Documentation
¶
Index ¶
- Constants
- func AppendHostname(hostList []string, hostname string) []string
- func AppendUri(uriList []*url.URL, uriValue string) []*url.URL
- func Copy(sourceFile, destFile string, perm os.FileMode) error
- func CopyCertKeyFile(srcKey, destKey, srcCert, destCert string, keyFileMode os.FileMode, ...) error
- func EnsureBackUpDir(backUpDir string) error
- func EnvOrDefault(name string, defaultValue string) string
- func ExecIdCommand(arg string) int
- func ExecuteScriptWithoutBlock(script []string)
- func ExtractServiceName(arn, comp string) (string, string, error)
- func FileExists(path string) bool
- func GenerateKeyPair(bits int) (*rsa.PrivateKey, error)
- func GenerateRoleCertCSR(key *rsa.PrivateKey, options *RoleCertReqOptions) (string, error)
- func GenerateSSHHostCSR(sshPubKeyFile string, domain, service, ip string, ztsAwsDomains []string) (string, error)
- func GenerateSSHHostRequest(sshPubKeyFile string, ...) (*zts.SSHCertRequest, error)
- func GenerateSecretJsonData(athenzDomain, athenzService string, siaCertData *SiaCertData) ([]byte, error)
- func GenerateSvcCertCSR(key *rsa.PrivateKey, options *SvcCertReqOptions) (string, error)
- func GenerateX509CSR(key *rsa.PrivateKey, csrDetails CertReqDetails) (string, error)
- func GetAthenzJwkConfModTime(siaDir string) rdl.Timestamp
- func GetPEMBlock(privateKey *rsa.PrivateKey) []byte
- func GetRoleCertFileName(certDir, fileName, certName string) string
- func GetSvcCertFileName(certDir, fileName, domain, service string) string
- func GetSvcKeyFileName(keyDir, fileName, domain, service string) string
- func GetSvcSpiffeUri(trustDomain, namespace, domain, service string) string
- func GetUtilPath(command string) string
- func NewSysLogger() (io.Writer, error)
- func Nonce() (string, error)
- func ParseAssumedRoleArn(roleArn, serviceSuffix, accessProfileSeparator string) (string, string, string, string, error)
- func ParseCASpiffeUri(uri string) (string, string, string)
- func ParseCertificate(certPem string) (*x509.Certificate, error)
- func ParseEnvBooleanFlag(varName string) bool
- func ParseEnvFloatFlag(varName string, defaultValue float64) float64
- func ParseEnvIntFlag(varName string, defaultValue int) int
- func ParseRoleArn(roleArn, rolePrefix, roleSuffix, profileSeparator string) (string, string, string, string, error)
- func ParseRoleSpiffeUri(uri string) (string, string)
- func ParseScriptArguments(script string) []string
- func ParseServiceSpiffeUri(uri string) (string, string, string, string)
- func ParseTaskArn(taskArn string) (string, string, string, error)
- func PrivateKey(keyFile string, rotateKey bool) (*rsa.PrivateKey, error)
- func PrivateKeyFromFile(filename string) (*rsa.PrivateKey, error)
- func PrivatePem(privateKey *rsa.PrivateKey) string
- func ReadAthenzJwkConf(jwkConfFile string, jwkConfObj *zts.AthenzJWKConfig) error
- func SanDNSHostname(domain, service, cloudDomain string) string
- func SanURIInstanceId(athenzProvider, instanceId string) string
- func SaveCertKey(key, cert []byte, keyFile, certFile, keyPrefix, certPrefix string, ...) error
- func SaveRoleCertKey(key, cert []byte, svcKeyFile, roleCertFile, keyPrefix, certPrefix string, ...) error
- func SaveServiceCertKey(key, cert []byte, keyFile, certFile, prefix string, uid, gid, fileMode int, ...) error
- func SetupSIADir(siaDir string, ownerUid, ownerGid int) error
- func SetupSIADirs(siaMainDir, siaLinkDir string, ownerUid, ownerGid int) error
- func SplitDomain(domain string) (string, string)
- func SplitRoleName(roleName string) (string, string, error)
- func SvcAttrs(username, groupname string) (int, int, int)
- func SyscallSetGid(gid int) error
- func SyscallSetUid(uid int) error
- func TestGidForGroupCommand(t *testing.T)
- func TestGidForInvalidGroupCommand(t *testing.T)
- func TestUidGidForUserGroupCommand(t *testing.T)
- func UidGidForUserGroup(username, groupname string) (int, int)
- func UpdateFile(fileName string, contents []byte, uid, gid int, perm os.FileMode, ...) error
- func UpdateFileContents(fileName string, contents []byte, perm os.FileMode, ...) error
- func UpdateKeyOwnership(keyFile string, uid, gid int, fileMode os.FileMode, fileDirectUpdate bool)
- func WriteAthenzJWKFile(athenzJwk *zts.AthenzJWKConfig, siaDir string, uid int, gid int) error
- func ZtsClient(ztsUrl, ztsServerName string, keyFile, certFile, caCertFile string) (*zts.ZTSClient, error)
- type CertReqDetails
- type CsrSubjectFields
- type RoleCertReqOptions
- type SSHKeyReq
- type SiaCertData
- type SvcCertReqOptions
Constants ¶
View Source
const JwkConfFile = "athenz.conf"
Variables ¶
This section is empty.
Functions ¶
func AppendHostname ¶ added in v1.11.26
func CopyCertKeyFile ¶
func EnsureBackUpDir ¶
func EnvOrDefault ¶ added in v1.11.3
func ExecIdCommand ¶ added in v1.10.48
func ExecuteScriptWithoutBlock ¶ added in v1.11.30
func ExecuteScriptWithoutBlock(script []string)
ExecuteScriptWithoutBlock executes a script along with the provided arguments in a go subroutine without blocking the agent
func FileExists ¶
func GenerateKeyPair ¶
func GenerateKeyPair(bits int) (*rsa.PrivateKey, error)
func GenerateRoleCertCSR ¶ added in v1.10.40
func GenerateRoleCertCSR(key *rsa.PrivateKey, options *RoleCertReqOptions) (string, error)
func GenerateSSHHostCSR ¶ added in v1.10.40
func GenerateSSHHostRequest ¶ added in v1.11.25
func GenerateSecretJsonData ¶ added in v1.11.38
func GenerateSecretJsonData(athenzDomain, athenzService string, siaCertData *SiaCertData) ([]byte, error)
func GenerateSvcCertCSR ¶ added in v1.10.40
func GenerateSvcCertCSR(key *rsa.PrivateKey, options *SvcCertReqOptions) (string, error)
func GenerateX509CSR ¶
func GenerateX509CSR(key *rsa.PrivateKey, csrDetails CertReqDetails) (string, error)
func GetAthenzJwkConfModTime ¶ added in v1.11.2
func GetPEMBlock ¶
func GetPEMBlock(privateKey *rsa.PrivateKey) []byte
func GetRoleCertFileName ¶
func GetSvcCertFileName ¶ added in v1.10.40
func GetSvcKeyFileName ¶ added in v1.11.18
func GetSvcSpiffeUri ¶ added in v1.11.35
func GetUtilPath ¶ added in v1.11.9
func NewSysLogger ¶
func ParseAssumedRoleArn ¶ added in v1.10.40
func ParseCASpiffeUri ¶ added in v1.10.41
func ParseCertificate ¶ added in v1.11.38
func ParseCertificate(certPem string) (*x509.Certificate, error)
func ParseEnvBooleanFlag ¶ added in v1.10.40
func ParseEnvFloatFlag ¶ added in v1.11.17
func ParseEnvIntFlag ¶ added in v1.10.41
func ParseRoleArn ¶ added in v1.10.40
func ParseRoleSpiffeUri ¶ added in v1.10.41
func ParseScriptArguments ¶ added in v1.11.30
ParseScriptArguments parses a script path with arguments using shlex and constructs an array of string with name and arguments
func ParseServiceSpiffeUri ¶ added in v1.10.41
func ParseTaskArn ¶ added in v1.10.40
func PrivateKey ¶
