SSHcom · cuongssh · Jun 20, 2024 · Jun 18, 2024 · Jun 19, 2024 · Jun 20, 2024
diff --git a/api/authorizer/client.go b/api/authorizer/client.go
@@ -17,21 +17,6 @@ type Client struct {
 	api restapi.Connector
 }
 
-type templatesResult struct {
-	Count int            `json:"count"`
-	Items []CertTemplate `json:"items"`
-}
-
-type accessGroupResult struct {
-	Count int           `json:"count"`
-	Items []AccessGroup `json:"items"`
-}
-
-type apiCertificateResult struct {
-	Count int              `json:"count"`
-	Items []APICertificate `json:"items"`
-}
-
 // New creates a new authorizer client instance
 func New(api restapi.Connector) *Client {
 	return &Client{api: api}
@@ -355,6 +340,7 @@ func (auth *Client) ExtenderTrustAnchor() (*TrustAnchor, error) {
 	return anchor, err
 }
 
+// MARK: Access Groups
 // AccessGroups lists all access group
 func (auth *Client) AccessGroups(offset, limit int, sortkey, sortdir string) ([]AccessGroup, error) {
 	filters := Params{
@@ -453,6 +439,7 @@ func (auth *Client) DeleteAccessGroupsIdCas(accessGroupID string, caID string) e
 	return err
 }
 
+// MARK: Certs
 // SearchCert search for certificates
 func (auth *Client) SearchCert(offset, limit int, sortkey, sortdir string, cert *APICertificateSearch) ([]APICertificate, error) {
 	filters := Params{
@@ -492,3 +479,86 @@ func (auth *Client) GetCertByID(ID string) (ApiCertificateObject, error) {
 
 	return cert, err
 }
+
+// MARK: Secrets
+// AccountSecrets lists all account secrets
+func (auth *Client) AccountSecrets(limit int, sortdir string) ([]AccountSecrets, error) {
+	filters := Params{
+		Limit:   limit,
+		Sortdir: sortdir,
+	}
+	result := accountSecretsResult{}
+
+	_, err := auth.api.
+		URL("/authorizer/api/v1/secrets").
+		Query(&filters).
+		Get(&result)
+
+	return result.Items, err
+}
+
+// SearchAccountSecrets search for account secrets
+func (auth *Client) SearchAccountSecrets(limit int, sortdir string, search *AccountSecretsSearchRequest) ([]AccountSecrets, error) {
+	filters := Params{
+		Limit:   limit,
+		Sortdir: sortdir,
+	}
+	result := accountSecretsResult{}
+
+	_, err := auth.api.
+		URL("/authorizer/api/v1/secrets/search").
+		Query(&filters).
+		Post(search, &result)
+
+	return result.Items, err
+}
+
+// CheckoutAccountSecret checkout account secret
+func (auth *Client) CheckoutAccountSecret(path string) ([]Checkout, error) {
+	checkoutReq := CheckoutRequest{
+		Path: path,
+	}
+	result := checkoutResult{}
+
+	_, err := auth.api.
+		URL("/authorizer/api/v1/secrets/checkouts").
+		Post(checkoutReq, &result)
+
+	return result.Items, err
+}
+
+// Checkouts lists secret checkouts
+func (auth *Client) Checkouts(limit int, sortdir string) ([]Checkout, error) {
+	filters := Params{
+		Limit:   limit,
+		Sortdir: sortdir,
+	}
+	result := checkoutResult{}
+
+	_, err := auth.api.
+		URL("/authorizer/api/v1/secrets/checkouts").
+		Query(&filters).
+		Get(&result)
+
+	return result.Items, err
+}
+
+// Checkout get checkout by id
+func (auth *Client) Checkout(checkoutId string) (*Checkout, error) {
+	checkout := &Checkout{}
+
+	_, err := auth.api.
+		URL("/authorizer/api/v1/secrets/checkouts/%s", url.PathEscape(checkoutId)).
+		Get(&checkout)
+
+	return checkout, err
+}
+
+// ReleaseCheckout release secret checkout
+func (auth *Client) ReleaseCheckout(checkoutId string) error {
+	_, err := auth.api.
+		URL("/authorizer/api/v1/secrets/checkouts/%s/release", url.PathEscape(checkoutId)).
+		Post(nil)
+
+	return err
+}
diff --git a/api/authorizer/model.go b/api/authorizer/model.go
@@ -6,6 +6,8 @@
 
 package authorizer
 
+import "time"
+
 // Params query params definition
 type Params struct {
 	ResponseType  string `json:"response_type,omitempty"`
@@ -158,26 +160,114 @@ type ApiCertificateSearchResponse struct {
 }
 
 type ApiCertificateObject struct {
-	Type              string       `json:"type"`
-	ID                string       `json:"id"`
-	Serial            string       `json:"serial"`
-	OwnerID           string       `json:"owner_id,omitempty"`
-	Revoked           string       `json:"revoked,omitempty"`
-	RevocationReason  string       `json:"revocation_reason,omitempty"`
-	Cert              string       `json:"cert"`
-	Chain             string       `json:"chain"`
-	Issuer            string       `json:"issuer,omitempty"`
-	Subject           string       `json:"subject,omitempty"`
-	NotBefore         string       `json:"not_before,omitempty"`
-	NotAfter          string       `json:"not_after,omitempty"`
-	KeyUsage          string       `json:"key_usage,omitempty"`
-	BasicConstraints  string       `json:"basic_constraints,omitempty"`
-	Extensions        string       `json:"extensions,omitempty"`
-	FingerPrintSHA1   string       `json:"fingerprint_sha1,omitempty"`
-	FingerPrintSHA256 string       `json:"fingerprint_sha256,omitempty"`
-	SubjectKeyID      string       `json:"subject_key_id,omitempty"`
-	AuthorityKeyID    string       `json:"authority_key_id,omitempty"`
-	ExpiryStatus      ExpiryStatus `json:"expiry_status,omitempty"`
-}
-// ExpiryStatus specifies the certificate expiry status
-type ExpiryStatus string
+	Type              string `json:"type"`
+	ID                string `json:"id"`
+	Serial            string `json:"serial"`
+	OwnerID           string `json:"owner_id,omitempty"`
+	Revoked           string `json:"revoked,omitempty"`
+	RevocationReason  string `json:"revocation_reason,omitempty"`
+	Cert              string `json:"cert"`
+	Chain             string `json:"chain"`
+	Issuer            string `json:"issuer,omitempty"`
+	Subject           string `json:"subject,omitempty"`
+	NotBefore         string `json:"not_before,omitempty"`
+	NotAfter          string `json:"not_after,omitempty"`
+	KeyUsage          string `json:"key_usage,omitempty"`
+	BasicConstraints  string `json:"basic_constraints,omitempty"`
+	Extensions        string `json:"extensions,omitempty"`
+	FingerPrintSHA1   string `json:"fingerprint_sha1,omitempty"`
+	FingerPrintSHA256 string `json:"fingerprint_sha256,omitempty"`
+	SubjectKeyID      string `json:"subject_key_id,omitempty"`
+	AuthorityKeyID    string `json:"authority_key_id,omitempty"`
+	ExpiryStatus      string `json:"expiry_status,omitempty"`
+}
+
+type AccountSecrets struct {
+	Path         string             `json:"path"`
+	Type         string             `json:"type"`
+	Username     string             `json:"username"`
+	Email        string             `json:"email,omitempty"`
+	FullName     string             `json:"full_name,omitempty"`
+	TargetDomain TargetDomainHandle `json:"target_domain,omitempty"`
+	Host         HostPrincipals     `json:"host,omitempty"`
+	Created      string             `json:"created,omitempty"`
+	Updated      string             `json:"updated,omitempty"`
+}
+
+type TargetDomainHandle struct {
+	ID      string `json:"id"`
+	Name    string `json:"name,omitempty"`
+	Deleted bool   `json:"deleted,omitempty"`
+}
+
+type HostPrincipals struct {
+	ID         string   `json:"id"`
+	Addresses  []string `json:"addresses"`
+	CommonName string   `json:"common_name,omitempty"`
+	ExternalID string   `json:"external_id,omitempty"`
+	InstanceID string   `json:"instance_id,omitempty"`
+}
+
+type AccountSecretsSearchRequest struct {
+	Keywords string `json:"keywords"`
+	HostID   string `json:"host_id,omitempty"`
+	Username string `json:"username,omitempty"`
+}
+
+type Checkout struct {
+	ID               string         `json:"id"`
+	Path             string         `json:"path"`
+	Type             string         `json:"type"`
+	Expires          string         `json:"expires"`
+	Created          string         `json:"created"`
+	ExplicitCheckout bool           `json:"explicit_checkout"`
+	Secrets          []Secrets      `json:"secrets"`
+	Username         string         `json:"username"`
+	Email            string         `json:"email,omitempty"`
+	FullName         string         `json:"full_name,omitempty"`
+	Host             HostPrincipals `json:"host,omitempty"`
+	TargetDomain     TargetDomain   `json:"target_domain,omitempty"`
+	ManagedAccountID string         `json:"managed_account_id,omitempty"`
+	UserID           string         `json:"user_id"`
+}
+
+type CheckoutRequest struct {
+	Path string `json:"path"`
+}
+
+type Secrets struct {
+	Version int       `json:"version"`
+	Secret  string    `json:"secret"`
+	Created time.Time `json:"created"`
+}
+
+type TargetDomain struct {
+	ID      string `json:"id"`
+	Name    string `json:"name,omitempty"`
+	Deleted bool   `json:"deleted,omitempty"`
+}
+
+type templatesResult struct {
+	Count int            `json:"count"`
+	Items []CertTemplate `json:"items"`
+}
+
+type accessGroupResult struct {
+	Count int           `json:"count"`
+	Items []AccessGroup `json:"items"`
+}
+
+type apiCertificateResult struct {
+	Count int              `json:"count"`
+	Items []APICertificate `json:"items"`
+}
+
+type accountSecretsResult struct {
+	Count int              `json:"count"`
+	Items []AccountSecrets `json:"items"`
+}
+
+type checkoutResult struct {
+	Count int        `json:"count"`
+	Items []Checkout `json:"items"`
+}