upstreamauthority

package

v1.0.0 Latest Latest Go to latest Published: Jul 8, 2021 License: Apache-2.0 Imports: 15 Imported by: 1

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/spiffe/spire

Links

Open Source Insights

Documentation ¶

Index ¶

type Repository
type UpstreamAuthority
type UpstreamJWTAuthorityStream
type UpstreamX509AuthorityStream
type V0
- func (v0 *V0) MintX509CA(ctx context.Context, csr []byte, preferredTTL time.Duration) (_, _ []*x509.Certificate, _ UpstreamX509AuthorityStream, err error)
- func (v0 *V0) PublishJWTKey(ctx context.Context, jwtKey *common.PublicKey) (_ []*common.PublicKey, _ UpstreamJWTAuthorityStream, err error)
type V1
- func (v1 *V1) MintX509CA(ctx context.Context, csr []byte, preferredTTL time.Duration) (_, _ []*x509.Certificate, _ UpstreamX509AuthorityStream, err error)
- func (v1 *V1) PublishJWTKey(ctx context.Context, jwtKey *common.PublicKey) (_ []*common.PublicKey, _ UpstreamJWTAuthorityStream, err error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Repository ¶ added in v1.0.0

type Repository struct {
	UpstreamAuthority UpstreamAuthority
}

func (*Repository) Clear ¶ added in v1.0.0

func (repo *Repository) Clear()

func (*Repository) ClearUpstreamAuthority ¶ added in v1.0.0

func (repo *Repository) ClearUpstreamAuthority()

func (*Repository) GetUpstreamAuthority ¶ added in v1.0.0

func (repo *Repository) GetUpstreamAuthority() (UpstreamAuthority, bool)

func (*Repository) SetUpstreamAuthority ¶ added in v1.0.0

func (repo *Repository) SetUpstreamAuthority(upstreamAuthority UpstreamAuthority)

type UpstreamAuthority ¶

type UpstreamAuthority interface {
	catalog.PluginInfo

	// MintX509CA sends a CSR to the upstream authority for minting, using the
	// preferred TTL. The preferred TTL is advisory only. Upstream Authorities
	// may choose a different value.  The function returns the newly minted CA,
	// the most recent set of upstream X.509 authorities, and a stream for
	// streaming upstream X.509 authority updates. The returned stream MUST be
	// closed when the caller is no longer interested in updates. If the
	// upstream authority does not support streaming updates, the stream will
	// return io.EOF when called.
	MintX509CA(ctx context.Context, csr []byte, preferredTTL time.Duration) (x509CA, upstreamX509Authorities []*x509.Certificate, stream UpstreamX509AuthorityStream, err error)

	// PublishJWTKey publishes the given JWT key with the upstream authority.
	// Support for this method is optional. Implementations that do not support
	// publishing JWT keys upstream return NotImplemented.
	// The function returns the latest set of upstream JWT authorities and a
	// stream for streaming upstream JWT authority updates. The returned stream
	// MUST be closed when the caller is no longer interested in updates. If
	// the upstream authority does not support streaming updates, the stream
	// will return io.EOF when called.
	PublishJWTKey(ctx context.Context, jwtKey *common.PublicKey) (jwtAuthorities []*common.PublicKey, stream UpstreamJWTAuthorityStream, err error)
}

type UpstreamJWTAuthorityStream ¶ added in v1.0.0

type UpstreamJWTAuthorityStream interface {
	// RecvUpstreamJWTAuthorities returns the latest set of upstream X.509
	// authorities. The call blocks until the update is received, the Close()
	// method is called, or the context originally passed into MintX509CA is
	// canceled. If the function returns an error, no more updates will be
	// available over the stream.
	RecvUpstreamJWTAuthorities() ([]*common.PublicKey, error)

	// Close() closes the stream. It MUST be called by callers of PublishJWTKey
	// when they are done with the stream.
	Close()
}

type UpstreamX509AuthorityStream ¶ added in v1.0.0

type UpstreamX509AuthorityStream interface {
	// RecvUpstreamX509Authorities returns the latest set of upstream X.509
	// authorities. The call blocks until the update is received, the Close()
	// method is called, or the context originally passed into MintX509CA is
	// canceled. If the function returns an error, no more updates will be
	// available over the stream.
	RecvUpstreamX509Authorities() ([]*x509.Certificate, error)

	// Close() closes the stream. It MUST be called by callers of MintX509CA
	// when they are done with the stream.
	Close()
}

type V0 ¶ added in v1.0.0

type V0 struct {
	plugin.Facade
	upstreamauthorityv0.UpstreamAuthorityPluginClient
}

func (*V0) MintX509CA ¶ added in v1.0.0

func (v0 *V0) MintX509CA(ctx context.Context, csr []byte, preferredTTL time.Duration) (_, _ []*x509.Certificate, _ UpstreamX509AuthorityStream, err error)

MintX509CA provides the V0 implementation of the UpstreamAuthority interface method of the same name.

func (*V0) PublishJWTKey ¶ added in v1.0.0

func (v0 *V0) PublishJWTKey(ctx context.Context, jwtKey *common.PublicKey) (_ []*common.PublicKey, _ UpstreamJWTAuthorityStream, err error)

PublishJWTKey provides the V0 implementation of the UpstreamAuthority interface method of the same name.

type V1 ¶ added in v1.0.0

type V1 struct {
	plugin.Facade
	upstreamauthorityv1.UpstreamAuthorityPluginClient
}

func (*V1) MintX509CA ¶ added in v1.0.0

func (v1 *V1) MintX509CA(ctx context.Context, csr []byte, preferredTTL time.Duration) (_, _ []*x509.Certificate, _ UpstreamX509AuthorityStream, err error)

MintX509CA provides the V1 implementation of the UpstreamAuthority interface method of the same name.

func (*V1) PublishJWTKey ¶ added in v1.0.0

func (v1 *V1) PublishJWTKey(ctx context.Context, jwtKey *common.PublicKey) (_ []*common.PublicKey, _ UpstreamJWTAuthorityStream, err error)

PublishJWTKey provides the V1 implementation of the UpstreamAuthority interface method of the same name.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
awspca
awssecret
certmanager
internal/v1
disk
gcpcas
spire
vault

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL