athenzutils

package
v1.11.52 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 21, 2024 License: Apache-2.0 Imports: 23 Imported by: 2

README

athenzutils

Go library to return zts client given private key and certificate.

License

Copyright The Athenz Authors

Licensed under the Apache License, Version 2.0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ExtractHostname added in v1.10.20

func ExtractHostname(x509Cert x509.Certificate) string

ExtractHostname returns the hostname from the SAN URIs field of the given certificate: https://golang.org/pkg/crypto/x509/#Certificate.URIs. If the certificate does not have the hostname in the SAN URIs field, an empty string is returned.

func ExtractInstanceId

func ExtractInstanceId(x509Cert x509.Certificate) (string, error)

func ExtractServicePrincipal

func ExtractServicePrincipal(x509Cert x509.Certificate) (string, error)

ExtractServicePrincipal returns the Athenz Service principal for the given certificate which could be either a service certificate or a role certificate. If the certificate does not have the Athenz expected name format the method will an appropriate error.

func ExtractSignerInfo added in v1.11.46

func ExtractSignerInfo(privateKeyPEM []byte) (crypto.Signer, x509.SignatureAlgorithm, error)

ExtractSignerInfo extract crypto.Signer and x509.SignatureAlgorithm from the given private key (ECDSA or RSA).

func FetchIdToken added in v1.10.46

func FetchIdToken(ztsURL, svcKeyFile, svcCertFile, svcCACertFile, clientId, scope, nonce, state, keyType string, fullArn *bool, proxy bool, expireTime *int32, roleInAudClaim *bool) (string, error)

func FetchIdTokenExpiryTime added in v1.10.46

func FetchIdTokenExpiryTime(idToken string) (*time.Time, error)

func GenerateAccessTokenRequestString added in v1.10.15

func GenerateAccessTokenRequestString(domain, service, roles, authzDetails, proxyPrincipalSpiffeUris, proxyForPrincipal string, expiryTime int) string

GenerateAccessTokenRequestString generates and urlencodes an access token string.

func GetK8SClientAuthCredential added in v1.10.46

func GetK8SClientAuthCredential(idToken string) (string, error)

func LoadPublicKey added in v1.10.46

func LoadPublicKey(publicKeyPEM []byte) (interface{}, error)

LoadPublicKey returns public key object for the given PEM data

func LoadX509Certificate

func LoadX509Certificate(certFile string) (*x509.Certificate, error)

LoadX509Certificate reads and parses the x509.Certificate from the specified file.

func ParseAthenzRoleName added in v1.11.26

func ParseAthenzRoleName(roleName string) (string, string, error)

func ParseGCPResourceName added in v1.11.26

func ParseGCPResourceName(resource, objectType string) (string, string, error)

func ParsePrincipal added in v1.11.26

func ParsePrincipal(principal string) (string, string, error)

func ZmsClient added in v1.11.26

func ZmsClient(zmsURL, keyFile, certFile, caCertFile string, proxy bool) (*zms.ZMSClient, error)

ZmsClient creates and returns a ZMS client instance.

func ZtsClient

func ZtsClient(ztsURL, keyFile, certFile, caCertFile string, proxy bool) (*zts.ZTSClient, error)

ZtsClient creates and returns a ZTS client instance.

Types

type Config added in v1.11.10

type Config struct {
	PrivateKey string `yaml:"svc-key-file,omitempty"`  // principal service private key file
	PublicCert string `yaml:"svc-cert-file,omitempty"` // principal service public certificate file
	Zts        string `yaml:"zts,omitempty"`           // zts server hostname
	Zms        string `yaml:"zms,omitempty"`           // zms server hostname
}

func ReadDefaultConfig added in v1.11.10

func ReadDefaultConfig() (*Config, error)

ReadDefaultConfig reads default configuration from the user's HOME directory

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL