README
¶
ztsroletoken
Go library to generate roletokens
It has methods to generate a roletoken using an NToken or a service identity TLS certificate
License
Copyright The Athenz Authors
Licensed under the Apache License, Version 2.0
Documentation
¶
Overview ¶
Package ztsroletoken generates roletokens.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewRoleToken ¶
func NewRoleToken(tok zmssvctoken.Token, domain string, opts RoleTokenOptions) *roleToken
NewRoleToken returns a RoleToken implementation based on principal tokens retrieved from the supplied Token implementation for the supplied domain and options.
func NewRoleTokenFromCert ¶
func NewRoleTokenFromCert(certFile, keyFile, domain string, opts RoleTokenOptions) *roleToken
NewRoleTokenFromCert returns a RoleToken implementation based on principal service certificate retrieved from the supplied service certificate for the supplied domain and options.
Types ¶
type RoleToken ¶
type RoleToken interface {
RoleTokenValue() (string, error)
StartPrefetcher() error
StopPrefetcher() error
}
RoleToken is a mechanism to get a role token (ztoken) as a string. It guarantees that the returned token has not expired.
type RoleTokenOptions ¶
type RoleTokenOptions struct {
BaseZTSURL string // the base ZTS URL to use
ProxyURL string // the proxy URL for accessing ZTS
Role string // the single role for which a token is required
MinExpire time.Duration // the minimum expiry of the token in (server default if zero)
MaxExpire time.Duration // the maximum expiry of the token (server default if zero)
AuthHeader string // Auth Header to use while making ZMS calls
CACert []byte // Optional CA certpem to validate the ZTS server
PrefetchInterval time.Duration // the interval at which the role token cache is refreshed in the background
}
RoleTokenOptions allows the caller to supply additional options for getting a role token. The zero-value is a valid configuration.
Source Files