func PrivateKey(keyFile string, rotateKey bool) (*rsa.PrivateKey, error)
func PrivateKeyFromFile ¶
func PrivateKeyFromFile(filename string) (*rsa.PrivateKey, error)
func PrivatePem ¶
func PrivatePem(privateKey *rsa.PrivateKey) string
func ReadAthenzJwkConf ¶ added in v1.11.2
func ReadAthenzJwkConf(jwkConfFile string, jwkConfObj *zts.AthenzJWKConfig) error
func SanDNSHostname ¶ added in v1.11.36
func SanURIInstanceId ¶ added in v1.11.36
func SaveCertKey ¶ added in v1.10.40
func SaveRoleCertKey ¶ added in v1.11.18
func SaveServiceCertKey ¶ added in v1.11.18
func SetupSIADir ¶ added in v1.11.18
func SetupSIADirs ¶
func SplitDomain ¶
func SyscallSetGid ¶ added in v1.10.53
func SyscallSetUid ¶ added in v1.10.53
func TestGidForGroupCommand ¶ added in v1.10.40
func TestGidForInvalidGroupCommand ¶ added in v1.10.40
func TestUidGidForUserGroupCommand ¶ added in v1.10.40
func UidGidForUserGroup ¶
func UpdateFile ¶
func UpdateFileContents ¶ added in v1.11.18
func UpdateKeyOwnership ¶ added in v1.11.27
func WriteAthenzJWKFile ¶ added in v1.11.2
Types ¶
type CertReqDetails ¶
type CertReqDetails struct {
CommonName string
Country string
Province string
Locality string
Org string
OrgUnit string
IpList []string
HostList []string
EmailList []string
URIs []*url.URL
}
CertReqDetails - struct with details to generate a certificate CSR
type CsrSubjectFields ¶ added in v1.11.38
type CsrSubjectFields struct {
Country string
State string
Locality string
Organization string
OrganizationUnit string
}
CsrSubjectFields are optional fields for the CSR: the fields will appear in the created certificate's "Subject".
type RoleCertReqOptions ¶ added in v1.11.34
type RoleCertReqOptions struct {
Country string
OrgName string
Domain string
Service string
RoleName string
InstanceId string
Provider string
EmailDomain string
}
RoleCertReqOptions - struct with details to generate a role certificate CSR
type SSHKeyReq ¶ added in v1.10.40
type SSHKeyReq struct {
Principals []string `json:"principals"`
Ips []string `json:"ips,omitempty" rdl:"optional"`
Pubkey string `json:"pubkey"`
Reqip string `json:"reqip"`
Requser string `json:"requser"`
Certtype string `json:"certtype"`
Transid string `json:"transid"`
Command string `json:"command,omitempty" rdl:"optional"`
}
SSHKeyReq - congruent with certsign-rdl/certsign.rdl
type SiaCertData ¶ added in v1.11.38
type SiaCertData struct {
PrivateKey *rsa.PrivateKey
PrivateKeyPem string
X509Certificate *x509.Certificate
X509CertificatePem string
X509CertificateSignerPem string
TLSCertificate tls.Certificate
}
SiaCertData response of GetAthenzIdentity()
func RegisterIdentity ¶ added in v1.11.38
func RegisterIdentity(athenzDomain, athenzService, athenzProvider, ztsUrl, instanceId, attestationData, spiffeTrustDomain string, sanDNSDomains []string, csrSubjectFields CsrSubjectFields, instanceIdSanDNS bool, privateKey *rsa.PrivateKey) (*SiaCertData, error)
type SvcCertReqOptions ¶ added in v1.11.34
type SvcCertReqOptions struct {
Country string
OrgName string
Domain string
Service string
CommonName string
InstanceId string
Provider string
Hostname string
SpiffeTrustDomain string
SpiffeNamespace string
AddlSanDNSEntries []string
ZtsDomains []string
WildCardDnsName bool
InstanceIdSanDNS bool
}
SvcCertReqOptions - struct with details to generate a service certificate CSR
Source Files
Click to show internal directories.
Click to hide internal directories.