feat: add new api endpoints, remove third party packages usage

SSHcom · Jun 18, 2024 · fcff67b · fcff67b
1 parent 4208b8c
commit fcff67b
Show file tree

Hide file tree

Showing 10 changed files with 948 additions and 92 deletions.
diff --git a/api/authorizer/client.go b/api/authorizer/client.go
@@ -9,6 +9,7 @@ package authorizer
 import (
 	"net/url"
 
+	"github.com/SSHcom/privx-sdk-go/common"
 	"github.com/SSHcom/privx-sdk-go/restapi"
 )
 
@@ -17,21 +18,6 @@ type Client struct {
 	api restapi.Connector
 }
 
-type templatesResult struct {
-	Count int            `json:"count"`
-	Items []CertTemplate `json:"items"`
-}
-
-type accessGroupResult struct {
-	Count int           `json:"count"`
-	Items []AccessGroup `json:"items"`
-}
-
-type apiCertificateResult struct {
-	Count int              `json:"count"`
-	Items []APICertificate `json:"items"`
-}
-
 // New creates a new authorizer client instance
 func New(api restapi.Connector) *Client {
 	return &Client{api: api}
@@ -319,8 +305,8 @@ func (auth *Client) DownloadWebProxyConfig(trustedClientID, sessionID, filename
 }
 
 // CertTemplates returns the certificate authentication templates for the service
-func (auth *Client) CertTemplates(service string) ([]CertTemplate, error) {
-	result := templatesResult{}
+func (auth *Client) CertTemplates(service string) (common.Result[CertTemplate], error) {
+	result := common.Result[CertTemplate]{}
 	filters := Params{
 		Service: service,
 	}
@@ -330,7 +316,7 @@ func (auth *Client) CertTemplates(service string) ([]CertTemplate, error) {
 		Query(&filters).
 		Get(&result)
 
-	return result.Items, err
+	return result, err
 }
 
 // SSLTrustAnchor returns the SSL trust anchor (PrivX TLS CA certificate)
@@ -355,22 +341,23 @@ func (auth *Client) ExtenderTrustAnchor() (*TrustAnchor, error) {
 	return anchor, err
 }
 
+// MARK: Access Groups
 // AccessGroups lists all access group
-func (auth *Client) AccessGroups(offset, limit int, sortkey, sortdir string) ([]AccessGroup, error) {
+func (auth *Client) AccessGroups(offset, limit int, sortkey, sortdir string) (common.Result[AccessGroup], error) {
 	filters := Params{
 		Offset:  offset,
 		Limit:   limit,
 		Sortkey: sortkey,
 		Sortdir: sortdir,
 	}
-	result := accessGroupResult{}
+	result := common.Result[AccessGroup]{}
 
 	_, err := auth.api.
 		URL("/authorizer/api/v1/accessgroups").
 		Query(&filters).
 		Get(&result)
 
-	return result.Items, err
+	return result, err
 }
 
 // CreateAccessGroup create a access group
@@ -387,21 +374,21 @@ func (auth *Client) CreateAccessGroup(accessGroup *AccessGroup) (string, error)
 }
 
 // SearchAccessGroup search for access groups
-func (auth *Client) SearchAccessGroup(offset, limit int, sortkey, sortdir string, search *SearchParams) ([]AccessGroup, error) {
+func (auth *Client) SearchAccessGroup(offset, limit int, sortkey, sortdir string, search *SearchParams) (common.Result[AccessGroup], error) {
 	filters := Params{
 		Offset:  offset,
 		Limit:   limit,
 		Sortkey: sortkey,
 		Sortdir: sortdir,
 	}
-	result := accessGroupResult{}
+	result := common.Result[AccessGroup]{}
 
 	_, err := auth.api.
 		URL("/authorizer/api/v1/accessgroups/search").
 		Query(&filters).
 		Post(search, &result)
 
-	return result.Items, err
+	return result, err
 }
 
 // AccessGroup get access group
@@ -453,27 +440,28 @@ func (auth *Client) DeleteAccessGroupsIdCas(accessGroupID string, caID string) e
 	return err
 }
 
+// MARK: Certs
 // SearchCert search for certificates
-func (auth *Client) SearchCert(offset, limit int, sortkey, sortdir string, cert *APICertificateSearch) ([]APICertificate, error) {
+func (auth *Client) SearchCert(offset, limit int, sortkey, sortdir string, cert *APICertificateSearch) (common.Result[APICertificate], error) {
 	filters := Params{
 		Offset:  offset,
 		Limit:   limit,
 		Sortkey: sortkey,
 		Sortdir: sortdir,
 	}
-	result := apiCertificateResult{}
+	result := common.Result[APICertificate]{}
 
 	_, err := auth.api.
 		URL("/authorizer/api/v1/cert/search").
 		Query(&filters).
 		Post(cert, &result)
 
-	return result.Items, err
+	return result, err
 }
 
 // Get all Certificates
-func (auth *Client) GetAllCertificates() (apiCertificateResult, error) {
-	certificates := apiCertificateResult{}
+func (auth *Client) GetAllCertificates() (common.Result[APICertificate], error) {
+	certificates := common.Result[APICertificate]{}
 
 	_, err := auth.api.
 		URL("/authorizer/api/v1/cert").
@@ -492,3 +480,86 @@ func (auth *Client) GetCertByID(ID string) (ApiCertificateObject, error) {
 
 	return cert, err
 }
+
+// MARK: Secrets
+// AccountSecrets lists all account secrets
+func (auth *Client) AccountSecrets(limit int, sortdir string) (common.Result[AccountSecrets], error) {
+	filters := Params{
+		Limit:   limit,
+		Sortdir: sortdir,
+	}
+	result := common.Result[AccountSecrets]{}
+
+	_, err := auth.api.
+		URL("/authorizer/api/v1/secrets").
+		Query(&filters).
+		Get(&result)
+
+	return result, err
+}
+
+// SearchAccountSecrets search for account secrets
+func (auth *Client) SearchAccountSecrets(limit int, sortdir string, search *AccountSecretsSearchRequest) (common.Result[AccountSecrets], error) {
+	filters := Params{
+		Limit:   limit,
+		Sortdir: sortdir,
+	}
+	result := common.Result[AccountSecrets]{}
+
+	_, err := auth.api.
+		URL("/authorizer/api/v1/secrets/search").
+		Query(&filters).
+		Post(search, &result)
+
+	return result, err
+}
+
+// CheckoutAccountSecret checkout account secret
+func (auth *Client) CheckoutAccountSecret(path string) (common.Result[Checkout], error) {
+	checkoutReq := CheckoutRequest{
+		Path: path,
+	}
+	result := common.Result[Checkout]{}
+
+	_, err := auth.api.
+		URL("/authorizer/api/v1/secrets/checkouts").
+		Post(checkoutReq, &result)
+
+	return result, err
+}
+
+// Checkouts lists secret checkouts
+func (auth *Client) Checkouts(limit int, sortdir string) (common.Result[Checkout], error) {
+	filters := Params{
+		Limit:   limit,
+		Sortdir: sortdir,
+	}
+	result := common.Result[Checkout]{}
+
+	_, err := auth.api.
+		URL("/authorizer/api/v1/secrets/checkouts").
+		Query(&filters).
+		Get(&result)
+
+	return result, err
+}
+
+// Checkout get checkout by id
+func (auth *Client) Checkout(checkoutId string) (*Checkout, error) {
+	checkout := &Checkout{}
+
+	_, err := auth.api.
+		URL("/authorizer/api/v1/secrets/checkouts/%s", url.PathEscape(checkoutId)).
+		Get(&checkout)
+
+	return checkout, err
+}
+
+// ReleaseCheckout release secret checkout
+func (auth *Client) ReleaseCheckout(checkoutId string) error {
+	_, err := auth.api.
+		URL("/authorizer/api/v1/secrets/checkouts/%s/release", url.PathEscape(checkoutId)).
+		Post(nil)
+
+	return err
+}
diff --git a/api/authorizer/model.go b/api/authorizer/model.go
@@ -6,6 +6,8 @@
 
 package authorizer
 
+import "time"
+
 // Params query params definition
 type Params struct {
 	ResponseType  string `json:"response_type,omitempty"`
@@ -158,26 +160,89 @@ type ApiCertificateSearchResponse struct {
 }
 
 type ApiCertificateObject struct {
-	Type              string       `json:"type"`
-	ID                string       `json:"id"`
-	Serial            string       `json:"serial"`
-	OwnerID           string       `json:"owner_id,omitempty"`
-	Revoked           string       `json:"revoked,omitempty"`
-	RevocationReason  string       `json:"revocation_reason,omitempty"`
-	Cert              string       `json:"cert"`
-	Chain             string       `json:"chain"`
-	Issuer            string       `json:"issuer,omitempty"`
-	Subject           string       `json:"subject,omitempty"`
-	NotBefore         string       `json:"not_before,omitempty"`
-	NotAfter          string       `json:"not_after,omitempty"`
-	KeyUsage          string       `json:"key_usage,omitempty"`
-	BasicConstraints  string       `json:"basic_constraints,omitempty"`
-	Extensions        string       `json:"extensions,omitempty"`
-	FingerPrintSHA1   string       `json:"fingerprint_sha1,omitempty"`
-	FingerPrintSHA256 string       `json:"fingerprint_sha256,omitempty"`
-	SubjectKeyID      string       `json:"subject_key_id,omitempty"`
-	AuthorityKeyID    string       `json:"authority_key_id,omitempty"`
-	ExpiryStatus      ExpiryStatus `json:"expiry_status,omitempty"`
-}
-// ExpiryStatus specifies the certificate expiry status
-type ExpiryStatus string
+	Type              string `json:"type"`
+	ID                string `json:"id"`
+	Serial            string `json:"serial"`
+	OwnerID           string `json:"owner_id,omitempty"`
+	Revoked           string `json:"revoked,omitempty"`
+	RevocationReason  string `json:"revocation_reason,omitempty"`
+	Cert              string `json:"cert"`
+	Chain             string `json:"chain"`
+	Issuer            string `json:"issuer,omitempty"`
+	Subject           string `json:"subject,omitempty"`
+	NotBefore         string `json:"not_before,omitempty"`
+	NotAfter          string `json:"not_after,omitempty"`
+	KeyUsage          string `json:"key_usage,omitempty"`
+	BasicConstraints  string `json:"basic_constraints,omitempty"`
+	Extensions        string `json:"extensions,omitempty"`
+	FingerPrintSHA1   string `json:"fingerprint_sha1,omitempty"`
+	FingerPrintSHA256 string `json:"fingerprint_sha256,omitempty"`
+	SubjectKeyID      string `json:"subject_key_id,omitempty"`
+	AuthorityKeyID    string `json:"authority_key_id,omitempty"`
+	ExpiryStatus      string `json:"expiry_status,omitempty"`
+}
+
+type AccountSecrets struct {
+	Path         string             `json:"path"`
+	Type         string             `json:"type"`
+	Username     string             `json:"username"`
+	Email        string             `json:"email,omitempty"`
+	FullName     string             `json:"full_name,omitempty"`
+	TargetDomain TargetDomainHandle `json:"target_domain,omitempty"`
+	Host         HostPrincipals     `json:"host,omitempty"`
+	Created      string             `json:"created,omitempty"`
+	Updated      string             `json:"updated,omitempty"`
+}
+
+type TargetDomainHandle struct {
+	ID      string `json:"id"`
+	Name    string `json:"name,omitempty"`
+	Deleted bool   `json:"deleted,omitempty"`
+}
+
+type HostPrincipals struct {
+	ID         string   `json:"id"`
+	Addresses  []string `json:"addresses"`
+	CommonName string   `json:"common_name,omitempty"`
+	ExternalID string   `json:"external_id,omitempty"`
+	InstanceID string   `json:"instance_id,omitempty"`
+}
+
+type AccountSecretsSearchRequest struct {
+	Keywords string `json:"keywords"`
+	HostID   string `json:"host_id,omitempty"`
+	Username string `json:"username,omitempty"`
+}
+
+type Checkout struct {
+	ID               string         `json:"id"`
+	Path             string         `json:"path"`
+	Type             string         `json:"type"`
+	Expires          string         `json:"expires"`
+	Created          string         `json:"created"`
+	ExplicitCheckout bool           `json:"explicit_checkout"`
+	Secrets          []Secrets      `json:"secrets"`
+	Username         string         `json:"username"`
+	Email            string         `json:"email,omitempty"`
+	FullName         string         `json:"full_name,omitempty"`
+	Host             HostPrincipals `json:"host,omitempty"`
+	TargetDomain     TargetDomain   `json:"target_domain,omitempty"`
+	ManagedAccountID string         `json:"managed_account_id,omitempty"`
+	UserID           string         `json:"user_id"`
+}
+
+type CheckoutRequest struct {
+	Path string `json:"path"`
+}
+
+type Secrets struct {
+	Version int       `json:"version"`
+	Secret  string    `json:"secret"`
+	Created time.Time `json:"created"`
+}
+
+type TargetDomain struct {
+	ID      string `json:"id"`
+	Name    string `json:"name,omitempty"`
+	Deleted bool   `json:"deleted,omitempty"`
+}