node

package

v0.12.2 Latest Latest Go to latest Published: Apr 14, 2021 License: Apache-2.0 Imports: 39 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/spiffe/spire

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type CSR
type Handler
- func NewHandler(config HandlerConfig) (*Handler, error)
type HandlerConfig
type Limiter
- func NewLimiter(l logrus.FieldLogger, rateLimitAttestation bool) Limiter

Constants ¶

View Source

const (
	AttestMsg = iota
	CSRMsg
	JSRMsg
	PushJWTKey
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type CSR ¶

type CSR struct {
	SpiffeID  string
	PublicKey crypto.PublicKey
}

type Handler ¶

type Handler struct {
	node.UnsafeNodeServer
	// contains filtered or unexported fields
}

func NewHandler ¶

func NewHandler(config HandlerConfig) (*Handler, error)

func (*Handler) Attest ¶

func (h *Handler) Attest(stream node.Node_AttestServer) (err error)

Attest attests the node and gets the base node SVID.

func (*Handler) AuthorizeCall ¶

func (h *Handler) AuthorizeCall(ctx context.Context, fullMethod string) (_ context.Context, err error)

func (*Handler) FetchBundle ¶ added in v0.10.0

func (h *Handler) FetchBundle(ctx context.Context, req *node.FetchBundleRequest) (_ *node.FetchBundleResponse, err error)

func (*Handler) FetchJWTSVID ¶

func (h *Handler) FetchJWTSVID(ctx context.Context, req *node.FetchJWTSVIDRequest) (resp *node.FetchJWTSVIDResponse, err error)

func (*Handler) FetchX509CASVID ¶

func (h *Handler) FetchX509CASVID(ctx context.Context, req *node.FetchX509CASVIDRequest) (_ *node.FetchX509CASVIDResponse, err error)

func (*Handler) FetchX509SVID ¶

func (h *Handler) FetchX509SVID(server node.Node_FetchX509SVIDServer) (err error)

FetchX509SVID gets Workload, Agent certs and CA trust bundles. Also used for rotation Base Node SVID or the Registered Node SVID used for this call. List can be empty to allow Node Agent cache refresh).

func (*Handler) PushJWTKeyUpstream ¶ added in v0.10.0

func (h *Handler) PushJWTKeyUpstream(ctx context.Context, req *node.PushJWTKeyUpstreamRequest) (resp *node.PushJWTKeyUpstreamResponse, err error)

type HandlerConfig ¶

type HandlerConfig struct {
	Log         logrus.FieldLogger
	Metrics     telemetry.Metrics
	Catalog     catalog.Catalog
	ServerCA    ca.ServerCA
	TrustDomain url.URL
	Clock       clock.Clock
	Manager     *ca.Manager

	// RateLimitAttestation, if true, rate limits attestation.
	RateLimitAttestation bool

	// Allow agentless SPIFFE IDs when doing node attestation
	AllowAgentlessNodeAttestors bool
}

type Limiter ¶

type Limiter interface {
	Limit(ctx context.Context, msgType, count int) error
}

func NewLimiter ¶

func NewLimiter(l logrus.FieldLogger, rateLimitAttestation bool) Limiter

Newlimiter returns a new node api rate.Limiter

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL