httpginendpoints

package
v0.0.0-...-3739264 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 1, 2024 License: MIT Imports: 9 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	AZURE_CLIENT_ID            = "AZURE_CLIENT_ID"
	AZURE_TENANT_ID            = "AZURE_TENANT_ID"
	AZURE_FEDERATED_TOKEN_FILE = "AZURE_FEDERATED_TOKEN_FILE"
)

Variables

This section is empty.

Functions

func GetStatus 

func GetStatus(c *gin.Context)

func PostKeyRelease 

func PostKeyRelease(c *gin.Context)

PostKeyRelease retrieves a secret previously imported to Azure Key Vault

  • AKVEndpoint is the uri to the key vault from which the secret will be retrieved
  • MAAEndpoint is the uri to the Microsoft Azure Attestation service endpoint which will author and sign the attestation claims presented to the MSHM during secure key release operation. It needs to be the same as the authority defined in the SKR policy when the secret was imported to the AKV.
  • KID is the key identifier of the secret to be retrieved.

func PostMAAAttest 

func PostMAAAttest(c *gin.Context)

PostMAAAttest retrieves an attestation token issued by Microsoft Azure Attestation service which encodes the request's RuntimeData as a runtime claim

  • RuntimeData is expected to be a base64-standard-encoded string
  • MAAEndpoint is the uri to the Microsoft Azure Attestation service endpoint which will author and sign the attestation token

func PostRawAttest 

func PostRawAttest(c *gin.Context)

PostRawAttest retrieves a hardware attestation report signed by the Platform Security Processor and which encodes the hash digest of the request's RuntimeData in the attestation's ReportData

- RuntimeData is expected to be a base64-standard-encoded string

func RegisterGlobalStates 

func RegisterGlobalStates(certState *attest.CertState, identity *common.Identity, uvmInfo *common.UvmInformation) gin.HandlerFunc

func SetServerReady 

func SetServerReady()

Types

type KeyReleaseData 

type KeyReleaseData struct {
	// MAA endpoint which acts as authority to the key that needs to be released
	MAAEndpoint string `json:"maa_endpoint" binding:"required"`
	// AKV endpoint from which the key is released
	AKVEndpoint string `json:"akv_endpoint" binding:"required"`
	// key identifier for key to be released
	KID string `json:"kid" binding:"required"`
	// In the absence of managed identity assignment to the container group
	// an AAD token issued for authentication with AKV resource may be included
	// in the request to release the key.
	AccessToken string `json:"access_token"`
}

type MAAAttestData 

type MAAAttestData struct {
	// MAA endpoint which authors the MAA token
	MAAEndpoint string `json:"maa_endpoint" binding:"required"`
	// Base64 encoded representation of runtime data to be encoded
	// as runtime claim in the MAA token
	RuntimeData string `json:"runtime_data" binding:"required"`
}

type RawAttestData 

type RawAttestData struct {
	// Base64 encoded representation of runtime data whose hash digest
	// will be encoded as ReportData in the hardware attestation repport
	RuntimeData string `json:"runtime_data" binding:"required"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.