Documentation
¶
Index ¶
- Constants
- Variables
- func BuiltIn() catalog.BuiltIn
- type IMDSAttestorConfig
- type IMDSAttestorPlugin
- func (p *IMDSAttestorPlugin) Attest(stream nodeattestorv1.NodeAttestor_AttestServer) error
- func (p *IMDSAttestorPlugin) Configure(_ context.Context, req *configv1.ConfigureRequest) (*configv1.ConfigureResponse, error)
- func (p *IMDSAttestorPlugin) SetLogger(log hclog.Logger)
- func (p *IMDSAttestorPlugin) Validate(_ context.Context, req *configv1.ValidateRequest) (*configv1.ValidateResponse, error)
- type NetworkInterface
- type SecretAuthConfig
- type SecurityGroup
- type Subnet
- type TenantConfig
- type TokenAuthConfig
- type VMSSInfo
- type VirtualMachine
Constants ¶
View Source
const ( // DigiCert Global Root G2 // Valid until: 15/Jan/2038 // downloaded from https://cacerts.digicert.com/DigiCertGlobalRootG2.crt.pem DigiCertGlobalRootG2Pem = `` /* 1293-byte string literal not displayed */ // DigiCert Global Root CA // Valid until: 10/Nov/2031 // downloaded from https://cacerts.digicert.com/DigiCertGlobalRootCA.crt.pem DigiCertGlobalRootCAPem = `` /* 1337-byte string literal not displayed */ )
View Source
const (
// expected microsoft issuer host
MicrosoftIntermediateIssuerHost = "www.microsoft.com"
)
Variables ¶
View Source
var ( // Expected subject patterns for Azure certificates AzureMetadataSubject = regexp.MustCompile(`^metadata\.azure\.com$`) // Expected issuer patterns MicrosoftAzureRSATLSIssuer = regexp.MustCompile(`^Microsoft Azure RSA TLS Issuing CA \d{2}$`) // The azure Docs state that it should be DigiCert Global Root CA, but it is actually DigiCert Global Root G2 which is the newer version DigiCertGlobalRootCA = regexp.MustCompile(`^DigiCert Global Root G2$`) )
Azure-specific certificate validation constants
Functions ¶
Types ¶
type IMDSAttestorConfig ¶
type IMDSAttestorConfig struct {
Tenants map[string]*TenantConfig `hcl:"tenants" json:"tenants"`
AgentPathTemplate string `hcl:"agent_path_template" json:"agent_path_template"`
}
type IMDSAttestorPlugin ¶
type IMDSAttestorPlugin struct {
nodeattestorbase.Base
nodeattestorv1.UnsafeNodeAttestorServer
configv1.UnsafeConfigServer
// contains filtered or unexported fields
}
func New ¶
func New() *IMDSAttestorPlugin
func (*IMDSAttestorPlugin) Attest ¶
func (p *IMDSAttestorPlugin) Attest(stream nodeattestorv1.NodeAttestor_AttestServer) error
func (*IMDSAttestorPlugin) Configure ¶
func (p *IMDSAttestorPlugin) Configure(_ context.Context, req *configv1.ConfigureRequest) (*configv1.ConfigureResponse, error)
func (*IMDSAttestorPlugin) SetLogger ¶
func (p *IMDSAttestorPlugin) SetLogger(log hclog.Logger)
func (*IMDSAttestorPlugin) Validate ¶
func (p *IMDSAttestorPlugin) Validate(_ context.Context, req *configv1.ValidateRequest) (*configv1.ValidateResponse, error)
type NetworkInterface ¶
type NetworkInterface struct {
Name string `json:"name"`
SecurityGroup SecurityGroup `json:"securityGroup"`
Subnets []Subnet `json:"subnets"`
}
type SecretAuthConfig ¶
type SecurityGroup ¶
type TenantConfig ¶
type TenantConfig struct {
AuthType string `hcl:"auth_type" json:"auth_type"`
SecretAuth *SecretAuthConfig `hcl:"secret_auth" json:"secret_auth"`
TokenAuth *TokenAuthConfig `hcl:"token_auth" json:"token_auth"`
AllowedTags []string `hcl:"allowed_vm_tags" json:"allowed_vm_tags"`
RestrictToSubscriptions []*string `hcl:"restrict_to_subscriptions" json:"restrict_to_subscriptions"`
}
type TokenAuthConfig ¶
type VirtualMachine ¶
type VirtualMachine struct {
ID string `json:"id"`
Name string `json:"name"`
Location string `json:"location"`
Tags map[string]any `json:"tags"`
VMID string `json:"vmId"`
ResourceGroup string `json:"resourceGroup"`
Interfaces []*NetworkInterface `json:"interfaces"`
}
VirtualMachine is a subset of the fields returned by the Resource Graph API
Source Files
Click to show internal directories.
Click to hide internal directories.