Documentation ¶
Index ¶
- func LoginPairFromEnv() (*authn.LoginPair, error)
- func LoginPairFromNetRC(config Config) (*authn.LoginPair, error)
- func ReadResponseBody(response io.ReadCloser) ([]byte, error)
- type Authenticator
- type Client
- func (c *Client) AddSecret(variableID string, secretValue string) error
- func (c *Client) Authenticate(loginPair authn.LoginPair) ([]byte, error)
- func (c *Client) AuthenticateReader(loginPair authn.LoginPair) (io.ReadCloser, error)
- func (c *Client) CheckPermission(resourceID, privilege string) (bool, error)
- func (c *Client) GetConfig() Config
- func (c *Client) GetHttpClient() *http.Client
- func (c *Client) LoadPolicy(mode PolicyMode, policyID string, policy io.Reader) (*PolicyResponse, error)
- func (c *Client) NeedsTokenRefresh() bool
- func (c *Client) RefreshToken() (err error)
- func (c *Client) Resource(resourceID string) (resource map[string]interface{}, err error)
- func (c *Client) Resources(filter *ResourceFilter) (resources []map[string]interface{}, err error)
- func (c *Client) RetrieveBatchSecrets(variableIDs []string) (map[string][]byte, error)
- func (c *Client) RetrieveSecret(variableID string) ([]byte, error)
- func (c *Client) RetrieveSecretReader(variableID string) (io.ReadCloser, error)
- func (c *Client) RotateAPIKey(roleID string) ([]byte, error)
- func (c *Client) RotateAPIKeyReader(roleID string) (io.ReadCloser, error)
- func (c *Client) SetHttpClient(httpClient *http.Client)
- func (c *Client) SubmitRequest(req *http.Request) (resp *http.Response, err error)
- type Config
- type CreatedRole
- type PolicyMode
- type PolicyResponse
- type ResourceFilter
- type Router
- type RouterV4
- func (r RouterV4) AddSecretRequest(variableID, secretValue string) (*http.Request, error)
- func (r RouterV4) AuthenticateRequest(loginPair authn.LoginPair) (*http.Request, error)
- func (r RouterV4) CheckPermissionRequest(resourceID, privilege string) (*http.Request, error)
- func (r RouterV4) LoadPolicyRequest(mode PolicyMode, policyID string, policy io.Reader) (*http.Request, error)
- func (r RouterV4) ResourceRequest(resourceID string) (*http.Request, error)
- func (r RouterV4) ResourcesRequest(filter *ResourceFilter) (*http.Request, error)
- func (r RouterV4) RetrieveBatchSecretsRequest(variableIDs []string) (*http.Request, error)
- func (r RouterV4) RetrieveSecretRequest(variableID string) (*http.Request, error)
- func (r RouterV4) RotateAPIKeyRequest(roleID string) (*http.Request, error)
- type RouterV5
- func (r RouterV5) AddSecretRequest(variableID, secretValue string) (*http.Request, error)
- func (r RouterV5) AuthenticateRequest(loginPair authn.LoginPair) (*http.Request, error)
- func (r RouterV5) CheckPermissionRequest(resourceID, privilege string) (*http.Request, error)
- func (r RouterV5) LoadPolicyRequest(mode PolicyMode, policyID string, policy io.Reader) (*http.Request, error)
- func (r RouterV5) ResourceRequest(resourceID string) (*http.Request, error)
- func (r RouterV5) ResourcesRequest(filter *ResourceFilter) (*http.Request, error)
- func (r RouterV5) RetrieveBatchSecretsRequest(variableIDs []string) (*http.Request, error)
- func (r RouterV5) RetrieveSecretRequest(variableID string) (*http.Request, error)
- func (r RouterV5) RotateAPIKeyRequest(roleID string) (*http.Request, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func LoginPairFromEnv ¶
func ReadResponseBody ¶ added in v0.3.0
func ReadResponseBody(response io.ReadCloser) ([]byte, error)
ReadResponseBody fully reads a response and closes it.
Types ¶
type Authenticator ¶
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
func NewClientFromKey ¶
func NewClientFromTokenFile ¶
func (*Client) AddSecret ¶
AddSecret adds a secret value to a variable.
The authenticated user must have update privilege on the variable.
func (*Client) Authenticate ¶
Authenticate obtains a new access token.
func (*Client) AuthenticateReader ¶ added in v0.3.0
AuthenticateReader obtains a new access token and returns it as a data stream.
func (*Client) CheckPermission ¶ added in v0.3.0
CheckPermission determines whether the authenticated user has a specified privilege on a resource.
func (*Client) GetHttpClient ¶ added in v0.5.1
func (*Client) LoadPolicy ¶
func (c *Client) LoadPolicy(mode PolicyMode, policyID string, policy io.Reader) (*PolicyResponse, error)
LoadPolicy submits new policy data or polciy changes to the server.
The required permission depends on the mode.
func (*Client) NeedsTokenRefresh ¶
func (*Client) RefreshToken ¶
func (*Client) Resources ¶ added in v0.4.0
func (c *Client) Resources(filter *ResourceFilter) (resources []map[string]interface{}, err error)
Resources fetches user-visible resources. The set of resources can be limited by the given ResourceFilter. If filter is non-nil, only non-zero-valued members of the filter will be applied.
func (*Client) RetrieveBatchSecrets ¶ added in v0.3.3
RetrieveBatchSecrets fetches values for all variables in a slice using a single API call
The authenticated user must have execute privilege on all variables.
func (*Client) RetrieveSecret ¶
RetrieveSecret fetches a secret from a variable.
The authenticated user must have execute privilege on the variable.
func (*Client) RetrieveSecretReader ¶ added in v0.3.0
func (c *Client) RetrieveSecretReader(variableID string) (io.ReadCloser, error)
RetrieveSecretReader fetches a secret from a variable and returns it as a data stream.
The authenticated user must have execute privilege on the variable.
func (*Client) RotateAPIKey ¶ added in v0.3.0
RotateAPIKey replaces the API key of a role on the server with a new random secret.
The authenticated user must have update privilege on the role.
func (*Client) RotateAPIKeyReader ¶ added in v0.3.0
func (c *Client) RotateAPIKeyReader(roleID string) (io.ReadCloser, error)
RotateAPIKeyReader replaces the API key of a role on the server with a new random secret and returns it as a data stream.
The authenticated user must have update privilege on the role.
func (*Client) SetHttpClient ¶ added in v0.5.1
type Config ¶
type Config struct { Account string `yaml:"account,omitempty"` ApplianceURL string `yaml:"appliance_url,omitempty"` NetRCPath string `yaml:"netrc_path,omitempty"` SSLCert string `yaml:"-"` SSLCertPath string `yaml:"cert_file,omitempty"` V4 bool `yaml:"v4"` }
func LoadConfig ¶
func (*Config) ReadSSLCert ¶
type CreatedRole ¶ added in v0.3.0
CreatedRole contains the full role ID and API key of a role which was created by the server when loading a policy.
type PolicyMode ¶ added in v0.3.0
type PolicyMode uint
PolicyMode defines the server-sized behavior when loading a policy.
const ( // PolicyModePost appends new data to the policy. PolicyModePost PolicyMode = 1 // PolicyModePut completely replaces the policy, implicitly deleting data which is not present in the new policy. PolicyModePut PolicyMode = 2 // PolicyModePatch adds policy data and explicitly deletes policy data. PolicyModePatch PolicyMode = 3 )
type PolicyResponse ¶ added in v0.3.0
type PolicyResponse struct { // Newly created roles. CreatedRoles map[string]CreatedRole `json:"created_roles"` // The version number of the policy. Version uint32 `json:"version"` }
PolicyResponse contains information about the policy update.
type ResourceFilter ¶ added in v0.4.0
type ResourceFilter struct {
Kind string
}
type Router ¶ added in v0.3.0
type Router interface { AddSecretRequest(variableID, secretValue string) (*http.Request, error) AuthenticateRequest(loginPair authn.LoginPair) (*http.Request, error) CheckPermissionRequest(resourceID, privilege string) (*http.Request, error) LoadPolicyRequest(mode PolicyMode, policyID string, policy io.Reader) (*http.Request, error) ResourceRequest(resourceID string) (*http.Request, error) ResourcesRequest(filter *ResourceFilter) (*http.Request, error) RetrieveBatchSecretsRequest(variableIDs []string) (*http.Request, error) RetrieveSecretRequest(variableID string) (*http.Request, error) RotateAPIKeyRequest(roleID string) (*http.Request, error) }
type RouterV4 ¶ added in v0.3.0
type RouterV4 struct {
Config *Config
}
func (RouterV4) AddSecretRequest ¶ added in v0.3.0
func (RouterV4) AuthenticateRequest ¶ added in v0.3.0
func (RouterV4) CheckPermissionRequest ¶ added in v0.3.0
func (RouterV4) LoadPolicyRequest ¶ added in v0.3.0
func (RouterV4) ResourceRequest ¶ added in v0.4.0
func (RouterV4) ResourcesRequest ¶ added in v0.4.0
func (r RouterV4) ResourcesRequest(filter *ResourceFilter) (*http.Request, error)
func (RouterV4) RetrieveBatchSecretsRequest ¶ added in v0.3.3
func (RouterV4) RetrieveSecretRequest ¶ added in v0.3.0
type RouterV5 ¶ added in v0.3.0
type RouterV5 struct {
Config *Config
}
func (RouterV5) AddSecretRequest ¶ added in v0.3.0
func (RouterV5) AuthenticateRequest ¶ added in v0.3.0
func (RouterV5) CheckPermissionRequest ¶ added in v0.3.0
func (RouterV5) LoadPolicyRequest ¶ added in v0.3.0
func (RouterV5) ResourceRequest ¶ added in v0.4.0
func (RouterV5) ResourcesRequest ¶ added in v0.4.0
func (r RouterV5) ResourcesRequest(filter *ResourceFilter) (*http.Request, error)