spireapi

package
v0.6.6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 4, 2026 License: Apache-2.0 Imports: 24 Imported by: 1

Documentation

Index

Constants

View Source 
const (
	DefaultX509SVIDTTL = time.Hour
)

Variables

This section is empty.

Functions

func ValidateBundleEndpointURL 

func ValidateBundleEndpointURL(s string) error

Types

type BundleClient 

type BundleClient interface {
	// MintX509SVID mints an X509-SVID
	GetBundle(ctx context.Context) (*spiffebundle.Bundle, error)
}

func NewBundleClient 

func NewBundleClient(conn grpc.ClientConnInterface) BundleClient

type BundleEndpointProfile 

type BundleEndpointProfile interface {
	Name() string
	Equal(BundleEndpointProfile) bool
	// contains filtered or unexported methods
}

type Client 

type Client interface {
	EntryClient
	TrustDomainClient
	SVIDClient
	BundleClient
	io.Closer
}

func DialSocket 

func DialSocket(path string, grpcConfig *GrpcConfig) (Client, error)

type Entry 

type Entry struct {
	ID            string
	SPIFFEID      spiffeid.ID
	ParentID      spiffeid.ID
	Selectors     []Selector
	X509SVIDTTL   time.Duration
	JWTSVIDTTL    time.Duration
	FederatesWith []spiffeid.TrustDomain
	Admin         bool
	Downstream    bool
	DNSNames      []string
	Hint          string
	StoreSVID     bool
}

type EntryClient 

type EntryClient interface {
	ListEntries(ctx context.Context) ([]Entry, error)
	CreateEntries(ctx context.Context, entries []Entry) ([]Status, error)
	UpdateEntries(ctx context.Context, entries []Entry) ([]Status, error)
	DeleteEntries(ctx context.Context, entryIDs []string) ([]Status, error)
	GetUnsupportedFields(ctx context.Context, td string) (map[Field]struct{}, error)
}

func NewEntryClient 

func NewEntryClient(conn grpc.ClientConnInterface) EntryClient

type FederationRelationship 

type FederationRelationship struct {
	TrustDomain           spiffeid.TrustDomain
	BundleEndpointURL     string
	BundleEndpointProfile BundleEndpointProfile
	TrustDomainBundle     *spiffebundle.Bundle
}

func (FederationRelationship) Equal 

func (fr FederationRelationship) Equal(other FederationRelationship) bool

type Field added in v0.3.0 

type Field string
const (
	AdminField         Field = "admin"
	DNSNamesField      Field = "dnsNames"
	DownstreamField    Field = "downstream"
	FederatesWithField Field = "federatesWith"
	HintField          Field = "hint"
	JWTSVIDTTLField    Field = "jwtSVIDTTL"
	StoreSVIDField     Field = "storeSVID"
	X509SVIDTTL        Field = "x509SVIDTTL"
)

type GrpcConfig added in v0.6.3 

type GrpcConfig struct {
	// MaxCallRecvMsgSize is the maximum message size the controller manager will receive.
	MaxCallRecvMsgSize int `json:"maxCallRecvMsgSize,omitempty"`
}

type HTTPSSPIFFEProfile 

type HTTPSSPIFFEProfile struct {
	EndpointSPIFFEID spiffeid.ID
}

func (HTTPSSPIFFEProfile) Equal 

func (profile HTTPSSPIFFEProfile) Equal(other BundleEndpointProfile) bool

func (HTTPSSPIFFEProfile) Name 

func (HTTPSSPIFFEProfile) Name() string

type HTTPSWebProfile 

type HTTPSWebProfile struct{}

func (HTTPSWebProfile) Equal 

func (HTTPSWebProfile) Equal(other BundleEndpointProfile) bool

func (HTTPSWebProfile) Name 

func (HTTPSWebProfile) Name() string

type JWTKey 

type JWTKey struct {
	KeyID     string
	PublicKey crypto.PublicKey
	ExpiresAt time.Time
}

type SVIDClient 

type SVIDClient interface {
	// MintX509SVID mints an X509-SVID
	MintX509SVID(ctx context.Context, params X509SVIDParams) (*X509SVID, error)
}

func NewSVIDClient 

func NewSVIDClient(conn grpc.ClientConnInterface) SVIDClient

type Selector 

type Selector struct {
	Type  string
	Value string
}

type Status 

type Status struct {
	Code    codes.Code
	Message string
}

func (Status) Err 

func (s Status) Err() error

type TrustDomainClient 

type TrustDomainClient interface {
	ListFederationRelationships(ctx context.Context) ([]FederationRelationship, error)
	CreateFederationRelationships(ctx context.Context, federationRelationships []FederationRelationship) ([]Status, error)
	UpdateFederationRelationships(ctx context.Context, federationRelationships []FederationRelationship) ([]Status, error)
	DeleteFederationRelationships(ctx context.Context, tds []spiffeid.TrustDomain) ([]Status, error)
}

func NewTrustDomainClient 

func NewTrustDomainClient(conn grpc.ClientConnInterface) TrustDomainClient

type X509SVID 

type X509SVID struct {
	// ID is the SPIFFE ID of the X509-SVID.
	ID spiffeid.ID

	// Key is the private key of the X509-SVID
	Key crypto.Signer

	// CertChain contains the X509-SVID and any intermediates required to
	// chain back to trusted root in the trust domain bundle. The X509-SVID
	// is the first certificate in the chain.
	CertChain []*x509.Certificate

	// ExpiresAt contains the expiration time of the X509-SVID.
	ExpiresAt time.Time
}

type X509SVIDParams 

type X509SVIDParams struct {
	// Key is the X509-SVID private key.
	Key crypto.Signer

	// ID is the SPIFFE ID of the X509-SVID. Required.
	ID spiffeid.ID

	// DNSNames are optional DNS SANs to add to the X509-SVID. Optional.
	DNSNames []string

	// Subject is the Subject of the X509-SVID. Optional.
	Subject pkix.Name

	// TTL is the requested time-to-live. The actual TTL may be smaller than
	// requested. Optional. If unset, the TTL is at most one hour.
	TTL time.Duration
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.