forked from stmcginnis/gofish
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathkeypolicy.go
198 lines (169 loc) · 9.21 KB
/
keypolicy.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
//
// SPDX-License-Identifier: BSD-3-Clause
//
package redfish
import (
"encoding/json"
"reflect"
"github.com/stmcginnis/gofish/common"
)
type KeyPolicyType string
const (
// NVMeoFKeyPolicyType shall indicate the key policy is for an NVMe-oF key.
NVMeoFKeyPolicyType KeyPolicyType = "NVMeoF"
)
// NVMeoFCipherSuiteType is This enumeration shall list the NVMe cipher suites that a key is allowed to use.
type NVMeoFCipherSuiteType string
const (
// TLSAES128GCMSHA256NVMeoFCipherSuiteType shall indicate TLS_AES_128_GCM_SHA256 as defined by the 'Mandatory and
// Recommended Cipher Suites' clause in the NVMe TCP Transport Specification.
TLSAES128GCMSHA256NVMeoFCipherSuiteType NVMeoFCipherSuiteType = "TLS_AES_128_GCM_SHA256"
// TLSAES256GCMSHA384NVMeoFCipherSuiteType shall indicate TLS_AES_256_GCM_SHA384 as defined by the 'Mandatory and
// Recommended Cipher Suites' clause in the NVMe TCP Transport Specification.
TLSAES256GCMSHA384NVMeoFCipherSuiteType NVMeoFCipherSuiteType = "TLS_AES_256_GCM_SHA384"
)
// NVMeoFDHGroupType is This enumeration shall list the Diffie-Hellman (DH) groups that a key is allowed to use.
type NVMeoFDHGroupType string
const (
// FFDHE2048NVMeoFDHGroupType shall indicate the 2048-bit Diffie-Hellman (DH) group as defined by the 'DH-HMAC-CHAP
// Diffie-Hellman group identifiers' figure in the NVMe Base Specification.
FFDHE2048NVMeoFDHGroupType NVMeoFDHGroupType = "FFDHE2048"
// FFDHE3072NVMeoFDHGroupType shall indicate the 3072-bit Diffie-Hellman (DH) group as defined by the 'DH-HMAC-CHAP
// Diffie-Hellman group identifiers' figure in the NVMe Base Specification.
FFDHE3072NVMeoFDHGroupType NVMeoFDHGroupType = "FFDHE3072"
// FFDHE4096NVMeoFDHGroupType shall indicate the 4096-bit Diffie-Hellman (DH) group as defined by the 'DH-HMAC-CHAP
// Diffie-Hellman group identifiers' figure in the NVMe Base Specification.
FFDHE4096NVMeoFDHGroupType NVMeoFDHGroupType = "FFDHE4096"
// FFDHE6144NVMeoFDHGroupType shall indicate the 2048-bit Diffie-Hellman (DH) group as defined by the 'DH-HMAC-CHAP
// Diffie-Hellman group identifiers' figure in the NVMe Base Specification.
FFDHE6144NVMeoFDHGroupType NVMeoFDHGroupType = "FFDHE6144"
// FFDHE8192NVMeoFDHGroupType shall indicate the 8192-bit Diffie-Hellman (DH) group as defined by the 'DH-HMAC-CHAP
// Diffie-Hellman group identifiers' figure in the NVMe Base Specification.
FFDHE8192NVMeoFDHGroupType NVMeoFDHGroupType = "FFDHE8192"
)
// NVMeoFSecureHashType is This enumeration shall list the NVMe secure hash algorithms that a key is allowed to
// use.
type NVMeoFSecureHashType string
const (
// SHA256NVMeoFSecureHashType shall indicate the SHA-256 hash function as defined by the 'DH-HMAC-CHAP hash
// function identifiers' figure in the NVMe Base Specification.
SHA256NVMeoFSecureHashType NVMeoFSecureHashType = "SHA256"
// SHA384NVMeoFSecureHashType shall indicate the SHA-384 hash function as defined by the 'DH-HMAC-CHAP hash
// function identifiers' figure in the NVMe Base Specification.
SHA384NVMeoFSecureHashType NVMeoFSecureHashType = "SHA384"
// SHA512NVMeoFSecureHashType shall indicate the SHA-512 hash function as defined by the 'DH-HMAC-CHAP hash
// function identifiers' figure in the NVMe Base Specification.
SHA512NVMeoFSecureHashType NVMeoFSecureHashType = "SHA512"
)
// NVMeoFSecurityProtocolType is a list of the NVMe security protocols that a key is allowed to
// use.
type NVMeoFSecurityProtocolType string
const (
// DHHCNVMeoFSecurityProtocolType shall indicate the Diffie-Hellman Hashed Message Authentication Code Challenge
// Handshake Authentication Protocol (DH-HMAC-CHAP) as defined by the NVMe Base Specification.
DHHCNVMeoFSecurityProtocolType NVMeoFSecurityProtocolType = "DHHC"
// TLSPSKNVMeoFSecurityProtocolType shall indicate Transport Layer Security Pre-Shared Key (TLS PSK) as defined by
// the NVMe TCP Transport Specification.
TLSPSKNVMeoFSecurityProtocolType NVMeoFSecurityProtocolType = "TLS_PSK"
// OEMNVMeoFSecurityProtocolType shall indicate an OEM-defined security protocol. The OEMSecurityProtocolAllowList
// property shall contain the specific OEM protocol.
