sia

package
v1.12.9 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 24, 2025 License: Apache-2.0 Imports: 16 Imported by: 0

README

SIA for GCP GKE

Configuration

SIA GKE requires a configuration file to be present in the /etc/sia/sia_config with the following required attributes:

{
    "version": "1.0.0",
    "domain": "application-domain-name",
    "service": "application-service-name"
}

The Google Project administrator must create a Google Service Account with the name <application-service-name> and this Service Account must allow the Kubernetes Service Account to impersonate using workloadIdentityUser role, which will be used by the application.

SIA Configuration file provides a way to change the default user/group settings that the private key is owned by. By default, the private key is owned by user root and readable by group athenz. If the admin wants to provide access to their service identity private key to another user, it can be accomplished by adding the user to the group athenz. If the user wants to change the user and group values, a config file must contain following optional fields:

{
    "version": "1.0.0",
    "domain": "application-domain-name",
    "service": "application-service-name",
    "user": "unix-username",
    "group": "unix-groupname"
}

SIA-GKE can be built with following parameters - e.g.

GOOS=linux go install -ldflags "-X main.Version=1.0.0 -X main.ZtsEndPoint=zts.athenz.io -X main.DnsDomain=gcp.athenz.cloud -X main.ProviderPrefix=athenz.gcp" ./...

alternatively, those parameters can be passed during runtime and runtime parameters will take precedence over build time parameters.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetGKEAccessProfile

func GetGKEAccessProfile(configFile, metaEndpoint string, provider provider.Provider) (*sc.AccessProfileConfig, error)

func GetGKEConfig

func GetGKEConfig(configFile, profileConfigFile, metaEndpoint, region string, provider provider.Provider) (*sc.Config, *sc.AccessProfileConfig, error)

func GetGKEPodId

func GetGKEPodId() string

Types

type GKEProvider

type GKEProvider struct {
	Name string
}

func (GKEProvider) AttestationData

func (gke GKEProvider) AttestationData(_ string, _ crypto.PrivateKey, _ *signature.SignatureInfo) (string, error)

func (GKEProvider) CloudAttestationData

func (gke GKEProvider) CloudAttestationData(request *provider.AttestationRequest) (string, error)

func (GKEProvider) GetAccessManagementProfileFromMeta

func (gke GKEProvider) GetAccessManagementProfileFromMeta(base string) (string, error)

func (GKEProvider) GetAccountDomainServiceFromMeta

func (gke GKEProvider) GetAccountDomainServiceFromMeta(base string) (string, string, string, error)

func (GKEProvider) GetAdditionalSshHostPrincipals added in v1.11.31

func (gke GKEProvider) GetAdditionalSshHostPrincipals(_ string) (string, error)

func (GKEProvider) GetCsrDn

func (gke GKEProvider) GetCsrDn() pkix.Name

func (GKEProvider) GetEmail

func (gke GKEProvider) GetEmail(_ string) []string

func (GKEProvider) GetHostname

func (gke GKEProvider) GetHostname(fqdn bool) string

GetHostname returns the hostname as per the provider

func (GKEProvider) GetName

func (gke GKEProvider) GetName() string

GetName returns the name of the current provider

func (GKEProvider) GetRoleDnsNames

func (gke GKEProvider) GetRoleDnsNames(_ *x509.Certificate, _ string) []string

func (GKEProvider) GetSanDns

func (gke GKEProvider) GetSanDns(_ string, _ bool, _ bool, _ []string) []string

func (GKEProvider) GetSanIp

func (gke GKEProvider) GetSanIp(_ map[string]bool, _ []net.IP, _ ip.Opts) []net.IP

func (GKEProvider) GetSanUri

func (gke GKEProvider) GetSanUri(_ string, _ ip.Opts, _, _ string) []*url.URL

func (GKEProvider) GetSuffixes added in v1.11.54

func (gke GKEProvider) GetSuffixes() []string

func (GKEProvider) PrepareKey

func (gke GKEProvider) PrepareKey(_ string) (crypto.PrivateKey, error)

Directories

Path Synopsis
cmd
devel

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL