azure

package
v1.14.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 11, 2025 License: Apache-2.0 Imports: 11 Imported by: 3

Documentation

Index

Constants

View Source 
const (
	// DefaultMSIResourceID is the default resource ID to use as the intended
	// audience of the MSI token. The current value is the service ID for the
	// Resource Manager API.
	DefaultMSIResourceID = "https://management.azure.com/"
	PluginName           = "azure_msi"
)
View Source 
const (
	ImdsPluginName = "azure_imds"
)

Variables

View Source 
var DefaultAgentPathTemplate = agentpathtemplate.MustParse("/{{ .PluginName }}/{{ .TenantID }}/{{ .PrincipalID }}")

DefaultAgentPathTemplate is the default text/template

View Source 
var DefaultIMDSAgentPathTemplate = agentpathtemplate.MustParse("/{{ .PluginName }}/{{ .TenantID }}/{{ .SubscriptionID }}/{{ .VMID }}")

Functions

func FetchMSIToken 

func FetchMSIToken(cl HTTPClient, resource string) (string, error)

func MakeAgentID added in v1.5.0 

func MakeAgentID(td spiffeid.TrustDomain, agentPathTemplate *agentpathtemplate.Template, claims *MSITokenClaims) (spiffeid.ID, error)

func MakeIMDSAgentID added in v1.14.0 

func MakeIMDSAgentID(td spiffeid.TrustDomain, agentPathTemplate *agentpathtemplate.Template, data *AttestedDocumentContent) (spiffeid.ID, error)

Types

type AgentUntrustedMetadata added in v1.14.0 

type AgentUntrustedMetadata struct {
	AgentDomain string  `json:"agentDomain"`
	VMSSName    *string `json:"vmssName"`
}

AgentUntrustedMetadata is the untrusted metadata for the IMDS attestation payload. Used to help point the server to the correct tenant and VMSS

type AttestedDocument added in v1.14.0 

type AttestedDocument struct {
	Encoding  string `json:"encoding"`
	Signature string `json:"signature"`
}

func FetchAttestedDocument added in v1.14.0 

func FetchAttestedDocument(cl HTTPClient, nonce string) (*AttestedDocument, error)

type AttestedDocumentContent added in v1.14.0 

type AttestedDocumentContent struct {
	SubscriptionID string `json:"subscriptionId"`
	VMID           string `json:"vmId"`
	Nonce          string `json:"nonce"`
	// TenantID does not actually come from the document, it is added by the server for convenience
	TenantID string `json:"tid"`
}

type ComputeMetadata 

type ComputeMetadata struct {
	Name              string `json:"name"`
	SubscriptionID    string `json:"subscriptionId"`
	ResourceGroupName string `json:"resourceGroupName"`
	VMScaleSetName    string `json:"vmScaleSetName"`
}

type HTTPClient 

type HTTPClient interface {
	Do(*http.Request) (*http.Response, error)
}

type HTTPClientFunc 

type HTTPClientFunc func(*http.Request) (*http.Response, error)

func (HTTPClientFunc) Do 

func (fn HTTPClientFunc) Do(req *http.Request) (*http.Response, error)

type IMDSAttestationPayload added in v1.14.0 

type IMDSAttestationPayload struct {
	Document AttestedDocument `json:"document"`
	// Nothing in the metadata should ever be trusted, it is used to help point the server to the correct tenant and VMSS
	Metadata AgentUntrustedMetadata `json:"metadata"`
}

type InstanceMetadata 

type InstanceMetadata struct {
	Compute ComputeMetadata `json:"compute"`
}

func FetchInstanceMetadata 

func FetchInstanceMetadata(cl HTTPClient) (*InstanceMetadata, error)

type MSIAttestationData 

type MSIAttestationData struct {
	Token string `json:"token"`
}

type MSITokenClaims 

type MSITokenClaims struct {
	jwt.Claims
	TenantID    string `json:"tid,omitempty"`
	PrincipalID string `json:"sub,omitempty"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.