sia

package

v1.11.53 Latest Latest Go to latest Published: Mar 4, 2024 License: Apache-2.0 Imports: 14 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/AthenZ/athenz

Links

Open Source Insights

README ¶

SIA for AWS Fargate

Configuration

SIA AWS Fargate requires a configuration file to be present in the /etc/sia/sia_config with the following required attributes:

{
    "version": "1.0.0",
    "service": "application-service-name",
    "accounts": [
        {
            "domain":  "application-domain-name",
            "account": "application-account-aws-id"
        }
    ]
}

The AWS Account administrator must create an IAM Role called <application-domain-name>.<application-service-name> and this role must be setup with a trusted relationship with the role that the Fargate task is configured to run as. ( most likely Task Role )

SIA Configuration file provides a way to change the default user/group settings that the private key is owned by. By default, the private key is owned by user root and readable by group athenz. If the user wants to provide access to their service identity private key to another user, it can be accomplished by adding the user to the group athenz. If the user wants to change the user and group values, a config file must be dropped with the following optional fields:

{
    "version": "1.0.0",
    "service": "application-service-name",
    "accounts": [
        {
            "domain":  "application-domain-name",
            "account": "application-account-aws-id",
            "user": "unix-username",
            "group": "unix-groupname"
        }
    ]
}

SIA-Fargate can be built with following parameters - e.g.

GOOS=linux go install -ldflags "-X main.Version=1.0.0 -X main.ZtsEndPoint=zts.athenz.io -X main.DnsDomain=aws.athenz.cloud -X main.ProviderPrefix=athenz.aws" ./...

alternatively, those parameters can be passed during runtime and runtime parameters will take precedence over build time parameters.

Documentation ¶

Index ¶

func GetFargateConfig(configFile, metaEndpoint string, useRegionalSTS bool, account, region string) (*options.Config, *options.ConfigAccount, error)
func GetFargateData(metaEndPoint string) (string, string, string, error)
type FargateProvider

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GetFargateConfig ¶ added in v1.10.40

func GetFargateConfig(configFile, metaEndpoint string, useRegionalSTS bool, account, region string) (*options.Config, *options.ConfigAccount, error)

func GetFargateData ¶ added in v1.10.40

func GetFargateData(metaEndPoint string) (string, string, string, error)

Types ¶

type FargateProvider ¶ added in v1.11.19

type FargateProvider struct {
	Name string
}

func (FargateProvider) AttestationData ¶ added in v1.11.19

func (fargate FargateProvider) AttestationData(_ string, _ crypto.PrivateKey, _ *signature.SignatureInfo) (string, error)

func (FargateProvider) CloudAttestationData ¶ added in v1.11.25

func (fargate FargateProvider) CloudAttestationData(_, _, _ string) (string, error)

func (FargateProvider) GetAccessManagementProfileFromMeta ¶ added in v1.11.25

func (fargate FargateProvider) GetAccessManagementProfileFromMeta(_ string) (string, error)

func (FargateProvider) GetAccountDomainServiceFromMeta ¶ added in v1.11.25

func (fargate FargateProvider) GetAccountDomainServiceFromMeta(_ string) (string, string, string, error)

func (FargateProvider) GetAdditionalSshHostPrincipals ¶ added in v1.11.31

func (fargate FargateProvider) GetAdditionalSshHostPrincipals(_ string) (string, error)

func (FargateProvider) GetCsrDn ¶ added in v1.11.19

func (fargate FargateProvider) GetCsrDn() pkix.Name

func (FargateProvider) GetEmail ¶ added in v1.11.19

func (fargate FargateProvider) GetEmail(_ string) []string

func (FargateProvider) GetHostname ¶ added in v1.11.19

func (fargate FargateProvider) GetHostname(_ bool) string

GetHostname returns the hostname as per the provider

func (FargateProvider) GetName ¶ added in v1.11.19

func (fargate FargateProvider) GetName() string

GetName returns the name of the current provider

func (FargateProvider) GetRoleDnsNames ¶ added in v1.11.19

func (fargate FargateProvider) GetRoleDnsNames(_ *x509.Certificate, _ string) []string

func (FargateProvider) GetSanDns ¶ added in v1.11.19

func (fargate FargateProvider) GetSanDns(_ string, _ bool, _ bool, _ []string) []string

func (FargateProvider) GetSanIp ¶ added in v1.11.19

func (fargate FargateProvider) GetSanIp(_ map[string]bool, _ []net.IP, _ ip.Opts) []net.IP

func (FargateProvider) GetSanUri ¶ added in v1.11.19

func (fargate FargateProvider) GetSanUri(_ string, _ ip.Opts, _, _ string) []*url.URL

func (FargateProvider) GetSuffix ¶ added in v1.11.19

func (fargate FargateProvider) GetSuffix() string

func (FargateProvider) PrepareKey ¶ added in v1.11.19

func (fargate FargateProvider) PrepareKey(_ string) (crypto.PrivateKey, error)

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
cmd
siad
devel
metamock

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL