Documentation
¶
Index ¶
- func AgentAuthorizer(ds datastore.DataStore, clk clock.Clock) middleware.AgentAuthorizer
- func EntryFetcher(ds datastore.DataStore) middleware.EntryFetcher
- func Middleware(log logrus.FieldLogger, metrics telemetry.Metrics, ds datastore.DataStore, ...) middleware.Middleware
- func RateLimits(config RateLimitConfig) map[string]api.RateLimiter
- func UpstreamPublisher(jwtKeyPublisher manager.JwtKeyPublisher) bundle.UpstreamPublisher
- type APIServers
- type AuthorizedEntryFetcherWithFullCache
- func (a *AuthorizedEntryFetcherWithFullCache) FetchAuthorizedEntries(_ context.Context, agentID spiffeid.ID) ([]*types.Entry, error)
- func (a *AuthorizedEntryFetcherWithFullCache) PruneEventsTask(ctx context.Context) error
- func (a *AuthorizedEntryFetcherWithFullCache) RunRebuildCacheTask(ctx context.Context) error
- type Config
- type Endpoints
- type RateLimitConfig
- type Server
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AgentAuthorizer ¶ added in v0.11.0
func AgentAuthorizer(ds datastore.DataStore, clk clock.Clock) middleware.AgentAuthorizer
func EntryFetcher ¶ added in v0.11.0
func EntryFetcher(ds datastore.DataStore) middleware.EntryFetcher
func Middleware ¶ added in v0.11.0
func Middleware(log logrus.FieldLogger, metrics telemetry.Metrics, ds datastore.DataStore, clk clock.Clock, rlConf RateLimitConfig, policyEngine *authpolicy.Engine, auditLogEnabled bool, adminIDs []spiffeid.ID) middleware.Middleware
func RateLimits ¶ added in v0.11.0
func RateLimits(config RateLimitConfig) map[string]api.RateLimiter
func UpstreamPublisher ¶ added in v0.11.0
func UpstreamPublisher(jwtKeyPublisher manager.JwtKeyPublisher) bundle.UpstreamPublisher
Types ¶
type APIServers ¶ added in v0.11.0
type APIServers struct {
AgentServer agentv1.AgentServer
BundleServer bundlev1.BundleServer
DebugServer debugv1_pb.DebugServer
EntryServer entryv1.EntryServer
HealthServer grpc_health_v1.HealthServer
SVIDServer svidv1.SVIDServer
TrustDomainServer trustdomainv1.TrustDomainServer
}
type AuthorizedEntryFetcherWithFullCache ¶ added in v0.12.0
type AuthorizedEntryFetcherWithFullCache struct {
// contains filtered or unexported fields
}
func NewAuthorizedEntryFetcherWithFullCache ¶ added in v0.12.0
func NewAuthorizedEntryFetcherWithFullCache(ctx context.Context, buildCache entryCacheBuilderFn, pruneEvents pruneEventsFn, log logrus.FieldLogger, clk clock.Clock, cacheReloadInterval, pruneEventsOlderThan time.Duration) (*AuthorizedEntryFetcherWithFullCache, error)
func (*AuthorizedEntryFetcherWithFullCache) FetchAuthorizedEntries ¶ added in v0.12.0
func (*AuthorizedEntryFetcherWithFullCache) PruneEventsTask ¶ added in v1.8.0
func (a *AuthorizedEntryFetcherWithFullCache) PruneEventsTask(ctx context.Context) error
func (*AuthorizedEntryFetcherWithFullCache) RunRebuildCacheTask ¶ added in v0.12.0
func (a *AuthorizedEntryFetcherWithFullCache) RunRebuildCacheTask(ctx context.Context) error
RunRebuildCacheTask starts a ticker which rebuilds the in-memory entry cache.
type Config ¶
type Config struct {
// TPCAddr is the address to bind the TCP listener to.
TCPAddr *net.TCPAddr
// LocalAddr is the local address to bind the listener to.
LocalAddr net.Addr
// The svid rotator used to obtain the latest server credentials
SVIDObserver svid.Observer
// The server's configured trust domain. Used for validation, server SVID, etc.
TrustDomain spiffeid.TrustDomain
// Plugin catalog
Catalog catalog.Catalog
// Server CA for signing SVIDs
ServerCA ca.ServerCA
// Bundle endpoint configuration
BundleEndpoint bundle.EndpointConfig
// JWTKey publisher
JWTKeyPublisher manager.JwtKeyPublisher
// Makes policy decisions
AuthPolicyEngine *authpolicy.Engine
Log logrus.FieldLogger
Metrics telemetry.Metrics
// RateLimit holds rate limiting configurations.
RateLimit RateLimitConfig
Uptime func() time.Duration
Clock clock.Clock
// CacheReloadInterval controls how often the in-memory entry cache reloads
CacheReloadInterval time.Duration
// PruneEventsOlderThan controls how long events can live before they are pruned
PruneEventsOlderThan time.Duration
AuditLogEnabled bool
// AdminIDs are a list of fixed IDs that when presented by a caller in an
// X509-SVID, are granted admin rights.
AdminIDs []spiffeid.ID
BundleManager *bundle_client.Manager
}
Config is a configuration for endpoints
type Endpoints ¶
type Endpoints struct {
TCPAddr *net.TCPAddr
LocalAddr net.Addr
SVIDObserver svid.Observer
TrustDomain spiffeid.TrustDomain
DataStore datastore.DataStore
BundleCache *bundle.Cache
APIServers APIServers
BundleEndpointServer Server
Log logrus.FieldLogger
Metrics telemetry.Metrics
RateLimit RateLimitConfig
EntryFetcherCacheRebuildTask func(context.Context) error
EntryFetcherPruneEventsTask func(context.Context) error
AuditLogEnabled bool
AuthPolicyEngine *authpolicy.Engine
AdminIDs []spiffeid.ID
}
func (*Endpoints) ListenAndServe ¶
ListenAndServe starts all endpoint servers and blocks until the context is canceled or any of the servers fails to run. If the context is canceled, the function returns nil. Otherwise, the error from the failed server is returned.
type RateLimitConfig ¶ added in v0.11.0
type RateLimitConfig struct {
// Attestation, if true, rate limits attestation
Attestation bool
// Signing, if true, rate limits JWT and X509 signing requests
Signing bool
}
RateLimitConfig holds rate limiting configurations.
type Server ¶
type Server interface {
// ListenAndServe starts all endpoint servers and blocks until the context
// is canceled or any of the servers fails to run. If the context is
// canceled, the function returns nil. Otherwise, the error from the failed
// server is returned.
ListenAndServe(ctx context.Context) error
}
Server manages gRPC and HTTP endpoint lifecycle
Source Files
¶
Directories
¶
| Path | Synopsis |
|---|---|
|
internal/acmetest
nolint // forked code
|
nolint // forked code |
|
internal/autocert
nolint // forked code
|
nolint // forked code |
Click to show internal directories.
Click to hide internal directories.