The highest tagged major version is v3.

identity

package

v0.5.6 Latest Latest Go to latest Published: May 23, 2023 License: Apache-2.0 Imports: 33 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/AthenZ/k8s-athenz-sia

Links

Documentation ¶

Index ¶

Variables
func Authorizerd(idConfig *IdentityConfig, stopChan <-chan struct{}) error
func Certificated(idConfig *IdentityConfig, stopChan <-chan struct{}) error
func InitDefaultValues()
func InitIdentityHandler(config *IdentityConfig) (*identityHandler, error)
func Metricsd(idConfig *IdentityConfig, stopChan <-chan struct{}) error
func PrepareIdentityCsrOptions(config *IdentityConfig, domain, service string) (*util.CSROptions, error)
func PrepareRoleCsrOptions(config *IdentityConfig, domain, service string) (*[]util.CSROptions, error)
func PrivateKeyFromPEMBytes(privatePEMBytes []byte) (crypto.Signer, error)
func Tokend(idConfig *IdentityConfig, stopChan <-chan struct{}) error
type AccessToken
type IdentityConfig
type InstanceIdentity
- func InstanceIdentityFromPEMBytes(pemBytes []byte) (identity *InstanceIdentity, err error)
type RoleCertificate
type RoleToken

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// default values for X.509 certificate signing request
	DEFAULT_COUNTRY             = "US"
	DEFAULT_PROVINCE            string
	DEFAULT_ORGANIZATION        string
	DEFAULT_ORGANIZATIONAL_UNIT = "Athenz"

	// default values for role tokens and access tokens
	DEFAULT_TOKEN_EXPIRY_TIME     = "120"
	DEFAULT_TOKEN_EXPIRY_TIME_INT int

	// DEFAULT_ROLE_CERT_EXPIRY_TIME_BUFFER_MINUTES may be overwritten with go build option (e.g. "-X identity.DEFAULT_ROLE_CERT_EXPIRY_TIME_BUFFER_MINUTES=5")
	DEFAULT_ROLE_CERT_EXPIRY_TIME_BUFFER_MINUTES     = "5"
	DEFAULT_ROLE_CERT_EXPIRY_TIME_BUFFER_MINUTES_INT int

	DEFAULT_ENDPOINT                     string
	DEFAULT_ROLE_AUTH_HEADER             = "Athenz-Role-Auth"
	DEFAULT_DNS_SUFFIX                   = "athenz.cloud"
	DEFAULT_ROLE_CERT_FILENAME_DELIMITER = ":role."
	DEFAULT_INTERMEDIATE_CERT_BUNDLE     string
)

Functions ¶

func Authorizerd ¶ added in v0.5.6

func Authorizerd(idConfig *IdentityConfig, stopChan <-chan struct{}) error

func Certificated ¶

func Certificated(idConfig *IdentityConfig, stopChan <-chan struct{}) error

func InitDefaultValues ¶

func InitDefaultValues()

InitDefaultValues initializes default values from build args

func InitIdentityHandler ¶

func InitIdentityHandler(config *IdentityConfig) (*identityHandler, error)

InitIdentityHandler initializes the ZTS client and parses the config to create CSR options

func Metricsd ¶

func Metricsd(idConfig *IdentityConfig, stopChan <-chan struct{}) error

func PrepareIdentityCsrOptions ¶

func PrepareIdentityCsrOptions(config *IdentityConfig, domain, service string) (*util.CSROptions, error)

PrepareIdentityCsrOptions prepares csrOptions for an X.509 certificate

func PrepareRoleCsrOptions ¶

func PrepareRoleCsrOptions(config *IdentityConfig, domain, service string) (*[]util.CSROptions, error)

PrepareRoleCsrOptions prepares csrOptions for an X.509 certificate

func PrivateKeyFromPEMBytes ¶

func PrivateKeyFromPEMBytes(privatePEMBytes []byte) (crypto.Signer, error)

PrivateKeyFromPEMBytes returns a private key along with its type from its supplied PEM representation.

func Tokend ¶

func Tokend(idConfig *IdentityConfig, stopChan <-chan struct{}) error

Types ¶

type AccessToken ¶

type AccessToken struct {
	Domain      string
	Role        string
	TokenString string
	Expiry      int64
}

AccessToken stores access token

type IdentityConfig ¶

type IdentityConfig struct {
	Init                       bool
	Endpoint                   string
	ProviderService            string
	DNSSuffix                  string
	Refresh                    time.Duration
	DelayJitterSeconds         int64
	KeyFile                    string
	CertFile                   string
	CaCertFile                 string
	IntermediateCertBundle     string
	Backup                     string
	CertSecret                 string
	Namespace                  string
	AthenzDomain               string
	AthenzPrefix               string
	AthenzSuffix               string
	ServiceAccount             string
	SaTokenFile                string
	PodIP                      string
	PodUID                     string
	DeleteInstanceID           bool
	Reloader                   *util.CertReloader
	ServerCACert               string
	TargetDomainRoles          string
	RoleCertDir                string
	RoleCertFilenameDelimiter  string
	TokenDir                   string
	RoleAuthHeader             string
	TokenType                  string
	TokenRefresh               time.Duration
	TokenServerAddr            string
	AuthorizationPolicyDomains string
	AuthorizationServerAddr    string
	MetricsServerAddr          string
	PolicyRefreshInterval      string
	PublicKeyRefreshInterval   string
	AuthorizationCacheInterval string
}

IdentityConfig from cmd line args

type InstanceIdentity ¶

type InstanceIdentity struct {
	X509CertificatePEM   string
	X509CACertificatePEM string
}

InstanceIdentity stores instance identity certificate

func InstanceIdentityFromPEMBytes ¶

func InstanceIdentityFromPEMBytes(pemBytes []byte) (identity *InstanceIdentity, err error)

InstanceIdentityFromPEMBytes returns an InstanceIdentity from its supplied PEM representation.

type RoleCertificate ¶

type RoleCertificate struct {
	Domain          string
	Role            string
	Subject         pkix.Name
	Issuer          pkix.Name
	NotBefore       time.Time
	NotAfter        time.Time
	SerialNumber    *big.Int
	DNSNames        []string
	X509Certificate string
}

RoleCertificate stores role certificate

type RoleToken ¶

type RoleToken struct {
	Domain      string
	Role        string
	TokenString string
	Expiry      int64
}

RoleToken stores role token

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL