README
¶
athenzutils
Go library to return zts client given private key and certificate.
License
Copyright The Athenz Authors
Licensed under the Apache License, Version 2.0
Documentation
¶
Index ¶
- func ExtractHostname(x509Cert x509.Certificate) string
- func ExtractInstanceId(x509Cert x509.Certificate) (string, error)
- func ExtractServicePrincipal(x509Cert x509.Certificate) (string, error)
- func ExtractSignerInfo(privateKeyPEM []byte) (crypto.Signer, x509.SignatureAlgorithm, error)
- func FetchIdToken(...) (string, error)
- func FetchIdTokenExpiryTime(idToken string) (*time.Time, error)
- func GenerateAccessTokenRequestString(domain, service, roles, authzDetails, proxyPrincipalSpiffeUris, ... string, ...) string
- func GetK8SClientAuthCredential(idToken string) (string, error)
- func LoadPublicKey(publicKeyPEM []byte) (interface{}, error)
- func LoadX509Certificate(certFile string) (*x509.Certificate, error)
- func ParseAthenzRoleName(roleName string) (string, string, error)
- func ParseGCPResourceName(resource, objectType string) (string, string, error)
- func ParsePrincipal(principal string) (string, string, error)
- func ZmsClient(zmsURL, keyFile, certFile, caCertFile string, proxy bool) (*zms.ZMSClient, error)
- func ZtsClient(ztsURL, keyFile, certFile, caCertFile string, proxy bool) (*zts.ZTSClient, error)
- type Config
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ExtractHostname ¶ added in v1.10.20
func ExtractHostname(x509Cert x509.Certificate) string
ExtractHostname returns the hostname from the SAN URIs field of the given certificate: https://golang.org/pkg/crypto/x509/#Certificate.URIs. If the certificate does not have the hostname in the SAN URIs field, an empty string is returned.
func ExtractInstanceId ¶
func ExtractInstanceId(x509Cert x509.Certificate) (string, error)
func ExtractServicePrincipal ¶
func ExtractServicePrincipal(x509Cert x509.Certificate) (string, error)
ExtractServicePrincipal returns the Athenz Service principal for the given certificate which could be either a service certificate or a role certificate. If the certificate does not have the Athenz expected name format the method will an appropriate error.
func ExtractSignerInfo ¶ added in v1.11.46
ExtractSignerInfo extract crypto.Signer and x509.SignatureAlgorithm from the given private key (ECDSA or RSA).
func FetchIdToken ¶ added in v1.10.46
func FetchIdTokenExpiryTime ¶ added in v1.10.46
func GenerateAccessTokenRequestString ¶ added in v1.10.15
func GenerateAccessTokenRequestString(domain, service, roles, authzDetails, proxyPrincipalSpiffeUris, proxyForPrincipal string, expiryTime int) string
GenerateAccessTokenRequestString generates and urlencodes an access token string.
func GetK8SClientAuthCredential ¶ added in v1.10.46
func LoadPublicKey ¶ added in v1.10.46
LoadPublicKey returns public key object for the given PEM data
func LoadX509Certificate ¶
func LoadX509Certificate(certFile string) (*x509.Certificate, error)
LoadX509Certificate reads and parses the x509.Certificate from the specified file.
func ParseAthenzRoleName ¶ added in v1.11.26
func ParseGCPResourceName ¶ added in v1.11.26
func ParsePrincipal ¶ added in v1.11.26
Types ¶
type Config ¶ added in v1.11.10
type Config struct {
PrivateKey string `yaml:"svc-key-file,omitempty"` // principal service private key file
PublicCert string `yaml:"svc-cert-file,omitempty"` // principal service public certificate file
Zts string `yaml:"zts,omitempty"` // zts server hostname
Zms string `yaml:"zms,omitempty"` // zms server hostname
}
func ReadDefaultConfig ¶ added in v1.11.10
ReadDefaultConfig reads default configuration from the user's HOME directory
Source Files