OEMNVMeoFSecurityProtocolType NVMeoFSecurityProtocolType = "OEM"
)
// NVMeoFSecurityTransportType is This enumeration shall list the NVMe security transports that a key is allowed to
// use.
type NVMeoFSecurityTransportType string
const (
// TLSv2NVMeoFSecurityTransportType shall indicate Transport Layer Security (TLS) v2 as defined by the 'Transport
// Specific Address Subtype Definition for NVMe/TCP Transport' figure in the NVMe TCP Transport Specification.
TLSv2NVMeoFSecurityTransportType NVMeoFSecurityTransportType = "TLSv2"
// TLSv3NVMeoFSecurityTransportType shall indicate Transport Layer Security (TLS) v3 as defined by the 'Transport
// Specific Address Subtype Definition for NVMe/TCP Transport' figure in the NVMe TCP Transport Specification.
TLSv3NVMeoFSecurityTransportType NVMeoFSecurityTransportType = "TLSv3"
)
// KeyPolicy shall represent a key policy for a Redfish implementation.
type KeyPolicy struct {
common.Entity
// ODataContext is the odata context.
ODataContext string `json:"@odata.context"`
// ODataEtag is the odata etag.
ODataEtag string `json:"@odata.etag"`
// ODataType is the odata type.
ODataType string `json:"@odata.type"`
// Description provides a description of this resource.
Description string
// IsDefault shall indicate if this key policy is the policy applied when no other policies are specified.
IsDefault bool
// KeyPolicyType shall contain the type of key policy.
KeyPolicyType KeyPolicyType
// NVMeoF shall contain NVMe-oF specific properties for this key policy. This property shall be present if
// KeyPolicyType contains the value 'NVMeoF'.
NVMeoF NVMeoF
// Oem shall contain the OEM extensions. All values for properties that this object contains shall conform to the
// Redfish Specification-described requirements.
OEM json.RawMessage `json:"Oem"`
// rawData holds the original serialized JSON so we can compare updates.
rawData []byte
}
// UnmarshalJSON unmarshals a KeyPolicy object from the raw JSON.
func (keypolicy *KeyPolicy) UnmarshalJSON(b []byte) error {
type temp KeyPolicy
var t struct {
temp
}
err := json.Unmarshal(b, &t)
if err != nil {
return err
}
*keypolicy = KeyPolicy(t.temp)
// Extract the links to other entities for later
// This is a read/write object, so we need to save the raw object data for later
keypolicy.rawData = b
return nil
}
// Update commits updates to this object's properties to the running system.
func (keypolicy *KeyPolicy) Update() error {
// Get a representation of the object's original state so we can find what
// to update.
original := new(KeyPolicy)
original.UnmarshalJSON(keypolicy.rawData)
readWriteFields := []string{
"IsDefault",
}
originalElement := reflect.ValueOf(original).Elem()
currentElement := reflect.ValueOf(keypolicy).Elem()
return keypolicy.Entity.Update(originalElement, currentElement, readWriteFields)
}
// GetKeyPolicy will get a KeyPolicy instance from the service.
func GetKeyPolicy(c common.Client, uri string) (*KeyPolicy, error) {
return common.GetObject[KeyPolicy](c, uri)
}
// ListReferencedKeyPolicys gets the collection of KeyPolicy from
// a provided reference.
func ListReferencedKeyPolicys(c common.Client, link string) ([]*KeyPolicy, error) {
return common.GetCollectionObjects[KeyPolicy](c, link)
}
// NVMeoF shall contain NVMe-oF specific properties for a key policy.
type NVMeoF struct {
// CipherSuiteAllowList shall contain the cipher suites that this key policy allows. The absence of the property
// shall indicate any cipher suite is allowed. An empty list shall indicate no cipher suites are allowed.
CipherSuiteAllowList []NVMeoFCipherSuiteType
// DHGroupAllowList shall contain the Diffie-Hellman (DH) groups that this key policy allows. The absence of the
// property shall indicate any DH group is allowed. An empty list shall indicate no DH groups are allowed.
DHGroupAllowList []NVMeoFDHGroupType
// OEMSecurityProtocolAllowList shall contain the OEM-defined security protocols that this key policy allows. NVMe-
// oF channels are restricted to OEM-defined security protocols in this list. An empty list shall indicate no
// security protocols are allowed. This property shall be present if SecurityProtocolAllowList contains 'OEM'.
OEMSecurityProtocolAllowList []string
// SecureHashAllowList shall contain the secure hash algorithms that this key policy allows. The absence of the
// property shall indicate any secure hash algorithm is allowed. An empty list shall indicate no secure hash
// algorithms are allowed.
SecureHashAllowList []NVMeoFSecureHashType
// SecurityProtocolAllowList shall contain the security protocols that this key policy allows. NVMe-oF channels are
// restricted to security protocols in this list. The absence of the property shall indicate any security protocol
// is allowed. An empty list shall indicate no security protocols are allowed.
SecurityProtocolAllowList []NVMeoFSecurityProtocolType
// SecurityTransportAllowList shall contain the security transports that this key policy allows. The absence of the
// property shall indicate any security transport is allowed. An empty list shall indicate no security transports
// are allowed.
SecurityTransportAllowList []NVMeoFSecurityTransportType
}