Documentation ¶
Index ¶
Constants ¶
const ( // DefaultAgentAddress is the default GRPC address to contact the spire agent at. DefaultAgentAddress = "unix:///tmp/agent.sock" // EnvVarAgentAddress is the environment variable name where the Workload API address may be configured. EnvVarAgentAddress = "SPIFFE_ENDPOINT_SOCKET" )
Variables ¶
This section is empty.
Functions ¶
func GetAgentAddress ¶
func GetAgentAddress() string
GetAgentAddress returns the Workload API agent address configured by the environment or a default.
Types ¶
type X509SVID ¶
type X509SVID struct { SPIFFEID string PrivateKey crypto.Signer Certificates []*x509.Certificate TrustBundle []*x509.Certificate TrustBundlePool *x509.CertPool }
SVID is an X.509 SPIFFE Verifiable Identity Document.
See https://github.com/spiffe/spiffe/blob/master/standards/X509-SVID.md
type X509SVIDClient ¶
type X509SVIDClient struct {
// contains filtered or unexported fields
}
X509SVIDClient interacts with the SPIFFE Workload API.
func NewX509SVIDClient ¶
func NewX509SVIDClient(watcher X509SVIDWatcher, opts ...Option) (*X509SVIDClient, error)
NewX509SVIDClient returns a new Workload API client for X.509 SVIDs.
func (*X509SVIDClient) Start ¶
func (c *X509SVIDClient) Start(ctx context.Context) error
Start starts the client.
The client will always start, and users should rely on the watcher interface to receives updates on the client's status.
It is an error to call Start() more than once. Calling Start() after Stop() is not supported.
type X509SVIDWatcher ¶
type X509SVIDWatcher interface { // UpdateX509SVIDs indicates to the Watcher that the SVID has been updated UpdateX509SVIDs(*X509SVIDs) // OnError indicates an error occurred. OnError(err error) }
X509SVIDWatcher is implemented by consumers who wish to be updated on SVID changes.
type X509SVIDs ¶
type X509SVIDs struct { // SVIDs is a list of X509SVID messages, each of which includes a single // SPIFFE Verifiable Identity Document, along with its private key and bundle. SVIDs []*X509SVID // CRL is a list of revoked certificates. // Unimplemented. CRL *pkix.CertificateList // FederatedBundles are CA certificate bundles belonging to foreign Trust Domains // that the workload should trust, keyed by the SPIFFE ID of the foreign domain. // Unimplemented. FederatedBundles map[string][]*x509.Certificate }
X509SVIDs is an X.509 SVID response from the SPIFFE Workload API.
func (*X509SVIDs) Default ¶
Default returns the default SVID (the first in the list).
See the SPIFFE Workload API standard Section 5.3 (https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE_Workload_API.md#53-default-identity)