Documentation
¶
Index ¶
- Constants
- func AddRouter(rf ApiRouter)
- func GetRequestContextFromHttpContext(r *http.Request) (*response.RequestContext, error)
- func NewAuthQueryExtJwt(signer *model.ExternalJwtSigner) *rest_model.AuthQueryDetail
- func NewAuthQueryZitiMfa() *rest_model.AuthQueryDetail
- func NewRequestContext(rw http.ResponseWriter, r *http.Request) *response.RequestContext
- func ProcessAuthQueries(ae *AppEnv, rc *response.RequestContext)
- func ServeError(rw http.ResponseWriter, r *http.Request, inErr error)
- type AddRouterFunc
- type ApiRouter
- type AppEnv
- func (ae *AppEnv) AddRouterPresenceHandler(h model.RouterPresenceHandler)
- func (ae *AppEnv) ControllersKeyFunc(token *jwt.Token) (interface{}, error)
- func (ae *AppEnv) CreateRequestContext(rw http.ResponseWriter, r *http.Request) *response.RequestContext
- func (ae *AppEnv) FillRequestContext(rc *response.RequestContext) error
- func (ae *AppEnv) GetApiAddresses() (map[string][]event.ApiAddress, []byte)
- func (ae *AppEnv) GetApiClientCsrSigner() cert.Signer
- func (ae *AppEnv) GetApiServerCsrSigner() cert.Signer
- func (ae *AppEnv) GetAuthRegistry() model.AuthRegistry
- func (ae *AppEnv) GetCloseNotifyChannel() <-chan struct{}
- func (ae *AppEnv) GetCommandDispatcher() command.Dispatcher
- func (ae *AppEnv) GetConfig() *config.Config
- func (ae *AppEnv) GetControlClientCsrSigner() cert.Signer
- func (ae *AppEnv) GetControllerPublicKey(kid string) crypto.PublicKey
- func (ae *AppEnv) GetDb() boltz.Db
- func (ae *AppEnv) GetEnrollRegistry() model.EnrollmentRegistry
- func (ae *AppEnv) GetEnrollmentJwtSigner() (jwtsigner.Signer, error)
- func (ae *AppEnv) GetEventDispatcher() event.Dispatcher
- func (ae *AppEnv) GetFingerprintGenerator() cert.FingerprintGenerator
- func (ae *AppEnv) GetHostController() HostController
- func (ae *AppEnv) GetId() string
- func (ae *AppEnv) GetManagers() *model.Managers
- func (ae *AppEnv) GetMetricsRegistry() metrics.Registry
- func (ae *AppEnv) GetPeerControllerAddresses() []string
- func (ae *AppEnv) GetPeerSigners() []*x509.Certificate
- func (ae *AppEnv) GetRaftInfo() (string, string, string)
- func (ae *AppEnv) GetServerCert() (serverCert *tls.Certificate, kid string, signingMethod jwt.SigningMethod)
- func (ae *AppEnv) GetServerJwtSigner() jwtsigner.Signer
- func (ae *AppEnv) GetStores() *db.Stores
- func (ae *AppEnv) HandleServiceEvent(event *db.ServiceEvent)
- func (ae *AppEnv) HandleServiceUpdatedEventForIdentityId(identityId string)
- func (ae *AppEnv) InitPersistence() error
- func (ae *AppEnv) IsAllowed(responderFunc func(ae *AppEnv, rc *response.RequestContext), ...) openApiMiddleware.Responder
- func (ae *AppEnv) IsEdgeRouterOnline(id string) bool
- func (ae *AppEnv) JwtSignerKeyFunc(token *jwt.Token) (interface{}, error)
- func (ae *AppEnv) OidcIssuer() string
- func (ae *AppEnv) ProcessJwt(rc *response.RequestContext, token *jwt.Token) error
- func (ae *AppEnv) ProcessZtSession(rc *response.RequestContext, ztSession string) error
- func (ae *AppEnv) RootIssuer() string
- func (ae *AppEnv) SetServerCert(serverCert *tls.Certificate)
- func (ae *AppEnv) ValidateAccessToken(token string) (*common.AccessClaims, error)
- func (ae *AppEnv) ValidateServiceAccessToken(token string, apiSessionId *string) (*common.ServiceAccessClaims, error)
- type AppHandler
- type AppMiddleware
- type BasicEntitySchema
- type Broker
- func (broker *Broker) AcceptClusterEvent(clusterEvent *event.ClusterEvent)
- func (broker *Broker) GetEdgeRouterState(id string) RouterStateValues
- func (broker *Broker) GetPublicKeys() map[string]crypto.PublicKey
- func (broker *Broker) GetReceiveHandlers() []channel.TypedReceiveHandler
- func (broker *Broker) IsEdgeRouterOnline(id string) bool
- func (broker *Broker) RouterConnected(router *model.Router)
- func (broker *Broker) RouterDisconnected(r *model.Router)
- func (broker *Broker) Stop()
- func (broker *Broker) ValidateRouterDataModel() []error
- type HostController
- type IdentityEntitySchema
- type LockingRouterState
- func (r *LockingRouterState) GetVersionInfo() versions.VersionInfo
- func (r *LockingRouterState) Hostname() string
- func (r *LockingRouterState) IsOnline() bool
- func (r *LockingRouterState) Protocols() map[string]string
- func (r *LockingRouterState) SetHostname(hostname string)
- func (r *LockingRouterState) SetIsOnline(isOnline bool)
- func (r *LockingRouterState) SetProtocols(protocols map[string]string)
- func (r *LockingRouterState) SetSyncStatus(syncStatus RouterSyncStatus)
- func (r *LockingRouterState) SetVersionInfo(versionInfo versions.VersionInfo)
- func (r *LockingRouterState) SyncStatus() RouterSyncStatus
- func (r *LockingRouterState) Values() RouterStateValues
- type PemProducer
- type RouterConnectionHandler
- type RouterState
- type RouterStateValues
- type RouterSyncCache
- type RouterSyncStatus
- type RouterSyncStrategy
- type RouterSyncStrategyType
- type RouterSynchronizerEventHandler
- type Schemes
- type TraceManager
- type TraceSpec
- type YamlProducer
Constants ¶
View Source
const ( ZitiSession = "zt-session" ClientApiBinding = "edge-client" JwtAudEnrollment = "openziti-enroller" )
View Source
const ( SessionRemovedType = int32(edge_ctrl_pb.ContentType_SessionRemovedType) ApiSessionHeartbeatType = int32(edge_ctrl_pb.ContentType_ApiSessionHeartbeatType) ApiSessionRemovedType = int32(edge_ctrl_pb.ContentType_ApiSessionRemovedType) ApiSessionAddedType = int32(edge_ctrl_pb.ContentType_ApiSessionAddedType) ApiSessionUpdatedType = int32(edge_ctrl_pb.ContentType_ApiSessionUpdatedType) RequestClientReSyncType = int32(edge_ctrl_pb.ContentType_RequestClientReSyncType) DataStateType = int32(edge_ctrl_pb.ContentType_DataStateType) DataStateChangeSetType = int32(edge_ctrl_pb.ContentType_DataStateChangeSetType) ServerHelloType = int32(edge_ctrl_pb.ContentType_ServerHelloType) ClientHelloType = int32(edge_ctrl_pb.ContentType_ClientHelloType) EnrollmentCertsResponseType = int32(edge_ctrl_pb.ContentType_EnrollmentCertsResponseType) EnrollmentExtendRouterRequestType = int32(edge_ctrl_pb.ContentType_EnrollmentExtendRouterRequestType) EnrollmentExtendRouterVerifyRequestType = int32(edge_ctrl_pb.ContentType_EnrollmentExtendRouterVerifyRequestType) )
View Source
const (
EventualEventsGauge = "eventual.events"
)
Variables ¶
This section is empty.
Functions ¶
func GetRequestContextFromHttpContext ¶
func GetRequestContextFromHttpContext(r *http.Request) (*response.RequestContext, error)
func NewAuthQueryExtJwt ¶
func NewAuthQueryExtJwt(signer *model.ExternalJwtSigner) *rest_model.AuthQueryDetail
func NewAuthQueryZitiMfa ¶
func NewAuthQueryZitiMfa() *rest_model.AuthQueryDetail
func NewRequestContext ¶
func NewRequestContext(rw http.ResponseWriter, r *http.Request) *response.RequestContext
func ProcessAuthQueries ¶
func ProcessAuthQueries(ae *AppEnv, rc *response.RequestContext)
ProcessAuthQueries will inspect a response.RequestContext and set the AuthQueries with the current outstanding authentication queries.
func ServeError ¶
func ServeError(rw http.ResponseWriter, r *http.Request, inErr error)
ServeError is a wrapper for the OpenAPI REST server to allow the Edge API Error message responses to be used when errors are raised from the OpenAPI internal runtimes. This includes input validation methods, unsupported media types, etc.
Types ¶
type AddRouterFunc ¶
type AddRouterFunc func(ae *AppEnv)
func GetRouters ¶
func GetRouters() []AddRouterFunc
type AppEnv ¶
type AppEnv struct {
Stores *db.Stores
Managers *model.Managers
Versions *ziti.Versions
ApiServerCsrSigner cert.Signer
ApiClientCsrSigner cert.Signer
ControlClientCsrSigner cert.Signer
FingerprintGenerator cert.FingerprintGenerator
AuthRegistry model.AuthRegistry
EnrollRegistry model.EnrollmentRegistry
Broker *Broker
HostController HostController
ManagementApi *managementOperations.ZitiEdgeManagementAPI
ClientApi *clientOperations.ZitiEdgeClientAPI
IdentityRefreshMap cmap.ConcurrentMap[string, time.Time]
StartupTime time.Time
InstanceId string
AuthRateLimiter rate.AdaptiveRateLimiter
ServerCert *tls.Certificate
TraceManager *TraceManager
// contains filtered or unexported fields
}
func NewAppEnv ¶
func NewAppEnv(host HostController) (*AppEnv, error)
func (*AppEnv) AddRouterPresenceHandler ¶ added in v1.2.0
func (ae *AppEnv) AddRouterPresenceHandler(h model.RouterPresenceHandler)
func (*AppEnv) ControllersKeyFunc ¶
func (*AppEnv) CreateRequestContext ¶
func (ae *AppEnv) CreateRequestContext(rw http.ResponseWriter, r *http.Request) *response.RequestContext
func (*AppEnv) FillRequestContext ¶
func (ae *AppEnv) FillRequestContext(rc *response.RequestContext) error
func (*AppEnv) GetApiAddresses ¶ added in v1.1.6
func (ae *AppEnv) GetApiAddresses() (map[string][]event.ApiAddress, []byte)
func (*AppEnv) GetApiClientCsrSigner ¶
func (*AppEnv) GetApiServerCsrSigner ¶
func (*AppEnv) GetAuthRegistry ¶
func (ae *AppEnv) GetAuthRegistry() model.AuthRegistry
func (*AppEnv) GetCloseNotifyChannel ¶ added in v1.1.6
func (ae *AppEnv) GetCloseNotifyChannel() <-chan struct{}
func (*AppEnv) GetCommandDispatcher ¶ added in v1.1.6
func (ae *AppEnv) GetCommandDispatcher() command.Dispatcher
func (*AppEnv) GetControlClientCsrSigner ¶
func (*AppEnv) GetControllerPublicKey ¶
func (*AppEnv) GetEnrollRegistry ¶
func (ae *AppEnv) GetEnrollRegistry() model.EnrollmentRegistry
func (*AppEnv) GetEnrollmentJwtSigner ¶ added in v1.2.0
GetEnrollmentJwtSigner returns as Signer to use for enrollments based on the edge.api.address hostname or an error if one cannot be located that matches. Hostname matching is done across all identity server certificates, including alternate server certificates.
func (*AppEnv) GetEventDispatcher ¶ added in v1.1.14
func (ae *AppEnv) GetEventDispatcher() event.Dispatcher
func (*AppEnv) GetFingerprintGenerator ¶
func (ae *AppEnv) GetFingerprintGenerator() cert.FingerprintGenerator
func (*AppEnv) GetHostController ¶
func (ae *AppEnv) GetHostController() HostController
func (*AppEnv) GetManagers ¶
func (*AppEnv) GetMetricsRegistry ¶
func (*AppEnv) GetPeerControllerAddresses ¶ added in v0.34.0
func (*AppEnv) GetPeerSigners ¶ added in v1.1.6
func (ae *AppEnv) GetPeerSigners() []*x509.Certificate
func (*AppEnv) GetRaftInfo ¶ added in v1.1.6
func (*AppEnv) GetServerCert ¶
func (ae *AppEnv) GetServerCert() (serverCert *tls.Certificate, kid string, signingMethod jwt.SigningMethod)
func (*AppEnv) GetServerJwtSigner ¶ added in v0.34.0
func (*AppEnv) HandleServiceEvent ¶
func (ae *AppEnv) HandleServiceEvent(event *db.ServiceEvent)
func (*AppEnv) HandleServiceUpdatedEventForIdentityId ¶
func (*AppEnv) InitPersistence ¶
func (*AppEnv) IsAllowed ¶
func (ae *AppEnv) IsAllowed(responderFunc func(ae *AppEnv, rc *response.RequestContext), request *http.Request, entityId string, entitySubId string, permissions ...permissions.Resolver) openApiMiddleware.Responder
func (*AppEnv) IsEdgeRouterOnline ¶
func (*AppEnv) JwtSignerKeyFunc ¶
JwtSignerKeyFunc is used in combination with jwt.Parse or jwt.ParseWithClaims to facilitate verifying JWTs from the current controller or any peer controllers.
func (*AppEnv) OidcIssuer ¶ added in v0.34.0
func (*AppEnv) ProcessJwt ¶
func (*AppEnv) ProcessZtSession ¶
func (ae *AppEnv) ProcessZtSession(rc *response.RequestContext, ztSession string) error
func (*AppEnv) RootIssuer ¶ added in v0.34.0
func (*AppEnv) SetServerCert ¶ added in v0.34.0
func (ae *AppEnv) SetServerCert(serverCert *tls.Certificate)
func (*AppEnv) ValidateAccessToken ¶ added in v0.34.0
func (ae *AppEnv) ValidateAccessToken(token string) (*common.AccessClaims, error)
func (*AppEnv) ValidateServiceAccessToken ¶ added in v0.34.0
type AppHandler ¶
type AppHandler func(ae *AppEnv, rc *response.RequestContext)
type BasicEntitySchema ¶
type BasicEntitySchema struct {
Post *gojsonschema.Schema
Patch *gojsonschema.Schema
Put *gojsonschema.Schema
}
type Broker ¶
type Broker struct {
// contains filtered or unexported fields
}
The Broker delegates Ziti Edge events to a RouterSyncStrategy. Handling the details of which events to watch and dealing with casting arguments to their proper concrete types.
func NewBroker ¶
func NewBroker(ae *AppEnv, synchronizer RouterSyncStrategy) *Broker
func (*Broker) AcceptClusterEvent ¶
func (broker *Broker) AcceptClusterEvent(clusterEvent *event.ClusterEvent)
func (*Broker) GetEdgeRouterState ¶
func (broker *Broker) GetEdgeRouterState(id string) RouterStateValues
func (*Broker) GetPublicKeys ¶ added in v0.34.2
func (*Broker) GetReceiveHandlers ¶
func (broker *Broker) GetReceiveHandlers() []channel.TypedReceiveHandler
func (*Broker) IsEdgeRouterOnline ¶
func (*Broker) RouterConnected ¶
func (*Broker) RouterDisconnected ¶
func (*Broker) ValidateRouterDataModel ¶ added in v1.1.8
type HostController ¶
type HostController interface {
GetConfig() *config.Config
GetEnv() *AppEnv
RegisterAgentBindHandler(bindHandler channel.BindHandler)
RegisterXctrl(x xctrl.Xctrl) error
RegisterXmgmt(x xmgmt.Xmgmt) error
GetXWebInstance() xweb.Instance
GetNetwork() *network.Network
GetCloseNotifyChannel() <-chan struct{}
Shutdown()
Identity() identity.Identity
IsRaftEnabled() bool
IsRaftLeader() bool
GetDb() boltz.Db
GetCommandDispatcher() command.Dispatcher
GetPeerSigners() []*x509.Certificate
GetEventDispatcher() event.Dispatcher
GetRaftIndex() uint64
GetPeerAddresses() []string
GetRaftInfo() (string, string, string)
GetApiAddresses() (map[string][]event.ApiAddress, []byte)
GetMetricsRegistry() metrics.Registry
}
type IdentityEntitySchema ¶
type IdentityEntitySchema struct {
Post *gojsonschema.Schema
Patch *gojsonschema.Schema
Put *gojsonschema.Schema
ServiceConfigs *gojsonschema.Schema
}
type LockingRouterState ¶
type LockingRouterState struct {
// contains filtered or unexported fields
}
func NewLockingRouterStatus ¶
func NewLockingRouterStatus() *LockingRouterState
func (*LockingRouterState) GetVersionInfo ¶
func (r *LockingRouterState) GetVersionInfo() versions.VersionInfo
func (*LockingRouterState) Hostname ¶
func (r *LockingRouterState) Hostname() string
func (*LockingRouterState) IsOnline ¶
func (r *LockingRouterState) IsOnline() bool
func (*LockingRouterState) Protocols ¶
func (r *LockingRouterState) Protocols() map[string]string
func (*LockingRouterState) SetHostname ¶
func (r *LockingRouterState) SetHostname(hostname string)
func (*LockingRouterState) SetIsOnline ¶
func (r *LockingRouterState) SetIsOnline(isOnline bool)
func (*LockingRouterState) SetProtocols ¶
func (r *LockingRouterState) SetProtocols(protocols map[string]string)
func (*LockingRouterState) SetSyncStatus ¶
func (r *LockingRouterState) SetSyncStatus(syncStatus RouterSyncStatus)
func (*LockingRouterState) SetVersionInfo ¶
func (r *LockingRouterState) SetVersionInfo(versionInfo versions.VersionInfo)
func (*LockingRouterState) SyncStatus ¶
func (r *LockingRouterState) SyncStatus() RouterSyncStatus
func (*LockingRouterState) Values ¶
func (r *LockingRouterState) Values() RouterStateValues
type PemProducer ¶
type PemProducer struct{}
type RouterConnectionHandler ¶
type RouterConnectionHandler interface {
RouterConnected(edgeRouter *model.EdgeRouter, router *model.Router)
RouterDisconnected(router *model.Router)
GetReceiveHandlers() []channel.TypedReceiveHandler
}
RouterConnectionHandler is responsible for handling router connect/disconnect for synchronizing state. This is intended for API Session but additional state is possible. Implementations may bind additional handlers to the channel.
type RouterState ¶
type RouterState interface {
SetIsOnline(isOnline bool)
IsOnline() bool
SetHostname(hostname string)
Hostname() string
SetProtocols(protocols map[string]string)
Protocols() map[string]string
SetSyncStatus(status RouterSyncStatus)
SyncStatus() RouterSyncStatus
SetVersionInfo(versionInfo versions.VersionInfo)
GetVersionInfo() versions.VersionInfo
Values() RouterStateValues
}
RouterState provides a thread save mechanism to access and set router status information that may be influx due to reouter connection/disconnection.
type RouterStateValues ¶
type RouterStateValues struct {
IsOnline bool
Hostname string
Protocols map[string]string
SyncStatus RouterSyncStatus
VersionInfo versions.VersionInfo
}
func NewRouterStatusValues ¶
func NewRouterStatusValues() RouterStateValues
type RouterSyncCache ¶ added in v0.34.0
type RouterSyncCache struct {
}
type RouterSyncStatus ¶
type RouterSyncStatus string
RouterSyncStatus aliased type for router sync status
const ( RouterSyncNew RouterSyncStatus = "SYNC_NEW" //connection accepted but no strategy actions have been taken RouterSyncQueued RouterSyncStatus = "SYNC_QUEUED" //connection handed to strategy, but not processed RouterSyncHello RouterSyncStatus = "SYNC_HELLO" //connection is beginning hello cycle RouterSyncHelloWait RouterSyncStatus = "SYNC_HELLO_WAIT" //hello received from router, but there are too many synchronizing routers RouterSyncResyncWait RouterSyncStatus = "SYNC_RESYNC_WAIT" //router requested a resync, in queue RouterSynInProgress RouterSyncStatus = "SYNC_IN_PROGRESS" //hello finished, starting to send state RouterSyncDone RouterSyncStatus = "SYNC_DONE" //initial state sent //Error states RouterSyncUnknown RouterSyncStatus = "SYNC_UNKNOWN" //the router is currently unknown RouterSyncDisconnected RouterSyncStatus = "SYNC_DISCONNECTED" //strategy was disconnected before finishing RouterSyncHelloTimeout RouterSyncStatus = "SYNC_HELLO_TIMEOUT" //sync failed due to a hello timeout. RouterSyncError RouterSyncStatus = "SYNC_ERROR" //sync failed due to an unexpected error //msg headers SyncStrategyTypeHeader = 1013 SyncStrategyStateHeader = 1014 SyncStrategyLastIndex = 1015 )
type RouterSyncStrategy ¶
type RouterSyncStrategy interface {
Type() RouterSyncStrategyType
GetEdgeRouterState(id string) RouterStateValues
Stop()
GetPublicKeys() map[string]crypto.PublicKey
RouterConnectionHandler
RouterSynchronizerEventHandler
Validate() []error
}
RouterSyncStrategy handles the life cycle of an Edge Router connecting to the controller, synchronizing any upfront state and then maintaining state after that.
type RouterSyncStrategyType ¶
type RouterSyncStrategyType string
RouterSyncStrategyType aliased type for router strategies
type RouterSynchronizerEventHandler ¶
type RouterSynchronizerEventHandler interface {
ApiSessionAdded(apiSession *db.ApiSession)
ApiSessionUpdated(apiSession *db.ApiSession, apiSessionCert *db.ApiSessionCertificate)
ApiSessionDeleted(apiSession *db.ApiSession)
SessionDeleted(session *db.Session)
}
RouterSynchronizerEventHandler is responsible for keeping Edge Routers up to date on API Sessions
type Schemes ¶
type Schemes struct {
Association *BasicEntitySchema
Authenticator *BasicEntitySchema
AuthenticatorSelf *BasicEntitySchema
Ca *BasicEntitySchema
Config *BasicEntitySchema
ConfigType *BasicEntitySchema
Enroller *BasicEntitySchema
EnrollEr *BasicEntitySchema
EnrollUpdb *BasicEntitySchema
EdgeRouter *BasicEntitySchema
EdgeRouterPolicy *BasicEntitySchema
TransitRouter *BasicEntitySchema
Identity *IdentityEntitySchema
Service *BasicEntitySchema
ServiceEdgeRouterPolicy *BasicEntitySchema
ServicePolicy *BasicEntitySchema
Session *BasicEntitySchema
Terminator *BasicEntitySchema
}
func (Schemes) GetEnrollErPost ¶
func (s Schemes) GetEnrollErPost() *gojsonschema.Schema
func (Schemes) GetEnrollUpdbPost ¶
func (s Schemes) GetEnrollUpdbPost() *gojsonschema.Schema
type TraceManager ¶
type TraceManager struct {
// contains filtered or unexported fields
}
func NewTraceManager ¶
func NewTraceManager(shutdownNotify <-chan struct{}) *TraceManager
func (*TraceManager) GetIdentityTrace ¶
func (self *TraceManager) GetIdentityTrace(identityId string) *TraceSpec
func (*TraceManager) RemoveIdentityTrace ¶
func (self *TraceManager) RemoveIdentityTrace(identity string)
func (*TraceManager) TraceIdentity ¶
type YamlProducer ¶
type YamlProducer struct{}
Source Files
Click to show internal directories.
Click to hide internal directories.