identity

package
v1.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 7, 2026 License: Apache-2.0 Imports: 30 Imported by: 0

Documentation

Overview

Package identity is a generated GoMock package.

Index

Constants

View Source 
const (
	// IdentityTypeSoftware represents file-based (software) identity
	IdentityTypeSoftware = "software"
	// IdentityTypeTPM represents TPM-based identity
	IdentityTypeTPM = "tpm"
)

Variables

View Source 
var (
	// ErrNotInitialized indicates the provider has not been initialized
	ErrNotInitialized = errors.New("identity provider not initialized")
	// ErrNoCertificate indicates no certificate is available
	ErrNoCertificate = errors.New("no certificate available")
	// ErrInvalidProvider indicates an invalid or unsupported provider type
	ErrInvalidProvider = errors.New("invalid provider type")
	// ErrIdentityProofFailed indicates a failure to prove the identity of the device
	ErrIdentityProofFailed = errors.New("identity proof failed")
)

Functions

func GetCSRPath added in v1.0.0 

func GetCSRPath(dataDir string) string

GetCSRPath returns the standard path where CSRs are stored

func LoadCSR added in v1.0.0 

func LoadCSR(rw fileio.ReadWriter, csrPath string) ([]byte, bool, error)

func StoreCSR added in v1.0.0 

func StoreCSR(rw fileio.ReadWriter, csrPath string, csr []byte) error

Types

type Exportable added in v0.10.0 

type Exportable struct {
	// contains filtered or unexported fields
}

func (*Exportable) CSR added in v0.10.0 

func (e *Exportable) CSR() ([]byte, error)

CSR returns the CSR associated with the Exportable or an error if not initialized

func (*Exportable) KeyPEM added in v0.10.0 

func (e *Exportable) KeyPEM() ([]byte, error)

KeyPEM returns the PEM bytes associated with the Exportable or an error if not inialized

func (*Exportable) Name added in v0.10.0 

func (e *Exportable) Name() string

Name returns the name of the Exportable

type ExportableFactory added in v0.10.0 

type ExportableFactory interface {
	// NewExportableProvider creates an ExportableProvider for the specified identity type.
	// Returns an error if the requested identity type is not supported by this factory.
	NewExportableProvider(identityType string) (ExportableProvider, error)
	// CanProvide returns true if the factory is able to provide the requested type
	CanProvide(identityType string) bool
}

ExportableFactory creates ExportableProvider instances for different identity types. The factory is initialized with the capabilities available to the agent and returns errors when unsupported identity types are requested.

func NewExportableFactory added in v0.10.0 

func NewExportableFactory(
	tpmClient tpm.Client,
	log *log.PrefixLogger,
) ExportableFactory

NewExportableFactory creates a new ExportableFactory with the specified capabilities. If tpmClient is nil, the factory will only support software-based identities. If tpmClient is provided, the factory supports both software and TPM identities.

type ExportableProvider added in v0.10.0 

type ExportableProvider interface {
	// NewExportable creates an Exportable for the specified name
	NewExportable(name string) (*Exportable, error)
}

ExportableProvider defines the interface for providing Exportable identities

type MockExportableProvider added in v0.10.0 

type MockExportableProvider struct {
	// contains filtered or unexported fields
}

MockExportableProvider is a mock of ExportableProvider interface.

func NewMockExportableProvider added in v0.10.0 

func NewMockExportableProvider(ctrl *gomock.Controller) *MockExportableProvider

NewMockExportableProvider creates a new mock instance.

func (*MockExportableProvider) EXPECT added in v0.10.0 

func (m *MockExportableProvider) EXPECT() *MockExportableProviderMockRecorder

EXPECT returns an object that allows the caller to indicate expected use.

func (*MockExportableProvider) NewExportable added in v0.10.0 

func (m *MockExportableProvider) NewExportable(name string) (*Exportable, error)

NewExportable mocks base method.

type MockExportableProviderMockRecorder added in v0.10.0 

type MockExportableProviderMockRecorder struct {
	// contains filtered or unexported fields
}

MockExportableProviderMockRecorder is the mock recorder for MockExportableProvider.

func (*MockExportableProviderMockRecorder) NewExportable added in v0.10.0 

func (mr *MockExportableProviderMockRecorder) NewExportable(name any) *gomock.Call

NewExportable indicates an expected call of NewExportable.

type MockProvider 

type MockProvider struct {
	// contains filtered or unexported fields
}

MockProvider is a mock of Provider interface.

func NewMockProvider 

func NewMockProvider(ctrl *gomock.Controller) *MockProvider

NewMockProvider creates a new mock instance.

func (*MockProvider) CreateGRPCClient 

func (m *MockProvider) CreateGRPCClient(config *client0.Config) (grpc_v1.RouterServiceClient, error)

CreateGRPCClient mocks base method.

func (*MockProvider) CreateManagementClient 

func (m *MockProvider) CreateManagementClient(config *client0.Config, metricsCallback client.RPCMetricsCallback) (client.Management, error)

CreateManagementClient mocks base method.

func (*MockProvider) EXPECT 

func (m *MockProvider) EXPECT() *MockProviderMockRecorder

EXPECT returns an object that allows the caller to indicate expected use.

func (*MockProvider) GenerateCSR 

func (m *MockProvider) GenerateCSR(deviceName string) ([]byte, error)

GenerateCSR mocks base method.

func (*MockProvider) GetDeviceName 

func (m *MockProvider) GetDeviceName() (string, error)

GetDeviceName mocks base method.

func (*MockProvider) HasCertificate 

func (m *MockProvider) HasCertificate() bool

HasCertificate mocks base method.

func (*MockProvider) Initialize 

func (m *MockProvider) Initialize(ctx context.Context) error

Initialize mocks base method.

func (*MockProvider) ProveIdentity added in v0.10.0 

func (m *MockProvider) ProveIdentity(ctx context.Context, enrollmentRequest *v1beta1.EnrollmentRequest) error

ProveIdentity mocks base method.

func (*MockProvider) StoreCertificate 

func (m *MockProvider) StoreCertificate(certPEM []byte) error

StoreCertificate mocks base method.

func (*MockProvider) WipeCertificateOnly added in v0.10.0 

func (m *MockProvider) WipeCertificateOnly() error

WipeCertificateOnly mocks base method.

func (*MockProvider) WipeCredentials 

func (m *MockProvider) WipeCredentials() error

WipeCredentials mocks base method.

type MockProviderMockRecorder 

type MockProviderMockRecorder struct {
	// contains filtered or unexported fields
}

MockProviderMockRecorder is the mock recorder for MockProvider.

func (*MockProviderMockRecorder) CreateGRPCClient 

func (mr *MockProviderMockRecorder) CreateGRPCClient(config any) *gomock.Call

CreateGRPCClient indicates an expected call of CreateGRPCClient.

func (*MockProviderMockRecorder) CreateManagementClient 

func (mr *MockProviderMockRecorder) CreateManagementClient(config, metricsCallback any) *gomock.Call

CreateManagementClient indicates an expected call of CreateManagementClient.

func (*MockProviderMockRecorder) GenerateCSR 

func (mr *MockProviderMockRecorder) GenerateCSR(deviceName any) *gomock.Call

GenerateCSR indicates an expected call of GenerateCSR.

func (*MockProviderMockRecorder) GetDeviceName 

func (mr *MockProviderMockRecorder) GetDeviceName() *gomock.Call

GetDeviceName indicates an expected call of GetDeviceName.

func (*MockProviderMockRecorder) HasCertificate 

func (mr *MockProviderMockRecorder) HasCertificate() *gomock.Call

HasCertificate indicates an expected call of HasCertificate.

func (*MockProviderMockRecorder) Initialize 

func (mr *MockProviderMockRecorder) Initialize(ctx any) *gomock.Call

Initialize indicates an expected call of Initialize.

func (*MockProviderMockRecorder) ProveIdentity added in v0.10.0 

func (mr *MockProviderMockRecorder) ProveIdentity(ctx, enrollmentRequest any) *gomock.Call

ProveIdentity indicates an expected call of ProveIdentity.

func (*MockProviderMockRecorder) StoreCertificate 

func (mr *MockProviderMockRecorder) StoreCertificate(certPEM any) *gomock.Call

StoreCertificate indicates an expected call of StoreCertificate.

func (*MockProviderMockRecorder) WipeCertificateOnly added in v0.10.0 

func (mr *MockProviderMockRecorder) WipeCertificateOnly() *gomock.Call

WipeCertificateOnly indicates an expected call of WipeCertificateOnly.

func (*MockProviderMockRecorder) WipeCredentials 

func (mr *MockProviderMockRecorder) WipeCredentials() *gomock.Call

WipeCredentials indicates an expected call of WipeCredentials.

type Provider 

type Provider interface {
	// Initialize sets up the provider and prepares it for use
	Initialize(ctx context.Context) error
	// GetDeviceName returns the device name derived from the public key
	GetDeviceName() (string, error)
	// GenerateCSR creates a certificate signing request using this identity
	GenerateCSR(deviceName string) ([]byte, error)
	// ProveIdentity performs idempotent, provider-specific, identity verification.
	ProveIdentity(ctx context.Context, enrollmentRequest *v1beta1.EnrollmentRequest) error
	// StoreCertificate stores/persists the certificate received from enrollment.
	StoreCertificate(certPEM []byte) error
	// HasCertificate returns true if the provider has a certificate available
	HasCertificate() bool
	// CreateManagementClient creates a fully configured management client with this identity
	CreateManagementClient(config *base_client.Config, metricsCallback client.RPCMetricsCallback) (client.Management, error)
	// CreateGRPCClient creates a fully configured gRPC client with this identity
	CreateGRPCClient(config *base_client.Config) (grpc_v1.RouterServiceClient, error)
	// WipeCredentials securely removes all stored credentials (certificates and keys)
	WipeCredentials() error
	// WipeCertificateOnly securely removes only the certificate (not keys or CSR)
	WipeCertificateOnly() error
}

Provider defines the interface for identity providers that handle device authentication. Different implementations can support file-based keys, TPM-based keys, or other methods.

func NewProvider 

func NewProvider(
	tpmClient tpm.Client,
	rw fileio.ReadWriter,
	config *agent_config.Config,
	log *log.PrefixLogger,
) Provider

NewProvider creates an identity provider

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.