compute

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 16, 2024 License: Apache-2.0 Imports: 14 Imported by: 2

Documentation

Index

Constants

View Source 
const (
	// InstanceStatusRunning indicates the running compute instance life cycle state. See https://cloud.google.com/compute/docs/instances/instance-life-cycle
	InstanceStatusRunning = "RUNNING"
	// InstanceStatusStopping indicates the stopping compute instance life cycle state. See https://cloud.google.com/compute/docs/instances/instance-life-cycle
	InstanceStatusStopping = "STOPPING"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type InstanceGetter 

type InstanceGetter = func(ctx context.Context, projectID, zone, instanceName string) (*compute.Instance, error)

InstanceGetter is an abstraction for Google's Golang compute engine service for the purpose of unit testing.

type InstanceIdentity 

type InstanceIdentity struct {
	Claims1 *jwt.Claims
	Claims2 *InstanceIdentityJWTClaims
}

InstanceIdentity contains claims of an instance identity JWT token. See InstanceIdentityVerifier.Verify.

type InstanceIdentityGCEJWTClaims 

type InstanceIdentityGCEJWTClaims struct {
	ProjectID     string `json:"project_id"`
	ProjectNumber int64  `json:"project_number"`
	Zone          string `json:"zone"`
	InstanceID    string `json:"instance_id"`
	InstanceName  string `json:"instance_name"`
	// InstanceCreationTimestamp is a unix timestamp.
	InstanceCreationTimestamp int64    `json:"instance_creation_timestamp"`
	LicenseID                 []string `json:"license_id"`
}

InstanceIdentityGCEJWTClaims is part of InstanceIdentityJWTClaims.

type InstanceIdentityJWTClaims 

type InstanceIdentityJWTClaims struct {
	AuthorizedParty string `json:"azp"`
	Email           string `json:"email"`
	Google          *struct {
		ComputeEngine *InstanceIdentityGCEJWTClaims `json:"compute_engine"`
	} `json:"google"`
}

InstanceIdentityJWTClaims has holds the claims of an instance identity JWT token that are not in "gopkg.in/square/go-jose.v2/jwt".Claims.

type InstanceIdentityVerifier 

type InstanceIdentityVerifier struct {
	// contains filtered or unexported fields
}

InstanceIdentityVerifier is type that verifies instance identities. See NewInstanceIdentityVerifier and https://cloud.google.com/compute/docs/instances/verifying-instance-identity.

func NewInstanceIdentityVerifier 

func NewInstanceIdentityVerifier(audience string, opts ...InstanceIdentityVerifierOption) (*InstanceIdentityVerifier, error)

NewInstanceIdentityVerifier is the constructor for InstanceIdentityVerifier. See https://cloud.google.com/compute/docs/instances/verifying-instance-identity. NOTE: this function uses a hardcoded context.Background() when compiling for app engine. It is recommend to set options WithInstanceGetter and WithServiceAccountGetter when compiling for app engine.

func (*InstanceIdentityVerifier) Verify 

func (a *InstanceIdentityVerifier) Verify(ctx context.Context, jwtString string) (*InstanceIdentity, error)

Verify authenticates a GCE identity JWT token (see https://cloud.google.com/compute/docs/instances/verifying-instance-identity). If the returned error is a *VerifyError then jwtString was successfully determined to be invalid. Otherwise, if an error is returned, the verification attempt failed.

type InstanceIdentityVerifierOption 

type InstanceIdentityVerifierOption = func(a *InstanceIdentityVerifier)

InstanceIdentityVerifierOption is an option that can be passed to NewInstanceIdentityVerifier.

func WithAllowNonUserManagedServiceAccounts 

func WithAllowNonUserManagedServiceAccounts(v bool) InstanceIdentityVerifierOption

WithAllowNonUserManagedServiceAccounts returns an option for NewInstanceIdentityVerifier that sets whether non-user-managed service accounts are allowed. In other words: default service account are rejected.

func WithInstanceGetter 

func WithInstanceGetter(v InstanceGetter) InstanceIdentityVerifierOption

WithInstanceGetter returns an option for NewInstanceIdentityVerifier that sets the compute instance getter.

func WithJWTClaimsLeeway 

func WithJWTClaimsLeeway(v time.Duration) InstanceIdentityVerifierOption

WithJWTClaimsLeeway returns an option for NewInstanceIdentityVerifier that sets the leeway when validating JWT claims. See https://godoc.org/gopkg.in/square/go-jose.v2/jwt#Claims.ValidateWithLeeway

func WithKeySetProvider 

func WithKeySetProvider(v google.KeySetProvider) InstanceIdentityVerifierOption

WithKeySetProvider returns an option for NewInstanceIdentityVerifier that sets the google.KeySetProvider.

func WithMaximumJWTNotExpiredPeriod 

func WithMaximumJWTNotExpiredPeriod(v time.Duration) InstanceIdentityVerifierOption

WithMaximumJWTNotExpiredPeriod returns an option for NewInstanceIdentityVerifier that sets the maximum allowed period that a JWT does not expire.

func WithServiceAccountGetter 

func WithServiceAccountGetter(v google.ServiceAccountGetter) InstanceIdentityVerifierOption

WithServiceAccountGetter returns an option for NewInstanceIdentityVerifier that sets the service account getter.

func WithTimeSource 

func WithTimeSource(v func() time.Time) InstanceIdentityVerifierOption

WithTimeSource returns an option for NewInstanceIdentityVerifier that sets the time source. This is useful for unit testing.

type VerifyError 

type VerifyError struct {
	// contains filtered or unexported fields
}

VerifyError communicates that a successful verification attempt resulted in a negative response.

func (*VerifyError) Error 

func (v *VerifyError) Error() string

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.