Documentation
¶
Index ¶
- type BundleUpdater
- type BundleUpdaterConfig
- type Client
- type ClientConfig
- type EndpointProfileInfo
- type HTTPSSPIFFEProfile
- type HTTPSWebProfile
- type Manager
- type ManagerConfig
- type SPIFFEAuthConfig
- type TrustDomainConfig
- type TrustDomainConfigMap
- type TrustDomainConfigSet
- type TrustDomainConfigSource
- type TrustDomainConfigSourceFunc
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type BundleUpdater ¶
type BundleUpdater interface {
// UpdateBundle fetches the local bundle from the datastore and the
// endpoint bundle from the endpoint. The function will return an error if
// the local bundle cannot be fetched, the endpoint bundle cannot be
// downloaded, or there is a problem persisting the bundle. The local
// bundle will always be returned if it was fetched, independent of any
// other failures performing the update. The endpoint bundle is ONLY
// returned if it can be successfully downloaded, is different from the
// local bundle, and is successfully stored.
UpdateBundle(ctx context.Context) (*bundleutil.Bundle, *bundleutil.Bundle, error)
// GetTrustDomainConfig returns the configuration for the updater
GetTrustDomainConfig() TrustDomainConfig
// SetTrustDomainConfig sets the configuration for the updater
SetTrustDomainConfig(TrustDomainConfig) bool
}
func NewBundleUpdater ¶
func NewBundleUpdater(config BundleUpdaterConfig) BundleUpdater
type BundleUpdaterConfig ¶
type BundleUpdaterConfig struct {
TrustDomain spiffeid.TrustDomain
DataStore datastore.DataStore
TrustDomainConfig TrustDomainConfig
// contains filtered or unexported fields
}
type Client ¶
type Client interface {
FetchBundle(context.Context) (*bundleutil.Bundle, error)
}
Client is used to fetch a bundle and metadata from a bundle endpoint
func NewClient ¶
func NewClient(config ClientConfig) (Client, error)
type ClientConfig ¶
type ClientConfig struct {
// TrustDomain is the federated trust domain (i.e. domain.test)
TrustDomain spiffeid.TrustDomain
// EndpointURL is the URL used to fetch the bundle of the federated
// trust domain. Is served by a SPIFFE bundle endpoint server.
EndpointURL string
// SPIFFEAuth contains required configuration to authenticate the endpoint
// using SPIFFE authentication. If unset, it is assumed that the endpoint
// is authenticated via Web PKI.
SPIFFEAuth *SPIFFEAuthConfig
// contains filtered or unexported fields
}
type EndpointProfileInfo ¶ added in v1.0.0
type EndpointProfileInfo interface {
// The name of the endpoint profile (e.g. "https_spiffe").
Name() string
}
type HTTPSSPIFFEProfile ¶ added in v1.0.0
type HTTPSSPIFFEProfile struct {
// EndpointSPIFFEID is the expected SPIFFE ID of the bundle endpoint server.
EndpointSPIFFEID spiffeid.ID
}
func (HTTPSSPIFFEProfile) Name ¶ added in v1.0.0
func (p HTTPSSPIFFEProfile) Name() string
type HTTPSWebProfile ¶ added in v1.0.0
type HTTPSWebProfile struct{}
func (HTTPSWebProfile) Name ¶ added in v1.0.0
func (p HTTPSWebProfile) Name() string
type Manager ¶
type Manager struct {
// contains filtered or unexported fields
}
func NewManager ¶
func NewManager(config ManagerConfig) *Manager
func (*Manager) RefreshBundleFor ¶ added in v1.1.0
RefreshBundleFor refreshes the trust domain bundle for the given trust domain. If the trust domain is not managed by the manager, false is returned.
func (*Manager) TriggerConfigReload ¶ added in v1.1.1
func (m *Manager) TriggerConfigReload()
TriggerConfigReload triggers the manager to reload the configuration
type ManagerConfig ¶
type ManagerConfig struct {
Log logrus.FieldLogger
Metrics telemetry.Metrics
DataStore datastore.DataStore
Clock clock.Clock
Source TrustDomainConfigSource
// contains filtered or unexported fields
}
type SPIFFEAuthConfig ¶
type SPIFFEAuthConfig struct {
// EndpointSpiffeID is the expected SPIFFE ID of the bundle endpoint server.
EndpointSpiffeID spiffeid.ID
// RootCAs is the set of root CA certificates used to authenticate the
// endpoint server.
RootCAs []*x509.Certificate
}
type TrustDomainConfig ¶
type TrustDomainConfig struct {
// EndpointURL is the URL used to fetch the bundle of the federated
// trust domain. Is served by a SPIFFE bundle endpoint server.
EndpointURL string
// EndpointProfile is the bundle endpoint profile used by the
// SPIFFE bundle endpoint server.
EndpointProfile EndpointProfileInfo
}
type TrustDomainConfigMap ¶ added in v1.1.0
type TrustDomainConfigMap = map[spiffeid.TrustDomain]TrustDomainConfig
type TrustDomainConfigSet ¶ added in v1.5.3
type TrustDomainConfigSet struct {
// contains filtered or unexported fields
}
func NewTrustDomainConfigSet ¶ added in v1.5.3
func NewTrustDomainConfigSet(configs TrustDomainConfigMap) *TrustDomainConfigSet
func (*TrustDomainConfigSet) GetTrustDomainConfigs ¶ added in v1.5.3
func (s *TrustDomainConfigSet) GetTrustDomainConfigs(ctx context.Context) (map[spiffeid.TrustDomain]TrustDomainConfig, error)
func (*TrustDomainConfigSet) Set ¶ added in v1.5.3
func (s *TrustDomainConfigSet) Set(td spiffeid.TrustDomain, config TrustDomainConfig)
func (*TrustDomainConfigSet) SetAll ¶ added in v1.5.3
func (s *TrustDomainConfigSet) SetAll(configMap TrustDomainConfigMap)
type TrustDomainConfigSource ¶ added in v1.1.0
type TrustDomainConfigSource interface {
GetTrustDomainConfigs(ctx context.Context) (map[spiffeid.TrustDomain]TrustDomainConfig, error)
}
func DataStoreTrustDomainConfigSource ¶ added in v1.1.0
func DataStoreTrustDomainConfigSource(log logrus.FieldLogger, ds datastore.DataStore) TrustDomainConfigSource
func MergeTrustDomainConfigSources ¶ added in v1.1.0
func MergeTrustDomainConfigSources(sources ...TrustDomainConfigSource) TrustDomainConfigSource
type TrustDomainConfigSourceFunc ¶ added in v1.1.0
type TrustDomainConfigSourceFunc func(ctx context.Context) (map[spiffeid.TrustDomain]TrustDomainConfig, error)
func (TrustDomainConfigSourceFunc) GetTrustDomainConfigs ¶ added in v1.1.0
func (fn TrustDomainConfigSourceFunc) GetTrustDomainConfigs(ctx context.Context) (map[spiffeid.TrustDomain]TrustDomainConfig, error)
Source Files
Click to show internal directories.
Click to hide internal directories.