Documentation ¶
Index ¶
- func AgentAuthorizer(log logrus.FieldLogger, ds datastore.DataStore, clk clock.Clock) middleware.AgentAuthorizer
- func EntryFetcher(ds datastore.DataStore) middleware.EntryFetcher
- func Middleware(log logrus.FieldLogger, metrics telemetry.Metrics, ds datastore.DataStore, ...) middleware.Middleware
- func RateLimits(config RateLimitConfig) map[string]api.RateLimiter
- func UpstreamPublisher(manager *ca.Manager) bundle.UpstreamPublisher
- type APIServers
- type AuthorizedEntryFetcherWithFullCache
- type Config
- type Endpoints
- type RateLimitConfig
- type Server
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AgentAuthorizer ¶
func AgentAuthorizer(log logrus.FieldLogger, ds datastore.DataStore, clk clock.Clock) middleware.AgentAuthorizer
func EntryFetcher ¶
func EntryFetcher(ds datastore.DataStore) middleware.EntryFetcher
func Middleware ¶
func Middleware(log logrus.FieldLogger, metrics telemetry.Metrics, ds datastore.DataStore, clk clock.Clock, rlConf RateLimitConfig, policyEngine *authpolicy.Engine, auditLogEnabled bool, adminIDs []spiffeid.ID) middleware.Middleware
func RateLimits ¶
func RateLimits(config RateLimitConfig) map[string]api.RateLimiter
func UpstreamPublisher ¶
Types ¶
type APIServers ¶
type APIServers struct { AgentServer agentv1.AgentServer BundleServer bundlev1.BundleServer DebugServer debugv1_pb.DebugServer EntryServer entryv1.EntryServer HealthServer grpc_health_v1.HealthServer SVIDServer svidv1.SVIDServer TrustDomainServer trustdomainv1.TrustDomainServer }
type AuthorizedEntryFetcherWithFullCache ¶
type AuthorizedEntryFetcherWithFullCache struct {
// contains filtered or unexported fields
}
func NewAuthorizedEntryFetcherWithFullCache ¶
func NewAuthorizedEntryFetcherWithFullCache(ctx context.Context, buildCache entryCacheBuilderFn, log logrus.FieldLogger, clk clock.Clock, cacheReloadInterval time.Duration) (*AuthorizedEntryFetcherWithFullCache, error)
func (*AuthorizedEntryFetcherWithFullCache) FetchAuthorizedEntries ¶
func (*AuthorizedEntryFetcherWithFullCache) RunRebuildCacheTask ¶
func (a *AuthorizedEntryFetcherWithFullCache) RunRebuildCacheTask(ctx context.Context) error
RunRebuildCacheTask starts a ticker which rebuilds the in-memory entry cache.
type Config ¶
type Config struct { // TPCAddr is the address to bind the TCP listener to. TCPAddr *net.TCPAddr // LocalAddr is the local address to bind the listener to. LocalAddr net.Addr // The svid rotator used to obtain the latest server credentials SVIDObserver svid.Observer // The server's configured trust domain. Used for validation, server SVID, etc. TrustDomain spiffeid.TrustDomain // Plugin catalog Catalog catalog.Catalog // Server CA for signing SVIDs ServerCA ca.ServerCA // TTL to use when signing agent SVIDs AgentTTL time.Duration // Bundle endpoint configuration BundleEndpoint bundle.EndpointConfig // CA Manager Manager *ca.Manager // Makes policy decisions AuthPolicyEngine *authpolicy.Engine Log logrus.FieldLogger Metrics telemetry.Metrics // RateLimit holds rate limiting configurations. RateLimit RateLimitConfig Uptime func() time.Duration Clock clock.Clock // CacheReloadInterval controls how often the in-memory entry cache reloads CacheReloadInterval time.Duration AuditLogEnabled bool // AdminIDs are a list of fixed IDs that when presented by a caller in an // X509-SVID, are granted admin rights. AdminIDs []spiffeid.ID BundleManager *bundle_client.Manager }
Config is a configuration for endpoints
type Endpoints ¶
type Endpoints struct { TCPAddr *net.TCPAddr LocalAddr net.Addr SVIDObserver svid.Observer TrustDomain spiffeid.TrustDomain DataStore datastore.DataStore BundleCache *bundle.Cache APIServers APIServers BundleEndpointServer Server Log logrus.FieldLogger Metrics telemetry.Metrics RateLimit RateLimitConfig EntryFetcherCacheRebuildTask func(context.Context) error AuditLogEnabled bool AuthPolicyEngine *authpolicy.Engine AdminIDs []spiffeid.ID }
func (*Endpoints) ListenAndServe ¶
ListenAndServe starts all endpoint servers and blocks until the context is canceled or any of the servers fails to run. If the context is canceled, the function returns nil. Otherwise, the error from the failed server is returned.
type RateLimitConfig ¶
type RateLimitConfig struct { // Attestation, if true, rate limits attestation Attestation bool // Signing, if true, rate limits JWT and X509 signing requests Signing bool }
RateLimitConfig holds rate limiting configurations.
type Server ¶
type Server interface { // ListenAndServe starts all endpoint servers and blocks until the context // is canceled or any of the servers fails to run. If the context is // canceled, the function returns nil. Otherwise, the error from the failed // server is returned. ListenAndServe(ctx context.Context) error }
Server manages gRPC and HTTP endpoint lifecycle
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
internal/acmetest
nolint // forked code
|
nolint // forked code |
internal/autocert
nolint // forked code
|
nolint // forked code |
Click to show internal directories.
Click to hide internal directories.