From d35e4181075ce287490dd95ac85f476ba2ceace2 Mon Sep 17 00:00:00 2001 From: Andrew Martinez Date: Thu, 9 May 2024 14:13:08 -0400 Subject: [PATCH 1/3] wip --- client.yml | 250 ++++++- go.mod | 10 +- go.sum | 20 +- .../enroll/enroll_client.go | 110 +++- .../enroll/enroll_ott_responses.go | 10 +- .../enroll/enroll_responses.go | 10 +- ...arameters.go => enroll_updb_parameters.go} | 89 ++- .../enroll/enroll_updb_responses.go | 298 +++++++++ .../enroll/enrollment_challenge_parameters.go | 172 +++++ .../enroll/enrollment_challenge_responses.go | 167 +++++ .../enroll/ernoll_updb_responses.go | 167 ----- .../extend_router_enrollment_responses.go | 2 +- .../enroll/get_enrollment_jwks_parameters.go | 150 +++++ .../enroll/get_enrollment_jwks_responses.go | 91 +++ .../configure_ziti_edge_client.go | 19 +- rest_client_api_server/doc.go | 1 - rest_client_api_server/embedded_spec.go | 622 +++++++++++++++++- .../operations/enroll/enroll_ott_responses.go | 16 +- .../operations/enroll/enroll_responses.go | 16 +- .../operations/enroll/enroll_updb.go | 217 ++++++ ...arameters.go => enroll_updb_parameters.go} | 55 +- ..._responses.go => enroll_updb_responses.go} | 78 +-- ...rlbuilder.go => enroll_updb_urlbuilder.go} | 22 +- .../operations/enroll/enrollment_challenge.go | 85 +++ .../enroll/enrollment_challenge_parameters.go | 109 +++ .../enroll/enrollment_challenge_responses.go | 170 +++++ .../enroll/enrollment_challenge_urlbuilder.go | 111 ++++ .../extend_router_enrollment_responses.go | 2 +- ...{ernoll_updb.go => get_enrollment_jwks.go} | 34 +- .../enroll/get_enrollment_jwks_parameters.go | 70 ++ .../enroll/get_enrollment_jwks_responses.go | 82 +++ .../enroll/get_enrollment_jwks_urlbuilder.go | 111 ++++ .../operations/ziti_edge_client_api.go | 49 +- rest_model/enrollment_certs.go | 2 +- rest_model/jwk.go | 215 ++++++ rest_model/jwks.go | 140 ++++ rest_model/nonce_challenge.go | 134 ++++ rest_model/nonce_signature.go | 101 +++ rest_model/other_prime.go | 80 +++ source/client.yml | 4 + source/client/enroll.yml | 124 +++- source/shared/jwks.yml | 94 +++ 42 files changed, 3857 insertions(+), 452 deletions(-) rename rest_client_api_client/enroll/{ernoll_updb_parameters.go => enroll_updb_parameters.go} (54%) create mode 100644 rest_client_api_client/enroll/enroll_updb_responses.go create mode 100644 rest_client_api_client/enroll/enrollment_challenge_parameters.go create mode 100644 rest_client_api_client/enroll/enrollment_challenge_responses.go delete mode 100644 rest_client_api_client/enroll/ernoll_updb_responses.go create mode 100644 rest_client_api_client/enroll/get_enrollment_jwks_parameters.go create mode 100644 rest_client_api_client/enroll/get_enrollment_jwks_responses.go create mode 100644 rest_client_api_server/operations/enroll/enroll_updb.go rename rest_client_api_server/operations/enroll/{ernoll_updb_parameters.go => enroll_updb_parameters.go} (69%) rename rest_client_api_server/operations/enroll/{ernoll_updb_responses.go => enroll_updb_responses.go} (54%) rename rest_client_api_server/operations/enroll/{ernoll_updb_urlbuilder.go => enroll_updb_urlbuilder.go} (83%) create mode 100644 rest_client_api_server/operations/enroll/enrollment_challenge.go create mode 100644 rest_client_api_server/operations/enroll/enrollment_challenge_parameters.go create mode 100644 rest_client_api_server/operations/enroll/enrollment_challenge_responses.go create mode 100644 rest_client_api_server/operations/enroll/enrollment_challenge_urlbuilder.go rename rest_client_api_server/operations/enroll/{ernoll_updb.go => get_enrollment_jwks.go} (55%) create mode 100644 rest_client_api_server/operations/enroll/get_enrollment_jwks_parameters.go create mode 100644 rest_client_api_server/operations/enroll/get_enrollment_jwks_responses.go create mode 100644 rest_client_api_server/operations/enroll/get_enrollment_jwks_urlbuilder.go create mode 100644 rest_model/jwk.go create mode 100644 rest_model/jwks.go create mode 100644 rest_model/nonce_challenge.go create mode 100644 rest_model/nonce_signature.go create mode 100644 rest_model/other_prime.go create mode 100644 source/shared/jwks.yml diff --git a/client.yml b/client.yml index f32ceb75..4d1a177e 100644 --- a/client.yml +++ b/client.yml @@ -1801,9 +1801,9 @@ paths: operationId: enroll responses: "200": - description: Base empty response + description: A response for multi-format legacy enrollment. schema: - $ref: '#/definitions/empty' + type: string "404": description: The requested resource does not exist schema: @@ -1901,6 +1901,76 @@ paths: meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 + /enroll/challenge: + post: + description: | + A caller may submit a nonce and a key id (kid) from the enrollment JWKS endpoint or enrollment JWT that will + be used to sign the nonce. The resulting signature may be validated with the associated public key in order + to verify a networks identity during enrollment. The nonce must be a valid formatted UUID. + tags: + - Enroll + summary: Allows verification of a controller or cluster of controllers as being + the valid target for enrollment. + operationId: enrollmentChallenge + parameters: + - name: nonce + in: body + required: true + schema: + $ref: '#/definitions/nonceChallenge' + responses: + "200": + description: A nonce challenge response. The contents will be the signature + of the nonce, the key id used, and algorithm used to produce the signature. + schema: + $ref: '#/definitions/nonceSignature' + "400": + description: The supplied request contains invalid fields or could not be + parsed (json and non-json bodies). The error's code, message, and cause + fields can be inspected for further information + schema: + $ref: '#/definitions/apiErrorEnvelope' + examples: + application/json: + error: + args: + urlVars: {} + cause: + details: + context: (root) + field: (root) + property: fooField3 + field: (root) + message: '(root): fooField3 is required' + type: required + value: + fooField: abc + fooField2: def + causeMessage: schema validation failed + code: COULD_NOT_VALIDATE + message: The supplied request contains an invalid document + requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 + meta: + apiEnrollmentVersion: 0.0.1 + apiVersion: 0.0.1 + "429": + description: The resource requested is rate limited and the rate limit has + been exceeded + schema: + $ref: '#/definitions/apiErrorEnvelope' + examples: + application/json: + error: + args: + urlVars: {} + causeMessage: you have hit a rate limit in the requested operation + code: RATE_LIMITED + message: The resource is rate limited and the rate limit has been + exceeded. Please try again later + requestId: 270908d6-f2ef-4577-b973-67bec18ae376 + meta: + apiEnrollmentVersion: 0.0.1 + apiVersion: 0.0.1 /enroll/erott: post: description: | @@ -1964,7 +2034,7 @@ paths: $ref: '#/definitions/routerExtendEnrollmentRequest' responses: "200": - description: A response containg the edge routers new signed certificates + description: A response containing the edge routers new signed certificates (server chain, server cert, CAs). schema: $ref: '#/definitions/enrollmentCertsEnvelope' @@ -2005,44 +2075,36 @@ paths: meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 + /enroll/jwks: + get: + description: | + Returns a list of JSON Web Keys (JWKS) that are used for enrollment signing. The keys listed here are used + to sign and co-sign enrollment JWTs. They can be verified through a challenge endpoint, using the public keys + from this endpoint to verify the target machine has possession of the related private key. + tags: + - Enroll + summary: List JSON Web Keys associated with enrollment + operationId: getEnrollmentJwks + responses: + "200": + description: A JWKS response for enrollment. + schema: + $ref: '#/definitions/jwks' /enroll/ott: post: description: | Enroll an identity via a one-time-token which is supplied via a query string parameter. This enrollment method expects a PEM encoded CSRs to be provided for fulfillment. It is up to the enrolling identity to manage the private key backing the CSR request. - consumes: - - application/pkcs10 - produces: - - application/x-x509-user-cert tags: - Enroll summary: Enroll an identity via one-time-token operationId: enrollOtt responses: "200": - description: A PEM encoded certificate signed by the internal Ziti CA + description: A response containing and identities client certificate chains schema: - type: string - examples: - application/x-x509-user-cert: | - -----BEGIN CERTIFICATE----- - MIICzDCCAlGgAwIBAgIRAPkVg1jVKqnNGFpSB3lPbaIwCgYIKoZIzj0EAwIwXjEL - MAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5DMRMwEQYDVQQKDApOZXRGb3VuZHJ5MS0w - KwYDVQQDDCROZXRGb3VuZHJ5IFppdGkgRXh0ZXJuYWwgQVBJIFJvb3QgQ0EwHhcN - MTgxMTE1MTI1NzE3WhcNMTkxMTI1MTI1NzE3WjBrMQswCQYDVQQGEwJVUzELMAkG - A1UECAwCTkMxEjAQBgNVBAcMCUNoYXJsb3R0ZTETMBEGA1UECgwKTmV0Rm91bmRy - eTEPMA0GA1UECwwGQWR2RGV2MRUwEwYDVQQDDAxaaXRpQ2xpZW50MDEwdjAQBgcq - hkjOPQIBBgUrgQQAIgNiAATTl2ft+/K9RvDgki9gSr9udNcV2bxD4LrWEdCdXNzF - iVUiEcEte9z/M0JRt8lgo17OjFvS+ecrAmLtIZNmQnH3+9YeafjeNPpvQsMKxlTN - MnU7Hka11GHc6swQZSyHvlKjgcUwgcIwCQYDVR0TBAIwADARBglghkgBhvhCAQEE - BAMCBaAwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2VuZXJhdGVkIENsaWVudCBD - ZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUtx+Tej6lSYdjb8Jbc2QuvoEsI/swHwYDVR0j - BBgwFoAUcdTlRrnP43ZbQ3PGAbZMPE26+H4wDgYDVR0PAQH/BAQDAgXgMB0GA1Ud - JQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAKBggqhkjOPQQDAgNpADBmAjEAuXDS - H7KKMr+la+Yuh8d8Q9cLtXzdS0j6a8e7iOyPJmdWq2WuzNdbCfAfLgKXuxhSAjEA - sadZrXl1OBv11RGAKdYBIyRmfYUotCFAtCNKcfgBUxci0TDaKDA7r3jnjKT1d7Fs - -----END CERTIFICATE----- + $ref: '#/definitions/enrollmentCertsEnvelope' "404": description: The requested resource does not exist schema: @@ -2134,7 +2196,7 @@ paths: tags: - Enroll summary: Enroll an identity via one-time-token - operationId: ernollUpdb + operationId: enrollUpdb responses: "200": description: Base empty response @@ -2182,6 +2244,16 @@ paths: name: token in: query required: true + - name: updbCredentials + in: body + required: true + schema: + type: object + properties: + password: + $ref: '#/definitions/password' + username: + $ref: '#/definitions/username' /enumerated-capabilities: get: security: [] @@ -4271,7 +4343,7 @@ definitions: description: A PEM encoded set of CA certificates to trust type: string cert: - description: A PEM encoded cert for the server + description: A PEM encoded set of certificates to use as the client chain type: string serverCert: description: A PEM encoded set of certificates to use as the servers chain @@ -4490,6 +4562,87 @@ definitions: description: A PEM encoded client certificate previously returned after an extension request type: string + jwk: + type: object + required: + - kty + properties: + alg: + description: Algorithm intended for use with the key. + type: string + crv: + description: Curve for ECC Public Keys. + type: string + d: + description: ECC Private Key or RSA Private Exponent. + type: string + dp: + description: First Factor CRT Exponent for RSA. + type: string + dq: + description: Second Factor CRT Exponent for RSA. + type: string + e: + description: Exponent for RSA Public Key. + type: string + key_ops: + description: Intended key operations, e.g., sign, verify. + type: array + items: + type: string + kid: + description: Key ID. + type: string + kty: + description: Key Type. + type: string + "n": + description: Modulus for RSA Public Key. + type: string + oth: + description: Other Primes Info not represented by the first two primes. + type: array + items: + $ref: '#/definitions/otherPrime' + p: + description: First Prime Factor for RSA. + type: string + q: + description: Second Prime Factor for RSA. + type: string + qi: + description: First CRT Coefficient for RSA. + type: string + use: + description: Public key use, e.g., sig (signature) or enc (encryption). + type: string + x: + description: X Coordinate for ECC Public Keys. + type: string + x5c: + description: X.509 Certificate Chain. + type: array + items: + type: string + x5t: + description: X.509 Certificate SHA-1 Thumbprint. + type: string + x5t#S256: + description: X.509 Certificate SHA-256 Thumbprint. + type: string + x5u: + description: X.509 URL. + type: string + "y": + description: Y Coordinate for ECC Public Keys. + type: string + jwks: + type: object + properties: + keys: + type: array + items: + $ref: '#/definitions/jwk' link: description: A link to another resource type: object @@ -4683,6 +4836,31 @@ definitions: enum: - ziti - url + nonceChallenge: + type: object + required: + - nonce + - keyId + - algorithm + properties: + algorithm: + type: string + keyId: + type: string + nonce: + type: string + format: uuid + nonceSignature: + type: object + required: + - signature + properties: + algorithm: + type: string + kid: + type: string + signature: + type: string osType: type: string enum: @@ -4692,6 +4870,18 @@ definitions: - iOS - Linux - macOS + otherPrime: + type: object + properties: + d: + description: Factor CRT exponent. + type: string + r: + description: Prime factor. + type: string + t: + description: Factor CRT coefficient. + type: string pagination: type: object required: diff --git a/go.mod b/go.mod index f54cd7c1..83a99644 100644 --- a/go.mod +++ b/go.mod @@ -16,7 +16,7 @@ require ( github.com/jessevdk/go-flags v1.5.0 github.com/pkg/errors v0.9.1 github.com/sirupsen/logrus v1.9.3 - golang.org/x/net v0.24.0 + golang.org/x/net v0.25.0 ) require ( @@ -34,10 +34,10 @@ require ( github.com/oklog/ulid v1.3.1 // indirect github.com/opentracing/opentracing-go v1.2.0 // indirect go.mongodb.org/mongo-driver v1.15.0 // indirect - go.opentelemetry.io/otel v1.25.0 // indirect - go.opentelemetry.io/otel/metric v1.25.0 // indirect - go.opentelemetry.io/otel/trace v1.25.0 // indirect + go.opentelemetry.io/otel v1.26.0 // indirect + go.opentelemetry.io/otel/metric v1.26.0 // indirect + go.opentelemetry.io/otel/trace v1.26.0 // indirect golang.org/x/sync v0.7.0 // indirect - golang.org/x/sys v0.19.0 // indirect + golang.org/x/sys v0.20.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/go.sum b/go.sum index 50b67f3e..52e63029 100644 --- a/go.sum +++ b/go.sum @@ -67,22 +67,22 @@ github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsT github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= go.mongodb.org/mongo-driver v1.15.0 h1:rJCKC8eEliewXjZGf0ddURtl7tTVy1TK3bfl0gkUSLc= go.mongodb.org/mongo-driver v1.15.0/go.mod h1:Vzb0Mk/pa7e6cWw85R4F/endUC3u0U9jGcNU603k65c= -go.opentelemetry.io/otel v1.25.0 h1:gldB5FfhRl7OJQbUHt/8s0a7cE8fbsPAtdpRaApKy4k= -go.opentelemetry.io/otel v1.25.0/go.mod h1:Wa2ds5NOXEMkCmUou1WA7ZBfLTHWIsp034OVD7AO+Vg= -go.opentelemetry.io/otel/metric v1.25.0 h1:LUKbS7ArpFL/I2jJHdJcqMGxkRdxpPHE0VU/D4NuEwA= -go.opentelemetry.io/otel/metric v1.25.0/go.mod h1:rkDLUSd2lC5lq2dFNrX9LGAbINP5B7WBkC78RXCpH5s= +go.opentelemetry.io/otel v1.26.0 h1:LQwgL5s/1W7YiiRwxf03QGnWLb2HW4pLiAhaA5cZXBs= +go.opentelemetry.io/otel v1.26.0/go.mod h1:UmLkJHUAidDval2EICqBMbnAd0/m2vmpf/dAM+fvFs4= +go.opentelemetry.io/otel/metric v1.26.0 h1:7S39CLuY5Jgg9CrnA9HHiEjGMF/X2VHvoXGgSllRz30= +go.opentelemetry.io/otel/metric v1.26.0/go.mod h1:SY+rHOI4cEawI9a7N1A4nIg/nTQXe1ccCNWYOJUrpX4= go.opentelemetry.io/otel/sdk v1.24.0 h1:YMPPDNymmQN3ZgczicBY3B6sf9n62Dlj9pWD3ucgoDw= go.opentelemetry.io/otel/sdk v1.24.0/go.mod h1:KVrIYw6tEubO9E96HQpcmpTKDVn9gdv35HoYiQWGDFg= -go.opentelemetry.io/otel/trace v1.25.0 h1:tqukZGLwQYRIFtSQM2u2+yfMVTgGVeqRLPUYx1Dq6RM= -go.opentelemetry.io/otel/trace v1.25.0/go.mod h1:hCCs70XM/ljO+BeQkyFnbK28SBIJ/Emuha+ccrCRT7I= -golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= -golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= +go.opentelemetry.io/otel/trace v1.26.0 h1:1ieeAUb4y0TE26jUFrCIXKpTuVK7uJGN9/Z/2LP5sQA= +go.opentelemetry.io/otel/trace v1.26.0/go.mod h1:4iDxvGDQuUkHve82hJJ8UqrwswHYsZuWCBllGV2U2y0= +golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= +golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= -golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= +golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= diff --git a/rest_client_api_client/enroll/enroll_client.go b/rest_client_api_client/enroll/enroll_client.go index 2df60949..77fcdb3b 100644 --- a/rest_client_api_client/enroll/enroll_client.go +++ b/rest_client_api_client/enroll/enroll_client.go @@ -64,10 +64,14 @@ type ClientService interface { EnrollOttCa(params *EnrollOttCaParams, opts ...ClientOption) (*EnrollOttCaOK, error) - ErnollUpdb(params *ErnollUpdbParams, opts ...ClientOption) (*ErnollUpdbOK, error) + EnrollUpdb(params *EnrollUpdbParams, opts ...ClientOption) (*EnrollUpdbOK, error) + + EnrollmentChallenge(params *EnrollmentChallengeParams, opts ...ClientOption) (*EnrollmentChallengeOK, error) ExtendRouterEnrollment(params *ExtendRouterEnrollmentParams, opts ...ClientOption) (*ExtendRouterEnrollmentOK, error) + GetEnrollmentJwks(params *GetEnrollmentJwksParams, opts ...ClientOption) (*GetEnrollmentJwksOK, error) + SetTransport(transport runtime.ClientTransport) } @@ -214,8 +218,8 @@ func (a *Client) EnrollOtt(params *EnrollOttParams, opts ...ClientOption) (*Enro ID: "enrollOtt", Method: "POST", PathPattern: "/enroll/ott", - ProducesMediaTypes: []string{"application/x-x509-user-cert"}, - ConsumesMediaTypes: []string{"application/pkcs10"}, + ProducesMediaTypes: []string{"application/json"}, + ConsumesMediaTypes: []string{"application/json"}, Schemes: []string{"https"}, Params: params, Reader: &EnrollOttReader{formats: a.formats}, @@ -287,25 +291,25 @@ func (a *Client) EnrollOttCa(params *EnrollOttCaParams, opts ...ClientOption) (* } /* - ErnollUpdb enrolls an identity via one time token + EnrollUpdb enrolls an identity via one time token Enrolls an identity via a one-time-token to establish an initial username and password combination */ -func (a *Client) ErnollUpdb(params *ErnollUpdbParams, opts ...ClientOption) (*ErnollUpdbOK, error) { +func (a *Client) EnrollUpdb(params *EnrollUpdbParams, opts ...ClientOption) (*EnrollUpdbOK, error) { // TODO: Validate the params before sending if params == nil { - params = NewErnollUpdbParams() + params = NewEnrollUpdbParams() } op := &runtime.ClientOperation{ - ID: "ernollUpdb", + ID: "enrollUpdb", Method: "POST", PathPattern: "/enroll/updb", ProducesMediaTypes: []string{"application/json"}, ConsumesMediaTypes: []string{"application/json"}, Schemes: []string{"https"}, Params: params, - Reader: &ErnollUpdbReader{formats: a.formats}, + Reader: &EnrollUpdbReader{formats: a.formats}, Context: params.Context, Client: params.HTTPClient, } @@ -317,13 +321,56 @@ func (a *Client) ErnollUpdb(params *ErnollUpdbParams, opts ...ClientOption) (*Er if err != nil { return nil, err } - success, ok := result.(*ErnollUpdbOK) + success, ok := result.(*EnrollUpdbOK) if ok { return success, nil } // unexpected success response // safeguard: normally, absent a default response, unknown success responses return an error above: so this is a codegen issue - msg := fmt.Sprintf("unexpected success response for ernollUpdb: API contract not enforced by server. Client expected to get an error, but got: %T", result) + msg := fmt.Sprintf("unexpected success response for enrollUpdb: API contract not enforced by server. Client expected to get an error, but got: %T", result) + panic(msg) +} + +/* + EnrollmentChallenge allows verification of a controller or cluster of controllers as being the valid target for enrollment + + A caller may submit a nonce and a key id (kid) from the enrollment JWKS endpoint or enrollment JWT that will +be used to sign the nonce. The resulting signature may be validated with the associated public key in order +to verify a networks identity during enrollment. The nonce must be a valid formatted UUID. + +*/ +func (a *Client) EnrollmentChallenge(params *EnrollmentChallengeParams, opts ...ClientOption) (*EnrollmentChallengeOK, error) { + // TODO: Validate the params before sending + if params == nil { + params = NewEnrollmentChallengeParams() + } + op := &runtime.ClientOperation{ + ID: "enrollmentChallenge", + Method: "POST", + PathPattern: "/enroll/challenge", + ProducesMediaTypes: []string{"application/json"}, + ConsumesMediaTypes: []string{"application/json"}, + Schemes: []string{"https"}, + Params: params, + Reader: &EnrollmentChallengeReader{formats: a.formats}, + Context: params.Context, + Client: params.HTTPClient, + } + for _, opt := range opts { + opt(op) + } + + result, err := a.transport.Submit(op) + if err != nil { + return nil, err + } + success, ok := result.(*EnrollmentChallengeOK) + if ok { + return success, nil + } + // unexpected success response + // safeguard: normally, absent a default response, unknown success responses return an error above: so this is a codegen issue + msg := fmt.Sprintf("unexpected success response for enrollmentChallenge: API contract not enforced by server. Client expected to get an error, but got: %T", result) panic(msg) } @@ -376,6 +423,49 @@ func (a *Client) ExtendRouterEnrollment(params *ExtendRouterEnrollmentParams, op panic(msg) } +/* + GetEnrollmentJwks lists JSON web keys associated with enrollment + + Returns a list of JSON Web Keys (JWKS) that are used for enrollment signing. The keys listed here are used +to sign and co-sign enrollment JWTs. They can be verified through a challenge endpoint, using the public keys +from this endpoint to verify the target machine has possession of the related private key. + +*/ +func (a *Client) GetEnrollmentJwks(params *GetEnrollmentJwksParams, opts ...ClientOption) (*GetEnrollmentJwksOK, error) { + // TODO: Validate the params before sending + if params == nil { + params = NewGetEnrollmentJwksParams() + } + op := &runtime.ClientOperation{ + ID: "getEnrollmentJwks", + Method: "GET", + PathPattern: "/enroll/jwks", + ProducesMediaTypes: []string{"application/json"}, + ConsumesMediaTypes: []string{"application/json"}, + Schemes: []string{"https"}, + Params: params, + Reader: &GetEnrollmentJwksReader{formats: a.formats}, + Context: params.Context, + Client: params.HTTPClient, + } + for _, opt := range opts { + opt(op) + } + + result, err := a.transport.Submit(op) + if err != nil { + return nil, err + } + success, ok := result.(*GetEnrollmentJwksOK) + if ok { + return success, nil + } + // unexpected success response + // safeguard: normally, absent a default response, unknown success responses return an error above: so this is a codegen issue + msg := fmt.Sprintf("unexpected success response for getEnrollmentJwks: API contract not enforced by server. Client expected to get an error, but got: %T", result) + panic(msg) +} + // SetTransport changes the transport on the client func (a *Client) SetTransport(transport runtime.ClientTransport) { a.transport = transport diff --git a/rest_client_api_client/enroll/enroll_ott_responses.go b/rest_client_api_client/enroll/enroll_ott_responses.go index fedef435..c5b7cf06 100644 --- a/rest_client_api_client/enroll/enroll_ott_responses.go +++ b/rest_client_api_client/enroll/enroll_ott_responses.go @@ -77,23 +77,25 @@ func NewEnrollOttOK() *EnrollOttOK { /* EnrollOttOK describes a response with status code 200, with default header values. -A PEM encoded certificate signed by the internal Ziti CA +A response containing and identities client certificate chains */ type EnrollOttOK struct { - Payload string + Payload *rest_model.EnrollmentCertsEnvelope } func (o *EnrollOttOK) Error() string { return fmt.Sprintf("[POST /enroll/ott][%d] enrollOttOK %+v", 200, o.Payload) } -func (o *EnrollOttOK) GetPayload() string { +func (o *EnrollOttOK) GetPayload() *rest_model.EnrollmentCertsEnvelope { return o.Payload } func (o *EnrollOttOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error { + o.Payload = new(rest_model.EnrollmentCertsEnvelope) + // response payload - if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF { + if err := consumer.Consume(response.Body(), o.Payload); err != nil && err != io.EOF { return err } diff --git a/rest_client_api_client/enroll/enroll_responses.go b/rest_client_api_client/enroll/enroll_responses.go index 5cc64b19..9ad7d1b6 100644 --- a/rest_client_api_client/enroll/enroll_responses.go +++ b/rest_client_api_client/enroll/enroll_responses.go @@ -77,25 +77,23 @@ func NewEnrollOK() *EnrollOK { /* EnrollOK describes a response with status code 200, with default header values. -Base empty response +A response for multi-format legacy enrollment. */ type EnrollOK struct { - Payload *rest_model.Empty + Payload string } func (o *EnrollOK) Error() string { return fmt.Sprintf("[POST /enroll][%d] enrollOK %+v", 200, o.Payload) } -func (o *EnrollOK) GetPayload() *rest_model.Empty { +func (o *EnrollOK) GetPayload() string { return o.Payload } func (o *EnrollOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error { - o.Payload = new(rest_model.Empty) - // response payload - if err := consumer.Consume(response.Body(), o.Payload); err != nil && err != io.EOF { + if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF { return err } diff --git a/rest_client_api_client/enroll/ernoll_updb_parameters.go b/rest_client_api_client/enroll/enroll_updb_parameters.go similarity index 54% rename from rest_client_api_client/enroll/ernoll_updb_parameters.go rename to rest_client_api_client/enroll/enroll_updb_parameters.go index b54536ad..29555254 100644 --- a/rest_client_api_client/enroll/ernoll_updb_parameters.go +++ b/rest_client_api_client/enroll/enroll_updb_parameters.go @@ -40,120 +40,134 @@ import ( "github.com/go-openapi/strfmt" ) -// NewErnollUpdbParams creates a new ErnollUpdbParams object, +// NewEnrollUpdbParams creates a new EnrollUpdbParams object, // with the default timeout for this client. // // Default values are not hydrated, since defaults are normally applied by the API server side. // // To enforce default values in parameter, use SetDefaults or WithDefaults. -func NewErnollUpdbParams() *ErnollUpdbParams { - return &ErnollUpdbParams{ +func NewEnrollUpdbParams() *EnrollUpdbParams { + return &EnrollUpdbParams{ timeout: cr.DefaultTimeout, } } -// NewErnollUpdbParamsWithTimeout creates a new ErnollUpdbParams object +// NewEnrollUpdbParamsWithTimeout creates a new EnrollUpdbParams object // with the ability to set a timeout on a request. -func NewErnollUpdbParamsWithTimeout(timeout time.Duration) *ErnollUpdbParams { - return &ErnollUpdbParams{ +func NewEnrollUpdbParamsWithTimeout(timeout time.Duration) *EnrollUpdbParams { + return &EnrollUpdbParams{ timeout: timeout, } } -// NewErnollUpdbParamsWithContext creates a new ErnollUpdbParams object +// NewEnrollUpdbParamsWithContext creates a new EnrollUpdbParams object // with the ability to set a context for a request. -func NewErnollUpdbParamsWithContext(ctx context.Context) *ErnollUpdbParams { - return &ErnollUpdbParams{ +func NewEnrollUpdbParamsWithContext(ctx context.Context) *EnrollUpdbParams { + return &EnrollUpdbParams{ Context: ctx, } } -// NewErnollUpdbParamsWithHTTPClient creates a new ErnollUpdbParams object +// NewEnrollUpdbParamsWithHTTPClient creates a new EnrollUpdbParams object // with the ability to set a custom HTTPClient for a request. -func NewErnollUpdbParamsWithHTTPClient(client *http.Client) *ErnollUpdbParams { - return &ErnollUpdbParams{ +func NewEnrollUpdbParamsWithHTTPClient(client *http.Client) *EnrollUpdbParams { + return &EnrollUpdbParams{ HTTPClient: client, } } -/* ErnollUpdbParams contains all the parameters to send to the API endpoint - for the ernoll updb operation. +/* EnrollUpdbParams contains all the parameters to send to the API endpoint + for the enroll updb operation. Typically these are written to a http.Request. */ -type ErnollUpdbParams struct { +type EnrollUpdbParams struct { // Token. // // Format: uuid Token strfmt.UUID + // UpdbCredentials. + UpdbCredentials EnrollUpdbBody + timeout time.Duration Context context.Context HTTPClient *http.Client } -// WithDefaults hydrates default values in the ernoll updb params (not the query body). +// WithDefaults hydrates default values in the enroll updb params (not the query body). // // All values with no default are reset to their zero value. -func (o *ErnollUpdbParams) WithDefaults() *ErnollUpdbParams { +func (o *EnrollUpdbParams) WithDefaults() *EnrollUpdbParams { o.SetDefaults() return o } -// SetDefaults hydrates default values in the ernoll updb params (not the query body). +// SetDefaults hydrates default values in the enroll updb params (not the query body). // // All values with no default are reset to their zero value. -func (o *ErnollUpdbParams) SetDefaults() { +func (o *EnrollUpdbParams) SetDefaults() { // no default values defined for this parameter } -// WithTimeout adds the timeout to the ernoll updb params -func (o *ErnollUpdbParams) WithTimeout(timeout time.Duration) *ErnollUpdbParams { +// WithTimeout adds the timeout to the enroll updb params +func (o *EnrollUpdbParams) WithTimeout(timeout time.Duration) *EnrollUpdbParams { o.SetTimeout(timeout) return o } -// SetTimeout adds the timeout to the ernoll updb params -func (o *ErnollUpdbParams) SetTimeout(timeout time.Duration) { +// SetTimeout adds the timeout to the enroll updb params +func (o *EnrollUpdbParams) SetTimeout(timeout time.Duration) { o.timeout = timeout } -// WithContext adds the context to the ernoll updb params -func (o *ErnollUpdbParams) WithContext(ctx context.Context) *ErnollUpdbParams { +// WithContext adds the context to the enroll updb params +func (o *EnrollUpdbParams) WithContext(ctx context.Context) *EnrollUpdbParams { o.SetContext(ctx) return o } -// SetContext adds the context to the ernoll updb params -func (o *ErnollUpdbParams) SetContext(ctx context.Context) { +// SetContext adds the context to the enroll updb params +func (o *EnrollUpdbParams) SetContext(ctx context.Context) { o.Context = ctx } -// WithHTTPClient adds the HTTPClient to the ernoll updb params -func (o *ErnollUpdbParams) WithHTTPClient(client *http.Client) *ErnollUpdbParams { +// WithHTTPClient adds the HTTPClient to the enroll updb params +func (o *EnrollUpdbParams) WithHTTPClient(client *http.Client) *EnrollUpdbParams { o.SetHTTPClient(client) return o } -// SetHTTPClient adds the HTTPClient to the ernoll updb params -func (o *ErnollUpdbParams) SetHTTPClient(client *http.Client) { +// SetHTTPClient adds the HTTPClient to the enroll updb params +func (o *EnrollUpdbParams) SetHTTPClient(client *http.Client) { o.HTTPClient = client } -// WithToken adds the token to the ernoll updb params -func (o *ErnollUpdbParams) WithToken(token strfmt.UUID) *ErnollUpdbParams { +// WithToken adds the token to the enroll updb params +func (o *EnrollUpdbParams) WithToken(token strfmt.UUID) *EnrollUpdbParams { o.SetToken(token) return o } -// SetToken adds the token to the ernoll updb params -func (o *ErnollUpdbParams) SetToken(token strfmt.UUID) { +// SetToken adds the token to the enroll updb params +func (o *EnrollUpdbParams) SetToken(token strfmt.UUID) { o.Token = token } +// WithUpdbCredentials adds the updbCredentials to the enroll updb params +func (o *EnrollUpdbParams) WithUpdbCredentials(updbCredentials EnrollUpdbBody) *EnrollUpdbParams { + o.SetUpdbCredentials(updbCredentials) + return o +} + +// SetUpdbCredentials adds the updbCredentials to the enroll updb params +func (o *EnrollUpdbParams) SetUpdbCredentials(updbCredentials EnrollUpdbBody) { + o.UpdbCredentials = updbCredentials +} + // WriteToRequest writes these params to a swagger request -func (o *ErnollUpdbParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error { +func (o *EnrollUpdbParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error { if err := r.SetTimeout(o.timeout); err != nil { return err @@ -169,6 +183,9 @@ func (o *ErnollUpdbParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Re return err } } + if err := r.SetBodyParam(o.UpdbCredentials); err != nil { + return err + } if len(res) > 0 { return errors.CompositeValidationError(res...) diff --git a/rest_client_api_client/enroll/enroll_updb_responses.go b/rest_client_api_client/enroll/enroll_updb_responses.go new file mode 100644 index 00000000..583c148b --- /dev/null +++ b/rest_client_api_client/enroll/enroll_updb_responses.go @@ -0,0 +1,298 @@ +// Code generated by go-swagger; DO NOT EDIT. + +// +// Copyright NetFoundry Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// __ __ _ +// \ \ / / (_) +// \ \ /\ / /_ _ _ __ _ __ _ _ __ __ _ +// \ \/ \/ / _` | '__| '_ \| | '_ \ / _` | +// \ /\ / (_| | | | | | | | | | | (_| | : This file is generated, do not edit it. +// \/ \/ \__,_|_| |_| |_|_|_| |_|\__, | +// __/ | +// |___/ + +package enroll + +// This file was generated by the swagger tool. +// Editing this file might prove futile when you re-run the swagger generate command + +import ( + "context" + "fmt" + "io" + + "github.com/go-openapi/errors" + "github.com/go-openapi/runtime" + "github.com/go-openapi/strfmt" + "github.com/go-openapi/swag" + + "github.com/openziti/edge-api/rest_model" +) + +// EnrollUpdbReader is a Reader for the EnrollUpdb structure. +type EnrollUpdbReader struct { + formats strfmt.Registry +} + +// ReadResponse reads a server response into the received o. +func (o *EnrollUpdbReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) { + switch response.Code() { + case 200: + result := NewEnrollUpdbOK() + if err := result.readResponse(response, consumer, o.formats); err != nil { + return nil, err + } + return result, nil + case 404: + result := NewEnrollUpdbNotFound() + if err := result.readResponse(response, consumer, o.formats); err != nil { + return nil, err + } + return nil, result + case 429: + result := NewEnrollUpdbTooManyRequests() + if err := result.readResponse(response, consumer, o.formats); err != nil { + return nil, err + } + return nil, result + default: + return nil, runtime.NewAPIError("response status code does not match any response statuses defined for this endpoint in the swagger spec", response, response.Code()) + } +} + +// NewEnrollUpdbOK creates a EnrollUpdbOK with default headers values +func NewEnrollUpdbOK() *EnrollUpdbOK { + return &EnrollUpdbOK{} +} + +/* EnrollUpdbOK describes a response with status code 200, with default header values. + +Base empty response +*/ +type EnrollUpdbOK struct { + Payload *rest_model.Empty +} + +func (o *EnrollUpdbOK) Error() string { + return fmt.Sprintf("[POST /enroll/updb][%d] enrollUpdbOK %+v", 200, o.Payload) +} +func (o *EnrollUpdbOK) GetPayload() *rest_model.Empty { + return o.Payload +} + +func (o *EnrollUpdbOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error { + + o.Payload = new(rest_model.Empty) + + // response payload + if err := consumer.Consume(response.Body(), o.Payload); err != nil && err != io.EOF { + return err + } + + return nil +} + +// NewEnrollUpdbNotFound creates a EnrollUpdbNotFound with default headers values +func NewEnrollUpdbNotFound() *EnrollUpdbNotFound { + return &EnrollUpdbNotFound{} +} + +/* EnrollUpdbNotFound describes a response with status code 404, with default header values. + +The requested resource does not exist +*/ +type EnrollUpdbNotFound struct { + Payload *rest_model.APIErrorEnvelope +} + +func (o *EnrollUpdbNotFound) Error() string { + return fmt.Sprintf("[POST /enroll/updb][%d] enrollUpdbNotFound %+v", 404, o.Payload) +} +func (o *EnrollUpdbNotFound) GetPayload() *rest_model.APIErrorEnvelope { + return o.Payload +} + +func (o *EnrollUpdbNotFound) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error { + + o.Payload = new(rest_model.APIErrorEnvelope) + + // response payload + if err := consumer.Consume(response.Body(), o.Payload); err != nil && err != io.EOF { + return err + } + + return nil +} + +// NewEnrollUpdbTooManyRequests creates a EnrollUpdbTooManyRequests with default headers values +func NewEnrollUpdbTooManyRequests() *EnrollUpdbTooManyRequests { + return &EnrollUpdbTooManyRequests{} +} + +/* EnrollUpdbTooManyRequests describes a response with status code 429, with default header values. + +The resource requested is rate limited and the rate limit has been exceeded +*/ +type EnrollUpdbTooManyRequests struct { + Payload *rest_model.APIErrorEnvelope +} + +func (o *EnrollUpdbTooManyRequests) Error() string { + return fmt.Sprintf("[POST /enroll/updb][%d] enrollUpdbTooManyRequests %+v", 429, o.Payload) +} +func (o *EnrollUpdbTooManyRequests) GetPayload() *rest_model.APIErrorEnvelope { + return o.Payload +} + +func (o *EnrollUpdbTooManyRequests) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error { + + o.Payload = new(rest_model.APIErrorEnvelope) + + // response payload + if err := consumer.Consume(response.Body(), o.Payload); err != nil && err != io.EOF { + return err + } + + return nil +} + +/*EnrollUpdbBody enroll updb body +swagger:model EnrollUpdbBody +*/ +type EnrollUpdbBody struct { + + // password + Password rest_model.Password `json:"password,omitempty"` + + // username + Username rest_model.Username `json:"username,omitempty"` +} + +// Validate validates this enroll updb body +func (o *EnrollUpdbBody) Validate(formats strfmt.Registry) error { + var res []error + + if err := o.validatePassword(formats); err != nil { + res = append(res, err) + } + + if err := o.validateUsername(formats); err != nil { + res = append(res, err) + } + + if len(res) > 0 { + return errors.CompositeValidationError(res...) + } + return nil +} + +func (o *EnrollUpdbBody) validatePassword(formats strfmt.Registry) error { + if swag.IsZero(o.Password) { // not required + return nil + } + + if err := o.Password.Validate(formats); err != nil { + if ve, ok := err.(*errors.Validation); ok { + return ve.ValidateName("updbCredentials" + "." + "password") + } else if ce, ok := err.(*errors.CompositeError); ok { + return ce.ValidateName("updbCredentials" + "." + "password") + } + return err + } + + return nil +} + +func (o *EnrollUpdbBody) validateUsername(formats strfmt.Registry) error { + if swag.IsZero(o.Username) { // not required + return nil + } + + if err := o.Username.Validate(formats); err != nil { + if ve, ok := err.(*errors.Validation); ok { + return ve.ValidateName("updbCredentials" + "." + "username") + } else if ce, ok := err.(*errors.CompositeError); ok { + return ce.ValidateName("updbCredentials" + "." + "username") + } + return err + } + + return nil +} + +// ContextValidate validate this enroll updb body based on the context it is used +func (o *EnrollUpdbBody) ContextValidate(ctx context.Context, formats strfmt.Registry) error { + var res []error + + if err := o.contextValidatePassword(ctx, formats); err != nil { + res = append(res, err) + } + + if err := o.contextValidateUsername(ctx, formats); err != nil { + res = append(res, err) + } + + if len(res) > 0 { + return errors.CompositeValidationError(res...) + } + return nil +} + +func (o *EnrollUpdbBody) contextValidatePassword(ctx context.Context, formats strfmt.Registry) error { + + if err := o.Password.ContextValidate(ctx, formats); err != nil { + if ve, ok := err.(*errors.Validation); ok { + return ve.ValidateName("updbCredentials" + "." + "password") + } else if ce, ok := err.(*errors.CompositeError); ok { + return ce.ValidateName("updbCredentials" + "." + "password") + } + return err + } + + return nil +} + +func (o *EnrollUpdbBody) contextValidateUsername(ctx context.Context, formats strfmt.Registry) error { + + if err := o.Username.ContextValidate(ctx, formats); err != nil { + if ve, ok := err.(*errors.Validation); ok { + return ve.ValidateName("updbCredentials" + "." + "username") + } else if ce, ok := err.(*errors.CompositeError); ok { + return ce.ValidateName("updbCredentials" + "." + "username") + } + return err + } + + return nil +} + +// MarshalBinary interface implementation +func (o *EnrollUpdbBody) MarshalBinary() ([]byte, error) { + if o == nil { + return nil, nil + } + return swag.WriteJSON(o) +} + +// UnmarshalBinary interface implementation +func (o *EnrollUpdbBody) UnmarshalBinary(b []byte) error { + var res EnrollUpdbBody + if err := swag.ReadJSON(b, &res); err != nil { + return err + } + *o = res + return nil +} diff --git a/rest_client_api_client/enroll/enrollment_challenge_parameters.go b/rest_client_api_client/enroll/enrollment_challenge_parameters.go new file mode 100644 index 00000000..749dab74 --- /dev/null +++ b/rest_client_api_client/enroll/enrollment_challenge_parameters.go @@ -0,0 +1,172 @@ +// Code generated by go-swagger; DO NOT EDIT. + +// +// Copyright NetFoundry Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// __ __ _ +// \ \ / / (_) +// \ \ /\ / /_ _ _ __ _ __ _ _ __ __ _ +// \ \/ \/ / _` | '__| '_ \| | '_ \ / _` | +// \ /\ / (_| | | | | | | | | | | (_| | : This file is generated, do not edit it. +// \/ \/ \__,_|_| |_| |_|_|_| |_|\__, | +// __/ | +// |___/ + +package enroll + +// This file was generated by the swagger tool. +// Editing this file might prove futile when you re-run the swagger generate command + +import ( + "context" + "net/http" + "time" + + "github.com/go-openapi/errors" + "github.com/go-openapi/runtime" + cr "github.com/go-openapi/runtime/client" + "github.com/go-openapi/strfmt" + + "github.com/openziti/edge-api/rest_model" +) + +// NewEnrollmentChallengeParams creates a new EnrollmentChallengeParams object, +// with the default timeout for this client. +// +// Default values are not hydrated, since defaults are normally applied by the API server side. +// +// To enforce default values in parameter, use SetDefaults or WithDefaults. +func NewEnrollmentChallengeParams() *EnrollmentChallengeParams { + return &EnrollmentChallengeParams{ + timeout: cr.DefaultTimeout, + } +} + +// NewEnrollmentChallengeParamsWithTimeout creates a new EnrollmentChallengeParams object +// with the ability to set a timeout on a request. +func NewEnrollmentChallengeParamsWithTimeout(timeout time.Duration) *EnrollmentChallengeParams { + return &EnrollmentChallengeParams{ + timeout: timeout, + } +} + +// NewEnrollmentChallengeParamsWithContext creates a new EnrollmentChallengeParams object +// with the ability to set a context for a request. +func NewEnrollmentChallengeParamsWithContext(ctx context.Context) *EnrollmentChallengeParams { + return &EnrollmentChallengeParams{ + Context: ctx, + } +} + +// NewEnrollmentChallengeParamsWithHTTPClient creates a new EnrollmentChallengeParams object +// with the ability to set a custom HTTPClient for a request. +func NewEnrollmentChallengeParamsWithHTTPClient(client *http.Client) *EnrollmentChallengeParams { + return &EnrollmentChallengeParams{ + HTTPClient: client, + } +} + +/* EnrollmentChallengeParams contains all the parameters to send to the API endpoint + for the enrollment challenge operation. + + Typically these are written to a http.Request. +*/ +type EnrollmentChallengeParams struct { + + // Nonce. + Nonce *rest_model.NonceChallenge + + timeout time.Duration + Context context.Context + HTTPClient *http.Client +} + +// WithDefaults hydrates default values in the enrollment challenge params (not the query body). +// +// All values with no default are reset to their zero value. +func (o *EnrollmentChallengeParams) WithDefaults() *EnrollmentChallengeParams { + o.SetDefaults() + return o +} + +// SetDefaults hydrates default values in the enrollment challenge params (not the query body). +// +// All values with no default are reset to their zero value. +func (o *EnrollmentChallengeParams) SetDefaults() { + // no default values defined for this parameter +} + +// WithTimeout adds the timeout to the enrollment challenge params +func (o *EnrollmentChallengeParams) WithTimeout(timeout time.Duration) *EnrollmentChallengeParams { + o.SetTimeout(timeout) + return o +} + +// SetTimeout adds the timeout to the enrollment challenge params +func (o *EnrollmentChallengeParams) SetTimeout(timeout time.Duration) { + o.timeout = timeout +} + +// WithContext adds the context to the enrollment challenge params +func (o *EnrollmentChallengeParams) WithContext(ctx context.Context) *EnrollmentChallengeParams { + o.SetContext(ctx) + return o +} + +// SetContext adds the context to the enrollment challenge params +func (o *EnrollmentChallengeParams) SetContext(ctx context.Context) { + o.Context = ctx +} + +// WithHTTPClient adds the HTTPClient to the enrollment challenge params +func (o *EnrollmentChallengeParams) WithHTTPClient(client *http.Client) *EnrollmentChallengeParams { + o.SetHTTPClient(client) + return o +} + +// SetHTTPClient adds the HTTPClient to the enrollment challenge params +func (o *EnrollmentChallengeParams) SetHTTPClient(client *http.Client) { + o.HTTPClient = client +} + +// WithNonce adds the nonce to the enrollment challenge params +func (o *EnrollmentChallengeParams) WithNonce(nonce *rest_model.NonceChallenge) *EnrollmentChallengeParams { + o.SetNonce(nonce) + return o +} + +// SetNonce adds the nonce to the enrollment challenge params +func (o *EnrollmentChallengeParams) SetNonce(nonce *rest_model.NonceChallenge) { + o.Nonce = nonce +} + +// WriteToRequest writes these params to a swagger request +func (o *EnrollmentChallengeParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error { + + if err := r.SetTimeout(o.timeout); err != nil { + return err + } + var res []error + if o.Nonce != nil { + if err := r.SetBodyParam(o.Nonce); err != nil { + return err + } + } + + if len(res) > 0 { + return errors.CompositeValidationError(res...) + } + return nil +} diff --git a/rest_client_api_client/enroll/enrollment_challenge_responses.go b/rest_client_api_client/enroll/enrollment_challenge_responses.go new file mode 100644 index 00000000..59066d92 --- /dev/null +++ b/rest_client_api_client/enroll/enrollment_challenge_responses.go @@ -0,0 +1,167 @@ +// Code generated by go-swagger; DO NOT EDIT. + +// +// Copyright NetFoundry Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// __ __ _ +// \ \ / / (_) +// \ \ /\ / /_ _ _ __ _ __ _ _ __ __ _ +// \ \/ \/ / _` | '__| '_ \| | '_ \ / _` | +// \ /\ / (_| | | | | | | | | | | (_| | : This file is generated, do not edit it. +// \/ \/ \__,_|_| |_| |_|_|_| |_|\__, | +// __/ | +// |___/ + +package enroll + +// This file was generated by the swagger tool. +// Editing this file might prove futile when you re-run the swagger generate command + +import ( + "fmt" + "io" + + "github.com/go-openapi/runtime" + "github.com/go-openapi/strfmt" + + "github.com/openziti/edge-api/rest_model" +) + +// EnrollmentChallengeReader is a Reader for the EnrollmentChallenge structure. +type EnrollmentChallengeReader struct { + formats strfmt.Registry +} + +// ReadResponse reads a server response into the received o. +func (o *EnrollmentChallengeReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) { + switch response.Code() { + case 200: + result := NewEnrollmentChallengeOK() + if err := result.readResponse(response, consumer, o.formats); err != nil { + return nil, err + } + return result, nil + case 400: + result := NewEnrollmentChallengeBadRequest() + if err := result.readResponse(response, consumer, o.formats); err != nil { + return nil, err + } + return nil, result + case 429: + result := NewEnrollmentChallengeTooManyRequests() + if err := result.readResponse(response, consumer, o.formats); err != nil { + return nil, err + } + return nil, result + default: + return nil, runtime.NewAPIError("response status code does not match any response statuses defined for this endpoint in the swagger spec", response, response.Code()) + } +} + +// NewEnrollmentChallengeOK creates a EnrollmentChallengeOK with default headers values +func NewEnrollmentChallengeOK() *EnrollmentChallengeOK { + return &EnrollmentChallengeOK{} +} + +/* EnrollmentChallengeOK describes a response with status code 200, with default header values. + +A nonce challenge response. The contents will be the signature of the nonce, the key id used, and algorithm used to produce the signature. +*/ +type EnrollmentChallengeOK struct { + Payload *rest_model.NonceSignature +} + +func (o *EnrollmentChallengeOK) Error() string { + return fmt.Sprintf("[POST /enroll/challenge][%d] enrollmentChallengeOK %+v", 200, o.Payload) +} +func (o *EnrollmentChallengeOK) GetPayload() *rest_model.NonceSignature { + return o.Payload +} + +func (o *EnrollmentChallengeOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error { + + o.Payload = new(rest_model.NonceSignature) + + // response payload + if err := consumer.Consume(response.Body(), o.Payload); err != nil && err != io.EOF { + return err + } + + return nil +} + +// NewEnrollmentChallengeBadRequest creates a EnrollmentChallengeBadRequest with default headers values +func NewEnrollmentChallengeBadRequest() *EnrollmentChallengeBadRequest { + return &EnrollmentChallengeBadRequest{} +} + +/* EnrollmentChallengeBadRequest describes a response with status code 400, with default header values. + +The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information +*/ +type EnrollmentChallengeBadRequest struct { + Payload *rest_model.APIErrorEnvelope +} + +func (o *EnrollmentChallengeBadRequest) Error() string { + return fmt.Sprintf("[POST /enroll/challenge][%d] enrollmentChallengeBadRequest %+v", 400, o.Payload) +} +func (o *EnrollmentChallengeBadRequest) GetPayload() *rest_model.APIErrorEnvelope { + return o.Payload +} + +func (o *EnrollmentChallengeBadRequest) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error { + + o.Payload = new(rest_model.APIErrorEnvelope) + + // response payload + if err := consumer.Consume(response.Body(), o.Payload); err != nil && err != io.EOF { + return err + } + + return nil +} + +// NewEnrollmentChallengeTooManyRequests creates a EnrollmentChallengeTooManyRequests with default headers values +func NewEnrollmentChallengeTooManyRequests() *EnrollmentChallengeTooManyRequests { + return &EnrollmentChallengeTooManyRequests{} +} + +/* EnrollmentChallengeTooManyRequests describes a response with status code 429, with default header values. + +The resource requested is rate limited and the rate limit has been exceeded +*/ +type EnrollmentChallengeTooManyRequests struct { + Payload *rest_model.APIErrorEnvelope +} + +func (o *EnrollmentChallengeTooManyRequests) Error() string { + return fmt.Sprintf("[POST /enroll/challenge][%d] enrollmentChallengeTooManyRequests %+v", 429, o.Payload) +} +func (o *EnrollmentChallengeTooManyRequests) GetPayload() *rest_model.APIErrorEnvelope { + return o.Payload +} + +func (o *EnrollmentChallengeTooManyRequests) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error { + + o.Payload = new(rest_model.APIErrorEnvelope) + + // response payload + if err := consumer.Consume(response.Body(), o.Payload); err != nil && err != io.EOF { + return err + } + + return nil +} diff --git a/rest_client_api_client/enroll/ernoll_updb_responses.go b/rest_client_api_client/enroll/ernoll_updb_responses.go deleted file mode 100644 index 049a25e6..00000000 --- a/rest_client_api_client/enroll/ernoll_updb_responses.go +++ /dev/null @@ -1,167 +0,0 @@ -// Code generated by go-swagger; DO NOT EDIT. - -// -// Copyright NetFoundry Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// https://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -// __ __ _ -// \ \ / / (_) -// \ \ /\ / /_ _ _ __ _ __ _ _ __ __ _ -// \ \/ \/ / _` | '__| '_ \| | '_ \ / _` | -// \ /\ / (_| | | | | | | | | | | (_| | : This file is generated, do not edit it. -// \/ \/ \__,_|_| |_| |_|_|_| |_|\__, | -// __/ | -// |___/ - -package enroll - -// This file was generated by the swagger tool. -// Editing this file might prove futile when you re-run the swagger generate command - -import ( - "fmt" - "io" - - "github.com/go-openapi/runtime" - "github.com/go-openapi/strfmt" - - "github.com/openziti/edge-api/rest_model" -) - -// ErnollUpdbReader is a Reader for the ErnollUpdb structure. -type ErnollUpdbReader struct { - formats strfmt.Registry -} - -// ReadResponse reads a server response into the received o. -func (o *ErnollUpdbReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) { - switch response.Code() { - case 200: - result := NewErnollUpdbOK() - if err := result.readResponse(response, consumer, o.formats); err != nil { - return nil, err - } - return result, nil - case 404: - result := NewErnollUpdbNotFound() - if err := result.readResponse(response, consumer, o.formats); err != nil { - return nil, err - } - return nil, result - case 429: - result := NewErnollUpdbTooManyRequests() - if err := result.readResponse(response, consumer, o.formats); err != nil { - return nil, err - } - return nil, result - default: - return nil, runtime.NewAPIError("response status code does not match any response statuses defined for this endpoint in the swagger spec", response, response.Code()) - } -} - -// NewErnollUpdbOK creates a ErnollUpdbOK with default headers values -func NewErnollUpdbOK() *ErnollUpdbOK { - return &ErnollUpdbOK{} -} - -/* ErnollUpdbOK describes a response with status code 200, with default header values. - -Base empty response -*/ -type ErnollUpdbOK struct { - Payload *rest_model.Empty -} - -func (o *ErnollUpdbOK) Error() string { - return fmt.Sprintf("[POST /enroll/updb][%d] ernollUpdbOK %+v", 200, o.Payload) -} -func (o *ErnollUpdbOK) GetPayload() *rest_model.Empty { - return o.Payload -} - -func (o *ErnollUpdbOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error { - - o.Payload = new(rest_model.Empty) - - // response payload - if err := consumer.Consume(response.Body(), o.Payload); err != nil && err != io.EOF { - return err - } - - return nil -} - -// NewErnollUpdbNotFound creates a ErnollUpdbNotFound with default headers values -func NewErnollUpdbNotFound() *ErnollUpdbNotFound { - return &ErnollUpdbNotFound{} -} - -/* ErnollUpdbNotFound describes a response with status code 404, with default header values. - -The requested resource does not exist -*/ -type ErnollUpdbNotFound struct { - Payload *rest_model.APIErrorEnvelope -} - -func (o *ErnollUpdbNotFound) Error() string { - return fmt.Sprintf("[POST /enroll/updb][%d] ernollUpdbNotFound %+v", 404, o.Payload) -} -func (o *ErnollUpdbNotFound) GetPayload() *rest_model.APIErrorEnvelope { - return o.Payload -} - -func (o *ErnollUpdbNotFound) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error { - - o.Payload = new(rest_model.APIErrorEnvelope) - - // response payload - if err := consumer.Consume(response.Body(), o.Payload); err != nil && err != io.EOF { - return err - } - - return nil -} - -// NewErnollUpdbTooManyRequests creates a ErnollUpdbTooManyRequests with default headers values -func NewErnollUpdbTooManyRequests() *ErnollUpdbTooManyRequests { - return &ErnollUpdbTooManyRequests{} -} - -/* ErnollUpdbTooManyRequests describes a response with status code 429, with default header values. - -The resource requested is rate limited and the rate limit has been exceeded -*/ -type ErnollUpdbTooManyRequests struct { - Payload *rest_model.APIErrorEnvelope -} - -func (o *ErnollUpdbTooManyRequests) Error() string { - return fmt.Sprintf("[POST /enroll/updb][%d] ernollUpdbTooManyRequests %+v", 429, o.Payload) -} -func (o *ErnollUpdbTooManyRequests) GetPayload() *rest_model.APIErrorEnvelope { - return o.Payload -} - -func (o *ErnollUpdbTooManyRequests) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error { - - o.Payload = new(rest_model.APIErrorEnvelope) - - // response payload - if err := consumer.Consume(response.Body(), o.Payload); err != nil && err != io.EOF { - return err - } - - return nil -} diff --git a/rest_client_api_client/enroll/extend_router_enrollment_responses.go b/rest_client_api_client/enroll/extend_router_enrollment_responses.go index 81b3b477..1a247e83 100644 --- a/rest_client_api_client/enroll/extend_router_enrollment_responses.go +++ b/rest_client_api_client/enroll/extend_router_enrollment_responses.go @@ -77,7 +77,7 @@ func NewExtendRouterEnrollmentOK() *ExtendRouterEnrollmentOK { /* ExtendRouterEnrollmentOK describes a response with status code 200, with default header values. -A response containg the edge routers new signed certificates (server chain, server cert, CAs). +A response containing the edge routers new signed certificates (server chain, server cert, CAs). */ type ExtendRouterEnrollmentOK struct { Payload *rest_model.EnrollmentCertsEnvelope diff --git a/rest_client_api_client/enroll/get_enrollment_jwks_parameters.go b/rest_client_api_client/enroll/get_enrollment_jwks_parameters.go new file mode 100644 index 00000000..2be09345 --- /dev/null +++ b/rest_client_api_client/enroll/get_enrollment_jwks_parameters.go @@ -0,0 +1,150 @@ +// Code generated by go-swagger; DO NOT EDIT. + +// +// Copyright NetFoundry Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// __ __ _ +// \ \ / / (_) +// \ \ /\ / /_ _ _ __ _ __ _ _ __ __ _ +// \ \/ \/ / _` | '__| '_ \| | '_ \ / _` | +// \ /\ / (_| | | | | | | | | | | (_| | : This file is generated, do not edit it. +// \/ \/ \__,_|_| |_| |_|_|_| |_|\__, | +// __/ | +// |___/ + +package enroll + +// This file was generated by the swagger tool. +// Editing this file might prove futile when you re-run the swagger generate command + +import ( + "context" + "net/http" + "time" + + "github.com/go-openapi/errors" + "github.com/go-openapi/runtime" + cr "github.com/go-openapi/runtime/client" + "github.com/go-openapi/strfmt" +) + +// NewGetEnrollmentJwksParams creates a new GetEnrollmentJwksParams object, +// with the default timeout for this client. +// +// Default values are not hydrated, since defaults are normally applied by the API server side. +// +// To enforce default values in parameter, use SetDefaults or WithDefaults. +func NewGetEnrollmentJwksParams() *GetEnrollmentJwksParams { + return &GetEnrollmentJwksParams{ + timeout: cr.DefaultTimeout, + } +} + +// NewGetEnrollmentJwksParamsWithTimeout creates a new GetEnrollmentJwksParams object +// with the ability to set a timeout on a request. +func NewGetEnrollmentJwksParamsWithTimeout(timeout time.Duration) *GetEnrollmentJwksParams { + return &GetEnrollmentJwksParams{ + timeout: timeout, + } +} + +// NewGetEnrollmentJwksParamsWithContext creates a new GetEnrollmentJwksParams object +// with the ability to set a context for a request. +func NewGetEnrollmentJwksParamsWithContext(ctx context.Context) *GetEnrollmentJwksParams { + return &GetEnrollmentJwksParams{ + Context: ctx, + } +} + +// NewGetEnrollmentJwksParamsWithHTTPClient creates a new GetEnrollmentJwksParams object +// with the ability to set a custom HTTPClient for a request. +func NewGetEnrollmentJwksParamsWithHTTPClient(client *http.Client) *GetEnrollmentJwksParams { + return &GetEnrollmentJwksParams{ + HTTPClient: client, + } +} + +/* GetEnrollmentJwksParams contains all the parameters to send to the API endpoint + for the get enrollment jwks operation. + + Typically these are written to a http.Request. +*/ +type GetEnrollmentJwksParams struct { + timeout time.Duration + Context context.Context + HTTPClient *http.Client +} + +// WithDefaults hydrates default values in the get enrollment jwks params (not the query body). +// +// All values with no default are reset to their zero value. +func (o *GetEnrollmentJwksParams) WithDefaults() *GetEnrollmentJwksParams { + o.SetDefaults() + return o +} + +// SetDefaults hydrates default values in the get enrollment jwks params (not the query body). +// +// All values with no default are reset to their zero value. +func (o *GetEnrollmentJwksParams) SetDefaults() { + // no default values defined for this parameter +} + +// WithTimeout adds the timeout to the get enrollment jwks params +func (o *GetEnrollmentJwksParams) WithTimeout(timeout time.Duration) *GetEnrollmentJwksParams { + o.SetTimeout(timeout) + return o +} + +// SetTimeout adds the timeout to the get enrollment jwks params +func (o *GetEnrollmentJwksParams) SetTimeout(timeout time.Duration) { + o.timeout = timeout +} + +// WithContext adds the context to the get enrollment jwks params +func (o *GetEnrollmentJwksParams) WithContext(ctx context.Context) *GetEnrollmentJwksParams { + o.SetContext(ctx) + return o +} + +// SetContext adds the context to the get enrollment jwks params +func (o *GetEnrollmentJwksParams) SetContext(ctx context.Context) { + o.Context = ctx +} + +// WithHTTPClient adds the HTTPClient to the get enrollment jwks params +func (o *GetEnrollmentJwksParams) WithHTTPClient(client *http.Client) *GetEnrollmentJwksParams { + o.SetHTTPClient(client) + return o +} + +// SetHTTPClient adds the HTTPClient to the get enrollment jwks params +func (o *GetEnrollmentJwksParams) SetHTTPClient(client *http.Client) { + o.HTTPClient = client +} + +// WriteToRequest writes these params to a swagger request +func (o *GetEnrollmentJwksParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error { + + if err := r.SetTimeout(o.timeout); err != nil { + return err + } + var res []error + + if len(res) > 0 { + return errors.CompositeValidationError(res...) + } + return nil +} diff --git a/rest_client_api_client/enroll/get_enrollment_jwks_responses.go b/rest_client_api_client/enroll/get_enrollment_jwks_responses.go new file mode 100644 index 00000000..fccebb69 --- /dev/null +++ b/rest_client_api_client/enroll/get_enrollment_jwks_responses.go @@ -0,0 +1,91 @@ +// Code generated by go-swagger; DO NOT EDIT. + +// +// Copyright NetFoundry Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// __ __ _ +// \ \ / / (_) +// \ \ /\ / /_ _ _ __ _ __ _ _ __ __ _ +// \ \/ \/ / _` | '__| '_ \| | '_ \ / _` | +// \ /\ / (_| | | | | | | | | | | (_| | : This file is generated, do not edit it. +// \/ \/ \__,_|_| |_| |_|_|_| |_|\__, | +// __/ | +// |___/ + +package enroll + +// This file was generated by the swagger tool. +// Editing this file might prove futile when you re-run the swagger generate command + +import ( + "fmt" + "io" + + "github.com/go-openapi/runtime" + "github.com/go-openapi/strfmt" + + "github.com/openziti/edge-api/rest_model" +) + +// GetEnrollmentJwksReader is a Reader for the GetEnrollmentJwks structure. +type GetEnrollmentJwksReader struct { + formats strfmt.Registry +} + +// ReadResponse reads a server response into the received o. +func (o *GetEnrollmentJwksReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) { + switch response.Code() { + case 200: + result := NewGetEnrollmentJwksOK() + if err := result.readResponse(response, consumer, o.formats); err != nil { + return nil, err + } + return result, nil + default: + return nil, runtime.NewAPIError("response status code does not match any response statuses defined for this endpoint in the swagger spec", response, response.Code()) + } +} + +// NewGetEnrollmentJwksOK creates a GetEnrollmentJwksOK with default headers values +func NewGetEnrollmentJwksOK() *GetEnrollmentJwksOK { + return &GetEnrollmentJwksOK{} +} + +/* GetEnrollmentJwksOK describes a response with status code 200, with default header values. + +A JWKS response for enrollment. +*/ +type GetEnrollmentJwksOK struct { + Payload *rest_model.Jwks +} + +func (o *GetEnrollmentJwksOK) Error() string { + return fmt.Sprintf("[GET /enroll/jwks][%d] getEnrollmentJwksOK %+v", 200, o.Payload) +} +func (o *GetEnrollmentJwksOK) GetPayload() *rest_model.Jwks { + return o.Payload +} + +func (o *GetEnrollmentJwksOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error { + + o.Payload = new(rest_model.Jwks) + + // response payload + if err := consumer.Consume(response.Body(), o.Payload); err != nil && err != io.EOF { + return err + } + + return nil +} diff --git a/rest_client_api_server/configure_ziti_edge_client.go b/rest_client_api_server/configure_ziti_edge_client.go index 6fd049b9..97a2f342 100644 --- a/rest_client_api_server/configure_ziti_edge_client.go +++ b/rest_client_api_server/configure_ziti_edge_client.go @@ -84,9 +84,6 @@ func configureAPI(api *operations.ZitiEdgeClientAPI) http.Handler { api.ApplicationXPemFileProducer = runtime.ProducerFunc(func(w io.Writer, data interface{}) error { return errors.NotImplemented("applicationXPemFile producer has not yet been implemented") }) - api.ApplicationXX509UserCertProducer = runtime.ProducerFunc(func(w io.Writer, data interface{}) error { - return errors.NotImplemented("applicationXX509UserCert producer has not yet been implemented") - }) api.BinProducer = runtime.ByteStreamProducer() api.JSONProducer = runtime.JSONProducer() api.TextYamlProducer = runtime.ProducerFunc(func(w io.Writer, data interface{}) error { @@ -246,9 +243,14 @@ func configureAPI(api *operations.ZitiEdgeClientAPI) http.Handler { return middleware.NotImplemented("operation enroll.EnrollOttCa has not yet been implemented") }) } - if api.EnrollErnollUpdbHandler == nil { - api.EnrollErnollUpdbHandler = enroll.ErnollUpdbHandlerFunc(func(params enroll.ErnollUpdbParams) middleware.Responder { - return middleware.NotImplemented("operation enroll.ErnollUpdb has not yet been implemented") + if api.EnrollEnrollUpdbHandler == nil { + api.EnrollEnrollUpdbHandler = enroll.EnrollUpdbHandlerFunc(func(params enroll.EnrollUpdbParams) middleware.Responder { + return middleware.NotImplemented("operation enroll.EnrollUpdb has not yet been implemented") + }) + } + if api.EnrollEnrollmentChallengeHandler == nil { + api.EnrollEnrollmentChallengeHandler = enroll.EnrollmentChallengeHandlerFunc(func(params enroll.EnrollmentChallengeParams) middleware.Responder { + return middleware.NotImplemented("operation enroll.EnrollmentChallenge has not yet been implemented") }) } if api.CurrentAPISessionExtendCurrentIdentityAuthenticatorHandler == nil { @@ -281,6 +283,11 @@ func configureAPI(api *operations.ZitiEdgeClientAPI) http.Handler { return middleware.NotImplemented("operation current_identity.GetCurrentIdentityEdgeRouters has not yet been implemented") }) } + if api.EnrollGetEnrollmentJwksHandler == nil { + api.EnrollGetEnrollmentJwksHandler = enroll.GetEnrollmentJwksHandlerFunc(func(params enroll.GetEnrollmentJwksParams) middleware.Responder { + return middleware.NotImplemented("operation enroll.GetEnrollmentJwks has not yet been implemented") + }) + } if api.ControllersListControllersHandler == nil { api.ControllersListControllersHandler = controllers.ListControllersHandlerFunc(func(params controllers.ListControllersParams, principal interface{}) middleware.Responder { return middleware.NotImplemented("operation controllers.ListControllers has not yet been implemented") diff --git a/rest_client_api_server/doc.go b/rest_client_api_server/doc.go index 989d180f..df74f754 100644 --- a/rest_client_api_server/doc.go +++ b/rest_client_api_server/doc.go @@ -43,7 +43,6 @@ // Produces: // - application/pkcs7-mime // - application/x-pem-file -// - application/x-x509-user-cert // - image/png // - application/json // - text/yaml diff --git a/rest_client_api_server/embedded_spec.go b/rest_client_api_server/embedded_spec.go index 74f4fea2..b6b58a46 100644 --- a/rest_client_api_server/embedded_spec.go +++ b/rest_client_api_server/embedded_spec.go @@ -2470,9 +2470,9 @@ func init() { "operationId": "enroll", "responses": { "200": { - "description": "Base empty response", + "description": "A response for multi-format legacy enrollment.", "schema": { - "$ref": "#/definitions/empty" + "type": "string" } }, "404": { @@ -2607,6 +2607,94 @@ func init() { } } }, + "/enroll/challenge": { + "post": { + "description": "A caller may submit a nonce and a key id (kid) from the enrollment JWKS endpoint or enrollment JWT that will\nbe used to sign the nonce. The resulting signature may be validated with the associated public key in order\nto verify a networks identity during enrollment. The nonce must be a valid formatted UUID.\n", + "tags": [ + "Enroll" + ], + "summary": "Allows verification of a controller or cluster of controllers as being the valid target for enrollment.", + "operationId": "enrollmentChallenge", + "parameters": [ + { + "name": "nonce", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/nonceChallenge" + } + } + ], + "responses": { + "200": { + "description": "A nonce challenge response. The contents will be the signature of the nonce, the key id used, and algorithm used to produce the signature.", + "schema": { + "$ref": "#/definitions/nonceSignature" + } + }, + "400": { + "description": "The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information", + "schema": { + "$ref": "#/definitions/apiErrorEnvelope" + }, + "examples": { + "application/json": { + "error": { + "args": { + "urlVars": {} + }, + "cause": { + "details": { + "context": "(root)", + "field": "(root)", + "property": "fooField3" + }, + "field": "(root)", + "message": "(root): fooField3 is required", + "type": "required", + "value": { + "fooField": "abc", + "fooField2": "def" + } + }, + "causeMessage": "schema validation failed", + "code": "COULD_NOT_VALIDATE", + "message": "The supplied request contains an invalid document", + "requestId": "ac6766d6-3a09-44b3-8d8a-1b541d97fdd9" + }, + "meta": { + "apiEnrollmentVersion": "0.0.1", + "apiVersion": "0.0.1" + } + } + } + }, + "429": { + "description": "The resource requested is rate limited and the rate limit has been exceeded", + "schema": { + "$ref": "#/definitions/apiErrorEnvelope" + }, + "examples": { + "application/json": { + "error": { + "args": { + "urlVars": {} + }, + "causeMessage": "you have hit a rate limit in the requested operation", + "code": "RATE_LIMITED", + "message": "The resource is rate limited and the rate limit has been exceeded. Please try again later", + "requestId": "270908d6-f2ef-4577-b973-67bec18ae376" + }, + "meta": { + "apiEnrollmentVersion": "0.0.1", + "apiVersion": "0.0.1" + } + } + } + } + } + } + }, "/enroll/erott": { "post": { "description": "Enrolls an edge-router via a one-time-token to establish a certificate based identity.\n", @@ -2678,7 +2766,7 @@ func init() { ], "responses": { "200": { - "description": "A response containg the edge routers new signed certificates (server chain, server cert, CAs).", + "description": "A response containing the edge routers new signed certificates (server chain, server cert, CAs).", "schema": { "$ref": "#/definitions/enrollmentCertsEnvelope" } @@ -2733,15 +2821,27 @@ func init() { } } }, + "/enroll/jwks": { + "get": { + "description": "Returns a list of JSON Web Keys (JWKS) that are used for enrollment signing. The keys listed here are used\nto sign and co-sign enrollment JWTs. They can be verified through a challenge endpoint, using the public keys\nfrom this endpoint to verify the target machine has possession of the related private key.\n", + "tags": [ + "Enroll" + ], + "summary": "List JSON Web Keys associated with enrollment", + "operationId": "getEnrollmentJwks", + "responses": { + "200": { + "description": "A JWKS response for enrollment.", + "schema": { + "$ref": "#/definitions/jwks" + } + } + } + } + }, "/enroll/ott": { "post": { "description": "Enroll an identity via a one-time-token which is supplied via a query string parameter. This enrollment method\nexpects a PEM encoded CSRs to be provided for fulfillment. It is up to the enrolling identity to manage the\nprivate key backing the CSR request.\n", - "consumes": [ - "application/pkcs10" - ], - "produces": [ - "application/x-x509-user-cert" - ], "tags": [ "Enroll" ], @@ -2749,12 +2849,9 @@ func init() { "operationId": "enrollOtt", "responses": { "200": { - "description": "A PEM encoded certificate signed by the internal Ziti CA", + "description": "A response containing and identities client certificate chains", "schema": { - "type": "string" - }, - "examples": { - "application/x-x509-user-cert": "-----BEGIN CERTIFICATE-----\nMIICzDCCAlGgAwIBAgIRAPkVg1jVKqnNGFpSB3lPbaIwCgYIKoZIzj0EAwIwXjEL\nMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5DMRMwEQYDVQQKDApOZXRGb3VuZHJ5MS0w\nKwYDVQQDDCROZXRGb3VuZHJ5IFppdGkgRXh0ZXJuYWwgQVBJIFJvb3QgQ0EwHhcN\nMTgxMTE1MTI1NzE3WhcNMTkxMTI1MTI1NzE3WjBrMQswCQYDVQQGEwJVUzELMAkG\nA1UECAwCTkMxEjAQBgNVBAcMCUNoYXJsb3R0ZTETMBEGA1UECgwKTmV0Rm91bmRy\neTEPMA0GA1UECwwGQWR2RGV2MRUwEwYDVQQDDAxaaXRpQ2xpZW50MDEwdjAQBgcq\nhkjOPQIBBgUrgQQAIgNiAATTl2ft+/K9RvDgki9gSr9udNcV2bxD4LrWEdCdXNzF\niVUiEcEte9z/M0JRt8lgo17OjFvS+ecrAmLtIZNmQnH3+9YeafjeNPpvQsMKxlTN\nMnU7Hka11GHc6swQZSyHvlKjgcUwgcIwCQYDVR0TBAIwADARBglghkgBhvhCAQEE\nBAMCBaAwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2VuZXJhdGVkIENsaWVudCBD\nZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUtx+Tej6lSYdjb8Jbc2QuvoEsI/swHwYDVR0j\nBBgwFoAUcdTlRrnP43ZbQ3PGAbZMPE26+H4wDgYDVR0PAQH/BAQDAgXgMB0GA1Ud\nJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAKBggqhkjOPQQDAgNpADBmAjEAuXDS\nH7KKMr+la+Yuh8d8Q9cLtXzdS0j6a8e7iOyPJmdWq2WuzNdbCfAfLgKXuxhSAjEA\nsadZrXl1OBv11RGAKdYBIyRmfYUotCFAtCNKcfgBUxci0TDaKDA7r3jnjKT1d7Fs\n-----END CERTIFICATE-----\n" + "$ref": "#/definitions/enrollmentCertsEnvelope" } }, "404": { @@ -2875,7 +2972,7 @@ func init() { "Enroll" ], "summary": "Enroll an identity via one-time-token", - "operationId": "ernollUpdb", + "operationId": "enrollUpdb", "responses": { "200": { "description": "Base empty response", @@ -2941,6 +3038,22 @@ func init() { "name": "token", "in": "query", "required": true + }, + { + "name": "updbCredentials", + "in": "body", + "required": true, + "schema": { + "type": "object", + "properties": { + "password": { + "$ref": "#/definitions/password" + }, + "username": { + "$ref": "#/definitions/username" + } + } + } } ] }, @@ -5923,7 +6036,7 @@ func init() { "type": "string" }, "cert": { - "description": "A PEM encoded cert for the server", + "description": "A PEM encoded set of certificates to use as the client chain", "type": "string" }, "serverCert": { @@ -6243,6 +6356,118 @@ func init() { } } }, + "jwk": { + "type": "object", + "required": [ + "kty" + ], + "properties": { + "alg": { + "description": "Algorithm intended for use with the key.", + "type": "string" + }, + "crv": { + "description": "Curve for ECC Public Keys.", + "type": "string" + }, + "d": { + "description": "ECC Private Key or RSA Private Exponent.", + "type": "string" + }, + "dp": { + "description": "First Factor CRT Exponent for RSA.", + "type": "string" + }, + "dq": { + "description": "Second Factor CRT Exponent for RSA.", + "type": "string" + }, + "e": { + "description": "Exponent for RSA Public Key.", + "type": "string" + }, + "key_ops": { + "description": "Intended key operations, e.g., sign, verify.", + "type": "array", + "items": { + "type": "string" + } + }, + "kid": { + "description": "Key ID.", + "type": "string" + }, + "kty": { + "description": "Key Type.", + "type": "string" + }, + "n": { + "description": "Modulus for RSA Public Key.", + "type": "string" + }, + "oth": { + "description": "Other Primes Info not represented by the first two primes.", + "type": "array", + "items": { + "$ref": "#/definitions/otherPrime" + } + }, + "p": { + "description": "First Prime Factor for RSA.", + "type": "string" + }, + "q": { + "description": "Second Prime Factor for RSA.", + "type": "string" + }, + "qi": { + "description": "First CRT Coefficient for RSA.", + "type": "string" + }, + "use": { + "description": "Public key use, e.g., sig (signature) or enc (encryption).", + "type": "string" + }, + "x": { + "description": "X Coordinate for ECC Public Keys.", + "type": "string" + }, + "x5c": { + "description": "X.509 Certificate Chain.", + "type": "array", + "items": { + "type": "string" + } + }, + "x5t": { + "description": "X.509 Certificate SHA-1 Thumbprint.", + "type": "string" + }, + "x5t#S256": { + "description": "X.509 Certificate SHA-256 Thumbprint.", + "type": "string" + }, + "x5u": { + "description": "X.509 URL.", + "type": "string" + }, + "y": { + "description": "Y Coordinate for ECC Public Keys.", + "type": "string" + } + } + }, + "jwks": { + "type": "object", + "properties": { + "keys": { + "type": "array", + "items": { + "$ref": "#/definitions/jwk" + } + } + } + }, "link": { "description": "A link to another resource", "type": "object", @@ -6531,6 +6756,43 @@ func init() { "url" ] }, + "nonceChallenge": { + "type": "object", + "required": [ + "nonce", + "keyId", + "algorithm" + ], + "properties": { + "algorithm": { + "type": "string" + }, + "keyId": { + "type": "string" + }, + "nonce": { + "type": "string", + "format": "uuid" + } + } + }, + "nonceSignature": { + "type": "object", + "required": [ + "signature" + ], + "properties": { + "algorithm": { + "type": "string" + }, + "kid": { + "type": "string" + }, + "signature": { + "type": "string" + } + } + }, "osType": { "type": "string", "enum": [ @@ -6542,6 +6804,23 @@ func init() { "macOS" ] }, + "otherPrime": { + "type": "object", + "properties": { + "d": { + "description": "Factor CRT exponent.", + "type": "string" + }, + "r": { + "description": "Prime factor.", + "type": "string" + }, + "t": { + "description": "Factor CRT coefficient.", + "type": "string" + } + } + }, "pagination": { "type": "object", "required": [ @@ -9759,9 +10038,9 @@ func init() { "operationId": "enroll", "responses": { "200": { - "description": "Base empty response", + "description": "A response for multi-format legacy enrollment.", "schema": { - "$ref": "#/definitions/empty" + "type": "string" } }, "404": { @@ -9896,6 +10175,94 @@ func init() { } } }, + "/enroll/challenge": { + "post": { + "description": "A caller may submit a nonce and a key id (kid) from the enrollment JWKS endpoint or enrollment JWT that will\nbe used to sign the nonce. The resulting signature may be validated with the associated public key in order\nto verify a networks identity during enrollment. The nonce must be a valid formatted UUID.\n", + "tags": [ + "Enroll" + ], + "summary": "Allows verification of a controller or cluster of controllers as being the valid target for enrollment.", + "operationId": "enrollmentChallenge", + "parameters": [ + { + "name": "nonce", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/nonceChallenge" + } + } + ], + "responses": { + "200": { + "description": "A nonce challenge response. The contents will be the signature of the nonce, the key id used, and algorithm used to produce the signature.", + "schema": { + "$ref": "#/definitions/nonceSignature" + } + }, + "400": { + "description": "The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information", + "schema": { + "$ref": "#/definitions/apiErrorEnvelope" + }, + "examples": { + "application/json": { + "error": { + "args": { + "urlVars": {} + }, + "cause": { + "details": { + "context": "(root)", + "field": "(root)", + "property": "fooField3" + }, + "field": "(root)", + "message": "(root): fooField3 is required", + "type": "required", + "value": { + "fooField": "abc", + "fooField2": "def" + } + }, + "causeMessage": "schema validation failed", + "code": "COULD_NOT_VALIDATE", + "message": "The supplied request contains an invalid document", + "requestId": "ac6766d6-3a09-44b3-8d8a-1b541d97fdd9" + }, + "meta": { + "apiEnrollmentVersion": "0.0.1", + "apiVersion": "0.0.1" + } + } + } + }, + "429": { + "description": "The resource requested is rate limited and the rate limit has been exceeded", + "schema": { + "$ref": "#/definitions/apiErrorEnvelope" + }, + "examples": { + "application/json": { + "error": { + "args": { + "urlVars": {} + }, + "causeMessage": "you have hit a rate limit in the requested operation", + "code": "RATE_LIMITED", + "message": "The resource is rate limited and the rate limit has been exceeded. Please try again later", + "requestId": "270908d6-f2ef-4577-b973-67bec18ae376" + }, + "meta": { + "apiEnrollmentVersion": "0.0.1", + "apiVersion": "0.0.1" + } + } + } + } + } + } + }, "/enroll/erott": { "post": { "description": "Enrolls an edge-router via a one-time-token to establish a certificate based identity.\n", @@ -9967,7 +10334,7 @@ func init() { ], "responses": { "200": { - "description": "A response containg the edge routers new signed certificates (server chain, server cert, CAs).", + "description": "A response containing the edge routers new signed certificates (server chain, server cert, CAs).", "schema": { "$ref": "#/definitions/enrollmentCertsEnvelope" } @@ -10022,15 +10389,27 @@ func init() { } } }, + "/enroll/jwks": { + "get": { + "description": "Returns a list of JSON Web Keys (JWKS) that are used for enrollment signing. The keys listed here are used\nto sign and co-sign enrollment JWTs. They can be verified through a challenge endpoint, using the public keys\nfrom this endpoint to verify the target machine has possession of the related private key.\n", + "tags": [ + "Enroll" + ], + "summary": "List JSON Web Keys associated with enrollment", + "operationId": "getEnrollmentJwks", + "responses": { + "200": { + "description": "A JWKS response for enrollment.", + "schema": { + "$ref": "#/definitions/jwks" + } + } + } + } + }, "/enroll/ott": { "post": { "description": "Enroll an identity via a one-time-token which is supplied via a query string parameter. This enrollment method\nexpects a PEM encoded CSRs to be provided for fulfillment. It is up to the enrolling identity to manage the\nprivate key backing the CSR request.\n", - "consumes": [ - "application/pkcs10" - ], - "produces": [ - "application/x-x509-user-cert" - ], "tags": [ "Enroll" ], @@ -10038,12 +10417,9 @@ func init() { "operationId": "enrollOtt", "responses": { "200": { - "description": "A PEM encoded certificate signed by the internal Ziti CA", + "description": "A response containing and identities client certificate chains", "schema": { - "type": "string" - }, - "examples": { - "application/x-x509-user-cert": "-----BEGIN CERTIFICATE-----\nMIICzDCCAlGgAwIBAgIRAPkVg1jVKqnNGFpSB3lPbaIwCgYIKoZIzj0EAwIwXjEL\nMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5DMRMwEQYDVQQKDApOZXRGb3VuZHJ5MS0w\nKwYDVQQDDCROZXRGb3VuZHJ5IFppdGkgRXh0ZXJuYWwgQVBJIFJvb3QgQ0EwHhcN\nMTgxMTE1MTI1NzE3WhcNMTkxMTI1MTI1NzE3WjBrMQswCQYDVQQGEwJVUzELMAkG\nA1UECAwCTkMxEjAQBgNVBAcMCUNoYXJsb3R0ZTETMBEGA1UECgwKTmV0Rm91bmRy\neTEPMA0GA1UECwwGQWR2RGV2MRUwEwYDVQQDDAxaaXRpQ2xpZW50MDEwdjAQBgcq\nhkjOPQIBBgUrgQQAIgNiAATTl2ft+/K9RvDgki9gSr9udNcV2bxD4LrWEdCdXNzF\niVUiEcEte9z/M0JRt8lgo17OjFvS+ecrAmLtIZNmQnH3+9YeafjeNPpvQsMKxlTN\nMnU7Hka11GHc6swQZSyHvlKjgcUwgcIwCQYDVR0TBAIwADARBglghkgBhvhCAQEE\nBAMCBaAwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2VuZXJhdGVkIENsaWVudCBD\nZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUtx+Tej6lSYdjb8Jbc2QuvoEsI/swHwYDVR0j\nBBgwFoAUcdTlRrnP43ZbQ3PGAbZMPE26+H4wDgYDVR0PAQH/BAQDAgXgMB0GA1Ud\nJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAKBggqhkjOPQQDAgNpADBmAjEAuXDS\nH7KKMr+la+Yuh8d8Q9cLtXzdS0j6a8e7iOyPJmdWq2WuzNdbCfAfLgKXuxhSAjEA\nsadZrXl1OBv11RGAKdYBIyRmfYUotCFAtCNKcfgBUxci0TDaKDA7r3jnjKT1d7Fs\n-----END CERTIFICATE-----\n" + "$ref": "#/definitions/enrollmentCertsEnvelope" } }, "404": { @@ -10164,7 +10540,7 @@ func init() { "Enroll" ], "summary": "Enroll an identity via one-time-token", - "operationId": "ernollUpdb", + "operationId": "enrollUpdb", "responses": { "200": { "description": "Base empty response", @@ -10230,6 +10606,22 @@ func init() { "name": "token", "in": "query", "required": true + }, + { + "name": "updbCredentials", + "in": "body", + "required": true, + "schema": { + "type": "object", + "properties": { + "password": { + "$ref": "#/definitions/password" + }, + "username": { + "$ref": "#/definitions/username" + } + } + } } ] }, @@ -13295,7 +13687,7 @@ func init() { "type": "string" }, "cert": { - "description": "A PEM encoded cert for the server", + "description": "A PEM encoded set of certificates to use as the client chain", "type": "string" }, "serverCert": { @@ -13615,6 +14007,118 @@ func init() { } } }, + "jwk": { + "type": "object", + "required": [ + "kty" + ], + "properties": { + "alg": { + "description": "Algorithm intended for use with the key.", + "type": "string" + }, + "crv": { + "description": "Curve for ECC Public Keys.", + "type": "string" + }, + "d": { + "description": "ECC Private Key or RSA Private Exponent.", + "type": "string" + }, + "dp": { + "description": "First Factor CRT Exponent for RSA.", + "type": "string" + }, + "dq": { + "description": "Second Factor CRT Exponent for RSA.", + "type": "string" + }, + "e": { + "description": "Exponent for RSA Public Key.", + "type": "string" + }, + "key_ops": { + "description": "Intended key operations, e.g., sign, verify.", + "type": "array", + "items": { + "type": "string" + } + }, + "kid": { + "description": "Key ID.", + "type": "string" + }, + "kty": { + "description": "Key Type.", + "type": "string" + }, + "n": { + "description": "Modulus for RSA Public Key.", + "type": "string" + }, + "oth": { + "description": "Other Primes Info not represented by the first two primes.", + "type": "array", + "items": { + "$ref": "#/definitions/otherPrime" + } + }, + "p": { + "description": "First Prime Factor for RSA.", + "type": "string" + }, + "q": { + "description": "Second Prime Factor for RSA.", + "type": "string" + }, + "qi": { + "description": "First CRT Coefficient for RSA.", + "type": "string" + }, + "use": { + "description": "Public key use, e.g., sig (signature) or enc (encryption).", + "type": "string" + }, + "x": { + "description": "X Coordinate for ECC Public Keys.", + "type": "string" + }, + "x5c": { + "description": "X.509 Certificate Chain.", + "type": "array", + "items": { + "type": "string" + } + }, + "x5t": { + "description": "X.509 Certificate SHA-1 Thumbprint.", + "type": "string" + }, + "x5t#S256": { + "description": "X.509 Certificate SHA-256 Thumbprint.", + "type": "string" + }, + "x5u": { + "description": "X.509 URL.", + "type": "string" + }, + "y": { + "description": "Y Coordinate for ECC Public Keys.", + "type": "string" + } + } + }, + "jwks": { + "type": "object", + "properties": { + "keys": { + "type": "array", + "items": { + "$ref": "#/definitions/jwk" + } + } + } + }, "link": { "description": "A link to another resource", "type": "object", @@ -13903,6 +14407,43 @@ func init() { "url" ] }, + "nonceChallenge": { + "type": "object", + "required": [ + "nonce", + "keyId", + "algorithm" + ], + "properties": { + "algorithm": { + "type": "string" + }, + "keyId": { + "type": "string" + }, + "nonce": { + "type": "string", + "format": "uuid" + } + } + }, + "nonceSignature": { + "type": "object", + "required": [ + "signature" + ], + "properties": { + "algorithm": { + "type": "string" + }, + "kid": { + "type": "string" + }, + "signature": { + "type": "string" + } + } + }, "osType": { "type": "string", "enum": [ @@ -13914,6 +14455,23 @@ func init() { "macOS" ] }, + "otherPrime": { + "type": "object", + "properties": { + "d": { + "description": "Factor CRT exponent.", + "type": "string" + }, + "r": { + "description": "Prime factor.", + "type": "string" + }, + "t": { + "description": "Factor CRT coefficient.", + "type": "string" + } + } + }, "pagination": { "type": "object", "required": [ diff --git a/rest_client_api_server/operations/enroll/enroll_ott_responses.go b/rest_client_api_server/operations/enroll/enroll_ott_responses.go index 7e859616..e4f27f80 100644 --- a/rest_client_api_server/operations/enroll/enroll_ott_responses.go +++ b/rest_client_api_server/operations/enroll/enroll_ott_responses.go @@ -40,7 +40,7 @@ import ( // EnrollOttOKCode is the HTTP code returned for type EnrollOttOK const EnrollOttOKCode int = 200 -/*EnrollOttOK A PEM encoded certificate signed by the internal Ziti CA +/*EnrollOttOK A response containing and identities client certificate chains swagger:response enrollOttOK */ @@ -49,7 +49,7 @@ type EnrollOttOK struct { /* In: Body */ - Payload string `json:"body,omitempty"` + Payload *rest_model.EnrollmentCertsEnvelope `json:"body,omitempty"` } // NewEnrollOttOK creates EnrollOttOK with default headers values @@ -59,13 +59,13 @@ func NewEnrollOttOK() *EnrollOttOK { } // WithPayload adds the payload to the enroll ott o k response -func (o *EnrollOttOK) WithPayload(payload string) *EnrollOttOK { +func (o *EnrollOttOK) WithPayload(payload *rest_model.EnrollmentCertsEnvelope) *EnrollOttOK { o.Payload = payload return o } // SetPayload sets the payload to the enroll ott o k response -func (o *EnrollOttOK) SetPayload(payload string) { +func (o *EnrollOttOK) SetPayload(payload *rest_model.EnrollmentCertsEnvelope) { o.Payload = payload } @@ -73,9 +73,11 @@ func (o *EnrollOttOK) SetPayload(payload string) { func (o *EnrollOttOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) { rw.WriteHeader(200) - payload := o.Payload - if err := producer.Produce(rw, payload); err != nil { - panic(err) // let the recovery middleware deal with this + if o.Payload != nil { + payload := o.Payload + if err := producer.Produce(rw, payload); err != nil { + panic(err) // let the recovery middleware deal with this + } } } diff --git a/rest_client_api_server/operations/enroll/enroll_responses.go b/rest_client_api_server/operations/enroll/enroll_responses.go index fe45a66f..ffd55138 100644 --- a/rest_client_api_server/operations/enroll/enroll_responses.go +++ b/rest_client_api_server/operations/enroll/enroll_responses.go @@ -40,7 +40,7 @@ import ( // EnrollOKCode is the HTTP code returned for type EnrollOK const EnrollOKCode int = 200 -/*EnrollOK Base empty response +/*EnrollOK A response for multi-format legacy enrollment. swagger:response enrollOK */ @@ -49,7 +49,7 @@ type EnrollOK struct { /* In: Body */ - Payload *rest_model.Empty `json:"body,omitempty"` + Payload string `json:"body,omitempty"` } // NewEnrollOK creates EnrollOK with default headers values @@ -59,13 +59,13 @@ func NewEnrollOK() *EnrollOK { } // WithPayload adds the payload to the enroll o k response -func (o *EnrollOK) WithPayload(payload *rest_model.Empty) *EnrollOK { +func (o *EnrollOK) WithPayload(payload string) *EnrollOK { o.Payload = payload return o } // SetPayload sets the payload to the enroll o k response -func (o *EnrollOK) SetPayload(payload *rest_model.Empty) { +func (o *EnrollOK) SetPayload(payload string) { o.Payload = payload } @@ -73,11 +73,9 @@ func (o *EnrollOK) SetPayload(payload *rest_model.Empty) { func (o *EnrollOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) { rw.WriteHeader(200) - if o.Payload != nil { - payload := o.Payload - if err := producer.Produce(rw, payload); err != nil { - panic(err) // let the recovery middleware deal with this - } + payload := o.Payload + if err := producer.Produce(rw, payload); err != nil { + panic(err) // let the recovery middleware deal with this } } diff --git a/rest_client_api_server/operations/enroll/enroll_updb.go b/rest_client_api_server/operations/enroll/enroll_updb.go new file mode 100644 index 00000000..90fabab7 --- /dev/null +++ b/rest_client_api_server/operations/enroll/enroll_updb.go @@ -0,0 +1,217 @@ +// Code generated by go-swagger; DO NOT EDIT. + +// +// Copyright NetFoundry Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// __ __ _ +// \ \ / / (_) +// \ \ /\ / /_ _ _ __ _ __ _ _ __ __ _ +// \ \/ \/ / _` | '__| '_ \| | '_ \ / _` | +// \ /\ / (_| | | | | | | | | | | (_| | : This file is generated, do not edit it. +// \/ \/ \__,_|_| |_| |_|_|_| |_|\__, | +// __/ | +// |___/ + +package enroll + +// This file was generated by the swagger tool. +// Editing this file might prove futile when you re-run the generate command + +import ( + "context" + "net/http" + + "github.com/go-openapi/errors" + "github.com/go-openapi/runtime/middleware" + "github.com/go-openapi/strfmt" + "github.com/go-openapi/swag" + + "github.com/openziti/edge-api/rest_model" +) + +// EnrollUpdbHandlerFunc turns a function with the right signature into a enroll updb handler +type EnrollUpdbHandlerFunc func(EnrollUpdbParams) middleware.Responder + +// Handle executing the request and returning a response +func (fn EnrollUpdbHandlerFunc) Handle(params EnrollUpdbParams) middleware.Responder { + return fn(params) +} + +// EnrollUpdbHandler interface for that can handle valid enroll updb params +type EnrollUpdbHandler interface { + Handle(EnrollUpdbParams) middleware.Responder +} + +// NewEnrollUpdb creates a new http.Handler for the enroll updb operation +func NewEnrollUpdb(ctx *middleware.Context, handler EnrollUpdbHandler) *EnrollUpdb { + return &EnrollUpdb{Context: ctx, Handler: handler} +} + +/* EnrollUpdb swagger:route POST /enroll/updb Enroll enrollUpdb + +Enroll an identity via one-time-token + +Enrolls an identity via a one-time-token to establish an initial username and password combination + + +*/ +type EnrollUpdb struct { + Context *middleware.Context + Handler EnrollUpdbHandler +} + +func (o *EnrollUpdb) ServeHTTP(rw http.ResponseWriter, r *http.Request) { + route, rCtx, _ := o.Context.RouteInfo(r) + if rCtx != nil { + *r = *rCtx + } + var Params = NewEnrollUpdbParams() + if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params + o.Context.Respond(rw, r, route.Produces, route, err) + return + } + + res := o.Handler.Handle(Params) // actually handle the request + o.Context.Respond(rw, r, route.Produces, route, res) + +} + +// EnrollUpdbBody enroll updb body +// +// swagger:model EnrollUpdbBody +type EnrollUpdbBody struct { + + // password + Password rest_model.Password `json:"password,omitempty"` + + // username + Username rest_model.Username `json:"username,omitempty"` +} + +// Validate validates this enroll updb body +func (o *EnrollUpdbBody) Validate(formats strfmt.Registry) error { + var res []error + + if err := o.validatePassword(formats); err != nil { + res = append(res, err) + } + + if err := o.validateUsername(formats); err != nil { + res = append(res, err) + } + + if len(res) > 0 { + return errors.CompositeValidationError(res...) + } + return nil +} + +func (o *EnrollUpdbBody) validatePassword(formats strfmt.Registry) error { + if swag.IsZero(o.Password) { // not required + return nil + } + + if err := o.Password.Validate(formats); err != nil { + if ve, ok := err.(*errors.Validation); ok { + return ve.ValidateName("updbCredentials" + "." + "password") + } else if ce, ok := err.(*errors.CompositeError); ok { + return ce.ValidateName("updbCredentials" + "." + "password") + } + return err + } + + return nil +} + +func (o *EnrollUpdbBody) validateUsername(formats strfmt.Registry) error { + if swag.IsZero(o.Username) { // not required + return nil + } + + if err := o.Username.Validate(formats); err != nil { + if ve, ok := err.(*errors.Validation); ok { + return ve.ValidateName("updbCredentials" + "." + "username") + } else if ce, ok := err.(*errors.CompositeError); ok { + return ce.ValidateName("updbCredentials" + "." + "username") + } + return err + } + + return nil +} + +// ContextValidate validate this enroll updb body based on the context it is used +func (o *EnrollUpdbBody) ContextValidate(ctx context.Context, formats strfmt.Registry) error { + var res []error + + if err := o.contextValidatePassword(ctx, formats); err != nil { + res = append(res, err) + } + + if err := o.contextValidateUsername(ctx, formats); err != nil { + res = append(res, err) + } + + if len(res) > 0 { + return errors.CompositeValidationError(res...) + } + return nil +} + +func (o *EnrollUpdbBody) contextValidatePassword(ctx context.Context, formats strfmt.Registry) error { + + if err := o.Password.ContextValidate(ctx, formats); err != nil { + if ve, ok := err.(*errors.Validation); ok { + return ve.ValidateName("updbCredentials" + "." + "password") + } else if ce, ok := err.(*errors.CompositeError); ok { + return ce.ValidateName("updbCredentials" + "." + "password") + } + return err + } + + return nil +} + +func (o *EnrollUpdbBody) contextValidateUsername(ctx context.Context, formats strfmt.Registry) error { + + if err := o.Username.ContextValidate(ctx, formats); err != nil { + if ve, ok := err.(*errors.Validation); ok { + return ve.ValidateName("updbCredentials" + "." + "username") + } else if ce, ok := err.(*errors.CompositeError); ok { + return ce.ValidateName("updbCredentials" + "." + "username") + } + return err + } + + return nil +} + +// MarshalBinary interface implementation +func (o *EnrollUpdbBody) MarshalBinary() ([]byte, error) { + if o == nil { + return nil, nil + } + return swag.WriteJSON(o) +} + +// UnmarshalBinary interface implementation +func (o *EnrollUpdbBody) UnmarshalBinary(b []byte) error { + var res EnrollUpdbBody + if err := swag.ReadJSON(b, &res); err != nil { + return err + } + *o = res + return nil +} diff --git a/rest_client_api_server/operations/enroll/ernoll_updb_parameters.go b/rest_client_api_server/operations/enroll/enroll_updb_parameters.go similarity index 69% rename from rest_client_api_server/operations/enroll/ernoll_updb_parameters.go rename to rest_client_api_server/operations/enroll/enroll_updb_parameters.go index 6611c074..1dff9eba 100644 --- a/rest_client_api_server/operations/enroll/ernoll_updb_parameters.go +++ b/rest_client_api_server/operations/enroll/enroll_updb_parameters.go @@ -30,6 +30,8 @@ package enroll // Editing this file might prove futile when you re-run the swagger generate command import ( + "context" + "io" "net/http" "github.com/go-openapi/errors" @@ -39,19 +41,19 @@ import ( "github.com/go-openapi/validate" ) -// NewErnollUpdbParams creates a new ErnollUpdbParams object +// NewEnrollUpdbParams creates a new EnrollUpdbParams object // // There are no default values defined in the spec. -func NewErnollUpdbParams() ErnollUpdbParams { +func NewEnrollUpdbParams() EnrollUpdbParams { - return ErnollUpdbParams{} + return EnrollUpdbParams{} } -// ErnollUpdbParams contains all the bound params for the ernoll updb operation +// EnrollUpdbParams contains all the bound params for the enroll updb operation // typically these are obtained from a http.Request // -// swagger:parameters ernollUpdb -type ErnollUpdbParams struct { +// swagger:parameters enrollUpdb +type EnrollUpdbParams struct { // HTTP Request Object HTTPRequest *http.Request `json:"-"` @@ -61,13 +63,18 @@ type ErnollUpdbParams struct { In: query */ Token strfmt.UUID + /* + Required: true + In: body + */ + UpdbCredentials EnrollUpdbBody } // BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface // for simple values it will use straight method calls. // -// To ensure default values, the struct must have been initialized with NewErnollUpdbParams() beforehand. -func (o *ErnollUpdbParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error { +// To ensure default values, the struct must have been initialized with NewEnrollUpdbParams() beforehand. +func (o *EnrollUpdbParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error { var res []error o.HTTPRequest = r @@ -78,6 +85,34 @@ func (o *ErnollUpdbParams) BindRequest(r *http.Request, route *middleware.Matche if err := o.bindToken(qToken, qhkToken, route.Formats); err != nil { res = append(res, err) } + + if runtime.HasBody(r) { + defer r.Body.Close() + var body EnrollUpdbBody + if err := route.Consumer.Consume(r.Body, &body); err != nil { + if err == io.EOF { + res = append(res, errors.Required("updbCredentials", "body", "")) + } else { + res = append(res, errors.NewParseError("updbCredentials", "body", "", err)) + } + } else { + // validate body object + if err := body.Validate(route.Formats); err != nil { + res = append(res, err) + } + + ctx := validate.WithOperationRequest(context.Background()) + if err := body.ContextValidate(ctx, route.Formats); err != nil { + res = append(res, err) + } + + if len(res) == 0 { + o.UpdbCredentials = body + } + } + } else { + res = append(res, errors.Required("updbCredentials", "body", "")) + } if len(res) > 0 { return errors.CompositeValidationError(res...) } @@ -85,7 +120,7 @@ func (o *ErnollUpdbParams) BindRequest(r *http.Request, route *middleware.Matche } // bindToken binds and validates parameter Token from query. -func (o *ErnollUpdbParams) bindToken(rawData []string, hasKey bool, formats strfmt.Registry) error { +func (o *EnrollUpdbParams) bindToken(rawData []string, hasKey bool, formats strfmt.Registry) error { if !hasKey { return errors.Required("token", "query", rawData) } @@ -116,7 +151,7 @@ func (o *ErnollUpdbParams) bindToken(rawData []string, hasKey bool, formats strf } // validateToken carries on validations for parameter Token -func (o *ErnollUpdbParams) validateToken(formats strfmt.Registry) error { +func (o *EnrollUpdbParams) validateToken(formats strfmt.Registry) error { if err := validate.FormatOf("token", "query", "uuid", o.Token.String(), formats); err != nil { return err diff --git a/rest_client_api_server/operations/enroll/ernoll_updb_responses.go b/rest_client_api_server/operations/enroll/enroll_updb_responses.go similarity index 54% rename from rest_client_api_server/operations/enroll/ernoll_updb_responses.go rename to rest_client_api_server/operations/enroll/enroll_updb_responses.go index eb90798f..60379ea9 100644 --- a/rest_client_api_server/operations/enroll/ernoll_updb_responses.go +++ b/rest_client_api_server/operations/enroll/enroll_updb_responses.go @@ -37,14 +37,14 @@ import ( "github.com/openziti/edge-api/rest_model" ) -// ErnollUpdbOKCode is the HTTP code returned for type ErnollUpdbOK -const ErnollUpdbOKCode int = 200 +// EnrollUpdbOKCode is the HTTP code returned for type EnrollUpdbOK +const EnrollUpdbOKCode int = 200 -/*ErnollUpdbOK Base empty response +/*EnrollUpdbOK Base empty response -swagger:response ernollUpdbOK +swagger:response enrollUpdbOK */ -type ErnollUpdbOK struct { +type EnrollUpdbOK struct { /* In: Body @@ -52,25 +52,25 @@ type ErnollUpdbOK struct { Payload *rest_model.Empty `json:"body,omitempty"` } -// NewErnollUpdbOK creates ErnollUpdbOK with default headers values -func NewErnollUpdbOK() *ErnollUpdbOK { +// NewEnrollUpdbOK creates EnrollUpdbOK with default headers values +func NewEnrollUpdbOK() *EnrollUpdbOK { - return &ErnollUpdbOK{} + return &EnrollUpdbOK{} } -// WithPayload adds the payload to the ernoll updb o k response -func (o *ErnollUpdbOK) WithPayload(payload *rest_model.Empty) *ErnollUpdbOK { +// WithPayload adds the payload to the enroll updb o k response +func (o *EnrollUpdbOK) WithPayload(payload *rest_model.Empty) *EnrollUpdbOK { o.Payload = payload return o } -// SetPayload sets the payload to the ernoll updb o k response -func (o *ErnollUpdbOK) SetPayload(payload *rest_model.Empty) { +// SetPayload sets the payload to the enroll updb o k response +func (o *EnrollUpdbOK) SetPayload(payload *rest_model.Empty) { o.Payload = payload } // WriteResponse to the client -func (o *ErnollUpdbOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) { +func (o *EnrollUpdbOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) { rw.WriteHeader(200) if o.Payload != nil { @@ -81,14 +81,14 @@ func (o *ErnollUpdbOK) WriteResponse(rw http.ResponseWriter, producer runtime.Pr } } -// ErnollUpdbNotFoundCode is the HTTP code returned for type ErnollUpdbNotFound -const ErnollUpdbNotFoundCode int = 404 +// EnrollUpdbNotFoundCode is the HTTP code returned for type EnrollUpdbNotFound +const EnrollUpdbNotFoundCode int = 404 -/*ErnollUpdbNotFound The requested resource does not exist +/*EnrollUpdbNotFound The requested resource does not exist -swagger:response ernollUpdbNotFound +swagger:response enrollUpdbNotFound */ -type ErnollUpdbNotFound struct { +type EnrollUpdbNotFound struct { /* In: Body @@ -96,25 +96,25 @@ type ErnollUpdbNotFound struct { Payload *rest_model.APIErrorEnvelope `json:"body,omitempty"` } -// NewErnollUpdbNotFound creates ErnollUpdbNotFound with default headers values -func NewErnollUpdbNotFound() *ErnollUpdbNotFound { +// NewEnrollUpdbNotFound creates EnrollUpdbNotFound with default headers values +func NewEnrollUpdbNotFound() *EnrollUpdbNotFound { - return &ErnollUpdbNotFound{} + return &EnrollUpdbNotFound{} } -// WithPayload adds the payload to the ernoll updb not found response -func (o *ErnollUpdbNotFound) WithPayload(payload *rest_model.APIErrorEnvelope) *ErnollUpdbNotFound { +// WithPayload adds the payload to the enroll updb not found response +func (o *EnrollUpdbNotFound) WithPayload(payload *rest_model.APIErrorEnvelope) *EnrollUpdbNotFound { o.Payload = payload return o } -// SetPayload sets the payload to the ernoll updb not found response -func (o *ErnollUpdbNotFound) SetPayload(payload *rest_model.APIErrorEnvelope) { +// SetPayload sets the payload to the enroll updb not found response +func (o *EnrollUpdbNotFound) SetPayload(payload *rest_model.APIErrorEnvelope) { o.Payload = payload } // WriteResponse to the client -func (o *ErnollUpdbNotFound) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) { +func (o *EnrollUpdbNotFound) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) { rw.WriteHeader(404) if o.Payload != nil { @@ -125,14 +125,14 @@ func (o *ErnollUpdbNotFound) WriteResponse(rw http.ResponseWriter, producer runt } } -// ErnollUpdbTooManyRequestsCode is the HTTP code returned for type ErnollUpdbTooManyRequests -const ErnollUpdbTooManyRequestsCode int = 429 +// EnrollUpdbTooManyRequestsCode is the HTTP code returned for type EnrollUpdbTooManyRequests +const EnrollUpdbTooManyRequestsCode int = 429 -/*ErnollUpdbTooManyRequests The resource requested is rate limited and the rate limit has been exceeded +/*EnrollUpdbTooManyRequests The resource requested is rate limited and the rate limit has been exceeded -swagger:response ernollUpdbTooManyRequests +swagger:response enrollUpdbTooManyRequests */ -type ErnollUpdbTooManyRequests struct { +type EnrollUpdbTooManyRequests struct { /* In: Body @@ -140,25 +140,25 @@ type ErnollUpdbTooManyRequests struct { Payload *rest_model.APIErrorEnvelope `json:"body,omitempty"` } -// NewErnollUpdbTooManyRequests creates ErnollUpdbTooManyRequests with default headers values -func NewErnollUpdbTooManyRequests() *ErnollUpdbTooManyRequests { +// NewEnrollUpdbTooManyRequests creates EnrollUpdbTooManyRequests with default headers values +func NewEnrollUpdbTooManyRequests() *EnrollUpdbTooManyRequests { - return &ErnollUpdbTooManyRequests{} + return &EnrollUpdbTooManyRequests{} } -// WithPayload adds the payload to the ernoll updb too many requests response -func (o *ErnollUpdbTooManyRequests) WithPayload(payload *rest_model.APIErrorEnvelope) *ErnollUpdbTooManyRequests { +// WithPayload adds the payload to the enroll updb too many requests response +func (o *EnrollUpdbTooManyRequests) WithPayload(payload *rest_model.APIErrorEnvelope) *EnrollUpdbTooManyRequests { o.Payload = payload return o } -// SetPayload sets the payload to the ernoll updb too many requests response -func (o *ErnollUpdbTooManyRequests) SetPayload(payload *rest_model.APIErrorEnvelope) { +// SetPayload sets the payload to the enroll updb too many requests response +func (o *EnrollUpdbTooManyRequests) SetPayload(payload *rest_model.APIErrorEnvelope) { o.Payload = payload } // WriteResponse to the client -func (o *ErnollUpdbTooManyRequests) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) { +func (o *EnrollUpdbTooManyRequests) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) { rw.WriteHeader(429) if o.Payload != nil { diff --git a/rest_client_api_server/operations/enroll/ernoll_updb_urlbuilder.go b/rest_client_api_server/operations/enroll/enroll_updb_urlbuilder.go similarity index 83% rename from rest_client_api_server/operations/enroll/ernoll_updb_urlbuilder.go rename to rest_client_api_server/operations/enroll/enroll_updb_urlbuilder.go index 1bd8e0fd..37c9a24f 100644 --- a/rest_client_api_server/operations/enroll/ernoll_updb_urlbuilder.go +++ b/rest_client_api_server/operations/enroll/enroll_updb_urlbuilder.go @@ -37,8 +37,8 @@ import ( "github.com/go-openapi/strfmt" ) -// ErnollUpdbURL generates an URL for the ernoll updb operation -type ErnollUpdbURL struct { +// EnrollUpdbURL generates an URL for the enroll updb operation +type EnrollUpdbURL struct { Token strfmt.UUID _basePath string @@ -49,7 +49,7 @@ type ErnollUpdbURL struct { // WithBasePath sets the base path for this url builder, only required when it's different from the // base path specified in the swagger spec. // When the value of the base path is an empty string -func (o *ErnollUpdbURL) WithBasePath(bp string) *ErnollUpdbURL { +func (o *EnrollUpdbURL) WithBasePath(bp string) *EnrollUpdbURL { o.SetBasePath(bp) return o } @@ -57,12 +57,12 @@ func (o *ErnollUpdbURL) WithBasePath(bp string) *ErnollUpdbURL { // SetBasePath sets the base path for this url builder, only required when it's different from the // base path specified in the swagger spec. // When the value of the base path is an empty string -func (o *ErnollUpdbURL) SetBasePath(bp string) { +func (o *EnrollUpdbURL) SetBasePath(bp string) { o._basePath = bp } // Build a url path and query string -func (o *ErnollUpdbURL) Build() (*url.URL, error) { +func (o *EnrollUpdbURL) Build() (*url.URL, error) { var _result url.URL var _path = "/enroll/updb" @@ -86,7 +86,7 @@ func (o *ErnollUpdbURL) Build() (*url.URL, error) { } // Must is a helper function to panic when the url builder returns an error -func (o *ErnollUpdbURL) Must(u *url.URL, err error) *url.URL { +func (o *EnrollUpdbURL) Must(u *url.URL, err error) *url.URL { if err != nil { panic(err) } @@ -97,17 +97,17 @@ func (o *ErnollUpdbURL) Must(u *url.URL, err error) *url.URL { } // String returns the string representation of the path with query string -func (o *ErnollUpdbURL) String() string { +func (o *EnrollUpdbURL) String() string { return o.Must(o.Build()).String() } // BuildFull builds a full url with scheme, host, path and query string -func (o *ErnollUpdbURL) BuildFull(scheme, host string) (*url.URL, error) { +func (o *EnrollUpdbURL) BuildFull(scheme, host string) (*url.URL, error) { if scheme == "" { - return nil, errors.New("scheme is required for a full url on ErnollUpdbURL") + return nil, errors.New("scheme is required for a full url on EnrollUpdbURL") } if host == "" { - return nil, errors.New("host is required for a full url on ErnollUpdbURL") + return nil, errors.New("host is required for a full url on EnrollUpdbURL") } base, err := o.Build() @@ -121,6 +121,6 @@ func (o *ErnollUpdbURL) BuildFull(scheme, host string) (*url.URL, error) { } // StringFull returns the string representation of a complete url -func (o *ErnollUpdbURL) StringFull(scheme, host string) string { +func (o *EnrollUpdbURL) StringFull(scheme, host string) string { return o.Must(o.BuildFull(scheme, host)).String() } diff --git a/rest_client_api_server/operations/enroll/enrollment_challenge.go b/rest_client_api_server/operations/enroll/enrollment_challenge.go new file mode 100644 index 00000000..604a87d4 --- /dev/null +++ b/rest_client_api_server/operations/enroll/enrollment_challenge.go @@ -0,0 +1,85 @@ +// Code generated by go-swagger; DO NOT EDIT. + +// +// Copyright NetFoundry Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// __ __ _ +// \ \ / / (_) +// \ \ /\ / /_ _ _ __ _ __ _ _ __ __ _ +// \ \/ \/ / _` | '__| '_ \| | '_ \ / _` | +// \ /\ / (_| | | | | | | | | | | (_| | : This file is generated, do not edit it. +// \/ \/ \__,_|_| |_| |_|_|_| |_|\__, | +// __/ | +// |___/ + +package enroll + +// This file was generated by the swagger tool. +// Editing this file might prove futile when you re-run the generate command + +import ( + "net/http" + + "github.com/go-openapi/runtime/middleware" +) + +// EnrollmentChallengeHandlerFunc turns a function with the right signature into a enrollment challenge handler +type EnrollmentChallengeHandlerFunc func(EnrollmentChallengeParams) middleware.Responder + +// Handle executing the request and returning a response +func (fn EnrollmentChallengeHandlerFunc) Handle(params EnrollmentChallengeParams) middleware.Responder { + return fn(params) +} + +// EnrollmentChallengeHandler interface for that can handle valid enrollment challenge params +type EnrollmentChallengeHandler interface { + Handle(EnrollmentChallengeParams) middleware.Responder +} + +// NewEnrollmentChallenge creates a new http.Handler for the enrollment challenge operation +func NewEnrollmentChallenge(ctx *middleware.Context, handler EnrollmentChallengeHandler) *EnrollmentChallenge { + return &EnrollmentChallenge{Context: ctx, Handler: handler} +} + +/* EnrollmentChallenge swagger:route POST /enroll/challenge Enroll enrollmentChallenge + +Allows verification of a controller or cluster of controllers as being the valid target for enrollment. + +A caller may submit a nonce and a key id (kid) from the enrollment JWKS endpoint or enrollment JWT that will +be used to sign the nonce. The resulting signature may be validated with the associated public key in order +to verify a networks identity during enrollment. The nonce must be a valid formatted UUID. + + +*/ +type EnrollmentChallenge struct { + Context *middleware.Context + Handler EnrollmentChallengeHandler +} + +func (o *EnrollmentChallenge) ServeHTTP(rw http.ResponseWriter, r *http.Request) { + route, rCtx, _ := o.Context.RouteInfo(r) + if rCtx != nil { + *r = *rCtx + } + var Params = NewEnrollmentChallengeParams() + if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params + o.Context.Respond(rw, r, route.Produces, route, err) + return + } + + res := o.Handler.Handle(Params) // actually handle the request + o.Context.Respond(rw, r, route.Produces, route, res) + +} diff --git a/rest_client_api_server/operations/enroll/enrollment_challenge_parameters.go b/rest_client_api_server/operations/enroll/enrollment_challenge_parameters.go new file mode 100644 index 00000000..f1c29ab7 --- /dev/null +++ b/rest_client_api_server/operations/enroll/enrollment_challenge_parameters.go @@ -0,0 +1,109 @@ +// Code generated by go-swagger; DO NOT EDIT. + +// +// Copyright NetFoundry Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// __ __ _ +// \ \ / / (_) +// \ \ /\ / /_ _ _ __ _ __ _ _ __ __ _ +// \ \/ \/ / _` | '__| '_ \| | '_ \ / _` | +// \ /\ / (_| | | | | | | | | | | (_| | : This file is generated, do not edit it. +// \/ \/ \__,_|_| |_| |_|_|_| |_|\__, | +// __/ | +// |___/ + +package enroll + +// This file was generated by the swagger tool. +// Editing this file might prove futile when you re-run the swagger generate command + +import ( + "context" + "io" + "net/http" + + "github.com/go-openapi/errors" + "github.com/go-openapi/runtime" + "github.com/go-openapi/runtime/middleware" + "github.com/go-openapi/validate" + + "github.com/openziti/edge-api/rest_model" +) + +// NewEnrollmentChallengeParams creates a new EnrollmentChallengeParams object +// +// There are no default values defined in the spec. +func NewEnrollmentChallengeParams() EnrollmentChallengeParams { + + return EnrollmentChallengeParams{} +} + +// EnrollmentChallengeParams contains all the bound params for the enrollment challenge operation +// typically these are obtained from a http.Request +// +// swagger:parameters enrollmentChallenge +type EnrollmentChallengeParams struct { + + // HTTP Request Object + HTTPRequest *http.Request `json:"-"` + + /* + Required: true + In: body + */ + Nonce *rest_model.NonceChallenge +} + +// BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface +// for simple values it will use straight method calls. +// +// To ensure default values, the struct must have been initialized with NewEnrollmentChallengeParams() beforehand. +func (o *EnrollmentChallengeParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error { + var res []error + + o.HTTPRequest = r + + if runtime.HasBody(r) { + defer r.Body.Close() + var body rest_model.NonceChallenge + if err := route.Consumer.Consume(r.Body, &body); err != nil { + if err == io.EOF { + res = append(res, errors.Required("nonce", "body", "")) + } else { + res = append(res, errors.NewParseError("nonce", "body", "", err)) + } + } else { + // validate body object + if err := body.Validate(route.Formats); err != nil { + res = append(res, err) + } + + ctx := validate.WithOperationRequest(context.Background()) + if err := body.ContextValidate(ctx, route.Formats); err != nil { + res = append(res, err) + } + + if len(res) == 0 { + o.Nonce = &body + } + } + } else { + res = append(res, errors.Required("nonce", "body", "")) + } + if len(res) > 0 { + return errors.CompositeValidationError(res...) + } + return nil +} diff --git a/rest_client_api_server/operations/enroll/enrollment_challenge_responses.go b/rest_client_api_server/operations/enroll/enrollment_challenge_responses.go new file mode 100644 index 00000000..23b299a0 --- /dev/null +++ b/rest_client_api_server/operations/enroll/enrollment_challenge_responses.go @@ -0,0 +1,170 @@ +// Code generated by go-swagger; DO NOT EDIT. + +// +// Copyright NetFoundry Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// __ __ _ +// \ \ / / (_) +// \ \ /\ / /_ _ _ __ _ __ _ _ __ __ _ +// \ \/ \/ / _` | '__| '_ \| | '_ \ / _` | +// \ /\ / (_| | | | | | | | | | | (_| | : This file is generated, do not edit it. +// \/ \/ \__,_|_| |_| |_|_|_| |_|\__, | +// __/ | +// |___/ + +package enroll + +// This file was generated by the swagger tool. +// Editing this file might prove futile when you re-run the swagger generate command + +import ( + "net/http" + + "github.com/go-openapi/runtime" + + "github.com/openziti/edge-api/rest_model" +) + +// EnrollmentChallengeOKCode is the HTTP code returned for type EnrollmentChallengeOK +const EnrollmentChallengeOKCode int = 200 + +/*EnrollmentChallengeOK A nonce challenge response. The contents will be the signature of the nonce, the key id used, and algorithm used to produce the signature. + +swagger:response enrollmentChallengeOK +*/ +type EnrollmentChallengeOK struct { + + /* + In: Body + */ + Payload *rest_model.NonceSignature `json:"body,omitempty"` +} + +// NewEnrollmentChallengeOK creates EnrollmentChallengeOK with default headers values +func NewEnrollmentChallengeOK() *EnrollmentChallengeOK { + + return &EnrollmentChallengeOK{} +} + +// WithPayload adds the payload to the enrollment challenge o k response +func (o *EnrollmentChallengeOK) WithPayload(payload *rest_model.NonceSignature) *EnrollmentChallengeOK { + o.Payload = payload + return o +} + +// SetPayload sets the payload to the enrollment challenge o k response +func (o *EnrollmentChallengeOK) SetPayload(payload *rest_model.NonceSignature) { + o.Payload = payload +} + +// WriteResponse to the client +func (o *EnrollmentChallengeOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) { + + rw.WriteHeader(200) + if o.Payload != nil { + payload := o.Payload + if err := producer.Produce(rw, payload); err != nil { + panic(err) // let the recovery middleware deal with this + } + } +} + +// EnrollmentChallengeBadRequestCode is the HTTP code returned for type EnrollmentChallengeBadRequest +const EnrollmentChallengeBadRequestCode int = 400 + +/*EnrollmentChallengeBadRequest The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information + +swagger:response enrollmentChallengeBadRequest +*/ +type EnrollmentChallengeBadRequest struct { + + /* + In: Body + */ + Payload *rest_model.APIErrorEnvelope `json:"body,omitempty"` +} + +// NewEnrollmentChallengeBadRequest creates EnrollmentChallengeBadRequest with default headers values +func NewEnrollmentChallengeBadRequest() *EnrollmentChallengeBadRequest { + + return &EnrollmentChallengeBadRequest{} +} + +// WithPayload adds the payload to the enrollment challenge bad request response +func (o *EnrollmentChallengeBadRequest) WithPayload(payload *rest_model.APIErrorEnvelope) *EnrollmentChallengeBadRequest { + o.Payload = payload + return o +} + +// SetPayload sets the payload to the enrollment challenge bad request response +func (o *EnrollmentChallengeBadRequest) SetPayload(payload *rest_model.APIErrorEnvelope) { + o.Payload = payload +} + +// WriteResponse to the client +func (o *EnrollmentChallengeBadRequest) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) { + + rw.WriteHeader(400) + if o.Payload != nil { + payload := o.Payload + if err := producer.Produce(rw, payload); err != nil { + panic(err) // let the recovery middleware deal with this + } + } +} + +// EnrollmentChallengeTooManyRequestsCode is the HTTP code returned for type EnrollmentChallengeTooManyRequests +const EnrollmentChallengeTooManyRequestsCode int = 429 + +/*EnrollmentChallengeTooManyRequests The resource requested is rate limited and the rate limit has been exceeded + +swagger:response enrollmentChallengeTooManyRequests +*/ +type EnrollmentChallengeTooManyRequests struct { + + /* + In: Body + */ + Payload *rest_model.APIErrorEnvelope `json:"body,omitempty"` +} + +// NewEnrollmentChallengeTooManyRequests creates EnrollmentChallengeTooManyRequests with default headers values +func NewEnrollmentChallengeTooManyRequests() *EnrollmentChallengeTooManyRequests { + + return &EnrollmentChallengeTooManyRequests{} +} + +// WithPayload adds the payload to the enrollment challenge too many requests response +func (o *EnrollmentChallengeTooManyRequests) WithPayload(payload *rest_model.APIErrorEnvelope) *EnrollmentChallengeTooManyRequests { + o.Payload = payload + return o +} + +// SetPayload sets the payload to the enrollment challenge too many requests response +func (o *EnrollmentChallengeTooManyRequests) SetPayload(payload *rest_model.APIErrorEnvelope) { + o.Payload = payload +} + +// WriteResponse to the client +func (o *EnrollmentChallengeTooManyRequests) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) { + + rw.WriteHeader(429) + if o.Payload != nil { + payload := o.Payload + if err := producer.Produce(rw, payload); err != nil { + panic(err) // let the recovery middleware deal with this + } + } +} diff --git a/rest_client_api_server/operations/enroll/enrollment_challenge_urlbuilder.go b/rest_client_api_server/operations/enroll/enrollment_challenge_urlbuilder.go new file mode 100644 index 00000000..8993f62e --- /dev/null +++ b/rest_client_api_server/operations/enroll/enrollment_challenge_urlbuilder.go @@ -0,0 +1,111 @@ +// Code generated by go-swagger; DO NOT EDIT. + +// +// Copyright NetFoundry Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// __ __ _ +// \ \ / / (_) +// \ \ /\ / /_ _ _ __ _ __ _ _ __ __ _ +// \ \/ \/ / _` | '__| '_ \| | '_ \ / _` | +// \ /\ / (_| | | | | | | | | | | (_| | : This file is generated, do not edit it. +// \/ \/ \__,_|_| |_| |_|_|_| |_|\__, | +// __/ | +// |___/ + +package enroll + +// This file was generated by the swagger tool. +// Editing this file might prove futile when you re-run the generate command + +import ( + "errors" + "net/url" + golangswaggerpaths "path" +) + +// EnrollmentChallengeURL generates an URL for the enrollment challenge operation +type EnrollmentChallengeURL struct { + _basePath string +} + +// WithBasePath sets the base path for this url builder, only required when it's different from the +// base path specified in the swagger spec. +// When the value of the base path is an empty string +func (o *EnrollmentChallengeURL) WithBasePath(bp string) *EnrollmentChallengeURL { + o.SetBasePath(bp) + return o +} + +// SetBasePath sets the base path for this url builder, only required when it's different from the +// base path specified in the swagger spec. +// When the value of the base path is an empty string +func (o *EnrollmentChallengeURL) SetBasePath(bp string) { + o._basePath = bp +} + +// Build a url path and query string +func (o *EnrollmentChallengeURL) Build() (*url.URL, error) { + var _result url.URL + + var _path = "/enroll/challenge" + + _basePath := o._basePath + if _basePath == "" { + _basePath = "/edge/client/v1" + } + _result.Path = golangswaggerpaths.Join(_basePath, _path) + + return &_result, nil +} + +// Must is a helper function to panic when the url builder returns an error +func (o *EnrollmentChallengeURL) Must(u *url.URL, err error) *url.URL { + if err != nil { + panic(err) + } + if u == nil { + panic("url can't be nil") + } + return u +} + +// String returns the string representation of the path with query string +func (o *EnrollmentChallengeURL) String() string { + return o.Must(o.Build()).String() +} + +// BuildFull builds a full url with scheme, host, path and query string +func (o *EnrollmentChallengeURL) BuildFull(scheme, host string) (*url.URL, error) { + if scheme == "" { + return nil, errors.New("scheme is required for a full url on EnrollmentChallengeURL") + } + if host == "" { + return nil, errors.New("host is required for a full url on EnrollmentChallengeURL") + } + + base, err := o.Build() + if err != nil { + return nil, err + } + + base.Scheme = scheme + base.Host = host + return base, nil +} + +// StringFull returns the string representation of a complete url +func (o *EnrollmentChallengeURL) StringFull(scheme, host string) string { + return o.Must(o.BuildFull(scheme, host)).String() +} diff --git a/rest_client_api_server/operations/enroll/extend_router_enrollment_responses.go b/rest_client_api_server/operations/enroll/extend_router_enrollment_responses.go index 66d8fc37..67943669 100644 --- a/rest_client_api_server/operations/enroll/extend_router_enrollment_responses.go +++ b/rest_client_api_server/operations/enroll/extend_router_enrollment_responses.go @@ -40,7 +40,7 @@ import ( // ExtendRouterEnrollmentOKCode is the HTTP code returned for type ExtendRouterEnrollmentOK const ExtendRouterEnrollmentOKCode int = 200 -/*ExtendRouterEnrollmentOK A response containg the edge routers new signed certificates (server chain, server cert, CAs). +/*ExtendRouterEnrollmentOK A response containing the edge routers new signed certificates (server chain, server cert, CAs). swagger:response extendRouterEnrollmentOK */ diff --git a/rest_client_api_server/operations/enroll/ernoll_updb.go b/rest_client_api_server/operations/enroll/get_enrollment_jwks.go similarity index 55% rename from rest_client_api_server/operations/enroll/ernoll_updb.go rename to rest_client_api_server/operations/enroll/get_enrollment_jwks.go index 08ff403e..7e9f2109 100644 --- a/rest_client_api_server/operations/enroll/ernoll_updb.go +++ b/rest_client_api_server/operations/enroll/get_enrollment_jwks.go @@ -35,43 +35,45 @@ import ( "github.com/go-openapi/runtime/middleware" ) -// ErnollUpdbHandlerFunc turns a function with the right signature into a ernoll updb handler -type ErnollUpdbHandlerFunc func(ErnollUpdbParams) middleware.Responder +// GetEnrollmentJwksHandlerFunc turns a function with the right signature into a get enrollment jwks handler +type GetEnrollmentJwksHandlerFunc func(GetEnrollmentJwksParams) middleware.Responder // Handle executing the request and returning a response -func (fn ErnollUpdbHandlerFunc) Handle(params ErnollUpdbParams) middleware.Responder { +func (fn GetEnrollmentJwksHandlerFunc) Handle(params GetEnrollmentJwksParams) middleware.Responder { return fn(params) } -// ErnollUpdbHandler interface for that can handle valid ernoll updb params -type ErnollUpdbHandler interface { - Handle(ErnollUpdbParams) middleware.Responder +// GetEnrollmentJwksHandler interface for that can handle valid get enrollment jwks params +type GetEnrollmentJwksHandler interface { + Handle(GetEnrollmentJwksParams) middleware.Responder } -// NewErnollUpdb creates a new http.Handler for the ernoll updb operation -func NewErnollUpdb(ctx *middleware.Context, handler ErnollUpdbHandler) *ErnollUpdb { - return &ErnollUpdb{Context: ctx, Handler: handler} +// NewGetEnrollmentJwks creates a new http.Handler for the get enrollment jwks operation +func NewGetEnrollmentJwks(ctx *middleware.Context, handler GetEnrollmentJwksHandler) *GetEnrollmentJwks { + return &GetEnrollmentJwks{Context: ctx, Handler: handler} } -/* ErnollUpdb swagger:route POST /enroll/updb Enroll ernollUpdb +/* GetEnrollmentJwks swagger:route GET /enroll/jwks Enroll getEnrollmentJwks -Enroll an identity via one-time-token +List JSON Web Keys associated with enrollment -Enrolls an identity via a one-time-token to establish an initial username and password combination +Returns a list of JSON Web Keys (JWKS) that are used for enrollment signing. The keys listed here are used +to sign and co-sign enrollment JWTs. They can be verified through a challenge endpoint, using the public keys +from this endpoint to verify the target machine has possession of the related private key. */ -type ErnollUpdb struct { +type GetEnrollmentJwks struct { Context *middleware.Context - Handler ErnollUpdbHandler + Handler GetEnrollmentJwksHandler } -func (o *ErnollUpdb) ServeHTTP(rw http.ResponseWriter, r *http.Request) { +func (o *GetEnrollmentJwks) ServeHTTP(rw http.ResponseWriter, r *http.Request) { route, rCtx, _ := o.Context.RouteInfo(r) if rCtx != nil { *r = *rCtx } - var Params = NewErnollUpdbParams() + var Params = NewGetEnrollmentJwksParams() if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params o.Context.Respond(rw, r, route.Produces, route, err) return diff --git a/rest_client_api_server/operations/enroll/get_enrollment_jwks_parameters.go b/rest_client_api_server/operations/enroll/get_enrollment_jwks_parameters.go new file mode 100644 index 00000000..6143512b --- /dev/null +++ b/rest_client_api_server/operations/enroll/get_enrollment_jwks_parameters.go @@ -0,0 +1,70 @@ +// Code generated by go-swagger; DO NOT EDIT. + +// +// Copyright NetFoundry Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// __ __ _ +// \ \ / / (_) +// \ \ /\ / /_ _ _ __ _ __ _ _ __ __ _ +// \ \/ \/ / _` | '__| '_ \| | '_ \ / _` | +// \ /\ / (_| | | | | | | | | | | (_| | : This file is generated, do not edit it. +// \/ \/ \__,_|_| |_| |_|_|_| |_|\__, | +// __/ | +// |___/ + +package enroll + +// This file was generated by the swagger tool. +// Editing this file might prove futile when you re-run the swagger generate command + +import ( + "net/http" + + "github.com/go-openapi/errors" + "github.com/go-openapi/runtime/middleware" +) + +// NewGetEnrollmentJwksParams creates a new GetEnrollmentJwksParams object +// +// There are no default values defined in the spec. +func NewGetEnrollmentJwksParams() GetEnrollmentJwksParams { + + return GetEnrollmentJwksParams{} +} + +// GetEnrollmentJwksParams contains all the bound params for the get enrollment jwks operation +// typically these are obtained from a http.Request +// +// swagger:parameters getEnrollmentJwks +type GetEnrollmentJwksParams struct { + + // HTTP Request Object + HTTPRequest *http.Request `json:"-"` +} + +// BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface +// for simple values it will use straight method calls. +// +// To ensure default values, the struct must have been initialized with NewGetEnrollmentJwksParams() beforehand. +func (o *GetEnrollmentJwksParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error { + var res []error + + o.HTTPRequest = r + + if len(res) > 0 { + return errors.CompositeValidationError(res...) + } + return nil +} diff --git a/rest_client_api_server/operations/enroll/get_enrollment_jwks_responses.go b/rest_client_api_server/operations/enroll/get_enrollment_jwks_responses.go new file mode 100644 index 00000000..88dfa0a8 --- /dev/null +++ b/rest_client_api_server/operations/enroll/get_enrollment_jwks_responses.go @@ -0,0 +1,82 @@ +// Code generated by go-swagger; DO NOT EDIT. + +// +// Copyright NetFoundry Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// __ __ _ +// \ \ / / (_) +// \ \ /\ / /_ _ _ __ _ __ _ _ __ __ _ +// \ \/ \/ / _` | '__| '_ \| | '_ \ / _` | +// \ /\ / (_| | | | | | | | | | | (_| | : This file is generated, do not edit it. +// \/ \/ \__,_|_| |_| |_|_|_| |_|\__, | +// __/ | +// |___/ + +package enroll + +// This file was generated by the swagger tool. +// Editing this file might prove futile when you re-run the swagger generate command + +import ( + "net/http" + + "github.com/go-openapi/runtime" + + "github.com/openziti/edge-api/rest_model" +) + +// GetEnrollmentJwksOKCode is the HTTP code returned for type GetEnrollmentJwksOK +const GetEnrollmentJwksOKCode int = 200 + +/*GetEnrollmentJwksOK A JWKS response for enrollment. + +swagger:response getEnrollmentJwksOK +*/ +type GetEnrollmentJwksOK struct { + + /* + In: Body + */ + Payload *rest_model.Jwks `json:"body,omitempty"` +} + +// NewGetEnrollmentJwksOK creates GetEnrollmentJwksOK with default headers values +func NewGetEnrollmentJwksOK() *GetEnrollmentJwksOK { + + return &GetEnrollmentJwksOK{} +} + +// WithPayload adds the payload to the get enrollment jwks o k response +func (o *GetEnrollmentJwksOK) WithPayload(payload *rest_model.Jwks) *GetEnrollmentJwksOK { + o.Payload = payload + return o +} + +// SetPayload sets the payload to the get enrollment jwks o k response +func (o *GetEnrollmentJwksOK) SetPayload(payload *rest_model.Jwks) { + o.Payload = payload +} + +// WriteResponse to the client +func (o *GetEnrollmentJwksOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) { + + rw.WriteHeader(200) + if o.Payload != nil { + payload := o.Payload + if err := producer.Produce(rw, payload); err != nil { + panic(err) // let the recovery middleware deal with this + } + } +} diff --git a/rest_client_api_server/operations/enroll/get_enrollment_jwks_urlbuilder.go b/rest_client_api_server/operations/enroll/get_enrollment_jwks_urlbuilder.go new file mode 100644 index 00000000..f850f33d --- /dev/null +++ b/rest_client_api_server/operations/enroll/get_enrollment_jwks_urlbuilder.go @@ -0,0 +1,111 @@ +// Code generated by go-swagger; DO NOT EDIT. + +// +// Copyright NetFoundry Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// __ __ _ +// \ \ / / (_) +// \ \ /\ / /_ _ _ __ _ __ _ _ __ __ _ +// \ \/ \/ / _` | '__| '_ \| | '_ \ / _` | +// \ /\ / (_| | | | | | | | | | | (_| | : This file is generated, do not edit it. +// \/ \/ \__,_|_| |_| |_|_|_| |_|\__, | +// __/ | +// |___/ + +package enroll + +// This file was generated by the swagger tool. +// Editing this file might prove futile when you re-run the generate command + +import ( + "errors" + "net/url" + golangswaggerpaths "path" +) + +// GetEnrollmentJwksURL generates an URL for the get enrollment jwks operation +type GetEnrollmentJwksURL struct { + _basePath string +} + +// WithBasePath sets the base path for this url builder, only required when it's different from the +// base path specified in the swagger spec. +// When the value of the base path is an empty string +func (o *GetEnrollmentJwksURL) WithBasePath(bp string) *GetEnrollmentJwksURL { + o.SetBasePath(bp) + return o +} + +// SetBasePath sets the base path for this url builder, only required when it's different from the +// base path specified in the swagger spec. +// When the value of the base path is an empty string +func (o *GetEnrollmentJwksURL) SetBasePath(bp string) { + o._basePath = bp +} + +// Build a url path and query string +func (o *GetEnrollmentJwksURL) Build() (*url.URL, error) { + var _result url.URL + + var _path = "/enroll/jwks" + + _basePath := o._basePath + if _basePath == "" { + _basePath = "/edge/client/v1" + } + _result.Path = golangswaggerpaths.Join(_basePath, _path) + + return &_result, nil +} + +// Must is a helper function to panic when the url builder returns an error +func (o *GetEnrollmentJwksURL) Must(u *url.URL, err error) *url.URL { + if err != nil { + panic(err) + } + if u == nil { + panic("url can't be nil") + } + return u +} + +// String returns the string representation of the path with query string +func (o *GetEnrollmentJwksURL) String() string { + return o.Must(o.Build()).String() +} + +// BuildFull builds a full url with scheme, host, path and query string +func (o *GetEnrollmentJwksURL) BuildFull(scheme, host string) (*url.URL, error) { + if scheme == "" { + return nil, errors.New("scheme is required for a full url on GetEnrollmentJwksURL") + } + if host == "" { + return nil, errors.New("host is required for a full url on GetEnrollmentJwksURL") + } + + base, err := o.Build() + if err != nil { + return nil, err + } + + base.Scheme = scheme + base.Host = host + return base, nil +} + +// StringFull returns the string representation of a complete url +func (o *GetEnrollmentJwksURL) StringFull(scheme, host string) string { + return o.Must(o.BuildFull(scheme, host)).String() +} diff --git a/rest_client_api_server/operations/ziti_edge_client_api.go b/rest_client_api_server/operations/ziti_edge_client_api.go index 1694b42f..69a2bf07 100644 --- a/rest_client_api_server/operations/ziti_edge_client_api.go +++ b/rest_client_api_server/operations/ziti_edge_client_api.go @@ -90,9 +90,6 @@ func NewZitiEdgeClientAPI(spec *loads.Document) *ZitiEdgeClientAPI { ApplicationXPemFileProducer: runtime.ProducerFunc(func(w io.Writer, data interface{}) error { return errors.NotImplemented("applicationXPemFile producer has not yet been implemented") }), - ApplicationXX509UserCertProducer: runtime.ProducerFunc(func(w io.Writer, data interface{}) error { - return errors.NotImplemented("applicationXX509UserCert producer has not yet been implemented") - }), BinProducer: runtime.ByteStreamProducer(), JSONProducer: runtime.JSONProducer(), TextYamlProducer: runtime.ProducerFunc(func(w io.Writer, data interface{}) error { @@ -180,8 +177,11 @@ func NewZitiEdgeClientAPI(spec *loads.Document) *ZitiEdgeClientAPI { EnrollEnrollOttCaHandler: enroll.EnrollOttCaHandlerFunc(func(params enroll.EnrollOttCaParams) middleware.Responder { return middleware.NotImplemented("operation enroll.EnrollOttCa has not yet been implemented") }), - EnrollErnollUpdbHandler: enroll.ErnollUpdbHandlerFunc(func(params enroll.ErnollUpdbParams) middleware.Responder { - return middleware.NotImplemented("operation enroll.ErnollUpdb has not yet been implemented") + EnrollEnrollUpdbHandler: enroll.EnrollUpdbHandlerFunc(func(params enroll.EnrollUpdbParams) middleware.Responder { + return middleware.NotImplemented("operation enroll.EnrollUpdb has not yet been implemented") + }), + EnrollEnrollmentChallengeHandler: enroll.EnrollmentChallengeHandlerFunc(func(params enroll.EnrollmentChallengeParams) middleware.Responder { + return middleware.NotImplemented("operation enroll.EnrollmentChallenge has not yet been implemented") }), CurrentAPISessionExtendCurrentIdentityAuthenticatorHandler: current_api_session.ExtendCurrentIdentityAuthenticatorHandlerFunc(func(params current_api_session.ExtendCurrentIdentityAuthenticatorParams, principal interface{}) middleware.Responder { return middleware.NotImplemented("operation current_api_session.ExtendCurrentIdentityAuthenticator has not yet been implemented") @@ -201,6 +201,9 @@ func NewZitiEdgeClientAPI(spec *loads.Document) *ZitiEdgeClientAPI { CurrentIdentityGetCurrentIdentityEdgeRoutersHandler: current_identity.GetCurrentIdentityEdgeRoutersHandlerFunc(func(params current_identity.GetCurrentIdentityEdgeRoutersParams, principal interface{}) middleware.Responder { return middleware.NotImplemented("operation current_identity.GetCurrentIdentityEdgeRouters has not yet been implemented") }), + EnrollGetEnrollmentJwksHandler: enroll.GetEnrollmentJwksHandlerFunc(func(params enroll.GetEnrollmentJwksParams) middleware.Responder { + return middleware.NotImplemented("operation enroll.GetEnrollmentJwks has not yet been implemented") + }), ControllersListControllersHandler: controllers.ListControllersHandlerFunc(func(params controllers.ListControllersParams, principal interface{}) middleware.Responder { return middleware.NotImplemented("operation controllers.ListControllers has not yet been implemented") }), @@ -318,9 +321,6 @@ type ZitiEdgeClientAPI struct { // ApplicationXPemFileProducer registers a producer for the following mime types: // - application/x-pem-file ApplicationXPemFileProducer runtime.Producer - // ApplicationXX509UserCertProducer registers a producer for the following mime types: - // - application/x-x509-user-cert - ApplicationXX509UserCertProducer runtime.Producer // BinProducer registers a producer for the following mime types: // - image/png BinProducer runtime.Producer @@ -396,8 +396,10 @@ type ZitiEdgeClientAPI struct { EnrollEnrollOttHandler enroll.EnrollOttHandler // EnrollEnrollOttCaHandler sets the operation handler for the enroll ott ca operation EnrollEnrollOttCaHandler enroll.EnrollOttCaHandler - // EnrollErnollUpdbHandler sets the operation handler for the ernoll updb operation - EnrollErnollUpdbHandler enroll.ErnollUpdbHandler + // EnrollEnrollUpdbHandler sets the operation handler for the enroll updb operation + EnrollEnrollUpdbHandler enroll.EnrollUpdbHandler + // EnrollEnrollmentChallengeHandler sets the operation handler for the enrollment challenge operation + EnrollEnrollmentChallengeHandler enroll.EnrollmentChallengeHandler // CurrentAPISessionExtendCurrentIdentityAuthenticatorHandler sets the operation handler for the extend current identity authenticator operation CurrentAPISessionExtendCurrentIdentityAuthenticatorHandler current_api_session.ExtendCurrentIdentityAuthenticatorHandler // EnrollExtendRouterEnrollmentHandler sets the operation handler for the extend router enrollment operation @@ -410,6 +412,8 @@ type ZitiEdgeClientAPI struct { CurrentIdentityGetCurrentIdentityHandler current_identity.GetCurrentIdentityHandler // CurrentIdentityGetCurrentIdentityEdgeRoutersHandler sets the operation handler for the get current identity edge routers operation CurrentIdentityGetCurrentIdentityEdgeRoutersHandler current_identity.GetCurrentIdentityEdgeRoutersHandler + // EnrollGetEnrollmentJwksHandler sets the operation handler for the get enrollment jwks operation + EnrollGetEnrollmentJwksHandler enroll.GetEnrollmentJwksHandler // ControllersListControllersHandler sets the operation handler for the list controllers operation ControllersListControllersHandler controllers.ListControllersHandler // CurrentAPISessionListCurrentAPISessionCertificatesHandler sets the operation handler for the list current Api session certificates operation @@ -538,9 +542,6 @@ func (o *ZitiEdgeClientAPI) Validate() error { if o.ApplicationXPemFileProducer == nil { unregistered = append(unregistered, "ApplicationXPemFileProducer") } - if o.ApplicationXX509UserCertProducer == nil { - unregistered = append(unregistered, "ApplicationXX509UserCertProducer") - } if o.BinProducer == nil { unregistered = append(unregistered, "BinProducer") } @@ -639,8 +640,11 @@ func (o *ZitiEdgeClientAPI) Validate() error { if o.EnrollEnrollOttCaHandler == nil { unregistered = append(unregistered, "enroll.EnrollOttCaHandler") } - if o.EnrollErnollUpdbHandler == nil { - unregistered = append(unregistered, "enroll.ErnollUpdbHandler") + if o.EnrollEnrollUpdbHandler == nil { + unregistered = append(unregistered, "enroll.EnrollUpdbHandler") + } + if o.EnrollEnrollmentChallengeHandler == nil { + unregistered = append(unregistered, "enroll.EnrollmentChallengeHandler") } if o.CurrentAPISessionExtendCurrentIdentityAuthenticatorHandler == nil { unregistered = append(unregistered, "current_api_session.ExtendCurrentIdentityAuthenticatorHandler") @@ -660,6 +664,9 @@ func (o *ZitiEdgeClientAPI) Validate() error { if o.CurrentIdentityGetCurrentIdentityEdgeRoutersHandler == nil { unregistered = append(unregistered, "current_identity.GetCurrentIdentityEdgeRoutersHandler") } + if o.EnrollGetEnrollmentJwksHandler == nil { + unregistered = append(unregistered, "enroll.GetEnrollmentJwksHandler") + } if o.ControllersListControllersHandler == nil { unregistered = append(unregistered, "controllers.ListControllersHandler") } @@ -788,8 +795,6 @@ func (o *ZitiEdgeClientAPI) ProducersFor(mediaTypes []string) map[string]runtime result["application/pkcs7-mime"] = o.ApplicationPkcs7MimeProducer case "application/x-pem-file": result["application/x-pem-file"] = o.ApplicationXPemFileProducer - case "application/x-x509-user-cert": - result["application/x-x509-user-cert"] = o.ApplicationXX509UserCertProducer case "image/png": result["image/png"] = o.BinProducer case "application/json": @@ -947,7 +952,11 @@ func (o *ZitiEdgeClientAPI) initHandlerCache() { if o.handlers["POST"] == nil { o.handlers["POST"] = make(map[string]http.Handler) } - o.handlers["POST"]["/enroll/updb"] = enroll.NewErnollUpdb(o.context, o.EnrollErnollUpdbHandler) + o.handlers["POST"]["/enroll/updb"] = enroll.NewEnrollUpdb(o.context, o.EnrollEnrollUpdbHandler) + if o.handlers["POST"] == nil { + o.handlers["POST"] = make(map[string]http.Handler) + } + o.handlers["POST"]["/enroll/challenge"] = enroll.NewEnrollmentChallenge(o.context, o.EnrollEnrollmentChallengeHandler) if o.handlers["POST"] == nil { o.handlers["POST"] = make(map[string]http.Handler) } @@ -975,6 +984,10 @@ func (o *ZitiEdgeClientAPI) initHandlerCache() { if o.handlers["GET"] == nil { o.handlers["GET"] = make(map[string]http.Handler) } + o.handlers["GET"]["/enroll/jwks"] = enroll.NewGetEnrollmentJwks(o.context, o.EnrollGetEnrollmentJwksHandler) + if o.handlers["GET"] == nil { + o.handlers["GET"] = make(map[string]http.Handler) + } o.handlers["GET"]["/controllers"] = controllers.NewListControllers(o.context, o.ControllersListControllersHandler) if o.handlers["GET"] == nil { o.handlers["GET"] = make(map[string]http.Handler) diff --git a/rest_model/enrollment_certs.go b/rest_model/enrollment_certs.go index f31ca549..8ed89507 100644 --- a/rest_model/enrollment_certs.go +++ b/rest_model/enrollment_certs.go @@ -44,7 +44,7 @@ type EnrollmentCerts struct { // A PEM encoded set of CA certificates to trust Ca string `json:"ca,omitempty"` - // A PEM encoded cert for the server + // A PEM encoded set of certificates to use as the client chain Cert string `json:"cert,omitempty"` // A PEM encoded set of certificates to use as the servers chain diff --git a/rest_model/jwk.go b/rest_model/jwk.go new file mode 100644 index 00000000..b6b08bc3 --- /dev/null +++ b/rest_model/jwk.go @@ -0,0 +1,215 @@ +// Code generated by go-swagger; DO NOT EDIT. + +// +// Copyright NetFoundry Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// __ __ _ +// \ \ / / (_) +// \ \ /\ / /_ _ _ __ _ __ _ _ __ __ _ +// \ \/ \/ / _` | '__| '_ \| | '_ \ / _` | +// \ /\ / (_| | | | | | | | | | | (_| | : This file is generated, do not edit it. +// \/ \/ \__,_|_| |_| |_|_|_| |_|\__, | +// __/ | +// |___/ + +package rest_model + +// This file was generated by the swagger tool. +// Editing this file might prove futile when you re-run the swagger generate command + +import ( + "context" + "strconv" + + "github.com/go-openapi/errors" + "github.com/go-openapi/strfmt" + "github.com/go-openapi/swag" + "github.com/go-openapi/validate" +) + +// Jwk jwk +// +// swagger:model jwk +type Jwk struct { + + // Algorithm intended for use with the key. + Alg string `json:"alg,omitempty"` + + // Curve for ECC Public Keys. + Crv string `json:"crv,omitempty"` + + // ECC Private Key or RSA Private Exponent. + D string `json:"d,omitempty"` + + // First Factor CRT Exponent for RSA. + Dp string `json:"dp,omitempty"` + + // Second Factor CRT Exponent for RSA. + Dq string `json:"dq,omitempty"` + + // Exponent for RSA Public Key. + E string `json:"e,omitempty"` + + // Intended key operations, e.g., sign, verify. + KeyOps []string `json:"key_ops"` + + // Key ID. + Kid string `json:"kid,omitempty"` + + // Key Type. + // Required: true + Kty *string `json:"kty"` + + // Modulus for RSA Public Key. + N string `json:"n,omitempty"` + + // Other Primes Info not represented by the first two primes. + Oth []*OtherPrime `json:"oth"` + + // First Prime Factor for RSA. + P string `json:"p,omitempty"` + + // Second Prime Factor for RSA. + Q string `json:"q,omitempty"` + + // First CRT Coefficient for RSA. + Qi string `json:"qi,omitempty"` + + // Public key use, e.g., sig (signature) or enc (encryption). + Use string `json:"use,omitempty"` + + // X Coordinate for ECC Public Keys. + X string `json:"x,omitempty"` + + // X.509 Certificate Chain. + X5c []string `json:"x5c"` + + // X.509 Certificate SHA-1 Thumbprint. + X5t string `json:"x5t,omitempty"` + + // X.509 Certificate SHA-256 Thumbprint. + X5tS256 string `json:"x5t#S256,omitempty"` + + // X.509 URL. + X5u string `json:"x5u,omitempty"` + + // Y Coordinate for ECC Public Keys. + Y string `json:"y,omitempty"` +} + +// Validate validates this jwk +func (m *Jwk) Validate(formats strfmt.Registry) error { + var res []error + + if err := m.validateKty(formats); err != nil { + res = append(res, err) + } + + if err := m.validateOth(formats); err != nil { + res = append(res, err) + } + + if len(res) > 0 { + return errors.CompositeValidationError(res...) + } + return nil +} + +func (m *Jwk) validateKty(formats strfmt.Registry) error { + + if err := validate.Required("kty", "body", m.Kty); err != nil { + return err + } + + return nil +} + +func (m *Jwk) validateOth(formats strfmt.Registry) error { + if swag.IsZero(m.Oth) { // not required + return nil + } + + for i := 0; i < len(m.Oth); i++ { + if swag.IsZero(m.Oth[i]) { // not required + continue + } + + if m.Oth[i] != nil { + if err := m.Oth[i].Validate(formats); err != nil { + if ve, ok := err.(*errors.Validation); ok { + return ve.ValidateName("oth" + "." + strconv.Itoa(i)) + } else if ce, ok := err.(*errors.CompositeError); ok { + return ce.ValidateName("oth" + "." + strconv.Itoa(i)) + } + return err + } + } + + } + + return nil +} + +// ContextValidate validate this jwk based on the context it is used +func (m *Jwk) ContextValidate(ctx context.Context, formats strfmt.Registry) error { + var res []error + + if err := m.contextValidateOth(ctx, formats); err != nil { + res = append(res, err) + } + + if len(res) > 0 { + return errors.CompositeValidationError(res...) + } + return nil +} + +func (m *Jwk) contextValidateOth(ctx context.Context, formats strfmt.Registry) error { + + for i := 0; i < len(m.Oth); i++ { + + if m.Oth[i] != nil { + if err := m.Oth[i].ContextValidate(ctx, formats); err != nil { + if ve, ok := err.(*errors.Validation); ok { + return ve.ValidateName("oth" + "." + strconv.Itoa(i)) + } else if ce, ok := err.(*errors.CompositeError); ok { + return ce.ValidateName("oth" + "." + strconv.Itoa(i)) + } + return err + } + } + + } + + return nil +} + +// MarshalBinary interface implementation +func (m *Jwk) MarshalBinary() ([]byte, error) { + if m == nil { + return nil, nil + } + return swag.WriteJSON(m) +} + +// UnmarshalBinary interface implementation +func (m *Jwk) UnmarshalBinary(b []byte) error { + var res Jwk + if err := swag.ReadJSON(b, &res); err != nil { + return err + } + *m = res + return nil +} diff --git a/rest_model/jwks.go b/rest_model/jwks.go new file mode 100644 index 00000000..87960260 --- /dev/null +++ b/rest_model/jwks.go @@ -0,0 +1,140 @@ +// Code generated by go-swagger; DO NOT EDIT. + +// +// Copyright NetFoundry Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// __ __ _ +// \ \ / / (_) +// \ \ /\ / /_ _ _ __ _ __ _ _ __ __ _ +// \ \/ \/ / _` | '__| '_ \| | '_ \ / _` | +// \ /\ / (_| | | | | | | | | | | (_| | : This file is generated, do not edit it. +// \/ \/ \__,_|_| |_| |_|_|_| |_|\__, | +// __/ | +// |___/ + +package rest_model + +// This file was generated by the swagger tool. +// Editing this file might prove futile when you re-run the swagger generate command + +import ( + "context" + "strconv" + + "github.com/go-openapi/errors" + "github.com/go-openapi/strfmt" + "github.com/go-openapi/swag" +) + +// Jwks jwks +// +// swagger:model jwks +type Jwks struct { + + // keys + Keys []*Jwk `json:"keys"` +} + +// Validate validates this jwks +func (m *Jwks) Validate(formats strfmt.Registry) error { + var res []error + + if err := m.validateKeys(formats); err != nil { + res = append(res, err) + } + + if len(res) > 0 { + return errors.CompositeValidationError(res...) + } + return nil +} + +func (m *Jwks) validateKeys(formats strfmt.Registry) error { + if swag.IsZero(m.Keys) { // not required + return nil + } + + for i := 0; i < len(m.Keys); i++ { + if swag.IsZero(m.Keys[i]) { // not required + continue + } + + if m.Keys[i] != nil { + if err := m.Keys[i].Validate(formats); err != nil { + if ve, ok := err.(*errors.Validation); ok { + return ve.ValidateName("keys" + "." + strconv.Itoa(i)) + } else if ce, ok := err.(*errors.CompositeError); ok { + return ce.ValidateName("keys" + "." + strconv.Itoa(i)) + } + return err + } + } + + } + + return nil +} + +// ContextValidate validate this jwks based on the context it is used +func (m *Jwks) ContextValidate(ctx context.Context, formats strfmt.Registry) error { + var res []error + + if err := m.contextValidateKeys(ctx, formats); err != nil { + res = append(res, err) + } + + if len(res) > 0 { + return errors.CompositeValidationError(res...) + } + return nil +} + +func (m *Jwks) contextValidateKeys(ctx context.Context, formats strfmt.Registry) error { + + for i := 0; i < len(m.Keys); i++ { + + if m.Keys[i] != nil { + if err := m.Keys[i].ContextValidate(ctx, formats); err != nil { + if ve, ok := err.(*errors.Validation); ok { + return ve.ValidateName("keys" + "." + strconv.Itoa(i)) + } else if ce, ok := err.(*errors.CompositeError); ok { + return ce.ValidateName("keys" + "." + strconv.Itoa(i)) + } + return err + } + } + + } + + return nil +} + +// MarshalBinary interface implementation +func (m *Jwks) MarshalBinary() ([]byte, error) { + if m == nil { + return nil, nil + } + return swag.WriteJSON(m) +} + +// UnmarshalBinary interface implementation +func (m *Jwks) UnmarshalBinary(b []byte) error { + var res Jwks + if err := swag.ReadJSON(b, &res); err != nil { + return err + } + *m = res + return nil +} diff --git a/rest_model/nonce_challenge.go b/rest_model/nonce_challenge.go new file mode 100644 index 00000000..cf0b9ed4 --- /dev/null +++ b/rest_model/nonce_challenge.go @@ -0,0 +1,134 @@ +// Code generated by go-swagger; DO NOT EDIT. + +// +// Copyright NetFoundry Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// __ __ _ +// \ \ / / (_) +// \ \ /\ / /_ _ _ __ _ __ _ _ __ __ _ +// \ \/ \/ / _` | '__| '_ \| | '_ \ / _` | +// \ /\ / (_| | | | | | | | | | | (_| | : This file is generated, do not edit it. +// \/ \/ \__,_|_| |_| |_|_|_| |_|\__, | +// __/ | +// |___/ + +package rest_model + +// This file was generated by the swagger tool. +// Editing this file might prove futile when you re-run the swagger generate command + +import ( + "context" + + "github.com/go-openapi/errors" + "github.com/go-openapi/strfmt" + "github.com/go-openapi/swag" + "github.com/go-openapi/validate" +) + +// NonceChallenge nonce challenge +// +// swagger:model nonceChallenge +type NonceChallenge struct { + + // algorithm + // Required: true + Algorithm *string `json:"algorithm"` + + // key Id + // Required: true + KeyID *string `json:"keyId"` + + // nonce + // Required: true + // Format: uuid + Nonce *strfmt.UUID `json:"nonce"` +} + +// Validate validates this nonce challenge +func (m *NonceChallenge) Validate(formats strfmt.Registry) error { + var res []error + + if err := m.validateAlgorithm(formats); err != nil { + res = append(res, err) + } + + if err := m.validateKeyID(formats); err != nil { + res = append(res, err) + } + + if err := m.validateNonce(formats); err != nil { + res = append(res, err) + } + + if len(res) > 0 { + return errors.CompositeValidationError(res...) + } + return nil +} + +func (m *NonceChallenge) validateAlgorithm(formats strfmt.Registry) error { + + if err := validate.Required("algorithm", "body", m.Algorithm); err != nil { + return err + } + + return nil +} + +func (m *NonceChallenge) validateKeyID(formats strfmt.Registry) error { + + if err := validate.Required("keyId", "body", m.KeyID); err != nil { + return err + } + + return nil +} + +func (m *NonceChallenge) validateNonce(formats strfmt.Registry) error { + + if err := validate.Required("nonce", "body", m.Nonce); err != nil { + return err + } + + if err := validate.FormatOf("nonce", "body", "uuid", m.Nonce.String(), formats); err != nil { + return err + } + + return nil +} + +// ContextValidate validates this nonce challenge based on context it is used +func (m *NonceChallenge) ContextValidate(ctx context.Context, formats strfmt.Registry) error { + return nil +} + +// MarshalBinary interface implementation +func (m *NonceChallenge) MarshalBinary() ([]byte, error) { + if m == nil { + return nil, nil + } + return swag.WriteJSON(m) +} + +// UnmarshalBinary interface implementation +func (m *NonceChallenge) UnmarshalBinary(b []byte) error { + var res NonceChallenge + if err := swag.ReadJSON(b, &res); err != nil { + return err + } + *m = res + return nil +} diff --git a/rest_model/nonce_signature.go b/rest_model/nonce_signature.go new file mode 100644 index 00000000..79dd1f2d --- /dev/null +++ b/rest_model/nonce_signature.go @@ -0,0 +1,101 @@ +// Code generated by go-swagger; DO NOT EDIT. + +// +// Copyright NetFoundry Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// __ __ _ +// \ \ / / (_) +// \ \ /\ / /_ _ _ __ _ __ _ _ __ __ _ +// \ \/ \/ / _` | '__| '_ \| | '_ \ / _` | +// \ /\ / (_| | | | | | | | | | | (_| | : This file is generated, do not edit it. +// \/ \/ \__,_|_| |_| |_|_|_| |_|\__, | +// __/ | +// |___/ + +package rest_model + +// This file was generated by the swagger tool. +// Editing this file might prove futile when you re-run the swagger generate command + +import ( + "context" + + "github.com/go-openapi/errors" + "github.com/go-openapi/strfmt" + "github.com/go-openapi/swag" + "github.com/go-openapi/validate" +) + +// NonceSignature nonce signature +// +// swagger:model nonceSignature +type NonceSignature struct { + + // algorithm + Algorithm string `json:"algorithm,omitempty"` + + // kid + Kid string `json:"kid,omitempty"` + + // signature + // Required: true + Signature *string `json:"signature"` +} + +// Validate validates this nonce signature +func (m *NonceSignature) Validate(formats strfmt.Registry) error { + var res []error + + if err := m.validateSignature(formats); err != nil { + res = append(res, err) + } + + if len(res) > 0 { + return errors.CompositeValidationError(res...) + } + return nil +} + +func (m *NonceSignature) validateSignature(formats strfmt.Registry) error { + + if err := validate.Required("signature", "body", m.Signature); err != nil { + return err + } + + return nil +} + +// ContextValidate validates this nonce signature based on context it is used +func (m *NonceSignature) ContextValidate(ctx context.Context, formats strfmt.Registry) error { + return nil +} + +// MarshalBinary interface implementation +func (m *NonceSignature) MarshalBinary() ([]byte, error) { + if m == nil { + return nil, nil + } + return swag.WriteJSON(m) +} + +// UnmarshalBinary interface implementation +func (m *NonceSignature) UnmarshalBinary(b []byte) error { + var res NonceSignature + if err := swag.ReadJSON(b, &res); err != nil { + return err + } + *m = res + return nil +} diff --git a/rest_model/other_prime.go b/rest_model/other_prime.go new file mode 100644 index 00000000..d7150066 --- /dev/null +++ b/rest_model/other_prime.go @@ -0,0 +1,80 @@ +// Code generated by go-swagger; DO NOT EDIT. + +// +// Copyright NetFoundry Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// __ __ _ +// \ \ / / (_) +// \ \ /\ / /_ _ _ __ _ __ _ _ __ __ _ +// \ \/ \/ / _` | '__| '_ \| | '_ \ / _` | +// \ /\ / (_| | | | | | | | | | | (_| | : This file is generated, do not edit it. +// \/ \/ \__,_|_| |_| |_|_|_| |_|\__, | +// __/ | +// |___/ + +package rest_model + +// This file was generated by the swagger tool. +// Editing this file might prove futile when you re-run the swagger generate command + +import ( + "context" + + "github.com/go-openapi/strfmt" + "github.com/go-openapi/swag" +) + +// OtherPrime other prime +// +// swagger:model otherPrime +type OtherPrime struct { + + // Factor CRT exponent. + D string `json:"d,omitempty"` + + // Prime factor. + R string `json:"r,omitempty"` + + // Factor CRT coefficient. + T string `json:"t,omitempty"` +} + +// Validate validates this other prime +func (m *OtherPrime) Validate(formats strfmt.Registry) error { + return nil +} + +// ContextValidate validates this other prime based on context it is used +func (m *OtherPrime) ContextValidate(ctx context.Context, formats strfmt.Registry) error { + return nil +} + +// MarshalBinary interface implementation +func (m *OtherPrime) MarshalBinary() ([]byte, error) { + if m == nil { + return nil, nil + } + return swag.WriteJSON(m) +} + +// UnmarshalBinary interface implementation +func (m *OtherPrime) UnmarshalBinary(b []byte) error { + var res OtherPrime + if err := swag.ReadJSON(b, &res); err != nil { + return err + } + *m = res + return nil +} diff --git a/source/client.yml b/source/client.yml index c2247e59..f057a891 100644 --- a/source/client.yml +++ b/source/client.yml @@ -92,6 +92,10 @@ paths: $ref: 'client/enroll.yml#/paths/enroll-erott' '/enroll/extend/router': $ref: 'client/enroll.yml#/paths/enroll-extend-router' + '/enroll/jwks': + $ref: 'client/enroll.yml#/paths/enroll-jwks' + '/enroll/challenge': + $ref: 'client/enroll.yml#/paths/enroll-challenge' '/external-jwt-signers': $ref: 'client/ext-jwt-signers.yml#/paths/external-jwt-signers' diff --git a/source/client/enroll.yml b/source/client/enroll.yml index 25ebe1ee..08442424 100644 --- a/source/client/enroll.yml +++ b/source/client/enroll.yml @@ -21,7 +21,7 @@ paths: - application/json responses: '200': - $ref: '../shared/standard-responses.yml#/responses/emptyResponse' + $ref: '#/responses/stringResponse' '404': $ref: '../shared/standard-responses.yml#/responses/notFoundResponse' '429': @@ -59,13 +59,9 @@ paths: operationId: enrollOtt tags: - Enroll - consumes: - - application/pkcs10 - produces: - - application/x-x509-user-cert responses: '200': - $ref: '#/responses/zitiSignedCert' + $ref: '#/responses/enrollmentCerts' '404': $ref: '../shared/standard-responses.yml#/responses/notFoundResponse' '429': @@ -95,11 +91,21 @@ paths: enroll-updb: parameters: - $ref: '../shared/parameters.yml#/token' + - name: updbCredentials + in: body + required: true + schema: + type: object + properties: + username: + $ref: 'shared/authenticate.yml#/definitions/username' + password: + $ref: 'shared/authenticate.yml#/definitions/password' post: summary: Enroll an identity via one-time-token description: | Enrolls an identity via a one-time-token to establish an initial username and password combination - operationId: ernollUpdb + operationId: enrollUpdb tags: - Enroll responses: @@ -122,7 +128,7 @@ paths: - Enroll responses: '200': - $ref: '#/responses/erottResponse' + $ref: '#/responses/erOttResponse' '429': $ref: '../shared/standard-responses.yml#/responses/rateLimitedResponse' @@ -156,39 +162,68 @@ paths: $ref: '../shared/standard-responses.yml#/responses/unauthorizedResponse' '429': $ref: '../shared/standard-responses.yml#/responses/rateLimitedResponse' + enroll-jwks: + get: + summary: List JSON Web Keys associated with enrollment + description: | + Returns a list of JSON Web Keys (JWKS) that are used for enrollment signing. The keys listed here are used + to sign and co-sign enrollment JWTs. They can be verified through a challenge endpoint, using the public keys + from this endpoint to verify the target machine has possession of the related private key. + operationId: getEnrollmentJwks + tags: + - Enroll + responses: + '200': + $ref: '#/responses/getJwksResponse' + enroll-challenge: + post: + summary: Allows verification of a controller or cluster of controllers as being the valid target for enrollment. + description: | + A caller may submit a nonce and a key id (kid) from the enrollment JWKS endpoint or enrollment JWT that will + be used to sign the nonce. The resulting signature may be validated with the associated public key in order + to verify a networks identity during enrollment. The nonce must be a valid formatted UUID. + operationId: enrollmentChallenge + parameters: + - name: nonce + in: body + required: true + schema: + $ref: '#/definitions/nonceChallenge' + tags: + - Enroll + responses: + '200': + $ref: '#/responses/nonceChallengeResponse' + '400': + $ref: '../shared/standard-responses.yml#/responses/badRequestResponse' + '429': + $ref: '../shared/standard-responses.yml#/responses/rateLimitedResponse' responses: - erottResponse: + erOttResponse: description: A response containing the edge routers signed certificates (server chain, server cert, CAs). schema: $ref: '#/definitions/enrollmentCertsEnvelope' routerExtendEnrollmentResponse: - description: A response containg the edge routers new signed certificates (server chain, server cert, CAs). + description: A response containing the edge routers new signed certificates (server chain, server cert, CAs). schema: $ref: '#/definitions/enrollmentCertsEnvelope' - zitiSignedCert: - description: A PEM encoded certificate signed by the internal Ziti CA + enrollmentCerts: + description: A response containing and identities client certificate chains + schema: + $ref: '#/definitions/enrollmentCertsEnvelope' + stringResponse: + description: A response for multi-format legacy enrollment. schema: type: string - examples: - application/x-x509-user-cert: | - -----BEGIN CERTIFICATE----- - MIICzDCCAlGgAwIBAgIRAPkVg1jVKqnNGFpSB3lPbaIwCgYIKoZIzj0EAwIwXjEL - MAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5DMRMwEQYDVQQKDApOZXRGb3VuZHJ5MS0w - KwYDVQQDDCROZXRGb3VuZHJ5IFppdGkgRXh0ZXJuYWwgQVBJIFJvb3QgQ0EwHhcN - MTgxMTE1MTI1NzE3WhcNMTkxMTI1MTI1NzE3WjBrMQswCQYDVQQGEwJVUzELMAkG - A1UECAwCTkMxEjAQBgNVBAcMCUNoYXJsb3R0ZTETMBEGA1UECgwKTmV0Rm91bmRy - eTEPMA0GA1UECwwGQWR2RGV2MRUwEwYDVQQDDAxaaXRpQ2xpZW50MDEwdjAQBgcq - hkjOPQIBBgUrgQQAIgNiAATTl2ft+/K9RvDgki9gSr9udNcV2bxD4LrWEdCdXNzF - iVUiEcEte9z/M0JRt8lgo17OjFvS+ecrAmLtIZNmQnH3+9YeafjeNPpvQsMKxlTN - MnU7Hka11GHc6swQZSyHvlKjgcUwgcIwCQYDVR0TBAIwADARBglghkgBhvhCAQEE - BAMCBaAwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2VuZXJhdGVkIENsaWVudCBD - ZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUtx+Tej6lSYdjb8Jbc2QuvoEsI/swHwYDVR0j - BBgwFoAUcdTlRrnP43ZbQ3PGAbZMPE26+H4wDgYDVR0PAQH/BAQDAgXgMB0GA1Ud - JQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAKBggqhkjOPQQDAgNpADBmAjEAuXDS - H7KKMr+la+Yuh8d8Q9cLtXzdS0j6a8e7iOyPJmdWq2WuzNdbCfAfLgKXuxhSAjEA - sadZrXl1OBv11RGAKdYBIyRmfYUotCFAtCNKcfgBUxci0TDaKDA7r3jnjKT1d7Fs - -----END CERTIFICATE----- + getJwksResponse: + description: A JWKS response for enrollment. + schema: + $ref: '../shared/jwks.yml#/definitions/jwks' + nonceChallengeResponse: + description: A nonce challenge response. The contents will be the signature of the nonce, the key id used, and algorithm used to produce the signature. + schema: + $ref: '#/definitions/nonceSignature' definitions: enrollmentCertsEnvelope: @@ -206,7 +241,7 @@ definitions: description: A PEM encoded set of certificates to use as the servers chain cert: type: string - description: A PEM encoded cert for the server + description: A PEM encoded set of certificates to use as the client chain ca: type: string description: A PEM encoded set of CA certificates to trust @@ -220,3 +255,28 @@ definitions: type: string certCsr: type: string + nonceSignature: + type: object + required: + - signature + properties: + signature: + type: string + algorithm: + type: string + kid: + type: string + nonceChallenge: + type: object + required: + - nonce + - keyId + - algorithm + properties: + nonce: + type: string + format: uuid + keyId: + type: string + algorithm: + type: string \ No newline at end of file diff --git a/source/shared/jwks.yml b/source/shared/jwks.yml new file mode 100644 index 00000000..3ee02fda --- /dev/null +++ b/source/shared/jwks.yml @@ -0,0 +1,94 @@ +definitions: + jwks: + type: object + properties: + keys: + type: array + items: + $ref: '#/definitions/jwk' + jwk: + type: object + required: + - kty + properties: + kty: + type: string + description: 'Key Type.' + use: + type: string + description: 'Public key use, e.g., sig (signature) or enc (encryption).' + key_ops: + type: array + items: + type: string + description: 'Intended key operations, e.g., sign, verify.' + alg: + type: string + description: 'Algorithm intended for use with the key.' + kid: + type: string + description: 'Key ID.' + x5u: + type: string + description: 'X.509 URL.' + x5c: + type: array + items: + type: string + description: 'X.509 Certificate Chain.' + x5t: + type: string + description: 'X.509 Certificate SHA-1 Thumbprint.' + x5t#S256: + type: string + description: 'X.509 Certificate SHA-256 Thumbprint.' + 'n': + type: string + description: 'Modulus for RSA Public Key.' + 'e': + type: string + description: 'Exponent for RSA Public Key.' + 'p': + type: string + description: 'First Prime Factor for RSA.' + 'q': + type: string + description: 'Second Prime Factor for RSA.' + dp: + type: string + description: 'First Factor CRT Exponent for RSA.' + dq: + type: string + description: 'Second Factor CRT Exponent for RSA.' + qi: + type: string + description: 'First CRT Coefficient for RSA.' + oth: + type: array + description: 'Other Primes Info not represented by the first two primes.' + items: + $ref: '#/definitions/otherPrime' + crv: + type: string + description: 'Curve for ECC Public Keys.' + 'x': + type: string + description: 'X Coordinate for ECC Public Keys.' + 'y': + type: string + description: 'Y Coordinate for ECC Public Keys.' + 'd': + type: string + description: 'ECC Private Key or RSA Private Exponent.' + otherPrime: + type: object + properties: + r: + type: string + description: 'Prime factor.' + d: + type: string + description: 'Factor CRT exponent.' + t: + type: string + description: 'Factor CRT coefficient.' \ No newline at end of file From 6766461c351aeb87064c97263b12734b930d54c4 Mon Sep 17 00:00:00 2001 From: Andrew Martinez Date: Wed, 5 Jun 2024 09:50:47 -0400 Subject: [PATCH 2/3] fixes #113 #112 and fixes enrollment request payloads --- .github/workflows/version-verify.yml | 64 +++++++ client.yml | 65 ++++--- go.mod | 12 +- go.sum | 24 +-- management.yml | 14 +- .../create_mfa_recovery_codes_responses.go | 8 +- .../detail_mfa_recovery_codes_responses.go | 8 +- .../enroll/enroll_er_ott_parameters.go | 32 ++-- .../enroll/enroll_ott_ca_parameters.go | 32 ++-- .../enroll/enroll_ott_parameters.go | 32 ++-- rest_client_api_server/doc.go | 2 +- rest_client_api_server/embedded_spec.go | 178 ++++++++++++------ .../create_mfa_recovery_codes_responses.go | 8 +- .../detail_mfa_recovery_codes_responses.go | 8 +- .../enroll/enroll_er_ott_parameters.go | 82 ++++---- .../enroll/enroll_er_ott_urlbuilder.go | 15 -- .../enroll/enroll_ott_ca_parameters.go | 82 ++++---- .../enroll/enroll_ott_ca_urlbuilder.go | 15 -- .../enroll/enroll_ott_parameters.go | 82 ++++---- .../enroll/enroll_ott_urlbuilder.go | 15 -- .../create_mfa_recovery_codes_responses.go | 8 +- .../detail_mfa_recovery_codes_responses.go | 8 +- rest_management_api_server/doc.go | 2 +- rest_management_api_server/embedded_spec.go | 28 +-- .../create_mfa_recovery_codes_responses.go | 8 +- .../detail_mfa_recovery_codes_responses.go | 8 +- .../detail_mfa_recovery_codes_envelope.go | 30 +-- rest_model/er_ott_enrollment_request.go | 80 ++++++++ rest_model/nonce_challenge.go | 17 -- rest_model/nonce_signature.go | 49 ++++- rest_model/ott_enrollment_request.go | 77 ++++++++ rest_util/capool.go | 47 +++-- source/client.yml | 2 +- source/client/enroll.yml | 46 ++++- source/management.yml | 2 +- source/shared/current-identity-mfa.yml | 8 +- 36 files changed, 747 insertions(+), 451 deletions(-) create mode 100644 .github/workflows/version-verify.yml create mode 100644 rest_model/er_ott_enrollment_request.go create mode 100644 rest_model/ott_enrollment_request.go diff --git a/.github/workflows/version-verify.yml b/.github/workflows/version-verify.yml new file mode 100644 index 00000000..de4dd5fe --- /dev/null +++ b/.github/workflows/version-verify.yml @@ -0,0 +1,64 @@ +name: Check Version + +on: [push, pull_request] + +jobs: + check-version: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + - name: Set up Python + uses: actions/setup-python@v2 + with: + python-version: 3.x + + - name: Install dependencies + run: | + python -m pip install pyyaml packaging + + - name: Fetch tags + run: git fetch --tags + + - name: Get latest version tag + id: get_latest_tag + run: echo "::set-output name=tag::$(git describe --tags `git rev-list --tags --max-count=1`)" + + - name: Check YAML version + env: + LATEST_TAG: ${{ steps.get_latest_tag.outputs.tag }} + run: | + python -c " + import yaml + import re + from packaging.version import Version + +def parse_version(tag): + match = re.match(r'v(\d+\.\d+\.\d+)', tag) + if match: + return Version(match.group(1)) + return None + + latest_tag = '${LATEST_TAG}' + latest_version = parse_version(latest_tag) + +if not latest_version: + print(f'Invalid latest tag format: {latest_tag}') + exit(1) + +with open('path/to/yourfile.yaml', 'r') as f: # Replace with the actual path to your YAML file + data = yaml.safe_load(f) + + yaml_version_str = data.get('info', {}).get('version') +if not yaml_version_str: + print('No version found in YAML file') + exit(1) + + yaml_version = Version(yaml_version_str) + +if yaml_version <= latest_version: + print(f'YAML version ({yaml_version}) is not greater than the latest tag version ({latest_version})') + exit(1) + print(f'YAML version ({yaml_version}) is greater than the latest tag version ({latest_version})') + " diff --git a/client.yml b/client.yml index 4d1a177e..6949c290 100644 --- a/client.yml +++ b/client.yml @@ -15,7 +15,7 @@ info: license: name: Apache 2.0 url: https://www.apache.org/licenses/LICENSE-2.0.html - version: 0.26.18 + version: 0.26.20 host: demo.ziti.dev basePath: /edge/client/v1 paths: @@ -1621,9 +1621,9 @@ paths: in: header responses: "200": - description: Base empty response + description: The recovery codes of an MFA enrollment schema: - $ref: '#/definitions/empty' + $ref: '#/definitions/detailMfaRecoveryCodesEnvelope' "401": description: The supplied session does not have the correct access rights to request this resource @@ -1682,9 +1682,9 @@ paths: $ref: '#/definitions/mfaCode' responses: "200": - description: The recovery codes of an MFA enrollment + description: Base empty response schema: - $ref: '#/definitions/detailMfaRecoveryCodesEnvelope' + $ref: '#/definitions/empty' "401": description: The supplied session does not have the correct access rights to request this resource @@ -2004,11 +2004,12 @@ paths: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - - type: string - format: uuid - name: token - in: query + - description: An OTT enrollment request + name: erOttEnrollmentRequest + in: body required: true + schema: + $ref: '#/definitions/erOttEnrollmentRequest' /enroll/extend/router: post: description: | @@ -2142,11 +2143,12 @@ paths: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - - type: string - format: uuid - name: token - in: query + - description: An OTT enrollment request + name: ottEnrollmentRequest + in: body required: true + schema: + $ref: '#/definitions/ottEnrollmentRequest' /enroll/ottca: post: description: | @@ -2184,11 +2186,12 @@ paths: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - - type: string - format: uuid - name: token - in: query + - description: An OTT enrollment request + name: ottEnrollmentRequest + in: body required: true + schema: + $ref: '#/definitions/ottEnrollmentRequest' /enroll/updb: post: description: | @@ -4269,9 +4272,9 @@ definitions: type: object required: - meta - - error + - data properties: - error: + data: $ref: '#/definitions/detailMfaRecoveryCodes' meta: $ref: '#/definitions/meta' @@ -4389,6 +4392,15 @@ definitions: osVersion: type: string maxLength: 255 + erOttEnrollmentRequest: + type: object + properties: + clientCsr: + type: string + serverCsr: + type: string + token: + type: string identityAuthenticators: type: object properties: @@ -4841,10 +4853,7 @@ definitions: required: - nonce - keyId - - algorithm properties: - algorithm: - type: string keyId: type: string nonce: @@ -4854,9 +4863,14 @@ definitions: type: object required: - signature + - algorithm + - kid + - caPool properties: algorithm: type: string + caPool: + type: string kid: type: string signature: @@ -4882,6 +4896,13 @@ definitions: t: description: Factor CRT coefficient. type: string + ottEnrollmentRequest: + type: object + properties: + clientCsr: + type: string + token: + type: string pagination: type: object required: diff --git a/go.mod b/go.mod index 83a99644..5d12c753 100644 --- a/go.mod +++ b/go.mod @@ -16,13 +16,13 @@ require ( github.com/jessevdk/go-flags v1.5.0 github.com/pkg/errors v0.9.1 github.com/sirupsen/logrus v1.9.3 - golang.org/x/net v0.25.0 + golang.org/x/net v0.26.0 ) require ( github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect github.com/docker/go-units v0.5.0 // indirect - github.com/go-logr/logr v1.4.1 // indirect + github.com/go-logr/logr v1.4.2 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-openapi/analysis v0.23.0 // indirect github.com/go-openapi/jsonpointer v0.21.0 // indirect @@ -34,10 +34,10 @@ require ( github.com/oklog/ulid v1.3.1 // indirect github.com/opentracing/opentracing-go v1.2.0 // indirect go.mongodb.org/mongo-driver v1.15.0 // indirect - go.opentelemetry.io/otel v1.26.0 // indirect - go.opentelemetry.io/otel/metric v1.26.0 // indirect - go.opentelemetry.io/otel/trace v1.26.0 // indirect + go.opentelemetry.io/otel v1.27.0 // indirect + go.opentelemetry.io/otel/metric v1.27.0 // indirect + go.opentelemetry.io/otel/trace v1.27.0 // indirect golang.org/x/sync v0.7.0 // indirect - golang.org/x/sys v0.20.0 // indirect + golang.org/x/sys v0.21.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/go.sum b/go.sum index 52e63029..670d1f46 100644 --- a/go.sum +++ b/go.sum @@ -8,8 +8,8 @@ github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDD github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa h1:RDBNVkRviHZtvDvId8XSGPu3rmpmSe+wKRcEWNgsfWU= github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= -github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= +github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-openapi/analysis v0.23.0 h1:aGday7OWupfMs+LbmLZG4k0MYXIANxcuBTYUC03zFCU= @@ -67,22 +67,22 @@ github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsT github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= go.mongodb.org/mongo-driver v1.15.0 h1:rJCKC8eEliewXjZGf0ddURtl7tTVy1TK3bfl0gkUSLc= go.mongodb.org/mongo-driver v1.15.0/go.mod h1:Vzb0Mk/pa7e6cWw85R4F/endUC3u0U9jGcNU603k65c= -go.opentelemetry.io/otel v1.26.0 h1:LQwgL5s/1W7YiiRwxf03QGnWLb2HW4pLiAhaA5cZXBs= -go.opentelemetry.io/otel v1.26.0/go.mod h1:UmLkJHUAidDval2EICqBMbnAd0/m2vmpf/dAM+fvFs4= -go.opentelemetry.io/otel/metric v1.26.0 h1:7S39CLuY5Jgg9CrnA9HHiEjGMF/X2VHvoXGgSllRz30= -go.opentelemetry.io/otel/metric v1.26.0/go.mod h1:SY+rHOI4cEawI9a7N1A4nIg/nTQXe1ccCNWYOJUrpX4= +go.opentelemetry.io/otel v1.27.0 h1:9BZoF3yMK/O1AafMiQTVu0YDj5Ea4hPhxCs7sGva+cg= +go.opentelemetry.io/otel v1.27.0/go.mod h1:DMpAK8fzYRzs+bi3rS5REupisuqTheUlSZJ1WnZaPAQ= +go.opentelemetry.io/otel/metric v1.27.0 h1:hvj3vdEKyeCi4YaYfNjv2NUje8FqKqUY8IlF0FxV/ik= +go.opentelemetry.io/otel/metric v1.27.0/go.mod h1:mVFgmRlhljgBiuk/MP/oKylr4hs85GZAylncepAX/ak= go.opentelemetry.io/otel/sdk v1.24.0 h1:YMPPDNymmQN3ZgczicBY3B6sf9n62Dlj9pWD3ucgoDw= go.opentelemetry.io/otel/sdk v1.24.0/go.mod h1:KVrIYw6tEubO9E96HQpcmpTKDVn9gdv35HoYiQWGDFg= -go.opentelemetry.io/otel/trace v1.26.0 h1:1ieeAUb4y0TE26jUFrCIXKpTuVK7uJGN9/Z/2LP5sQA= -go.opentelemetry.io/otel/trace v1.26.0/go.mod h1:4iDxvGDQuUkHve82hJJ8UqrwswHYsZuWCBllGV2U2y0= -golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= -golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= +go.opentelemetry.io/otel/trace v1.27.0 h1:IqYb813p7cmbHk0a5y6pD5JPakbVfftRXABGt5/Rscw= +go.opentelemetry.io/otel/trace v1.27.0/go.mod h1:6RiD1hkAprV4/q+yd2ln1HG9GoPx39SuvvstaLBl+l4= +golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= +golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= -golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= +golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= diff --git a/management.yml b/management.yml index a359ef83..e72e238e 100644 --- a/management.yml +++ b/management.yml @@ -15,7 +15,7 @@ info: license: name: Apache 2.0 url: https://www.apache.org/licenses/LICENSE-2.0.html - version: 0.26.18 + version: 0.26.20 host: demo.ziti.dev basePath: /edge/management/v1 paths: @@ -4563,9 +4563,9 @@ paths: in: header responses: "200": - description: Base empty response + description: The recovery codes of an MFA enrollment schema: - $ref: '#/definitions/empty' + $ref: '#/definitions/detailMfaRecoveryCodesEnvelope' "401": description: The supplied session does not have the correct access rights to request this resource @@ -4624,9 +4624,9 @@ paths: $ref: '#/definitions/mfaCode' responses: "200": - description: The recovery codes of an MFA enrollment + description: Base empty response schema: - $ref: '#/definitions/detailMfaRecoveryCodesEnvelope' + $ref: '#/definitions/empty' "401": description: The supplied session does not have the correct access rights to request this resource @@ -16840,9 +16840,9 @@ definitions: type: object required: - meta - - error + - data properties: - error: + data: $ref: '#/definitions/detailMfaRecoveryCodes' meta: $ref: '#/definitions/meta' diff --git a/rest_client_api_client/current_identity/create_mfa_recovery_codes_responses.go b/rest_client_api_client/current_identity/create_mfa_recovery_codes_responses.go index 1054bc80..3731081d 100644 --- a/rest_client_api_client/current_identity/create_mfa_recovery_codes_responses.go +++ b/rest_client_api_client/current_identity/create_mfa_recovery_codes_responses.go @@ -77,22 +77,22 @@ func NewCreateMfaRecoveryCodesOK() *CreateMfaRecoveryCodesOK { /* CreateMfaRecoveryCodesOK describes a response with status code 200, with default header values. -The recovery codes of an MFA enrollment +Base empty response */ type CreateMfaRecoveryCodesOK struct { - Payload *rest_model.DetailMfaRecoveryCodesEnvelope + Payload *rest_model.Empty } func (o *CreateMfaRecoveryCodesOK) Error() string { return fmt.Sprintf("[POST /current-identity/mfa/recovery-codes][%d] createMfaRecoveryCodesOK %+v", 200, o.Payload) } -func (o *CreateMfaRecoveryCodesOK) GetPayload() *rest_model.DetailMfaRecoveryCodesEnvelope { +func (o *CreateMfaRecoveryCodesOK) GetPayload() *rest_model.Empty { return o.Payload } func (o *CreateMfaRecoveryCodesOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error { - o.Payload = new(rest_model.DetailMfaRecoveryCodesEnvelope) + o.Payload = new(rest_model.Empty) // response payload if err := consumer.Consume(response.Body(), o.Payload); err != nil && err != io.EOF { diff --git a/rest_client_api_client/current_identity/detail_mfa_recovery_codes_responses.go b/rest_client_api_client/current_identity/detail_mfa_recovery_codes_responses.go index f12ed442..ad7204ee 100644 --- a/rest_client_api_client/current_identity/detail_mfa_recovery_codes_responses.go +++ b/rest_client_api_client/current_identity/detail_mfa_recovery_codes_responses.go @@ -77,22 +77,22 @@ func NewDetailMfaRecoveryCodesOK() *DetailMfaRecoveryCodesOK { /* DetailMfaRecoveryCodesOK describes a response with status code 200, with default header values. -Base empty response +The recovery codes of an MFA enrollment */ type DetailMfaRecoveryCodesOK struct { - Payload *rest_model.Empty + Payload *rest_model.DetailMfaRecoveryCodesEnvelope } func (o *DetailMfaRecoveryCodesOK) Error() string { return fmt.Sprintf("[GET /current-identity/mfa/recovery-codes][%d] detailMfaRecoveryCodesOK %+v", 200, o.Payload) } -func (o *DetailMfaRecoveryCodesOK) GetPayload() *rest_model.Empty { +func (o *DetailMfaRecoveryCodesOK) GetPayload() *rest_model.DetailMfaRecoveryCodesEnvelope { return o.Payload } func (o *DetailMfaRecoveryCodesOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error { - o.Payload = new(rest_model.Empty) + o.Payload = new(rest_model.DetailMfaRecoveryCodesEnvelope) // response payload if err := consumer.Consume(response.Body(), o.Payload); err != nil && err != io.EOF { diff --git a/rest_client_api_client/enroll/enroll_er_ott_parameters.go b/rest_client_api_client/enroll/enroll_er_ott_parameters.go index f4a86714..62c556d2 100644 --- a/rest_client_api_client/enroll/enroll_er_ott_parameters.go +++ b/rest_client_api_client/enroll/enroll_er_ott_parameters.go @@ -38,6 +38,8 @@ import ( "github.com/go-openapi/runtime" cr "github.com/go-openapi/runtime/client" "github.com/go-openapi/strfmt" + + "github.com/openziti/edge-api/rest_model" ) // NewEnrollErOttParams creates a new EnrollErOttParams object, @@ -83,10 +85,11 @@ func NewEnrollErOttParamsWithHTTPClient(client *http.Client) *EnrollErOttParams */ type EnrollErOttParams struct { - // Token. - // - // Format: uuid - Token strfmt.UUID + /* ErOttEnrollmentRequest. + + An OTT enrollment request + */ + ErOttEnrollmentRequest *rest_model.ErOttEnrollmentRequest timeout time.Duration Context context.Context @@ -141,15 +144,15 @@ func (o *EnrollErOttParams) SetHTTPClient(client *http.Client) { o.HTTPClient = client } -// WithToken adds the token to the enroll er ott params -func (o *EnrollErOttParams) WithToken(token strfmt.UUID) *EnrollErOttParams { - o.SetToken(token) +// WithErOttEnrollmentRequest adds the erOttEnrollmentRequest to the enroll er ott params +func (o *EnrollErOttParams) WithErOttEnrollmentRequest(erOttEnrollmentRequest *rest_model.ErOttEnrollmentRequest) *EnrollErOttParams { + o.SetErOttEnrollmentRequest(erOttEnrollmentRequest) return o } -// SetToken adds the token to the enroll er ott params -func (o *EnrollErOttParams) SetToken(token strfmt.UUID) { - o.Token = token +// SetErOttEnrollmentRequest adds the erOttEnrollmentRequest to the enroll er ott params +func (o *EnrollErOttParams) SetErOttEnrollmentRequest(erOttEnrollmentRequest *rest_model.ErOttEnrollmentRequest) { + o.ErOttEnrollmentRequest = erOttEnrollmentRequest } // WriteToRequest writes these params to a swagger request @@ -159,13 +162,8 @@ func (o *EnrollErOttParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.R return err } var res []error - - // query param token - qrToken := o.Token - qToken := qrToken.String() - if qToken != "" { - - if err := r.SetQueryParam("token", qToken); err != nil { + if o.ErOttEnrollmentRequest != nil { + if err := r.SetBodyParam(o.ErOttEnrollmentRequest); err != nil { return err } } diff --git a/rest_client_api_client/enroll/enroll_ott_ca_parameters.go b/rest_client_api_client/enroll/enroll_ott_ca_parameters.go index 915f2955..15bfff41 100644 --- a/rest_client_api_client/enroll/enroll_ott_ca_parameters.go +++ b/rest_client_api_client/enroll/enroll_ott_ca_parameters.go @@ -38,6 +38,8 @@ import ( "github.com/go-openapi/runtime" cr "github.com/go-openapi/runtime/client" "github.com/go-openapi/strfmt" + + "github.com/openziti/edge-api/rest_model" ) // NewEnrollOttCaParams creates a new EnrollOttCaParams object, @@ -83,10 +85,11 @@ func NewEnrollOttCaParamsWithHTTPClient(client *http.Client) *EnrollOttCaParams */ type EnrollOttCaParams struct { - // Token. - // - // Format: uuid - Token strfmt.UUID + /* OttEnrollmentRequest. + + An OTT enrollment request + */ + OttEnrollmentRequest *rest_model.OttEnrollmentRequest timeout time.Duration Context context.Context @@ -141,15 +144,15 @@ func (o *EnrollOttCaParams) SetHTTPClient(client *http.Client) { o.HTTPClient = client } -// WithToken adds the token to the enroll ott ca params -func (o *EnrollOttCaParams) WithToken(token strfmt.UUID) *EnrollOttCaParams { - o.SetToken(token) +// WithOttEnrollmentRequest adds the ottEnrollmentRequest to the enroll ott ca params +func (o *EnrollOttCaParams) WithOttEnrollmentRequest(ottEnrollmentRequest *rest_model.OttEnrollmentRequest) *EnrollOttCaParams { + o.SetOttEnrollmentRequest(ottEnrollmentRequest) return o } -// SetToken adds the token to the enroll ott ca params -func (o *EnrollOttCaParams) SetToken(token strfmt.UUID) { - o.Token = token +// SetOttEnrollmentRequest adds the ottEnrollmentRequest to the enroll ott ca params +func (o *EnrollOttCaParams) SetOttEnrollmentRequest(ottEnrollmentRequest *rest_model.OttEnrollmentRequest) { + o.OttEnrollmentRequest = ottEnrollmentRequest } // WriteToRequest writes these params to a swagger request @@ -159,13 +162,8 @@ func (o *EnrollOttCaParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.R return err } var res []error - - // query param token - qrToken := o.Token - qToken := qrToken.String() - if qToken != "" { - - if err := r.SetQueryParam("token", qToken); err != nil { + if o.OttEnrollmentRequest != nil { + if err := r.SetBodyParam(o.OttEnrollmentRequest); err != nil { return err } } diff --git a/rest_client_api_client/enroll/enroll_ott_parameters.go b/rest_client_api_client/enroll/enroll_ott_parameters.go index b31f4d53..4c7f669c 100644 --- a/rest_client_api_client/enroll/enroll_ott_parameters.go +++ b/rest_client_api_client/enroll/enroll_ott_parameters.go @@ -38,6 +38,8 @@ import ( "github.com/go-openapi/runtime" cr "github.com/go-openapi/runtime/client" "github.com/go-openapi/strfmt" + + "github.com/openziti/edge-api/rest_model" ) // NewEnrollOttParams creates a new EnrollOttParams object, @@ -83,10 +85,11 @@ func NewEnrollOttParamsWithHTTPClient(client *http.Client) *EnrollOttParams { */ type EnrollOttParams struct { - // Token. - // - // Format: uuid - Token strfmt.UUID + /* OttEnrollmentRequest. + + An OTT enrollment request + */ + OttEnrollmentRequest *rest_model.OttEnrollmentRequest timeout time.Duration Context context.Context @@ -141,15 +144,15 @@ func (o *EnrollOttParams) SetHTTPClient(client *http.Client) { o.HTTPClient = client } -// WithToken adds the token to the enroll ott params -func (o *EnrollOttParams) WithToken(token strfmt.UUID) *EnrollOttParams { - o.SetToken(token) +// WithOttEnrollmentRequest adds the ottEnrollmentRequest to the enroll ott params +func (o *EnrollOttParams) WithOttEnrollmentRequest(ottEnrollmentRequest *rest_model.OttEnrollmentRequest) *EnrollOttParams { + o.SetOttEnrollmentRequest(ottEnrollmentRequest) return o } -// SetToken adds the token to the enroll ott params -func (o *EnrollOttParams) SetToken(token strfmt.UUID) { - o.Token = token +// SetOttEnrollmentRequest adds the ottEnrollmentRequest to the enroll ott params +func (o *EnrollOttParams) SetOttEnrollmentRequest(ottEnrollmentRequest *rest_model.OttEnrollmentRequest) { + o.OttEnrollmentRequest = ottEnrollmentRequest } // WriteToRequest writes these params to a swagger request @@ -159,13 +162,8 @@ func (o *EnrollOttParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Reg return err } var res []error - - // query param token - qrToken := o.Token - qToken := qrToken.String() - if qToken != "" { - - if err := r.SetQueryParam("token", qToken); err != nil { + if o.OttEnrollmentRequest != nil { + if err := r.SetBodyParam(o.OttEnrollmentRequest); err != nil { return err } } diff --git a/rest_client_api_server/doc.go b/rest_client_api_server/doc.go index df74f754..d9f97bab 100644 --- a/rest_client_api_server/doc.go +++ b/rest_client_api_server/doc.go @@ -30,7 +30,7 @@ // https // Host: demo.ziti.dev // BasePath: /edge/client/v1 -// Version: 0.26.18 +// Version: 0.26.20 // License: Apache 2.0 https://www.apache.org/licenses/LICENSE-2.0.html // Contact: OpenZiti https://openziti.discourse.group // diff --git a/rest_client_api_server/embedded_spec.go b/rest_client_api_server/embedded_spec.go index b6b58a46..2b34030d 100644 --- a/rest_client_api_server/embedded_spec.go +++ b/rest_client_api_server/embedded_spec.go @@ -64,7 +64,7 @@ func init() { "name": "Apache 2.0", "url": "https://www.apache.org/licenses/LICENSE-2.0.html" }, - "version": "0.26.18" + "version": "0.26.20" }, "host": "demo.ziti.dev", "basePath": "/edge/client/v1", @@ -2214,9 +2214,9 @@ func init() { ], "responses": { "200": { - "description": "Base empty response", + "description": "The recovery codes of an MFA enrollment", "schema": { - "$ref": "#/definitions/empty" + "$ref": "#/definitions/detailMfaRecoveryCodesEnvelope" } }, "401": { @@ -2302,9 +2302,9 @@ func init() { ], "responses": { "200": { - "description": "The recovery codes of an MFA enrollment", + "description": "Base empty response", "schema": { - "$ref": "#/definitions/detailMfaRecoveryCodesEnvelope" + "$ref": "#/definitions/empty" } }, "401": { @@ -2737,11 +2737,13 @@ func init() { }, "parameters": [ { - "type": "string", - "format": "uuid", - "name": "token", - "in": "query", - "required": true + "description": "An OTT enrollment request", + "name": "erOttEnrollmentRequest", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/erOttEnrollmentRequest" + } } ] }, @@ -2907,11 +2909,13 @@ func init() { }, "parameters": [ { - "type": "string", - "format": "uuid", - "name": "token", - "in": "query", - "required": true + "description": "An OTT enrollment request", + "name": "ottEnrollmentRequest", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/ottEnrollmentRequest" + } } ] }, @@ -2957,11 +2961,13 @@ func init() { }, "parameters": [ { - "type": "string", - "format": "uuid", - "name": "token", - "in": "query", - "required": true + "description": "An OTT enrollment request", + "name": "ottEnrollmentRequest", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/ottEnrollmentRequest" + } } ] }, @@ -5927,10 +5933,10 @@ func init() { "type": "object", "required": [ "meta", - "error" + "data" ], "properties": { - "error": { + "data": { "$ref": "#/definitions/detailMfaRecoveryCodes" }, "meta": { @@ -6104,6 +6110,20 @@ func init() { } } }, + "erOttEnrollmentRequest": { + "type": "object", + "properties": { + "clientCsr": { + "type": "string" + }, + "serverCsr": { + "type": "string" + }, + "token": { + "type": "string" + } + } + }, "identityAuthenticators": { "type": "object", "properties": { @@ -6760,13 +6780,9 @@ func init() { "type": "object", "required": [ "nonce", - "keyId", - "algorithm" + "keyId" ], "properties": { - "algorithm": { - "type": "string" - }, "keyId": { "type": "string" }, @@ -6779,12 +6795,18 @@ func init() { "nonceSignature": { "type": "object", "required": [ - "signature" + "signature", + "algorithm", + "kid", + "caPool" ], "properties": { "algorithm": { "type": "string" }, + "caPool": { + "type": "string" + }, "kid": { "type": "string" }, @@ -6821,6 +6843,17 @@ func init() { } } }, + "ottEnrollmentRequest": { + "type": "object", + "properties": { + "clientCsr": { + "type": "string" + }, + "token": { + "type": "string" + } + } + }, "pagination": { "type": "object", "required": [ @@ -7632,7 +7665,7 @@ func init() { "name": "Apache 2.0", "url": "https://www.apache.org/licenses/LICENSE-2.0.html" }, - "version": "0.26.18" + "version": "0.26.20" }, "host": "demo.ziti.dev", "basePath": "/edge/client/v1", @@ -9782,9 +9815,9 @@ func init() { ], "responses": { "200": { - "description": "Base empty response", + "description": "The recovery codes of an MFA enrollment", "schema": { - "$ref": "#/definitions/empty" + "$ref": "#/definitions/detailMfaRecoveryCodesEnvelope" } }, "401": { @@ -9870,9 +9903,9 @@ func init() { ], "responses": { "200": { - "description": "The recovery codes of an MFA enrollment", + "description": "Base empty response", "schema": { - "$ref": "#/definitions/detailMfaRecoveryCodesEnvelope" + "$ref": "#/definitions/empty" } }, "401": { @@ -10305,11 +10338,13 @@ func init() { }, "parameters": [ { - "type": "string", - "format": "uuid", - "name": "token", - "in": "query", - "required": true + "description": "An OTT enrollment request", + "name": "erOttEnrollmentRequest", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/erOttEnrollmentRequest" + } } ] }, @@ -10475,11 +10510,13 @@ func init() { }, "parameters": [ { - "type": "string", - "format": "uuid", - "name": "token", - "in": "query", - "required": true + "description": "An OTT enrollment request", + "name": "ottEnrollmentRequest", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/ottEnrollmentRequest" + } } ] }, @@ -10525,11 +10562,13 @@ func init() { }, "parameters": [ { - "type": "string", - "format": "uuid", - "name": "token", - "in": "query", - "required": true + "description": "An OTT enrollment request", + "name": "ottEnrollmentRequest", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/ottEnrollmentRequest" + } } ] }, @@ -13578,10 +13617,10 @@ func init() { "type": "object", "required": [ "meta", - "error" + "data" ], "properties": { - "error": { + "data": { "$ref": "#/definitions/detailMfaRecoveryCodes" }, "meta": { @@ -13755,6 +13794,20 @@ func init() { } } }, + "erOttEnrollmentRequest": { + "type": "object", + "properties": { + "clientCsr": { + "type": "string" + }, + "serverCsr": { + "type": "string" + }, + "token": { + "type": "string" + } + } + }, "identityAuthenticators": { "type": "object", "properties": { @@ -14411,13 +14464,9 @@ func init() { "type": "object", "required": [ "nonce", - "keyId", - "algorithm" + "keyId" ], "properties": { - "algorithm": { - "type": "string" - }, "keyId": { "type": "string" }, @@ -14430,12 +14479,18 @@ func init() { "nonceSignature": { "type": "object", "required": [ - "signature" + "signature", + "algorithm", + "kid", + "caPool" ], "properties": { "algorithm": { "type": "string" }, + "caPool": { + "type": "string" + }, "kid": { "type": "string" }, @@ -14472,6 +14527,17 @@ func init() { } } }, + "ottEnrollmentRequest": { + "type": "object", + "properties": { + "clientCsr": { + "type": "string" + }, + "token": { + "type": "string" + } + } + }, "pagination": { "type": "object", "required": [ diff --git a/rest_client_api_server/operations/current_identity/create_mfa_recovery_codes_responses.go b/rest_client_api_server/operations/current_identity/create_mfa_recovery_codes_responses.go index 9f4048da..4e1e083e 100644 --- a/rest_client_api_server/operations/current_identity/create_mfa_recovery_codes_responses.go +++ b/rest_client_api_server/operations/current_identity/create_mfa_recovery_codes_responses.go @@ -40,7 +40,7 @@ import ( // CreateMfaRecoveryCodesOKCode is the HTTP code returned for type CreateMfaRecoveryCodesOK const CreateMfaRecoveryCodesOKCode int = 200 -/*CreateMfaRecoveryCodesOK The recovery codes of an MFA enrollment +/*CreateMfaRecoveryCodesOK Base empty response swagger:response createMfaRecoveryCodesOK */ @@ -49,7 +49,7 @@ type CreateMfaRecoveryCodesOK struct { /* In: Body */ - Payload *rest_model.DetailMfaRecoveryCodesEnvelope `json:"body,omitempty"` + Payload *rest_model.Empty `json:"body,omitempty"` } // NewCreateMfaRecoveryCodesOK creates CreateMfaRecoveryCodesOK with default headers values @@ -59,13 +59,13 @@ func NewCreateMfaRecoveryCodesOK() *CreateMfaRecoveryCodesOK { } // WithPayload adds the payload to the create mfa recovery codes o k response -func (o *CreateMfaRecoveryCodesOK) WithPayload(payload *rest_model.DetailMfaRecoveryCodesEnvelope) *CreateMfaRecoveryCodesOK { +func (o *CreateMfaRecoveryCodesOK) WithPayload(payload *rest_model.Empty) *CreateMfaRecoveryCodesOK { o.Payload = payload return o } // SetPayload sets the payload to the create mfa recovery codes o k response -func (o *CreateMfaRecoveryCodesOK) SetPayload(payload *rest_model.DetailMfaRecoveryCodesEnvelope) { +func (o *CreateMfaRecoveryCodesOK) SetPayload(payload *rest_model.Empty) { o.Payload = payload } diff --git a/rest_client_api_server/operations/current_identity/detail_mfa_recovery_codes_responses.go b/rest_client_api_server/operations/current_identity/detail_mfa_recovery_codes_responses.go index 7590c4ef..6dce2842 100644 --- a/rest_client_api_server/operations/current_identity/detail_mfa_recovery_codes_responses.go +++ b/rest_client_api_server/operations/current_identity/detail_mfa_recovery_codes_responses.go @@ -40,7 +40,7 @@ import ( // DetailMfaRecoveryCodesOKCode is the HTTP code returned for type DetailMfaRecoveryCodesOK const DetailMfaRecoveryCodesOKCode int = 200 -/*DetailMfaRecoveryCodesOK Base empty response +/*DetailMfaRecoveryCodesOK The recovery codes of an MFA enrollment swagger:response detailMfaRecoveryCodesOK */ @@ -49,7 +49,7 @@ type DetailMfaRecoveryCodesOK struct { /* In: Body */ - Payload *rest_model.Empty `json:"body,omitempty"` + Payload *rest_model.DetailMfaRecoveryCodesEnvelope `json:"body,omitempty"` } // NewDetailMfaRecoveryCodesOK creates DetailMfaRecoveryCodesOK with default headers values @@ -59,13 +59,13 @@ func NewDetailMfaRecoveryCodesOK() *DetailMfaRecoveryCodesOK { } // WithPayload adds the payload to the detail mfa recovery codes o k response -func (o *DetailMfaRecoveryCodesOK) WithPayload(payload *rest_model.Empty) *DetailMfaRecoveryCodesOK { +func (o *DetailMfaRecoveryCodesOK) WithPayload(payload *rest_model.DetailMfaRecoveryCodesEnvelope) *DetailMfaRecoveryCodesOK { o.Payload = payload return o } // SetPayload sets the payload to the detail mfa recovery codes o k response -func (o *DetailMfaRecoveryCodesOK) SetPayload(payload *rest_model.Empty) { +func (o *DetailMfaRecoveryCodesOK) SetPayload(payload *rest_model.DetailMfaRecoveryCodesEnvelope) { o.Payload = payload } diff --git a/rest_client_api_server/operations/enroll/enroll_er_ott_parameters.go b/rest_client_api_server/operations/enroll/enroll_er_ott_parameters.go index 420b44d8..993918cf 100644 --- a/rest_client_api_server/operations/enroll/enroll_er_ott_parameters.go +++ b/rest_client_api_server/operations/enroll/enroll_er_ott_parameters.go @@ -30,13 +30,16 @@ package enroll // Editing this file might prove futile when you re-run the swagger generate command import ( + "context" + "io" "net/http" "github.com/go-openapi/errors" "github.com/go-openapi/runtime" "github.com/go-openapi/runtime/middleware" - "github.com/go-openapi/strfmt" "github.com/go-openapi/validate" + + "github.com/openziti/edge-api/rest_model" ) // NewEnrollErOttParams creates a new EnrollErOttParams object @@ -56,11 +59,11 @@ type EnrollErOttParams struct { // HTTP Request Object HTTPRequest *http.Request `json:"-"` - /* + /*An OTT enrollment request Required: true - In: query + In: body */ - Token strfmt.UUID + ErOttEnrollmentRequest *rest_model.ErOttEnrollmentRequest } // BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface @@ -72,54 +75,35 @@ func (o *EnrollErOttParams) BindRequest(r *http.Request, route *middleware.Match o.HTTPRequest = r - qs := runtime.Values(r.URL.Query()) - - qToken, qhkToken, _ := qs.GetOK("token") - if err := o.bindToken(qToken, qhkToken, route.Formats); err != nil { - res = append(res, err) + if runtime.HasBody(r) { + defer r.Body.Close() + var body rest_model.ErOttEnrollmentRequest + if err := route.Consumer.Consume(r.Body, &body); err != nil { + if err == io.EOF { + res = append(res, errors.Required("erOttEnrollmentRequest", "body", "")) + } else { + res = append(res, errors.NewParseError("erOttEnrollmentRequest", "body", "", err)) + } + } else { + // validate body object + if err := body.Validate(route.Formats); err != nil { + res = append(res, err) + } + + ctx := validate.WithOperationRequest(context.Background()) + if err := body.ContextValidate(ctx, route.Formats); err != nil { + res = append(res, err) + } + + if len(res) == 0 { + o.ErOttEnrollmentRequest = &body + } + } + } else { + res = append(res, errors.Required("erOttEnrollmentRequest", "body", "")) } if len(res) > 0 { return errors.CompositeValidationError(res...) } return nil } - -// bindToken binds and validates parameter Token from query. -func (o *EnrollErOttParams) bindToken(rawData []string, hasKey bool, formats strfmt.Registry) error { - if !hasKey { - return errors.Required("token", "query", rawData) - } - var raw string - if len(rawData) > 0 { - raw = rawData[len(rawData)-1] - } - - // Required: true - // AllowEmptyValue: false - - if err := validate.RequiredString("token", "query", raw); err != nil { - return err - } - - // Format: uuid - value, err := formats.Parse("uuid", raw) - if err != nil { - return errors.InvalidType("token", "query", "strfmt.UUID", raw) - } - o.Token = *(value.(*strfmt.UUID)) - - if err := o.validateToken(formats); err != nil { - return err - } - - return nil -} - -// validateToken carries on validations for parameter Token -func (o *EnrollErOttParams) validateToken(formats strfmt.Registry) error { - - if err := validate.FormatOf("token", "query", "uuid", o.Token.String(), formats); err != nil { - return err - } - return nil -} diff --git a/rest_client_api_server/operations/enroll/enroll_er_ott_urlbuilder.go b/rest_client_api_server/operations/enroll/enroll_er_ott_urlbuilder.go index 68af26e5..08954a0d 100644 --- a/rest_client_api_server/operations/enroll/enroll_er_ott_urlbuilder.go +++ b/rest_client_api_server/operations/enroll/enroll_er_ott_urlbuilder.go @@ -33,17 +33,11 @@ import ( "errors" "net/url" golangswaggerpaths "path" - - "github.com/go-openapi/strfmt" ) // EnrollErOttURL generates an URL for the enroll er ott operation type EnrollErOttURL struct { - Token strfmt.UUID - _basePath string - // avoid unkeyed usage - _ struct{} } // WithBasePath sets the base path for this url builder, only required when it's different from the @@ -73,15 +67,6 @@ func (o *EnrollErOttURL) Build() (*url.URL, error) { } _result.Path = golangswaggerpaths.Join(_basePath, _path) - qs := make(url.Values) - - tokenQ := o.Token.String() - if tokenQ != "" { - qs.Set("token", tokenQ) - } - - _result.RawQuery = qs.Encode() - return &_result, nil } diff --git a/rest_client_api_server/operations/enroll/enroll_ott_ca_parameters.go b/rest_client_api_server/operations/enroll/enroll_ott_ca_parameters.go index cf57a53c..4efc1f95 100644 --- a/rest_client_api_server/operations/enroll/enroll_ott_ca_parameters.go +++ b/rest_client_api_server/operations/enroll/enroll_ott_ca_parameters.go @@ -30,13 +30,16 @@ package enroll // Editing this file might prove futile when you re-run the swagger generate command import ( + "context" + "io" "net/http" "github.com/go-openapi/errors" "github.com/go-openapi/runtime" "github.com/go-openapi/runtime/middleware" - "github.com/go-openapi/strfmt" "github.com/go-openapi/validate" + + "github.com/openziti/edge-api/rest_model" ) // NewEnrollOttCaParams creates a new EnrollOttCaParams object @@ -56,11 +59,11 @@ type EnrollOttCaParams struct { // HTTP Request Object HTTPRequest *http.Request `json:"-"` - /* + /*An OTT enrollment request Required: true - In: query + In: body */ - Token strfmt.UUID + OttEnrollmentRequest *rest_model.OttEnrollmentRequest } // BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface @@ -72,54 +75,35 @@ func (o *EnrollOttCaParams) BindRequest(r *http.Request, route *middleware.Match o.HTTPRequest = r - qs := runtime.Values(r.URL.Query()) - - qToken, qhkToken, _ := qs.GetOK("token") - if err := o.bindToken(qToken, qhkToken, route.Formats); err != nil { - res = append(res, err) + if runtime.HasBody(r) { + defer r.Body.Close() + var body rest_model.OttEnrollmentRequest + if err := route.Consumer.Consume(r.Body, &body); err != nil { + if err == io.EOF { + res = append(res, errors.Required("ottEnrollmentRequest", "body", "")) + } else { + res = append(res, errors.NewParseError("ottEnrollmentRequest", "body", "", err)) + } + } else { + // validate body object + if err := body.Validate(route.Formats); err != nil { + res = append(res, err) + } + + ctx := validate.WithOperationRequest(context.Background()) + if err := body.ContextValidate(ctx, route.Formats); err != nil { + res = append(res, err) + } + + if len(res) == 0 { + o.OttEnrollmentRequest = &body + } + } + } else { + res = append(res, errors.Required("ottEnrollmentRequest", "body", "")) } if len(res) > 0 { return errors.CompositeValidationError(res...) } return nil } - -// bindToken binds and validates parameter Token from query. -func (o *EnrollOttCaParams) bindToken(rawData []string, hasKey bool, formats strfmt.Registry) error { - if !hasKey { - return errors.Required("token", "query", rawData) - } - var raw string - if len(rawData) > 0 { - raw = rawData[len(rawData)-1] - } - - // Required: true - // AllowEmptyValue: false - - if err := validate.RequiredString("token", "query", raw); err != nil { - return err - } - - // Format: uuid - value, err := formats.Parse("uuid", raw) - if err != nil { - return errors.InvalidType("token", "query", "strfmt.UUID", raw) - } - o.Token = *(value.(*strfmt.UUID)) - - if err := o.validateToken(formats); err != nil { - return err - } - - return nil -} - -// validateToken carries on validations for parameter Token -func (o *EnrollOttCaParams) validateToken(formats strfmt.Registry) error { - - if err := validate.FormatOf("token", "query", "uuid", o.Token.String(), formats); err != nil { - return err - } - return nil -} diff --git a/rest_client_api_server/operations/enroll/enroll_ott_ca_urlbuilder.go b/rest_client_api_server/operations/enroll/enroll_ott_ca_urlbuilder.go index d753d9d9..8834c0dd 100644 --- a/rest_client_api_server/operations/enroll/enroll_ott_ca_urlbuilder.go +++ b/rest_client_api_server/operations/enroll/enroll_ott_ca_urlbuilder.go @@ -33,17 +33,11 @@ import ( "errors" "net/url" golangswaggerpaths "path" - - "github.com/go-openapi/strfmt" ) // EnrollOttCaURL generates an URL for the enroll ott ca operation type EnrollOttCaURL struct { - Token strfmt.UUID - _basePath string - // avoid unkeyed usage - _ struct{} } // WithBasePath sets the base path for this url builder, only required when it's different from the @@ -73,15 +67,6 @@ func (o *EnrollOttCaURL) Build() (*url.URL, error) { } _result.Path = golangswaggerpaths.Join(_basePath, _path) - qs := make(url.Values) - - tokenQ := o.Token.String() - if tokenQ != "" { - qs.Set("token", tokenQ) - } - - _result.RawQuery = qs.Encode() - return &_result, nil } diff --git a/rest_client_api_server/operations/enroll/enroll_ott_parameters.go b/rest_client_api_server/operations/enroll/enroll_ott_parameters.go index 7ff21bba..e158f068 100644 --- a/rest_client_api_server/operations/enroll/enroll_ott_parameters.go +++ b/rest_client_api_server/operations/enroll/enroll_ott_parameters.go @@ -30,13 +30,16 @@ package enroll // Editing this file might prove futile when you re-run the swagger generate command import ( + "context" + "io" "net/http" "github.com/go-openapi/errors" "github.com/go-openapi/runtime" "github.com/go-openapi/runtime/middleware" - "github.com/go-openapi/strfmt" "github.com/go-openapi/validate" + + "github.com/openziti/edge-api/rest_model" ) // NewEnrollOttParams creates a new EnrollOttParams object @@ -56,11 +59,11 @@ type EnrollOttParams struct { // HTTP Request Object HTTPRequest *http.Request `json:"-"` - /* + /*An OTT enrollment request Required: true - In: query + In: body */ - Token strfmt.UUID + OttEnrollmentRequest *rest_model.OttEnrollmentRequest } // BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface @@ -72,54 +75,35 @@ func (o *EnrollOttParams) BindRequest(r *http.Request, route *middleware.Matched o.HTTPRequest = r - qs := runtime.Values(r.URL.Query()) - - qToken, qhkToken, _ := qs.GetOK("token") - if err := o.bindToken(qToken, qhkToken, route.Formats); err != nil { - res = append(res, err) + if runtime.HasBody(r) { + defer r.Body.Close() + var body rest_model.OttEnrollmentRequest + if err := route.Consumer.Consume(r.Body, &body); err != nil { + if err == io.EOF { + res = append(res, errors.Required("ottEnrollmentRequest", "body", "")) + } else { + res = append(res, errors.NewParseError("ottEnrollmentRequest", "body", "", err)) + } + } else { + // validate body object + if err := body.Validate(route.Formats); err != nil { + res = append(res, err) + } + + ctx := validate.WithOperationRequest(context.Background()) + if err := body.ContextValidate(ctx, route.Formats); err != nil { + res = append(res, err) + } + + if len(res) == 0 { + o.OttEnrollmentRequest = &body + } + } + } else { + res = append(res, errors.Required("ottEnrollmentRequest", "body", "")) } if len(res) > 0 { return errors.CompositeValidationError(res...) } return nil } - -// bindToken binds and validates parameter Token from query. -func (o *EnrollOttParams) bindToken(rawData []string, hasKey bool, formats strfmt.Registry) error { - if !hasKey { - return errors.Required("token", "query", rawData) - } - var raw string - if len(rawData) > 0 { - raw = rawData[len(rawData)-1] - } - - // Required: true - // AllowEmptyValue: false - - if err := validate.RequiredString("token", "query", raw); err != nil { - return err - } - - // Format: uuid - value, err := formats.Parse("uuid", raw) - if err != nil { - return errors.InvalidType("token", "query", "strfmt.UUID", raw) - } - o.Token = *(value.(*strfmt.UUID)) - - if err := o.validateToken(formats); err != nil { - return err - } - - return nil -} - -// validateToken carries on validations for parameter Token -func (o *EnrollOttParams) validateToken(formats strfmt.Registry) error { - - if err := validate.FormatOf("token", "query", "uuid", o.Token.String(), formats); err != nil { - return err - } - return nil -} diff --git a/rest_client_api_server/operations/enroll/enroll_ott_urlbuilder.go b/rest_client_api_server/operations/enroll/enroll_ott_urlbuilder.go index 9f682945..2f1b6029 100644 --- a/rest_client_api_server/operations/enroll/enroll_ott_urlbuilder.go +++ b/rest_client_api_server/operations/enroll/enroll_ott_urlbuilder.go @@ -33,17 +33,11 @@ import ( "errors" "net/url" golangswaggerpaths "path" - - "github.com/go-openapi/strfmt" ) // EnrollOttURL generates an URL for the enroll ott operation type EnrollOttURL struct { - Token strfmt.UUID - _basePath string - // avoid unkeyed usage - _ struct{} } // WithBasePath sets the base path for this url builder, only required when it's different from the @@ -73,15 +67,6 @@ func (o *EnrollOttURL) Build() (*url.URL, error) { } _result.Path = golangswaggerpaths.Join(_basePath, _path) - qs := make(url.Values) - - tokenQ := o.Token.String() - if tokenQ != "" { - qs.Set("token", tokenQ) - } - - _result.RawQuery = qs.Encode() - return &_result, nil } diff --git a/rest_management_api_client/current_identity/create_mfa_recovery_codes_responses.go b/rest_management_api_client/current_identity/create_mfa_recovery_codes_responses.go index 1054bc80..3731081d 100644 --- a/rest_management_api_client/current_identity/create_mfa_recovery_codes_responses.go +++ b/rest_management_api_client/current_identity/create_mfa_recovery_codes_responses.go @@ -77,22 +77,22 @@ func NewCreateMfaRecoveryCodesOK() *CreateMfaRecoveryCodesOK { /* CreateMfaRecoveryCodesOK describes a response with status code 200, with default header values. -The recovery codes of an MFA enrollment +Base empty response */ type CreateMfaRecoveryCodesOK struct { - Payload *rest_model.DetailMfaRecoveryCodesEnvelope + Payload *rest_model.Empty } func (o *CreateMfaRecoveryCodesOK) Error() string { return fmt.Sprintf("[POST /current-identity/mfa/recovery-codes][%d] createMfaRecoveryCodesOK %+v", 200, o.Payload) } -func (o *CreateMfaRecoveryCodesOK) GetPayload() *rest_model.DetailMfaRecoveryCodesEnvelope { +func (o *CreateMfaRecoveryCodesOK) GetPayload() *rest_model.Empty { return o.Payload } func (o *CreateMfaRecoveryCodesOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error { - o.Payload = new(rest_model.DetailMfaRecoveryCodesEnvelope) + o.Payload = new(rest_model.Empty) // response payload if err := consumer.Consume(response.Body(), o.Payload); err != nil && err != io.EOF { diff --git a/rest_management_api_client/current_identity/detail_mfa_recovery_codes_responses.go b/rest_management_api_client/current_identity/detail_mfa_recovery_codes_responses.go index f12ed442..ad7204ee 100644 --- a/rest_management_api_client/current_identity/detail_mfa_recovery_codes_responses.go +++ b/rest_management_api_client/current_identity/detail_mfa_recovery_codes_responses.go @@ -77,22 +77,22 @@ func NewDetailMfaRecoveryCodesOK() *DetailMfaRecoveryCodesOK { /* DetailMfaRecoveryCodesOK describes a response with status code 200, with default header values. -Base empty response +The recovery codes of an MFA enrollment */ type DetailMfaRecoveryCodesOK struct { - Payload *rest_model.Empty + Payload *rest_model.DetailMfaRecoveryCodesEnvelope } func (o *DetailMfaRecoveryCodesOK) Error() string { return fmt.Sprintf("[GET /current-identity/mfa/recovery-codes][%d] detailMfaRecoveryCodesOK %+v", 200, o.Payload) } -func (o *DetailMfaRecoveryCodesOK) GetPayload() *rest_model.Empty { +func (o *DetailMfaRecoveryCodesOK) GetPayload() *rest_model.DetailMfaRecoveryCodesEnvelope { return o.Payload } func (o *DetailMfaRecoveryCodesOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error { - o.Payload = new(rest_model.Empty) + o.Payload = new(rest_model.DetailMfaRecoveryCodesEnvelope) // response payload if err := consumer.Consume(response.Body(), o.Payload); err != nil && err != io.EOF { diff --git a/rest_management_api_server/doc.go b/rest_management_api_server/doc.go index d0af278d..34c12619 100644 --- a/rest_management_api_server/doc.go +++ b/rest_management_api_server/doc.go @@ -30,7 +30,7 @@ // https // Host: demo.ziti.dev // BasePath: /edge/management/v1 -// Version: 0.26.18 +// Version: 0.26.20 // License: Apache 2.0 https://www.apache.org/licenses/LICENSE-2.0.html // Contact: OpenZiti https://openziti.discourse.group // diff --git a/rest_management_api_server/embedded_spec.go b/rest_management_api_server/embedded_spec.go index 2f3193c7..89adf6d4 100644 --- a/rest_management_api_server/embedded_spec.go +++ b/rest_management_api_server/embedded_spec.go @@ -64,7 +64,7 @@ func init() { "name": "Apache 2.0", "url": "https://www.apache.org/licenses/LICENSE-2.0.html" }, - "version": "0.26.18" + "version": "0.26.20" }, "host": "demo.ziti.dev", "basePath": "/edge/management/v1", @@ -6208,9 +6208,9 @@ func init() { ], "responses": { "200": { - "description": "Base empty response", + "description": "The recovery codes of an MFA enrollment", "schema": { - "$ref": "#/definitions/empty" + "$ref": "#/definitions/detailMfaRecoveryCodesEnvelope" } }, "401": { @@ -6296,9 +6296,9 @@ func init() { ], "responses": { "200": { - "description": "The recovery codes of an MFA enrollment", + "description": "Base empty response", "schema": { - "$ref": "#/definitions/detailMfaRecoveryCodesEnvelope" + "$ref": "#/definitions/empty" } }, "401": { @@ -23212,10 +23212,10 @@ func init() { "type": "object", "required": [ "meta", - "error" + "data" ], "properties": { - "error": { + "data": { "$ref": "#/definitions/detailMfaRecoveryCodes" }, "meta": { @@ -27976,7 +27976,7 @@ func init() { "name": "Apache 2.0", "url": "https://www.apache.org/licenses/LICENSE-2.0.html" }, - "version": "0.26.18" + "version": "0.26.20" }, "host": "demo.ziti.dev", "basePath": "/edge/management/v1", @@ -34120,9 +34120,9 @@ func init() { ], "responses": { "200": { - "description": "Base empty response", + "description": "The recovery codes of an MFA enrollment", "schema": { - "$ref": "#/definitions/empty" + "$ref": "#/definitions/detailMfaRecoveryCodesEnvelope" } }, "401": { @@ -34208,9 +34208,9 @@ func init() { ], "responses": { "200": { - "description": "The recovery codes of an MFA enrollment", + "description": "Base empty response", "schema": { - "$ref": "#/definitions/detailMfaRecoveryCodesEnvelope" + "$ref": "#/definitions/empty" } }, "401": { @@ -51221,10 +51221,10 @@ func init() { "type": "object", "required": [ "meta", - "error" + "data" ], "properties": { - "error": { + "data": { "$ref": "#/definitions/detailMfaRecoveryCodes" }, "meta": { diff --git a/rest_management_api_server/operations/current_identity/create_mfa_recovery_codes_responses.go b/rest_management_api_server/operations/current_identity/create_mfa_recovery_codes_responses.go index 9f4048da..4e1e083e 100644 --- a/rest_management_api_server/operations/current_identity/create_mfa_recovery_codes_responses.go +++ b/rest_management_api_server/operations/current_identity/create_mfa_recovery_codes_responses.go @@ -40,7 +40,7 @@ import ( // CreateMfaRecoveryCodesOKCode is the HTTP code returned for type CreateMfaRecoveryCodesOK const CreateMfaRecoveryCodesOKCode int = 200 -/*CreateMfaRecoveryCodesOK The recovery codes of an MFA enrollment +/*CreateMfaRecoveryCodesOK Base empty response swagger:response createMfaRecoveryCodesOK */ @@ -49,7 +49,7 @@ type CreateMfaRecoveryCodesOK struct { /* In: Body */ - Payload *rest_model.DetailMfaRecoveryCodesEnvelope `json:"body,omitempty"` + Payload *rest_model.Empty `json:"body,omitempty"` } // NewCreateMfaRecoveryCodesOK creates CreateMfaRecoveryCodesOK with default headers values @@ -59,13 +59,13 @@ func NewCreateMfaRecoveryCodesOK() *CreateMfaRecoveryCodesOK { } // WithPayload adds the payload to the create mfa recovery codes o k response -func (o *CreateMfaRecoveryCodesOK) WithPayload(payload *rest_model.DetailMfaRecoveryCodesEnvelope) *CreateMfaRecoveryCodesOK { +func (o *CreateMfaRecoveryCodesOK) WithPayload(payload *rest_model.Empty) *CreateMfaRecoveryCodesOK { o.Payload = payload return o } // SetPayload sets the payload to the create mfa recovery codes o k response -func (o *CreateMfaRecoveryCodesOK) SetPayload(payload *rest_model.DetailMfaRecoveryCodesEnvelope) { +func (o *CreateMfaRecoveryCodesOK) SetPayload(payload *rest_model.Empty) { o.Payload = payload } diff --git a/rest_management_api_server/operations/current_identity/detail_mfa_recovery_codes_responses.go b/rest_management_api_server/operations/current_identity/detail_mfa_recovery_codes_responses.go index 7590c4ef..6dce2842 100644 --- a/rest_management_api_server/operations/current_identity/detail_mfa_recovery_codes_responses.go +++ b/rest_management_api_server/operations/current_identity/detail_mfa_recovery_codes_responses.go @@ -40,7 +40,7 @@ import ( // DetailMfaRecoveryCodesOKCode is the HTTP code returned for type DetailMfaRecoveryCodesOK const DetailMfaRecoveryCodesOKCode int = 200 -/*DetailMfaRecoveryCodesOK Base empty response +/*DetailMfaRecoveryCodesOK The recovery codes of an MFA enrollment swagger:response detailMfaRecoveryCodesOK */ @@ -49,7 +49,7 @@ type DetailMfaRecoveryCodesOK struct { /* In: Body */ - Payload *rest_model.Empty `json:"body,omitempty"` + Payload *rest_model.DetailMfaRecoveryCodesEnvelope `json:"body,omitempty"` } // NewDetailMfaRecoveryCodesOK creates DetailMfaRecoveryCodesOK with default headers values @@ -59,13 +59,13 @@ func NewDetailMfaRecoveryCodesOK() *DetailMfaRecoveryCodesOK { } // WithPayload adds the payload to the detail mfa recovery codes o k response -func (o *DetailMfaRecoveryCodesOK) WithPayload(payload *rest_model.Empty) *DetailMfaRecoveryCodesOK { +func (o *DetailMfaRecoveryCodesOK) WithPayload(payload *rest_model.DetailMfaRecoveryCodesEnvelope) *DetailMfaRecoveryCodesOK { o.Payload = payload return o } // SetPayload sets the payload to the detail mfa recovery codes o k response -func (o *DetailMfaRecoveryCodesOK) SetPayload(payload *rest_model.Empty) { +func (o *DetailMfaRecoveryCodesOK) SetPayload(payload *rest_model.DetailMfaRecoveryCodesEnvelope) { o.Payload = payload } diff --git a/rest_model/detail_mfa_recovery_codes_envelope.go b/rest_model/detail_mfa_recovery_codes_envelope.go index 040db70e..d0354950 100644 --- a/rest_model/detail_mfa_recovery_codes_envelope.go +++ b/rest_model/detail_mfa_recovery_codes_envelope.go @@ -43,9 +43,9 @@ import ( // swagger:model detailMfaRecoveryCodesEnvelope type DetailMfaRecoveryCodesEnvelope struct { - // error + // data // Required: true - Error *DetailMfaRecoveryCodes `json:"error"` + Data *DetailMfaRecoveryCodes `json:"data"` // meta // Required: true @@ -56,7 +56,7 @@ type DetailMfaRecoveryCodesEnvelope struct { func (m *DetailMfaRecoveryCodesEnvelope) Validate(formats strfmt.Registry) error { var res []error - if err := m.validateError(formats); err != nil { + if err := m.validateData(formats); err != nil { res = append(res, err) } @@ -70,18 +70,18 @@ func (m *DetailMfaRecoveryCodesEnvelope) Validate(formats strfmt.Registry) error return nil } -func (m *DetailMfaRecoveryCodesEnvelope) validateError(formats strfmt.Registry) error { +func (m *DetailMfaRecoveryCodesEnvelope) validateData(formats strfmt.Registry) error { - if err := validate.Required("error", "body", m.Error); err != nil { + if err := validate.Required("data", "body", m.Data); err != nil { return err } - if m.Error != nil { - if err := m.Error.Validate(formats); err != nil { + if m.Data != nil { + if err := m.Data.Validate(formats); err != nil { if ve, ok := err.(*errors.Validation); ok { - return ve.ValidateName("error") + return ve.ValidateName("data") } else if ce, ok := err.(*errors.CompositeError); ok { - return ce.ValidateName("error") + return ce.ValidateName("data") } return err } @@ -114,7 +114,7 @@ func (m *DetailMfaRecoveryCodesEnvelope) validateMeta(formats strfmt.Registry) e func (m *DetailMfaRecoveryCodesEnvelope) ContextValidate(ctx context.Context, formats strfmt.Registry) error { var res []error - if err := m.contextValidateError(ctx, formats); err != nil { + if err := m.contextValidateData(ctx, formats); err != nil { res = append(res, err) } @@ -128,14 +128,14 @@ func (m *DetailMfaRecoveryCodesEnvelope) ContextValidate(ctx context.Context, fo return nil } -func (m *DetailMfaRecoveryCodesEnvelope) contextValidateError(ctx context.Context, formats strfmt.Registry) error { +func (m *DetailMfaRecoveryCodesEnvelope) contextValidateData(ctx context.Context, formats strfmt.Registry) error { - if m.Error != nil { - if err := m.Error.ContextValidate(ctx, formats); err != nil { + if m.Data != nil { + if err := m.Data.ContextValidate(ctx, formats); err != nil { if ve, ok := err.(*errors.Validation); ok { - return ve.ValidateName("error") + return ve.ValidateName("data") } else if ce, ok := err.(*errors.CompositeError); ok { - return ce.ValidateName("error") + return ce.ValidateName("data") } return err } diff --git a/rest_model/er_ott_enrollment_request.go b/rest_model/er_ott_enrollment_request.go new file mode 100644 index 00000000..100627be --- /dev/null +++ b/rest_model/er_ott_enrollment_request.go @@ -0,0 +1,80 @@ +// Code generated by go-swagger; DO NOT EDIT. + +// +// Copyright NetFoundry Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// __ __ _ +// \ \ / / (_) +// \ \ /\ / /_ _ _ __ _ __ _ _ __ __ _ +// \ \/ \/ / _` | '__| '_ \| | '_ \ / _` | +// \ /\ / (_| | | | | | | | | | | (_| | : This file is generated, do not edit it. +// \/ \/ \__,_|_| |_| |_|_|_| |_|\__, | +// __/ | +// |___/ + +package rest_model + +// This file was generated by the swagger tool. +// Editing this file might prove futile when you re-run the swagger generate command + +import ( + "context" + + "github.com/go-openapi/strfmt" + "github.com/go-openapi/swag" +) + +// ErOttEnrollmentRequest er ott enrollment request +// +// swagger:model erOttEnrollmentRequest +type ErOttEnrollmentRequest struct { + + // client csr + ClientCsr string `json:"clientCsr,omitempty"` + + // server csr + ServerCsr string `json:"serverCsr,omitempty"` + + // token + Token string `json:"token,omitempty"` +} + +// Validate validates this er ott enrollment request +func (m *ErOttEnrollmentRequest) Validate(formats strfmt.Registry) error { + return nil +} + +// ContextValidate validates this er ott enrollment request based on context it is used +func (m *ErOttEnrollmentRequest) ContextValidate(ctx context.Context, formats strfmt.Registry) error { + return nil +} + +// MarshalBinary interface implementation +func (m *ErOttEnrollmentRequest) MarshalBinary() ([]byte, error) { + if m == nil { + return nil, nil + } + return swag.WriteJSON(m) +} + +// UnmarshalBinary interface implementation +func (m *ErOttEnrollmentRequest) UnmarshalBinary(b []byte) error { + var res ErOttEnrollmentRequest + if err := swag.ReadJSON(b, &res); err != nil { + return err + } + *m = res + return nil +} diff --git a/rest_model/nonce_challenge.go b/rest_model/nonce_challenge.go index cf0b9ed4..9d385bc8 100644 --- a/rest_model/nonce_challenge.go +++ b/rest_model/nonce_challenge.go @@ -43,10 +43,6 @@ import ( // swagger:model nonceChallenge type NonceChallenge struct { - // algorithm - // Required: true - Algorithm *string `json:"algorithm"` - // key Id // Required: true KeyID *string `json:"keyId"` @@ -61,10 +57,6 @@ type NonceChallenge struct { func (m *NonceChallenge) Validate(formats strfmt.Registry) error { var res []error - if err := m.validateAlgorithm(formats); err != nil { - res = append(res, err) - } - if err := m.validateKeyID(formats); err != nil { res = append(res, err) } @@ -79,15 +71,6 @@ func (m *NonceChallenge) Validate(formats strfmt.Registry) error { return nil } -func (m *NonceChallenge) validateAlgorithm(formats strfmt.Registry) error { - - if err := validate.Required("algorithm", "body", m.Algorithm); err != nil { - return err - } - - return nil -} - func (m *NonceChallenge) validateKeyID(formats strfmt.Registry) error { if err := validate.Required("keyId", "body", m.KeyID); err != nil { diff --git a/rest_model/nonce_signature.go b/rest_model/nonce_signature.go index 79dd1f2d..49744696 100644 --- a/rest_model/nonce_signature.go +++ b/rest_model/nonce_signature.go @@ -44,10 +44,16 @@ import ( type NonceSignature struct { // algorithm - Algorithm string `json:"algorithm,omitempty"` + // Required: true + Algorithm *string `json:"algorithm"` + + // ca pool + // Required: true + CaPool *string `json:"caPool"` // kid - Kid string `json:"kid,omitempty"` + // Required: true + Kid *string `json:"kid"` // signature // Required: true @@ -58,6 +64,18 @@ type NonceSignature struct { func (m *NonceSignature) Validate(formats strfmt.Registry) error { var res []error + if err := m.validateAlgorithm(formats); err != nil { + res = append(res, err) + } + + if err := m.validateCaPool(formats); err != nil { + res = append(res, err) + } + + if err := m.validateKid(formats); err != nil { + res = append(res, err) + } + if err := m.validateSignature(formats); err != nil { res = append(res, err) } @@ -68,6 +86,33 @@ func (m *NonceSignature) Validate(formats strfmt.Registry) error { return nil } +func (m *NonceSignature) validateAlgorithm(formats strfmt.Registry) error { + + if err := validate.Required("algorithm", "body", m.Algorithm); err != nil { + return err + } + + return nil +} + +func (m *NonceSignature) validateCaPool(formats strfmt.Registry) error { + + if err := validate.Required("caPool", "body", m.CaPool); err != nil { + return err + } + + return nil +} + +func (m *NonceSignature) validateKid(formats strfmt.Registry) error { + + if err := validate.Required("kid", "body", m.Kid); err != nil { + return err + } + + return nil +} + func (m *NonceSignature) validateSignature(formats strfmt.Registry) error { if err := validate.Required("signature", "body", m.Signature); err != nil { diff --git a/rest_model/ott_enrollment_request.go b/rest_model/ott_enrollment_request.go new file mode 100644 index 00000000..c296d894 --- /dev/null +++ b/rest_model/ott_enrollment_request.go @@ -0,0 +1,77 @@ +// Code generated by go-swagger; DO NOT EDIT. + +// +// Copyright NetFoundry Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// __ __ _ +// \ \ / / (_) +// \ \ /\ / /_ _ _ __ _ __ _ _ __ __ _ +// \ \/ \/ / _` | '__| '_ \| | '_ \ / _` | +// \ /\ / (_| | | | | | | | | | | (_| | : This file is generated, do not edit it. +// \/ \/ \__,_|_| |_| |_|_|_| |_|\__, | +// __/ | +// |___/ + +package rest_model + +// This file was generated by the swagger tool. +// Editing this file might prove futile when you re-run the swagger generate command + +import ( + "context" + + "github.com/go-openapi/strfmt" + "github.com/go-openapi/swag" +) + +// OttEnrollmentRequest ott enrollment request +// +// swagger:model ottEnrollmentRequest +type OttEnrollmentRequest struct { + + // client csr + ClientCsr string `json:"clientCsr,omitempty"` + + // token + Token string `json:"token,omitempty"` +} + +// Validate validates this ott enrollment request +func (m *OttEnrollmentRequest) Validate(formats strfmt.Registry) error { + return nil +} + +// ContextValidate validates this ott enrollment request based on context it is used +func (m *OttEnrollmentRequest) ContextValidate(ctx context.Context, formats strfmt.Registry) error { + return nil +} + +// MarshalBinary interface implementation +func (m *OttEnrollmentRequest) MarshalBinary() ([]byte, error) { + if m == nil { + return nil, nil + } + return swag.WriteJSON(m) +} + +// UnmarshalBinary interface implementation +func (m *OttEnrollmentRequest) UnmarshalBinary(b []byte) error { + var res OttEnrollmentRequest + if err := swag.ReadJSON(b, &res); err != nil { + return err + } + *m = res + return nil +} diff --git a/rest_util/capool.go b/rest_util/capool.go index 087a37ad..8e51ad30 100644 --- a/rest_util/capool.go +++ b/rest_util/capool.go @@ -17,6 +17,7 @@ package rest_util import ( + "crypto/tls" "crypto/x509" "encoding/base64" "fmt" @@ -50,16 +51,9 @@ func VerifyController(controllerAddr string, caPool *x509.CertPool) (bool, error return true, nil } -// GetControllerWellKnownCas will attempt to connect to a controller and retrieve its PKCS11 well-known CA bundle. -func GetControllerWellKnownCas(controllerAddr string) ([]*x509.Certificate, error) { - tlsConfig, err := NewTlsConfig() - - if err != nil { - return nil, err - } - - tlsConfig.InsecureSkipVerify = true - +// GetControllerWellKnownCasWithTlsConfig will attempt to connect to a controller and retrieve its PKCS11 well-known CA +// bundle with a specific TLS config. +func GetControllerWellKnownCasWithTlsConfig(controllerAddr string, tlsConfig *tls.Config) ([]*x509.Certificate, error) { httpClient, err := NewHttpClientWithTlsConfig(tlsConfig) if err != nil { @@ -87,8 +81,39 @@ func GetControllerWellKnownCas(controllerAddr string) ([]*x509.Certificate, erro return certs.Certificates, nil } +// GetControllerWellKnownCas will attempt to connect to a controller and retrieve its PKCS11 well-known CA bundle. +func GetControllerWellKnownCas(controllerAddr string) ([]*x509.Certificate, error) { + tlsConfig, err := NewTlsConfig() + + if err != nil { + return nil, err + } + + tlsConfig.InsecureSkipVerify = true + + return GetControllerWellKnownCasWithTlsConfig(controllerAddr, tlsConfig) +} + +// GetControllerWellKnownCaPoolWithTlsConfig will attempt to connect to a controller and retrieve its PKCS11 well-known +// CA bundle as an x509.CertPool using a pre-configured TLS config. +func GetControllerWellKnownCaPoolWithTlsConfig(controllerAddr string, tlsConfig *tls.Config) (*x509.CertPool, error) { + certs, err := GetControllerWellKnownCasWithTlsConfig(controllerAddr, tlsConfig) + + if err != nil { + return nil, err + } + + pool := x509.NewCertPool() + + for _, cert := range certs { + pool.AddCert(cert) + } + + return pool, nil +} + // GetControllerWellKnownCaPool will attempt to connect to a controller and retrieve its PKCS11 well-known CA bundle as -// an x509.CertPool +// an x509.CertPool. func GetControllerWellKnownCaPool(controllerAddr string) (*x509.CertPool, error) { certs, err := GetControllerWellKnownCas(controllerAddr) diff --git a/source/client.yml b/source/client.yml index f057a891..6bc3432c 100644 --- a/source/client.yml +++ b/source/client.yml @@ -1,7 +1,7 @@ --- swagger: '2.0' info: - version: 0.26.18 + version: 0.26.20 title: Ziti Edge Client description: OpenZiti Edge Client API contact: diff --git a/source/client/enroll.yml b/source/client/enroll.yml index 08442424..4e95a9dd 100644 --- a/source/client/enroll.yml +++ b/source/client/enroll.yml @@ -49,7 +49,13 @@ paths: enroll-ott: parameters: - - $ref: '../shared/parameters.yml#/token' + - name: ottEnrollmentRequest + in: body + required: true + description: An OTT enrollment request + schema: + $ref: '#/definitions/ottEnrollmentRequest' + post: summary: Enroll an identity via one-time-token description: | @@ -69,7 +75,12 @@ paths: enroll-ottca: parameters: - - $ref: '../shared/parameters.yml#/token' + - name: ottEnrollmentRequest + in: body + required: true + description: An OTT enrollment request + schema: + $ref: '#/definitions/ottEnrollmentRequest' post: summary: Enroll an identity via one-time-token with a pre-exchanged client certificate description: | @@ -118,7 +129,12 @@ paths: enroll-erott: parameters: - - $ref: '../shared/parameters.yml#/token' + - name: erOttEnrollmentRequest + in: body + required: true + description: An OTT enrollment request + schema: + $ref: '#/definitions/erOttEnrollmentRequest' post: summary: Enroll an edge-router description: | @@ -226,6 +242,22 @@ responses: $ref: '#/definitions/nonceSignature' definitions: + ottEnrollmentRequest: + type: object + properties: + token: + type: string + clientCsr: + type: string + erOttEnrollmentRequest: + type: object + properties: + token: + type: string + clientCsr: + type: string + serverCsr: + type: string enrollmentCertsEnvelope: type: object properties: @@ -259,6 +291,9 @@ definitions: type: object required: - signature + - algorithm + - kid + - caPool properties: signature: type: string @@ -266,17 +301,16 @@ definitions: type: string kid: type: string + caPool: + type: string nonceChallenge: type: object required: - nonce - keyId - - algorithm properties: nonce: type: string format: uuid keyId: - type: string - algorithm: type: string \ No newline at end of file diff --git a/source/management.yml b/source/management.yml index 74403b15..8589fcc1 100644 --- a/source/management.yml +++ b/source/management.yml @@ -1,7 +1,7 @@ --- swagger: '2.0' info: - version: 0.26.18 + version: 0.26.20 title: Ziti Edge Management description: OpenZiti Edge Management API contact: diff --git a/source/shared/current-identity-mfa.yml b/source/shared/current-identity-mfa.yml index 823db881..ac2f359e 100644 --- a/source/shared/current-identity-mfa.yml +++ b/source/shared/current-identity-mfa.yml @@ -139,7 +139,7 @@ paths: type: string responses: '200': - $ref: 'standard-responses.yml#/responses/emptyResponse' + $ref: '#/responses/detailMfaRecoveryCodes' '401': $ref: 'standard-responses.yml#/responses/unauthorizedResponse' '404': @@ -166,7 +166,7 @@ paths: $ref: 'authenticate.yml#/definitions/mfaCode' responses: '200': - $ref: '#/responses/detailMfaRecoveryCodes' + $ref: '../shared/standard-responses.yml#/responses/emptyResponse' '401': $ref: 'standard-responses.yml#/responses/unauthorizedResponse' '404': @@ -257,11 +257,11 @@ definitions: type: object required: - meta - - error + - data properties: meta: $ref: 'standard-responses.yml#/definitions/meta' - error: + data: $ref: '#/definitions/detailMfaRecoveryCodes' detailMfaRecoveryCodes: type: object From ed6ec49ca28032e37557201e962a3d538dc88b8e Mon Sep 17 00:00:00 2001 From: Andrew Martinez Date: Wed, 5 Jun 2024 10:03:22 -0400 Subject: [PATCH 3/3] remove version workflow file --- .github/workflows/version-verify.yml | 64 ---------------------------- 1 file changed, 64 deletions(-) delete mode 100644 .github/workflows/version-verify.yml diff --git a/.github/workflows/version-verify.yml b/.github/workflows/version-verify.yml deleted file mode 100644 index de4dd5fe..00000000 --- a/.github/workflows/version-verify.yml +++ /dev/null @@ -1,64 +0,0 @@ -name: Check Version - -on: [push, pull_request] - -jobs: - check-version: - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v2 - - - name: Set up Python - uses: actions/setup-python@v2 - with: - python-version: 3.x - - - name: Install dependencies - run: | - python -m pip install pyyaml packaging - - - name: Fetch tags - run: git fetch --tags - - - name: Get latest version tag - id: get_latest_tag - run: echo "::set-output name=tag::$(git describe --tags `git rev-list --tags --max-count=1`)" - - - name: Check YAML version - env: - LATEST_TAG: ${{ steps.get_latest_tag.outputs.tag }} - run: | - python -c " - import yaml - import re - from packaging.version import Version - -def parse_version(tag): - match = re.match(r'v(\d+\.\d+\.\d+)', tag) - if match: - return Version(match.group(1)) - return None - - latest_tag = '${LATEST_TAG}' - latest_version = parse_version(latest_tag) - -if not latest_version: - print(f'Invalid latest tag format: {latest_tag}') - exit(1) - -with open('path/to/yourfile.yaml', 'r') as f: # Replace with the actual path to your YAML file - data = yaml.safe_load(f) - - yaml_version_str = data.get('info', {}).get('version') -if not yaml_version_str: - print('No version found in YAML file') - exit(1) - - yaml_version = Version(yaml_version_str) - -if yaml_version <= latest_version: - print(f'YAML version ({yaml_version}) is not greater than the latest tag version ({latest_version})') - exit(1) - print(f'YAML version ({yaml_version}) is greater than the latest tag version ({latest_version})') - "