endpoints

package
v1.9.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 5, 2024 License: Apache-2.0 Imports: 64 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AgentAuthorizer added in v0.11.0 

func AgentAuthorizer(ds datastore.DataStore, clk clock.Clock) middleware.AgentAuthorizer

func EntryFetcher added in v0.11.0 

func EntryFetcher(ds datastore.DataStore) middleware.EntryFetcher

func Middleware added in v0.11.0 

func Middleware(log logrus.FieldLogger, metrics telemetry.Metrics, ds datastore.DataStore, clk clock.Clock, rlConf RateLimitConfig, policyEngine *authpolicy.Engine, auditLogEnabled bool, adminIDs []spiffeid.ID) middleware.Middleware

func RateLimits added in v0.11.0 

func RateLimits(config RateLimitConfig) map[string]api.RateLimiter

func UpstreamPublisher added in v0.11.0 

func UpstreamPublisher(jwtKeyPublisher manager.JwtKeyPublisher) bundle.UpstreamPublisher

Types

type APIServers added in v0.11.0 

type APIServers struct {
	AgentServer       agentv1.AgentServer
	BundleServer      bundlev1.BundleServer
	DebugServer       debugv1_pb.DebugServer
	EntryServer       entryv1.EntryServer
	HealthServer      grpc_health_v1.HealthServer
	LoggerServer      loggerv1.LoggerServer
	SVIDServer        svidv1.SVIDServer
	TrustDomainServer trustdomainv1.TrustDomainServer
}

type AuthorizedEntryFetcherWithEventsBasedCache added in v1.8.7 

type AuthorizedEntryFetcherWithEventsBasedCache struct {
	// contains filtered or unexported fields
}

func NewAuthorizedEntryFetcherWithEventsBasedCache added in v1.8.7 

func NewAuthorizedEntryFetcherWithEventsBasedCache(ctx context.Context, log logrus.FieldLogger, clk clock.Clock, ds datastore.DataStore, cacheReloadInterval, pruneEventsOlderThan time.Duration) (*AuthorizedEntryFetcherWithEventsBasedCache, error)

func (*AuthorizedEntryFetcherWithEventsBasedCache) FetchAuthorizedEntries added in v1.8.7 

func (a *AuthorizedEntryFetcherWithEventsBasedCache) FetchAuthorizedEntries(_ context.Context, agentID spiffeid.ID) ([]*types.Entry, error)

func (*AuthorizedEntryFetcherWithEventsBasedCache) PruneEventsTask added in v1.8.7 

func (a *AuthorizedEntryFetcherWithEventsBasedCache) PruneEventsTask(ctx context.Context) error

PruneEventsTask start a ticker which prunes old events

func (*AuthorizedEntryFetcherWithEventsBasedCache) RunUpdateCacheTask added in v1.8.7 

func (a *AuthorizedEntryFetcherWithEventsBasedCache) RunUpdateCacheTask(ctx context.Context) error

RunUpdateCacheTask starts a ticker which rebuilds the in-memory entry cache.

type AuthorizedEntryFetcherWithFullCache added in v0.12.0 

type AuthorizedEntryFetcherWithFullCache struct {
	// contains filtered or unexported fields
}

func NewAuthorizedEntryFetcherWithFullCache added in v0.12.0 

func NewAuthorizedEntryFetcherWithFullCache(ctx context.Context, buildCache entryCacheBuilderFn, log logrus.FieldLogger, clk clock.Clock, ds datastore.DataStore, cacheReloadInterval, pruneEventsOlderThan time.Duration) (*AuthorizedEntryFetcherWithFullCache, error)

func (*AuthorizedEntryFetcherWithFullCache) FetchAuthorizedEntries added in v0.12.0 

func (a *AuthorizedEntryFetcherWithFullCache) FetchAuthorizedEntries(_ context.Context, agentID spiffeid.ID) ([]*types.Entry, error)

func (*AuthorizedEntryFetcherWithFullCache) PruneEventsTask added in v1.8.0 

func (a *AuthorizedEntryFetcherWithFullCache) PruneEventsTask(ctx context.Context) error

PruneEventsTask start a ticker which prunes old events

func (*AuthorizedEntryFetcherWithFullCache) RunRebuildCacheTask added in v0.12.0 

func (a *AuthorizedEntryFetcherWithFullCache) RunRebuildCacheTask(ctx context.Context) error

RunRebuildCacheTask starts a ticker which rebuilds the in-memory entry cache.

type Config 

type Config struct {
	// TPCAddr is the address to bind the TCP listener to.
	TCPAddr *net.TCPAddr

	// LocalAddr is the local address to bind the listener to.
	LocalAddr net.Addr

	// The svid rotator used to obtain the latest server credentials
	SVIDObserver svid.Observer

	// The server's configured trust domain. Used for validation, server SVID, etc.
	TrustDomain spiffeid.TrustDomain

	// Plugin catalog
	Catalog catalog.Catalog

	// Server CA for signing SVIDs
	ServerCA ca.ServerCA

	// Bundle endpoint configuration
	BundleEndpoint bundle.EndpointConfig

	// JWTKey publisher
	JWTKeyPublisher manager.JwtKeyPublisher

	// Makes policy decisions
	AuthPolicyEngine *authpolicy.Engine

	// The logger for the endpoints subsystem
	Log logrus.FieldLogger

	// The root logger for the entire process
	RootLog loggerv1.Logger

	// The default (original config) log level
	LaunchLogLevel logrus.Level

	Metrics telemetry.Metrics

	// RateLimit holds rate limiting configurations.
	RateLimit RateLimitConfig

	Uptime func() time.Duration

	Clock clock.Clock

	// CacheReloadInterval controls how often the in-memory entry cache reloads
	CacheReloadInterval time.Duration

	// EventsBasedCache enabled event driven cache reloads
	EventsBasedCache bool

	// PruneEventsOlderThan controls how long events can live before they are pruned
	PruneEventsOlderThan time.Duration

	AuditLogEnabled bool

	// AdminIDs are a list of fixed IDs that when presented by a caller in an
	// X509-SVID, are granted admin rights.
	AdminIDs []spiffeid.ID

	BundleManager *bundle_client.Manager
}

Config is a configuration for endpoints

type Endpoints 

type Endpoints struct {
	TCPAddr                      *net.TCPAddr
	LocalAddr                    net.Addr
	SVIDObserver                 svid.Observer
	TrustDomain                  spiffeid.TrustDomain
	DataStore                    datastore.DataStore
	BundleCache                  *bundle.Cache
	APIServers                   APIServers
	BundleEndpointServer         Server
	Log                          logrus.FieldLogger
	Metrics                      telemetry.Metrics
	RateLimit                    RateLimitConfig
	EntryFetcherCacheRebuildTask func(context.Context) error
	EntryFetcherPruneEventsTask  func(context.Context) error
	AuditLogEnabled              bool
	AuthPolicyEngine             *authpolicy.Engine
	AdminIDs                     []spiffeid.ID
}

func New 

func New(ctx context.Context, c Config) (*Endpoints, error)

New creates new endpoints struct

func (*Endpoints) ListenAndServe 

func (e *Endpoints) ListenAndServe(ctx context.Context) error

ListenAndServe starts all endpoint servers and blocks until the context is canceled or any of the servers fails to run. If the context is canceled, the function returns nil. Otherwise, the error from the failed server is returned.

type RateLimitConfig added in v0.11.0 

type RateLimitConfig struct {
	// Attestation, if true, rate limits attestation
	Attestation bool

	// Signing, if true, rate limits JWT and X509 signing requests
	Signing bool
}

RateLimitConfig holds rate limiting configurations.

type Server 

type Server interface {
	// ListenAndServe starts all endpoint servers and blocks until the context
	// is canceled or any of the servers fails to run. If the context is
	// canceled, the function returns nil. Otherwise, the error from the failed
	// server is returned.
	ListenAndServe(ctx context.Context) error
}

Server manages gRPC and HTTP endpoint lifecycle

Source Files

View all Source files

Directories

Path Synopsis
internal/acmetest
nolint // forked code
 nolint // forked code
internal/autocert
nolint // forked code
 nolint // forked code

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.