt          string `json:"salt"`
}

func (*AuthenticatorUpdb) Fingerprints 

func (entity *AuthenticatorUpdb) Fingerprints() []string

type Ca 

type Ca struct {
	boltz.BaseExtEntity
	Name                      string           `json:"name"`
	Fingerprint               string           `json:"fingerprint"`
	CertPem                   string           `json:"certPem"`
	IsVerified                bool             `json:"isVerified"`
	VerificationToken         string           `json:"verificationToken"`
	IsAutoCaEnrollmentEnabled bool             `json:"isAutoCaEnrollmentEnabled"`
	IsOttCaEnrollmentEnabled  bool             `json:"isOttCaEnrollmentEnabled"`
	IsAuthEnabled             bool             `json:"isAuthEnabled"`
	IdentityRoles             []string         `json:"identityRoles"`
	IdentityNameFormat        string           `json:"identityNameFormat"`
	ExternalIdClaim           *ExternalIdClaim `json:"externalIdClaim"`
}

func (*Ca) GetEntityType 

func (entity *Ca) GetEntityType() string

func (*Ca) GetName 

func (entity *Ca) GetName() string

type CaStore 

type CaStore interface {
	Store[*Ca]
}

type Config 

type Config struct {
	boltz.BaseExtEntity
	Name   string                 `json:"name"`
	TypeId string                 `json:"type"`
	Data   map[string]interface{} `json:"data"`
}

func (*Config) GetEntityType 

func (entity *Config) GetEntityType() string

func (*Config) GetName 

func (entity *Config) GetName() string

type ConfigStore 

type ConfigStore interface {
	Store[*Config]
	NameIndexed
}

type ConfigType 

type ConfigType struct {
	boltz.BaseExtEntity
	Name   string                 `json:"name"`
	Schema map[string]interface{} `json:"schema"`
}

func (*ConfigType) GetEntityType 

func (entity *ConfigType) GetEntityType() string

func (*ConfigType) GetName 

func (entity *ConfigType) GetName() string

type ConfigTypeStore 

type ConfigTypeStore interface {
	Store[*ConfigType]
	NameIndexed
	LoadOneByName(tx *bbolt.Tx, name string) (*ConfigType, error)
	GetName(tx *bbolt.Tx, id string) *string
}

type Controller 

type Controller struct {
	boltz.BaseExtEntity
	Name              string    `json:"name"`
	CtrlAddress       string    `json:"address"`
	CertPem           string    `json:"certPem"`
	Fingerprint       string    `json:"fingerprint"`
	IsOnline          bool      `json:"isOnline"`
	LastJoinedAt      time.Time `json:"lastJoinedAt"`
	IsPreferredLeader bool      `json:"isPreferredLeader"`
	ApiAddresses      map[string][]ApiAddress
}

func (*Controller) GetEntityType 

func (entity *Controller) GetEntityType() string

func (*Controller) GetName 

func (entity *Controller) GetName() string

type ControllerStore 

type ControllerStore interface {
	Store[*Controller]
	GetNameIndex() boltz.ReadIndex
}

type DbProvider 

type DbProvider interface {
	GetDb() boltz.Db
}

type DbProviderF 

type DbProviderF func() boltz.Db

func (DbProviderF) GetDb 

func (f DbProviderF) GetDb() boltz.Db

type EdgeRouter 

type EdgeRouter struct {
	Router
	IsVerified            bool                   `json:"isVerified"`
	CertPem               *string                `json:"certPem"`
	UnverifiedCertPem     *string                `json:"unverifiedCertPem"`
	UnverifiedFingerprint *string                `json:"unverifiedFingerprint"`
	RoleAttributes        []string               `json:"roleAttributes"`
	IsTunnelerEnabled     bool                   `json:"isTunnelerEnabled"`
	AppData               map[string]interface{} `json:"appData"`
}

func (*EdgeRouter) GetName 

func (entity *EdgeRouter) GetName() string

type EdgeRouterPolicy 

type EdgeRouterPolicy struct {
	boltz.BaseExtEntity
	Name            string   `json:"name"`
	Semantic        string   `json:"semantic"`
	IdentityRoles   []string `json:"identityRoles"`
	EdgeRouterRoles []string `json:"edgeRouterRoles"`
}

func (*EdgeRouterPolicy) GetEntityType 

func (entity *EdgeRouterPolicy) GetEntityType() string

func (*EdgeRouterPolicy) GetName 

func (entity *EdgeRouterPolicy) GetName() string

func (*EdgeRouterPolicy) GetSemantic 

func (entity *EdgeRouterPolicy) GetSemantic() string

type EdgeRouterPolicyStore 

type EdgeRouterPolicyStore interface {
	NameIndexed
	Store[*EdgeRouterPolicy]
}

type EdgeRouterStore 

type EdgeRouterStore interface {
	NameIndexed
	Store[*EdgeRouter]
	GetRoleAttributesIndex() boltz.SetReadIndex
	GetRoleAttributesCursorProvider(values []string, semantic string) (ast.SetCursorProvider, error)
}

type EdgeService 

type EdgeService struct {
	Service
	RoleAttributes     []string `json:"roleAttributes"`
	Configs            []string `json:"configs"`
	EncryptionRequired bool     `json:"encryptionRequired"`
}

type EdgeServiceStore 

type EdgeServiceStore interface {
	NameIndexed
	Store[*EdgeService]

	IsBindableByIdentity(tx *bbolt.Tx, id string, identityId string) bool
	IsDialableByIdentity(tx *bbolt.Tx, id string, identityId string) bool
	GetRoleAttributesIndex() boltz.SetReadIndex
	GetRoleAttributesCursorProvider(values []string, semantic string) (ast.SetCursorProvider, error)
}

type Enrollment 

type Enrollment struct {
	boltz.BaseExtEntity
	Token           string     `json:"token"`
	Method          string     `json:"method"`
	IdentityId      *string    `json:"identityId"`
	TransitRouterId *string    `json:"transitRouterId"`
	EdgeRouterId    *string    `json:"edgeRouterId"`
	ExpiresAt       *time.Time `json:"expiresAt"`
	IssuedAt        *time.Time `json:"issuedAt"`
	CaId            *string    `json:"caId"`
	Username        *string    `json:"username"`
	Jwt             string     `json:"-"`
}

func (*Enrollment) GetEntityType 

func (entity *Enrollment) GetEntityType() string

type EnrollmentStore 

type EnrollmentStore interface {
	Store[*Enrollment]
	LoadOneByToken(tx *bbolt.Tx, token string) (*Enrollment, error)
}

type EnvInfo 

type EnvInfo struct {
	Arch      string `json:"arch"`
	Os        string `json:"os"`
	OsRelease string `json:"osRelease"`
	OsVersion string `json:"osVersion"`
	Domain    string `json:"domain"`
	Hostname  string `json:"hostname"`
}

type EventListenerFunc 

type EventListenerFunc func(db boltz.Db, name string, data []byte)

EventListenerFunc is a function handler that will be triggered asynchronously some point in the future

type EventualEvent 

type EventualEvent struct {
	boltz.BaseExtEntity
	Type string `json:"type"`
	Data []byte `json:"data"`
}

func (*EventualEvent) GetEntityType 

func (entity *EventualEvent) GetEntityType() string

type EventualEventAdded 

type EventualEventAdded struct {
	// Id is a unique id for the event created
	Id string

	// Total is the total number of eventual events awaiting processing
	Total int64
}

type EventualEventProcessingBatchDone 

type EventualEventProcessingBatchDone struct {
	// Id is a unique id for the batch
	Id string

	// Id is the unique processing run this batch is a member of
	ProcessId string

	// Count is the number of events in the current batch
	Count int

	// BatchSize is the batch size for the current batch (the maximum value of Count)
	BatchSize int

	// StartTime the time the batch was started
	StartTime time.Time

	// EndTime the time the batch ended
	EndTime time.Time
}

type EventualEventProcessingBatchStart 

type EventualEventProcessingBatchStart struct {
	// Id is a unique id for the batch
	Id string

	// Id is the unique processing run this batch is a member of
	ProcessId string

	// Count is the number of events in the current batch
	Count int

	// BatchSize is the batch size for the current batch (the maximum value of Count)
	BatchSize int

	// StartTime the time when the batch started processing
	StartTime time.Time
}

type EventualEventProcessingDone 

type EventualEventProcessingDone struct {
	// Id is a unique id for processing run
	Id string

	// TotalBatches is the total number of batches executed during processing
	TotalBatches int64

	// TotalEvent is the total number of events processed
	TotalEvents int64

	// TotalListenersExecuted is the total number of listeners executed during processing
	TotalListenersExecuted int64

	// StartTime is the time when the processing began
	StartTime time.Time

	// EndTime is the time when the processing ended
	EndTime time.Time
}

type EventualEventProcessingListenerDone 

type EventualEventProcessingListenerDone struct {
	// Id is a unique id for the triggering of a listener
	Id string

	// BatchId is the unique id of the batch being processed
	BatchId string

	// ProcessId is the unique id of the currently executing process
	ProcessId string

	// ListenerFunc is the listener that was executed
	ListenerFunc EventListenerFunc

	// BatchEventIndex is the zero based offset of the currently executing event
	BatchEventIndex int64

	// TotalEventIndex is the total index across all batches of the currently executing event
	TotalEventIndex int64

	// Error is nil if no error occurred during execution, otherwise an error value
	Error error

	// EventType is the typeof the event that triggered the listener
	EventType string

	// StartTime is the time when the listener started execution
	StartTime time.Time

	// EndTime is the time when the listener ended execution
	EndTime time.Time
}

type EventualEventProcessingListenerStart 

type EventualEventProcessingListenerStart struct {
	// Id is a unique id for the triggering of a listener
	Id string

	// BatchId is the unique id of the batch being processed
	BatchId string

	// ProcessId is the unique id of the currently executing process
	ProcessId string

	// ListenerFunc is the listener that was executed
	ListenerFunc EventListenerFunc

	// BatchEventIndex is the zero based offset of the currently executing event
	BatchEventIndex int64

	// TotalEventIndex is the total index across all batches of the currently executing event
	TotalEventIndex int64

	// EventType is the typeof the event that is triggering the listener
	EventType string

	// StartTime is the time when the listener was started
	StartTime time.Time
}

type EventualEventProcessingStart 

type EventualEventProcessingStart struct {
	// Id is a unique id for processing run
	Id string

	// StartTime is the time the processing began
	StartTime time.Time
}

type EventualEventRemoved 

type EventualEventRemoved struct {
	// Id is a unique id for the event deleted
	Id string

	// Total is the total number of eventual events awaiting processing
	Total int64
}

type EventualEventStore 

type EventualEventStore interface {
	Store[*EventualEvent]
}

type EventualEventer 

type EventualEventer interface {
	// EventEmmiter is used to provide processing event status on processing state, which is useful
	// for instrumenting an EventualEventer for metric purposes (process runtime, process batch runtime,
	// event counts, etc.)
	events.EventEmmiter

	// AddEventualEvent adds an eventual event with a specific name and byte array data payload. Interpretation
	// of the event's data payload is upto the event emitter and consumer.
	AddEventualEvent(eventType string, data []byte)

	// AddEventualListener adds a function as call back when an eventual event is processed.
	AddEventualListener(eventType string, handler EventListenerFunc)

	// Start should be called at the start of the lifetime of the EventualEventer.
	// A closeNotify channel must be supplied for application shutdown eventing.
	//
	// If an EventualEventer has already been started, it will return an error.
	// Errors may be returned for other reasons causing Start to fail.
	Start(closeNotify <-chan struct{}) error

	// Stop may be called to manually end of the lifetime of the EventualEventer outside the
	// closeNotify signaling provided in the Start call. If not started, an error will be returned.
	// Errors may be returned for other reasons causing Stop to fail.
	Stop() error

	// Trigger forces an EventualEventer to check for work to be processed. Beyond this method,
	// it is the implementation's responsibility to provide other mechanisms or logic to determine
	// when work is performed (timers, events, etc.) which may be setup/torn down during Start/Stop.
	//
	// If the EventualEventer is not currently running or can't process work and error will
	// be returned. If it is running a channel will be returned which will be closed after
	// the current or next iteration of the event processor has completed.
	Trigger() (<-chan struct{}, error)
}

An EventualEventer provides a method for storing events in a persistent manner that will be processed at a later date. Processing may include time intensive processing such as bulk deletion of other entities. Event persistence strategy, processing order, and processing synchronization are up to the implementation to decide.

EventualEventers are also required to emit a series of events via the events.EventEmitter interface. See EventualEventAdded and subsequent events for more details.

type EventualEventerBbolt 

type EventualEventerBbolt struct {
	events.EventEmmiter

	Interval time.Duration
	// contains filtered or unexported fields
}

EventualEventerBbolt implements EventualEventer with a bbolt back storage mechanism. Work is performed on a configurable basis via the Interval property in FIFO order.

Events are stored in the following format: 

		id   - CUID   - a monotonic reference id
     name - string - an event name, used for log output
     data - []byte - a string array of arguments

func NewEventualEventerBbolt 

func NewEventualEventerBbolt(dbProvider DbProvider, store EventualEventStore, interval time.Duration, batchSize int) *EventualEventerBbolt

NewEventualEventerBbolt creates a new bbolt backed asynchronous eventer that will check for new events at the given interval or when triggered. On each interval/trigger, the number of events processed is determined by batchSize.

func (*EventualEventerBbolt) AddEventualEvent 

func (a *EventualEventerBbolt) AddEventualEvent(eventType string, data []byte)

func (*EventualEventerBbolt) AddEventualEventWithCtx 

func (a *EventualEventerBbolt) AddEventualEventWithCtx(ctx boltz.MutateContext, eventType string, data []byte) error

func (*EventualEventerBbolt) AddEventualListener 

func (a *EventualEventerBbolt) AddEventualListener(eventType string, listener EventListenerFunc)

func (*EventualEventerBbolt) Start 

func (a *EventualEventerBbolt) Start(closeNotify <-chan struct{}) error

func (*EventualEventerBbolt) Stop 

func (a *EventualEventerBbolt) Stop() error

func (*EventualEventerBbolt) Trigger 

func (a *EventualEventerBbolt) Trigger() (<-chan struct{}, error)

type ExternalIdClaim 

type ExternalIdClaim struct {
	Location        string `json:"location"`
	Matcher         string `json:"matcher"`
	MatcherCriteria string `json:"matcherCriteria"`
	Parser          string `json:"parser"`
	ParserCriteria  string `json:"parserCriteria"`
	Index           int64  `json:"index"`
}

type ExternalJwtSigner 

type ExternalJwtSigner struct {
	boltz.BaseExtEntity
	Name                          string     `json:"name"`
	Fingerprint                   *string    `json:"fingerprint"`
	Kid                           *string    `json:"kid"`
	CertPem                       *string    `json:"certPem"`
	JwksEndpoint                  *string    `json:"jwksEndpoint"`
	CommonName                    string     `json:"commonName"`
	NotAfter                      *time.Time `json:"notAfter"`
	NotBefore                     *time.Time `json:"notBefore"`
	Enabled                       bool       `json:"enabled"`
	ExternalAuthUrl               *string    `json:"externalAuthUrl"`
	IdentityIdClaimsSelector      *string    `json:"identityIdClaimsSelector"`
	UseExternalId                 bool       `json:"useExternalId"`
	Issuer                        *string    `json:"issuer"`
	Audience                      *string    `json:"audience"`
	ClientId                      *string    `json:"clientId"`
	Scopes                        []string   `json:"scopes"`
	TargetToken                   string     `json:"targetToken"`
	EnrollToCertEnabled           bool       `json:"enrollToCertEnabled"`
	EnrollToTokenEnabled          bool       `json:"enrollToTokenEnabled"`
	EnrollAttributeClaimsSelector string     `json:"enrollAttributeClaimsSelector"`
	EnrollAuthPolicyId            string     `json:"enrollAuthPolicyId"`
	EnrollNameClaimSelector       string     `json:"enrollNameClaimsSelector"`
}

func (*ExternalJwtSigner) GetEntityType 

func (entity *ExternalJwtSigner) GetEntityType() string

func (*ExternalJwtSigner) GetName 

func (entity *ExternalJwtSigner) GetName() string

type ExternalJwtSignerStore 

type ExternalJwtSignerStore interface {
	NameIndexed
	Store[*ExternalJwtSigner]
}

type FieldCheckerF 

type FieldCheckerF func(string) bool

func (FieldCheckerF) IsUpdated 

func (f FieldCheckerF) IsUpdated(s string) bool

type Identity 

type Identity struct {
	boltz.BaseExtEntity
	Name                      string                       `json:"name"`
	IdentityTypeId            string                       `json:"identityTypeId"`
	IsDefaultAdmin            bool                         `json:"isDefaultAdmin"`
	IsAdmin                   bool                         `json:"isAdmin"`
	Enrollments               []string                     `json:"enrollments"`
	Authenticators            []string                     `json:"authenticators"`
	RoleAttributes            []string                     `json:"roleAttributes"`
	SdkInfo                   *SdkInfo                     `json:"sdkInfo"`
	EnvInfo                   *EnvInfo                     `json:"envInfo"`
	DefaultHostingPrecedence  ziti.Precedence              `json:"defaultHostingPrecedence"`
	DefaultHostingCost        uint16                       `json:"defaultHostingCost"`
	ServiceHostingPrecedences map[string]ziti.Precedence   `json:"serviceHostingPrecedences"`
	ServiceHostingCosts       map[string]uint16            `json:"serviceHostingCosts"`
	AppData                   map[string]interface{}       `json:"appData"`
	AuthPolicyId              string                       `json:"authPolicyId"`
	ExternalId                *string                      `json:"externalId"`
	DisabledAt                *time.Time                   `json:"disabledAt"`
	DisabledUntil             *time.Time                   `json:"disabledUntil"`
	Disabled                  bool                         `json:"disabled"`
	ServiceConfigs            map[string]map[string]string `json:"serviceConfigs"`
	Interfaces                []*Interface                 `json:"interfaces"`
	Permissions               []string                     `json:"permissions"`
}

func (*Identity) GetEntityType 

func (entity *Identity) GetEntityType() string

func (*Identity) GetName 

func (entity *Identity) GetName() string

type IdentityServicesCursorProvider 

type IdentityServicesCursorProvider struct {
	// contains filtered or unexported fields
}

func (*IdentityServicesCursorProvider) Cursor 

func (self *IdentityServicesCursorProvider) Cursor(tx *bbolt.Tx, forward bool) ast.SetCursor

type IdentityStore 

type IdentityStore interface {
	NameIndexed
	Store[*Identity]

	GetRoleAttributesIndex() boltz.SetReadIndex
	GetRoleAttributesCursorProvider(values []string, semantic string) (ast.SetCursorProvider, error)

	LoadServiceConfigsByServiceAndType(tx *bbolt.Tx, identityId string, configTypes map[string]struct{}) map[string]map[string]map[string]interface{}
	GetIdentityServicesCursorProvider(identityId string) ast.SetCursorProvider
	GetExternalIdIndex() boltz.ReadIndex
}

type IdentityType 

type IdentityType struct {
	boltz.BaseExtEntity
	Name string `json:"name"`
}

func (*IdentityType) GetEntityType 

func (entity *IdentityType) GetEntityType() string

func (*IdentityType) GetName 

func (entity *IdentityType) GetName() string

type IdentityTypeStore 

type IdentityTypeStore interface {
	NameIndexed
	Store[*IdentityType]
}

type IdentityTypeStoreImpl 

type IdentityTypeStoreImpl struct {
	// contains filtered or unexported fields
}

func (*IdentityTypeStoreImpl) FillEntity 

func (store *IdentityTypeStoreImpl) FillEntity(entity *IdentityType, bucket *boltz.TypedBucket)

func (IdentityTypeStoreImpl) GetName 

func (store IdentityTypeStoreImpl) GetName(tx *bbolt.Tx, id string) *string

func (*IdentityTypeStoreImpl) GetNameIndex 

func (store *IdentityTypeStoreImpl) GetNameIndex() boltz.ReadIndex

func (*IdentityTypeStoreImpl) NewEntity 

func (store *IdentityTypeStoreImpl) NewEntity() *IdentityType

func (*IdentityTypeStoreImpl) PersistEntity 

func (store *IdentityTypeStoreImpl) PersistEntity(entity *IdentityType, ctx *boltz.PersistContext)

type Interface 

type Interface struct {
	Name            string   `json:"name"`
	HardwareAddress string   `json:"hardwareAddress"`
	MTU             int64    `json:"mtu"`
	Index           int64    `json:"index"`
	Flags           uint64   `json:"flags"`
	Addresses       []string `json:"addresses"`
}

func (*Interface) FillEntity 

func (self *Interface) FillEntity(bucket *boltz.TypedBucket)

func (*Interface) IsBroadcast 

func (self *Interface) IsBroadcast() bool

func (*Interface) IsFlagSet 

func (self *Interface) IsFlagSet(f net.Flags) bool

func (*Interface) IsLoopback 

func (self *Interface) IsLoopback() bool

func (*Interface) IsMulticast 

func (self *Interface) IsMulticast() bool

func (*Interface) IsRunning 

func (self *Interface) IsRunning() bool

func (*Interface) IsUp 

func (self *Interface) IsUp() bool

func (*Interface) MarshalJSON 

func (self *Interface) MarshalJSON() ([]byte, error)

type Mfa 

type Mfa struct {
	boltz.BaseExtEntity
	IdentityId    string   `json:"identityId"`
	IsVerified    bool     `json:"isVerified"`
	Secret        string   `json:"secret"`
	Salt          string   `json:"salt"`
	RecoveryCodes []string `json:"recoveryCodes"`
}

func NewMfa 

func NewMfa(identityId string) *Mfa

func (*Mfa) GetEntityType 

func (entity *Mfa) GetEntityType() string

type MfaStore 

type MfaStore interface {
	Store[*Mfa]
}

type MfaStoreImpl 

type MfaStoreImpl struct {
	// contains filtered or unexported fields
}

func (*MfaStoreImpl) FillEntity 

func (store *MfaStoreImpl) FillEntity(entity *Mfa, bucket *boltz.TypedBucket)

func (MfaStoreImpl) GetName 

func (store MfaStoreImpl) GetName(tx *bbolt.Tx, id string) *string

func (*MfaStoreImpl) NewEntity 

func (store *MfaStoreImpl) NewEntity() *Mfa

func (*MfaStoreImpl) PersistEntity 

func (store *MfaStoreImpl) PersistEntity(entity *Mfa, ctx *boltz.PersistContext)

type Migrations 

type Migrations struct {
	// contains filtered or unexported fields
}

type NameIndexed 

type NameIndexed interface {
	GetNameIndex() boltz.ReadIndex
}

type OperatingSystem 

type OperatingSystem struct {
	OsType     string   `json:"osType"`
	OsVersions []string `json:"osVersions"`
}

type Policy 

type Policy interface {
	boltz.NamedExtEntity
}

type PolicyChangeHandler 

type PolicyChangeHandler interface {
	HandleServicePolicyChange(ctx boltz.MutateContext, policyChange *edge_ctrl_pb.DataState_ServicePolicyChange)
}

type PolicyType 

type PolicyType string

func GetPolicyTypeForId 

func GetPolicyTypeForId(policyTypeId int32) PolicyType

func (PolicyType) Id 

func (self PolicyType) Id() int32

func (PolicyType) IsBind 

func (self PolicyType) IsBind() bool

func (PolicyType) IsDial 

func (self PolicyType) IsDial() bool

func (PolicyType) String 

func (self PolicyType) String() string

type PostureCheck 

type PostureCheck struct {
	boltz.BaseExtEntity
	Name           string              `json:"name"`
	TypeId         string              `json:"typeId"`
	Version        int64               `json:"version"`
	RoleAttributes []string            `json:"roleAttributes"`
	SubType        PostureCheckSubType `json:"subType"`
}

func (*PostureCheck) GetEntityType 

func (entity *PostureCheck) GetEntityType() string

func (*PostureCheck) GetName 

func (entity *PostureCheck) GetName() string

type PostureCheckMacAddresses 

type PostureCheckMacAddresses struct {
	MacAddresses []string `json:"macAddresses"`
}

func (*PostureCheckMacAddresses) GetTypeId 

func (entity *PostureCheckMacAddresses) GetTypeId() string

func (*PostureCheckMacAddresses) LoadValues 

func (entity *PostureCheckMacAddresses) LoadValues(bucket *boltz.TypedBucket)

func (*PostureCheckMacAddresses) SetValues 

func (entity *PostureCheckMacAddresses) SetValues(ctx *boltz.PersistContext, bucket *boltz.TypedBucket)

type PostureCheckMfa 

type PostureCheckMfa struct {
	TimeoutSeconds        int64 `json:"timeoutSeconds"`
	PromptOnWake          bool  `json:"promptOnWake"`
	PromptOnUnlock        bool  `json:"promptOnUnlock"`
	IgnoreLegacyEndpoints bool  `json:"ignoreLegacyEndpoints"`
}

func (*PostureCheckMfa) GetTypeId 

func (entity *PostureCheckMfa) GetTypeId() string

func (*PostureCheckMfa) LoadValues 

func (entity *PostureCheckMfa) LoadValues(bucket *boltz.TypedBucket)

func (*PostureCheckMfa) SetValues 

func (entity *PostureCheckMfa) SetValues(ctx *boltz.PersistContext, bucket *boltz.TypedBucket)

type PostureCheckOperatingSystem 

type PostureCheckOperatingSystem struct {
	OperatingSystems []OperatingSystem `json:"operatingSystems"`
}

func (*PostureCheckOperatingSystem) GetTypeId 

func (entity *PostureCheckOperatingSystem) GetTypeId() string

func (*PostureCheckOperatingSystem) LoadValues 

func (entity *PostureCheckOperatingSystem) LoadValues(bucket *boltz.TypedBucket)

func (*PostureCheckOperatingSystem) SetValues 

func (entity *PostureCheckOperatingSystem) SetValues(ctx *boltz.PersistContext, bucket *boltz.TypedBucket)

type PostureCheckProcess 

type PostureCheckProcess struct {
	OperatingSystem string   `json:"operatingSystem"`
	Path            string   `json:"path"`
	Hashes          []string `json:"hashes"`
	Fingerprint     string   `json:"fingerprint"`
}

func (*PostureCheckProcess) GetTypeId 

func (entity *PostureCheckProcess) GetTypeId() string

func (*PostureCheckProcess) LoadValues 

func (entity *PostureCheckProcess) LoadValues(bucket *boltz.TypedBucket)

func (*PostureCheckProcess) SetValues 

func (entity *PostureCheckProcess) SetValues(ctx *boltz.PersistContext, bucket *boltz.TypedBucket)

type PostureCheckProcessMulti 

type PostureCheckProcessMulti struct {
	Semantic  string          `json:"semantic"`
	Processes []*ProcessMulti `json:"processes"`
}

func (*PostureCheckProcessMulti) GetTypeId 

func (entity *PostureCheckProcessMulti) GetTypeId() string

func (*PostureCheckProcessMulti) LoadValues 

func (entity *PostureCheckProcessMulti) LoadValues(bucket *boltz.TypedBucket)

func (*PostureCheckProcessMulti) SetValues 

func (entity *PostureCheckProcessMulti) SetValues(ctx *boltz.PersistContext, bucket *boltz.TypedBucket)

type PostureCheckStore 

type PostureCheckStore interface {
	Store[*PostureCheck]
	GetRoleAttributesIndex() boltz.SetReadIndex
	GetRoleAttributesCursorProvider(filters []string, semantic string) (ast.SetCursorProvider, error)
}

type PostureCheckSubType 

type PostureCheckSubType interface {
	LoadValues(bucket *boltz.TypedBucket)
	SetValues(ctx *boltz.PersistContext, bucket *boltz.TypedBucket)
	GetTypeId() string
}

type PostureCheckType 

type PostureCheckType struct {
	boltz.BaseExtEntity
	Name             string            `json:"name"`
	OperatingSystems []OperatingSystem `json:"operatingSystems"`
}

func (*PostureCheckType) GetEntityType 

func (entity *PostureCheckType) GetEntityType() string

func (*PostureCheckType) GetName 

func (entity *PostureCheckType) GetName() string

type PostureCheckTypeStore 

type PostureCheckTypeStore interface {
	NameIndexed
	Store[*PostureCheckType]
}

type PostureCheckWindowsDomains 

type PostureCheckWindowsDomains struct {
	Domains []string `json:"domains"`
}

func (*PostureCheckWindowsDomains) GetTypeId 

func (entity *PostureCheckWindowsDomains) GetTypeId() string

func (*PostureCheckWindowsDomains) LoadValues 

func (entity *PostureCheckWindowsDomains) LoadValues(bucket *boltz.TypedBucket)

func (*PostureCheckWindowsDomains) SetValues 

func (entity *PostureCheckWindowsDomains) SetValues(ctx *boltz.PersistContext, bucket *boltz.TypedBucket)

type ProcessMulti 

type ProcessMulti struct {
	OsType             string   `json:"osType"`
	Path               string   `json:"path"`
	Hashes             []string `json:"hashes"`
	SignerFingerprints []string `json:"signerFingerprints"`
}

type Revocation 

type Revocation struct {
	boltz.BaseExtEntity
	ExpiresAt time.Time `json:"expiresAt"`
	Type      string    `json:"type"`
}

func (Revocation) GetEntityType 

func (r Revocation) GetEntityType() string

type RevocationStore 

type RevocationStore interface {
	Store[*Revocation]
}

type Router 

type Router struct {
	boltz.BaseExtEntity
	Name              string              `json:"name"`
	Fingerprint       *string             `json:"fingerprint"`
	Cost              uint16              `json:"cost"`
	NoTraversal       bool                `json:"noTraversal"`
	Disabled          bool                `json:"disabled"`
	CtrlChanListeners map[string][]string `json:"ctrlChanListeners"`
	Interfaces        []*Interface        `json:"interfaces"`
}

func (*Router) GetEntityType 

func (entity *Router) GetEntityType() string

type RouterStore 

type RouterStore interface {
	boltz.EntityStore[*Router]
	boltz.EntityStrategy[*Router]
	GetNameIndex() boltz.ReadIndex
	FindByName(tx *bbolt.Tx, id string) (*Router, error)
}

type SdkInfo 

type SdkInfo struct {
	Branch     string `json:"branch"`
	Revision   string `json:"revision"`
	Type       string `json:"type"`
	Version    string `json:"version"`
	AppId      string `json:"appId"`
	AppVersion string `json:"appVersion"`
}

type SecretStore 

type SecretStore interface {
	GetSecret() []byte
}

type Service 

type Service struct {
	boltz.BaseExtEntity
	Name               string        `json:"name"`
	MaxIdleTime        time.Duration `json:"maxIdleTime"`
	TerminatorStrategy string        `json:"terminatorStrategy"`
}

func (*Service) GetEntityType 

func (entity *Service) GetEntityType() string

func (*Service) GetName 

func (entity *Service) GetName() string

type ServiceEdgeRouterPolicy 

type ServiceEdgeRouterPolicy struct {
	boltz.BaseExtEntity
	Name            string   `json:"name"`
	Semantic        string   `json:"semantic"`
	ServiceRoles    []string `json:"serviceRoles"`
	EdgeRouterRoles []string `json:"edgeRouterRoles"`
}

func (*ServiceEdgeRouterPolicy) GetEntityType 

func (entity *ServiceEdgeRouterPolicy) GetEntityType() string

func (*ServiceEdgeRouterPolicy) GetName 

func (entity *ServiceEdgeRouterPolicy) GetName() string

func (*ServiceEdgeRouterPolicy) GetSemantic 

func (entity *ServiceEdgeRouterPolicy) GetSemantic() string

type ServiceEdgeRouterPolicyStore 

type ServiceEdgeRouterPolicyStore interface {
	NameIndexed
	Store[*ServiceEdgeRouterPolicy]
}

type ServiceEvent 

type ServiceEvent struct {
	Type       ServiceEventType
	IdentityId string
	ServiceId  string
}

func (*ServiceEvent) String 

func (self *ServiceEvent) String() string

type ServiceEventHandler 

type ServiceEventHandler func(event *ServiceEvent)

type ServiceEventType 

type ServiceEventType byte
const (
	ServiceDialAccessGained ServiceEventType = 1
	ServiceDialAccessLost   ServiceEventType = 2
	ServiceBindAccessGained ServiceEventType = 3
	ServiceBindAccessLost   ServiceEventType = 4
	ServiceUpdated          ServiceEventType = 5
)

func (ServiceEventType) String 

func (self ServiceEventType) String() string

type ServiceEventsRegistry 

type ServiceEventsRegistry struct {
	// contains filtered or unexported fields
}

func (*ServiceEventsRegistry) AddServiceEventHandler 

func (self *ServiceEventsRegistry) AddServiceEventHandler(listener ServiceEventHandler)

func (*ServiceEventsRegistry) RemoveServiceEventHandler 

func (self *ServiceEventsRegistry) RemoveServiceEventHandler(listener ServiceEventHandler)

type ServicePolicy 

type ServicePolicy struct {
	boltz.BaseExtEntity
	PolicyType        PolicyType `json:"policyType"`
	Name              string     `json:"name"`
	Semantic          string     `json:"semantic"`
	IdentityRoles     []string   `json:"identityRoles"`
	ServiceRoles      []string   `json:"serviceRoles"`
	PostureCheckRoles []string   `json:"postureCheckRoles"`
}

func (*ServicePolicy) GetEntityType 

func (entity *ServicePolicy) GetEntityType() string

func (*ServicePolicy) GetName 

func (entity *ServicePolicy) GetName() string

func (*ServicePolicy) GetSemantic 

func (entity *ServicePolicy) GetSemantic() string

type ServicePolicyChangeEventListener 

type ServicePolicyChangeEventListener func(event *edge_ctrl_pb.DataState_ServicePolicyChange)

type ServicePolicyEventsKeyType 

type ServicePolicyEventsKeyType string

type ServicePolicyStore 

type ServicePolicyStore interface {
	NameIndexed
	Store[*ServicePolicy]
}

type ServiceStore 

type ServiceStore interface {
	boltz.EntityStore[*Service]
	boltz.EntityStrategy[*Service]
	GetNameIndex() boltz.ReadIndex
	FindByName(tx *bbolt.Tx, name string) (*Service, error)
}

type Session 

type Session struct {
	boltz.BaseExtEntity
	Token           string      `json:"-"`
	IdentityId      string      `json:"identityId"`
	ApiSessionId    string      `json:"apiSessionId"`
	ServiceId       string      `json:"serviceId"`
	Type            string      `json:"type"`
	ApiSession      *ApiSession `json:"-"`
	ServicePolicies []string    `json:"servicePolicies"`
}

func (*Session) GetEntityType 

func (entity *Session) GetEntityType() string

type SessionStore 

type SessionStore interface {
	Store[*Session]
	LoadOneByToken(tx *bbolt.Tx, token string) (*Session, error)
	GetTokenIndex() boltz.ReadIndex
}

type Store 

type Store[E boltz.ExtEntity] interface {
	boltz.EntityStore[E]
	// contains filtered or unexported methods
}

type Stores 

type Stores struct {
	EventualEventer EventualEventer

	Router                  RouterStore
	Service                 ServiceStore
	Terminator              TerminatorStore
	ApiSession              ApiSessionStore
	ApiSessionCertificate   ApiSessionCertificateStore
	AuthPolicy              AuthPolicyStore
	EventualEvent           EventualEventStore
	ExternalJwtSigner       ExternalJwtSignerStore
	Ca                      CaStore
	Config                  ConfigStore
	ConfigType              ConfigTypeStore
	Controller              ControllerStore
	EdgeRouter              EdgeRouterStore
	EdgeRouterPolicy        EdgeRouterPolicyStore
	EdgeService             EdgeServiceStore
	Identity                IdentityStore
	IdentityType            IdentityTypeStore
	Index                   boltz.Store
	Session                 SessionStore
	Revocation              RevocationStore
	ServiceEdgeRouterPolicy ServiceEdgeRouterPolicyStore
	ServicePolicy           ServicePolicyStore
	TransitRouter           TransitRouterStore
	Enrollment              EnrollmentStore
	Authenticator           AuthenticatorStore
	PostureCheck            PostureCheckStore
	PostureCheckType        PostureCheckTypeStore
	Mfa                     MfaStore
	// contains filtered or unexported fields
}

func InitStores 

func InitStores(db boltz.Db, rateLimiter rate.RateLimiter, signingCert *x509.Certificate) (*Stores, error)

func (*Stores) AddCheckable 

func (store *Stores) AddCheckable(checkable boltz.Checkable)

func (*Stores) CheckIntegrity 

func (stores *Stores) CheckIntegrity(db boltz.Db, ctx context.Context, fix bool, errorHandler func(error, bool)) error

func (*Stores) CheckIntegrityInTx 

func (stores *Stores) CheckIntegrityInTx(db boltz.Db, ctx boltz.MutateContext, fix bool, errorHandler func(error, bool)) error

func (*Stores) GetEntityCounts 

func (stores *Stores) GetEntityCounts(db boltz.Db) (map[string]int64, error)

func (*Stores) GetStoreForEntity 

func (stores *Stores) GetStoreForEntity(entity boltz.Entity) boltz.Store

func (*Stores) GetStoreList 

func (stores *Stores) GetStoreList() []boltz.Store

func (*Stores) GetStores 

func (stores *Stores) GetStores() []boltz.Store

type Terminator 

type Terminator struct {
	boltz.BaseExtEntity
	Service         string      `json:"service"`
	Router          string      `json:"router"`
	Binding         string      `json:"binding"`
	Address         string      `json:"address"`
	InstanceId      string      `json:"instanceId"`
	InstanceSecret  []byte      `json:"instanceSecret"`
	Cost            uint16      `json:"cost"`
	Precedence      string      `json:"precedence"`
	PeerData        xt.PeerData `json:"peerData"`
	HostId          string      `json:"hostId"`
	SavedPrecedence *string     `json:"savedPrecedence"`
	SourceCtrl      string      `json:"sourceCtrl"`
}

func (*Terminator) GetAddress 

func (entity *Terminator) GetAddress() string

func (*Terminator) GetBinding 

func (entity *Terminator) GetBinding() string

func (*Terminator) GetCost 

func (entity *Terminator) GetCost() uint16

func (*Terminator) GetEntityType 

func (entity *Terminator) GetEntityType() string

func (*Terminator) GetHostId 

func (entity *Terminator) GetHostId() string

func (*Terminator) GetInstanceId 

func (entity *Terminator) GetInstanceId() string

func (*Terminator) GetInstanceSecret 

func (entity *Terminator) GetInstanceSecret() []byte

func (*Terminator) GetPeerData 

func (entity *Terminator) GetPeerData() xt.PeerData

func (*Terminator) GetPrecedence 

func (entity *Terminator) GetPrecedence() xt.Precedence

func (*Terminator) GetRouterId 

func (entity *Terminator) GetRouterId() string

func (*Terminator) GetServiceId 

func (entity *Terminator) GetServiceId() string

func (*Terminator) GetSourceCtrl 

func (entity *Terminator) GetSourceCtrl() string

type TerminatorStore 

type TerminatorStore interface {
	boltz.EntityStore[*Terminator]
	GetTerminatorsInIdentityGroup(tx *bbolt.Tx, terminatorId string) ([]*Terminator, error)
}

type TestContext 

type TestContext struct {
	*boltztest.BaseTestContext
	// contains filtered or unexported fields
}

func NewTestContext 

func NewTestContext(t testing.TB) *TestContext

func (*TestContext) Cleanup 

func (ctx *TestContext) Cleanup()

func (*TestContext) CleanupAll 

func (ctx *TestContext) CleanupAll()

func (*TestContext) GetDb 

func (ctx *TestContext) GetDb() boltz.Db

func (*TestContext) GetStoreForEntity 

func (ctx *TestContext) GetStoreForEntity(entity boltz.Entity) boltz.Store

func (*TestContext) GetStores 

func (ctx *TestContext) GetStores() *Stores

func (*TestContext) Init 

func (ctx *TestContext) Init()

func (*TestContext) RequireNewIdentity 

func (ctx *TestContext) RequireNewIdentity(name string, isAdmin bool) *Identity

func (*TestContext) RequireNewService 

func (ctx *TestContext) RequireNewService(name string) *EdgeService

type TransitRouter 

type TransitRouter struct {
	Router
	IsVerified            bool     `json:"isVerified"`
	Enrollments           []string `json:"enrollments"`
	IsBase                bool     `json:"-"`
	UnverifiedCertPem     *string  `json:"unverifiedCertPem"`
	UnverifiedFingerprint *string  `json:"unverifiedFingerprint"`
}

func (*TransitRouter) GetName 

func (entity *TransitRouter) GetName() string

type TransitRouterStore 

type TransitRouterStore interface {
	NameIndexed
	Store[*TransitRouter]
}

type UpdateLastActivityAtChecker 

type UpdateLastActivityAtChecker struct{}

func (UpdateLastActivityAtChecker) IsUpdated 

func (u UpdateLastActivityAtChecker) IsUpdated(field string) bool

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.