Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type BundleUpdater ¶
type BundleUpdater interface {
// UpdateBundle fetches the local bundle from the datastore and the
// endpoint bundle from the endpoint. The function will return an error if
// the local bundle cannot be fetched, the endpoint bundle cannot be
// downloaded, or there is a problem persisting the bundle. The local
// bundle will always be returned if it was fetched, independent of any
// other failures performing the update. The endpoint bundle is ONLY
// returned if it can be successfully downloaded, is different from the
// local bundle, and is successfully stored.
UpdateBundle(ctx context.Context) (*bundleutil.Bundle, *bundleutil.Bundle, error)
// TrustDomainConfig returns the configuration for the updater
TrustDomainConfig() TrustDomainConfig
}
func NewBundleUpdater ¶
func NewBundleUpdater(config BundleUpdaterConfig) BundleUpdater
type BundleUpdaterConfig ¶
type BundleUpdaterConfig struct {
TrustDomainConfig
TrustDomain spiffeid.TrustDomain
DataStore datastore.DataStore
// contains filtered or unexported fields
}
type Client ¶
type Client interface {
FetchBundle(context.Context) (*bundleutil.Bundle, error)
}
Client is used to fetch a bundle and metadata from a bundle endpoint
func NewClient ¶
func NewClient(config ClientConfig) (Client, error)
type ClientConfig ¶
type ClientConfig struct {
// TrustDomain is the federated trust domain (i.e. domain.test)
TrustDomain spiffeid.TrustDomain
// EndpointURL is the URL used to fetch the bundle of the federated
// trust domain. Is served by a SPIFFE bundle endpoint server.
EndpointURL string
// SPIFFEAuth contains required configuration to authenticate the endpoint
// using SPIFFE authentication. If unset, it is assumed that the endpoint
// is authenticated via Web PKI.
SPIFFEAuth *SPIFFEAuthConfig
// DeprecatedConfig indicates that the configuration comes from a deprecated
// configuration.
// TODO: Remove support for this deprecated config in 1.1.0.
DeprecatedConfig bool
}
type EndpointProfileInfo ¶ added in v1.0.0
type EndpointProfileInfo interface {
// The name of the endpoint profile (e.g. "https_spiffe").
Name() string
}
type HTTPSSPIFFEProfile ¶ added in v1.0.0
type HTTPSSPIFFEProfile struct {
// EndpointSPIFFEID is the expected SPIFFE ID of the bundle endpoint server.
EndpointSPIFFEID spiffeid.ID
}
func (HTTPSSPIFFEProfile) Name ¶ added in v1.0.0
func (p HTTPSSPIFFEProfile) Name() string
type HTTPSWebProfile ¶ added in v1.0.0
type HTTPSWebProfile struct{}
func (HTTPSWebProfile) Name ¶ added in v1.0.0
func (p HTTPSWebProfile) Name() string
type Manager ¶
type Manager struct {
// contains filtered or unexported fields
}
func NewManager ¶
func NewManager(config ManagerConfig) *Manager
type ManagerConfig ¶
type ManagerConfig struct {
Log logrus.FieldLogger
Metrics telemetry.Metrics
DataStore datastore.DataStore
Clock clock.Clock
TrustDomains map[spiffeid.TrustDomain]TrustDomainConfig
// contains filtered or unexported fields
}
type SPIFFEAuthConfig ¶
type SPIFFEAuthConfig struct {
// EndpointSpiffeID is the expected SPIFFE ID of the bundle endpoint server.
EndpointSpiffeID spiffeid.ID
// RootCAs is the set of root CA certificates used to authenticate the
// endpoint server.
RootCAs []*x509.Certificate
}
type TrustDomainConfig ¶
type TrustDomainConfig struct {
// DeprecatedConfig indicates that the configuration comes from a deprecated
// configuration.
// TODO: Remove support for this deprecated config in 1.1.0.
DeprecatedConfig bool
// EndpointURL is the URL used to fetch the bundle of the federated
// trust domain. Is served by a SPIFFE bundle endpoint server.
EndpointURL string
// EndpointProfile is the bundle endpoint profile used by the
// SPIFFE bundle endpoint server.
EndpointProfile EndpointProfileInfo
}
Source Files
Click to show internal directories.
Click to hide internal directories.