sia

package
v1.10.14 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 3, 2021 License: Apache-2.0 Imports: 18 Imported by: 0

README

SIA for AWS EC2

Configuration

SIA AWS requires a configuration file to be present in the /etc/sia/sia_config with the following required attributes if the property does not want to use the default settings which require the use of the EC2 instance-profile role in the name format of <property-domain-name>.<property-service-name>-service:

{
    "version": "1.0.0",
    "service": "property-service-name",
    "accounts": [
        {
            "domain":  "property-domain-name",
            "account": "account-aws-id"
        }
    ]
}

The AWS Account administrator must create an IAM Role called '." and this role must be setup with a trusted relationship with the role that the EC2 instance is configured to run as.

SIA Configuration file is also required if the user wants to change the default user/group settings that the private key is owned by. By default, the private key is owned by user root and readable by group athenz. If the user wants to provide access to their service identity private key to another user, it can be accomplished by adding the user to the group athenz. If the user wants to change the user and group values, a config file must be dropped with the following optional fields:

{
    "version": "1.0.0",
    "service": "property-service-name",
    "accounts": [
        {
            "domain":  "property-domain-name",
            "account": "account-aws-id",
            "user": "unix-username",
            "group": "unix-groupname"
        }
    ]
}

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetRoleCertificate 

func GetRoleCertificate(ztsUrl, svcKeyFile, svcCertFile string, opts *options.Options, sysLogger io.Writer) bool

func RefreshInstance 

func RefreshInstance(data []*attestation.AttestationData, ztsUrl string, opts *options.Options, sysLogger io.Writer) error

func RegisterInstance 

func RegisterInstance(data []*attestation.AttestationData, document []byte, ztsUrl string, opts *options.Options, docExpiryCheck bool, sysLogger io.Writer) error

func RoleKey added in v1.10.14 

func RoleKey(rotateKey bool, svcKey string) (*rsa.PrivateKey, error)

func SaveRoleCertKey added in v1.10.14 

func SaveRoleCertKey(key, cert []byte, role options.Role, opts *options.Options, sysLogger io.Writer) error

func SaveSvcCertKey added in v1.10.14 

func SaveSvcCertKey(key, cert []byte, svc options.Service, opts *options.Options, sysLogger io.Writer, createKey bool) error

Types

type Identity 

type Identity struct {
	Name       string
	InstanceId string
	Ip         string
}

type SSHKeyReq 

type SSHKeyReq struct {
	Principals []string `json:"principals"`
	Ips        []string `json:"ips,omitempty" rdl:"optional"` //not used
	Pubkey     string   `json:"pubkey"`
	Reqip      string   `json:"reqip"`
	Requser    string   `json:"requser"`
	Certtype   string   `json:"certtype"`
	Transid    string   `json:"transid"`
	Command    string   `json:"command,omitempty" rdl:"optional"` //not used
}

SSHKeyReq - congruent with certsign-rdl/certsign.rdl

Source Files

View all Source files

Directories

Path Synopsis
cmd
metamock
siad
ztsmock
data
attestation
doc
meta
devel
metamock
ztsmock
internal
driver
testserver

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.