client

package

v0.12.0 Latest Latest Go to latest Published: Dec 18, 2020 License: Apache-2.0 Imports: 18 Imported by: 1

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/spiffe/spire

Links

Open Source Insights

Documentation ¶

Index ¶

type BundleUpdater
- func NewBundleUpdater(config BundleUpdaterConfig) BundleUpdater
type BundleUpdaterConfig
type Client
- func NewClient(config ClientConfig) (Client, error)
type ClientConfig
type Manager
- func NewManager(config ManagerConfig) *Manager
- func (m *Manager) Run(ctx context.Context) error
type ManagerConfig
type SPIFFEAuthConfig
type TrustDomainConfig

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type BundleUpdater ¶

type BundleUpdater interface {
	// UpdateBundle fetches the local bundle from the datastore and the
	// endpoint bundle from the endpoint. The function will return an error if
	// the local bundle cannot be fetched, the endpoint bundle cannot be
	// downloaded, or there is a problem persisting the bundle. The local
	// bundle will always be returned if it was fetched, independent of any
	// other failures performing the update. The endpoint bundle is ONLY
	// returned if it can be successfully downloaded, is different from the
	// local bundle, and is successfully stored.
	UpdateBundle(ctx context.Context) (*bundleutil.Bundle, *bundleutil.Bundle, error)
}

func NewBundleUpdater ¶

func NewBundleUpdater(config BundleUpdaterConfig) BundleUpdater

type BundleUpdaterConfig ¶

type BundleUpdaterConfig struct {
	TrustDomainConfig

	TrustDomain string
	DataStore   datastore.DataStore
	// contains filtered or unexported fields
}

type Client ¶

type Client interface {
	FetchBundle(context.Context) (*bundleutil.Bundle, error)
}

Client is used to fetch a bundle and metadata from a bundle endpoint

func NewClient ¶

func NewClient(config ClientConfig) (Client, error)

type ClientConfig ¶

type ClientConfig struct {
	// TrustDomain is the federated trust domain (i.e. domain.test)
	TrustDomain string

	// EndpointAddress is the bundle endpoint for the trust domain.
	EndpointAddress string

	// SPIFFEAuth contains required configuration to authenticate the endpoint
	// using SPIFFE authentication. If unset, it is assumed that the endpoint
	// is authenticated via Web PKI.
	SPIFFEAuth *SPIFFEAuthConfig
}

type Manager ¶

type Manager struct {
	// contains filtered or unexported fields
}

func NewManager ¶

func NewManager(config ManagerConfig) *Manager

func (*Manager) Run ¶

func (m *Manager) Run(ctx context.Context) error

type ManagerConfig ¶

type ManagerConfig struct {
	Log          logrus.FieldLogger
	Metrics      telemetry.Metrics
	DataStore    datastore.DataStore
	Clock        clock.Clock
	TrustDomains map[string]TrustDomainConfig
	// contains filtered or unexported fields
}

type SPIFFEAuthConfig ¶

type SPIFFEAuthConfig struct {
	// EndpointSpiffeID is the expected SPIFFE ID of the endpoint server. If unset, it
	// defaults to the SPIRE server ID within the trust domain.
	EndpointSpiffeID string

	// RootCAs is the set of root CA certificates used to authenticate the
	// endpoint server.
	RootCAs []*x509.Certificate
}

type TrustDomainConfig ¶

type TrustDomainConfig struct {
	// EndpointAddress is the bundle endpoint for the trust domain.
	EndpointAddress string

	// EndpointSpiffeID is the expected SPIFFE ID of the endpoint server. If
	// unset, it defaults to the SPIRE server ID within the trust domain.
	EndpointSpiffeID string

	// UseWebPKI is true if the endpoint should be authenticated with Web PKI.
	// Otherwise, SPIFFE authentication is assumed.
	UseWebPKI bool
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL