svidstore

package

v1.2.2 Latest Latest Go to latest Published: Apr 7, 2022 License: Apache-2.0 Imports: 14 Imported by: 5

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/spiffe/spire

Links

Open Source Insights

Documentation ¶

Index ¶

func ParseMetadata(metaData []string) (map[string]string, error)
type Data
- func SecretFromProto(req *svidstorev1.PutX509SVIDRequest) (*Data, error)
type Repository
type SVID
type SVIDStore
type V1
- func (v1 *V1) DeleteX509SVID(ctx context.Context, metadata []string) error
- func (v1 *V1) PutX509SVID(ctx context.Context, x509SVID *X509SVID) error
type V1Unofficial
- func (v1 *V1Unofficial) DeleteX509SVID(ctx context.Context, metadata []string) error
- func (v1 *V1Unofficial) PutX509SVID(ctx context.Context, x509SVID *X509SVID) error
type X509SVID

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func ParseMetadata ¶

func ParseMetadata(metaData []string) (map[string]string, error)

ParseMetadata parses metadata from a slice of strings into a map that can be consumed by SVIDStore plugins

Types ¶

type Data ¶

type Data struct {
	// SPIFFEID is the SPIFFE ID of the SVID
	SPIFFEID string `json:"spiffeID,omitempty"`
	// X509SVID is the PEM encoded certificate chain. MAY include intermediates,
	// the leaf certificate (or SVID itself) MUST come first
	X509SVID string `json:"x509SVID,omitempty"`
	// X509SVIDKey is the PEM encoded PKCS#8 private key.
	X509SVIDKey string `json:"x509SVIDKey,omitempty"`
	// Bundle is the PEM encoded X.509 bundle for the trust domain
	Bundle string `json:"bundle,omitempty"`
	// FederatedBundles is the CA certificate bundles belonging to foreign trust domains that the workload should trust,
	// keyed by trust domain. Bundles are in encoded in PEM format.
	FederatedBundles map[string]string `json:"federatedBundles,omitempty"`
}

func SecretFromProto ¶

func SecretFromProto(req *svidstorev1.PutX509SVIDRequest) (*Data, error)

type Repository ¶

type Repository struct {
	SVIDStores map[string]SVIDStore
}

func (*Repository) Clear ¶

func (repo *Repository) Clear()

func (*Repository) GetSVIDStoreNamed ¶

func (repo *Repository) GetSVIDStoreNamed(name string) (SVIDStore, bool)

func (*Repository) SetSVIDStore ¶

func (repo *Repository) SetSVIDStore(svidStore SVIDStore)

type SVID ¶

type SVID struct {
	// SPIFFE ID of the SVID.
	SPIFFEID spiffeid.ID

	// Certificate and intermediates
	CertChain []*x509.Certificate

	// Private key
	PrivateKey crypto.PrivateKey

	// Bundle certificates
	Bundle []*x509.Certificate

	// Expiration timestamp
	ExpiresAt time.Time
}

type SVIDStore ¶

type SVIDStore interface {
	catalog.PluginInfo

	DeleteX509SVID(ctx context.Context, metadata []string) error
	PutX509SVID(context.Context, *X509SVID) error
}

type V1 ¶

type V1 struct {
	plugin.Facade

	svidstorev1.SVIDStorePluginClient
}

func (*V1) DeleteX509SVID ¶

func (v1 *V1) DeleteX509SVID(ctx context.Context, metadata []string) error

func (*V1) PutX509SVID ¶

func (v1 *V1) PutX509SVID(ctx context.Context, x509SVID *X509SVID) error

type V1Unofficial ¶ added in v1.2.0

type V1Unofficial struct {
	plugin.Facade

	svidstorev1unofficial.SVIDStorePluginClient
}

func (*V1Unofficial) DeleteX509SVID ¶ added in v1.2.0

func (v1 *V1Unofficial) DeleteX509SVID(ctx context.Context, metadata []string) error

func (*V1Unofficial) PutX509SVID ¶ added in v1.2.0

func (v1 *V1Unofficial) PutX509SVID(ctx context.Context, x509SVID *X509SVID) error

type X509SVID ¶

type X509SVID struct {
	// X509-SVID to be stored
	SVID *SVID

	// Metadata relevant for plugin to store the SVID
	Metadata []string

	// Federated bundles to store
	FederatedBundles map[string][]*x509.Certificate
}

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
awssecretsmanager
gcpsecretmanager

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL