Documentation ¶
Index ¶
- func ExtractHostname(x509Cert x509.Certificate) string
- func ExtractInstanceId(x509Cert x509.Certificate) (string, error)
- func ExtractServicePrincipal(x509Cert x509.Certificate) (string, error)
- func FetchIdToken(...) (string, error)
- func FetchIdTokenExpiryTime(idToken string) (*time.Time, error)
- func GenerateAccessTokenRequestString(domain, service, roles, authzDetails, proxyPrincipalSpiffeUris string, ...) string
- func GetK8SClientAuthCredential(idToken string) (string, error)
- func LoadPublicKey(publicKeyPEM []byte) (interface{}, error)
- func LoadX509Certificate(certFile string) (*x509.Certificate, error)
- func ZtsClient(ztsURL, keyFile, certFile, caCertFile string, proxy bool) (*zts.ZTSClient, error)
- type Config
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ExtractHostname ¶ added in v1.10.20
func ExtractHostname(x509Cert x509.Certificate) string
ExtractHostname returns the hostname from the SAN URIs field of the given certificate: https://golang.org/pkg/crypto/x509/#Certificate.URIs. If the certificate does not have the hostname in the SAN URIs field, an empty string is returned.
func ExtractInstanceId ¶
func ExtractInstanceId(x509Cert x509.Certificate) (string, error)
func ExtractServicePrincipal ¶
func ExtractServicePrincipal(x509Cert x509.Certificate) (string, error)
ExtractServicePrincipal returns the Athenz Service principal for the given certificate which could be either a service certificate or a role certificate. If the certificate does not have the Athenz expected name format the method will an appropriate error.
func FetchIdToken ¶ added in v1.10.46
func FetchIdTokenExpiryTime ¶ added in v1.10.46
func GenerateAccessTokenRequestString ¶ added in v1.10.15
func GenerateAccessTokenRequestString(domain, service, roles, authzDetails, proxyPrincipalSpiffeUris string, expiryTime int) string
GenerateAccessTokenRequestString generates and urlencodes an access token string.
func GetK8SClientAuthCredential ¶ added in v1.10.46
func LoadPublicKey ¶ added in v1.10.46
LoadPublicKey returns public key object for the given PEM data
func LoadX509Certificate ¶
func LoadX509Certificate(certFile string) (*x509.Certificate, error)
LoadX509Certificate reads and parses the x509.Certificate from the specified file.
Types ¶
type Config ¶ added in v1.11.10
type Config struct { PrivateKey string `yaml:"svc-key-file,omitempty"` // principal service private key file PublicCert string `yaml:"svc-cert-file,omitempty"` // principal service public certificate file Zts string `yaml:"zts,omitempty"` // zts server hostname Zms string `yaml:"zms,omitempty"` // zms server hostname }
func ReadDefaultConfig ¶ added in v1.11.10
ReadDefaultConfig reads default configuration from the user's HOME directory