util

package
v1.11.66 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 28, 2024 License: Apache-2.0 Imports: 30 Imported by: 1

Documentation

Index

Constants

View Source
const JwkConfFile = "athenz.conf"

Variables

This section is empty.

Functions

func AppendHostname added in v1.11.26

func AppendHostname(hostList []string, hostname string) []string

func AppendUri added in v1.10.39

func AppendUri(uriList []*url.URL, uriValue string) []*url.URL

func Copy

func Copy(sourceFile, destFile string, perm os.FileMode) error

func CopyCertKeyFile

func CopyCertKeyFile(srcKey, destKey, srcCert, destCert string, keyFileMode os.FileMode, fileDirectUpdate bool) error

func EnsureBackUpDir

func EnsureBackUpDir(backUpDir string) error

func EnvOrDefault added in v1.11.3

func EnvOrDefault(name string, defaultValue string) string

func ExecIdCommand added in v1.10.48

func ExecIdCommand(arg string) int

func ExecuteScript added in v1.11.53

func ExecuteScript(script []string, addlDetail string, runAfterFailExit bool) error

ExecuteScript executes a script along with the provided arguments while blocking the agent

func ExecuteScriptWithoutBlock added in v1.11.30

func ExecuteScriptWithoutBlock(script []string, addlDetail string, runAfterFailExit bool)

ExecuteScriptWithoutBlock executes a script along with the provided arguments in a go subroutine without blocking the agent

func ExtractServiceName

func ExtractServiceName(arn, comp string) (string, string, error)

func FileExists

func FileExists(path string) bool

func GenerateKeyPair

func GenerateKeyPair(bits int) (*rsa.PrivateKey, error)

func GenerateRoleCertCSR added in v1.10.40

func GenerateRoleCertCSR(key *rsa.PrivateKey, options *RoleCertReqOptions) (string, error)

func GenerateSSHHostCSR added in v1.10.40

func GenerateSSHHostCSR(sshPubKeyFile string, domain, service, ip string, ztsAwsDomains []string) (string, error)

func GenerateSSHHostRequest added in v1.11.25

func GenerateSSHHostRequest(sshPubKeyFile string, domain, service, hostname, ip, instanceId, sshPrincipals string, ztsAwsDomains []string) (*zts.SSHCertRequest, error)

func GenerateSecretJsonData added in v1.11.38

func GenerateSecretJsonData(athenzDomain, athenzService string, siaCertData *SiaCertData) ([]byte, error)

func GenerateSvcCertCSR added in v1.10.40

func GenerateSvcCertCSR(key *rsa.PrivateKey, options *SvcCertReqOptions) (string, error)

func GenerateX509CSR

func GenerateX509CSR(key *rsa.PrivateKey, csrDetails CertReqDetails) (string, error)

func GetAthenzJwkConfModTime added in v1.11.2

func GetAthenzJwkConfModTime(siaDir string) rdl.Timestamp

func GetPEMBlock

func GetPEMBlock(privateKey *rsa.PrivateKey) []byte

func GetRoleCertFileName

func GetRoleCertFileName(certDir, fileName, roleName string) string

func GetRoleCertKeyPaths added in v1.11.52

func GetRoleCertKeyPaths(domainName, roleName, roleFilename, roleService, roleServiceKeyFilename, keyDir string, generateRoleKey bool) (string, string, string)

func GetRoleKeyFileName added in v1.11.52

func GetRoleKeyFileName(keyDir, fileName, roleName string, generateRoleKey bool) string

func GetRoleSpiffeUri added in v1.11.57

func GetRoleSpiffeUri(trustDomain, domain, role string) string

func GetSvcCertFileName added in v1.10.40

func GetSvcCertFileName(certDir, fileName, domain, service string) string

func GetSvcKeyFileName added in v1.11.18

func GetSvcKeyFileName(keyDir, fileName, domain, service string) string

func GetSvcSpiffeUri added in v1.11.35

func GetSvcSpiffeUri(trustDomain, namespace, domain, service string) string

func GetUtilPath added in v1.11.9

func GetUtilPath(command string) string

func NewSysLogger

func NewSysLogger() (io.Writer, error)

func Nonce added in v1.10.41

func Nonce() (string, error)

func NotifySystemdReady added in v1.11.57

func NotifySystemdReady() error

NotifySystemdReady sends a notification to systemd that the service is ready

func NotifySystemdReadyForCommand added in v1.11.58

func NotifySystemdReadyForCommand(clientCmd, notifyCmd string) error

NotifySystemdReadyForCommand sends a notification to systemd that the service is ready if the clientCmd argument matches to the notifyCmd

func ParseAssumedRoleArn added in v1.10.40

func ParseAssumedRoleArn(roleArn, serviceSuffix, accessProfileSeparator string) (string, string, string, string, error)

func ParseCASpiffeUri added in v1.10.41

func ParseCASpiffeUri(uri string) (string, string, string)

func ParseCertificate added in v1.11.38

func ParseCertificate(certPem string) (*x509.Certificate, error)

func ParseEnvBooleanFlag added in v1.10.40

func ParseEnvBooleanFlag(varName string) bool

func ParseEnvFloatFlag added in v1.11.17

func ParseEnvFloatFlag(varName string, defaultValue float64) float64

func ParseEnvIntFlag added in v1.10.41

func ParseEnvIntFlag(varName string, defaultValue int) int

func ParseRoleArn added in v1.10.40

func ParseRoleArn(roleArn, rolePrefix, roleSuffix, profileSeparator string, roleServiceNameOnly bool) (string, string, string, string, error)

func ParseRoleSpiffeUri added in v1.10.41

func ParseRoleSpiffeUri(uri string) (string, string)

func ParseScriptArguments added in v1.11.30

func ParseScriptArguments(script string) []string

ParseScriptArguments parses a script path with arguments using shlex and constructs an array of string with name and arguments

func ParseServiceSpiffeUri added in v1.10.41

func ParseServiceSpiffeUri(uri string) (string, string, string, string)

func ParseSiaCmd added in v1.11.53

func ParseSiaCmd(siaCmd string) (string, bool)

ParseSiaCmd parses the sia command and returns the command and a boolean indicating whether the command should skip errors or not. The format of the command is sia-command[:skip-errors]. If the command includes additional arguments separated by colon, then those are ignored.

func ParseTaskArn added in v1.10.40

func ParseTaskArn(taskArn string) (string, string, string, error)

func PrivateKey

func PrivateKey(keyFile string, rotateKey bool) (*rsa.PrivateKey, error)

func PrivateKeyFromFile

func PrivateKeyFromFile(filename string) (*rsa.PrivateKey, error)

func PrivatePem

func PrivatePem(privateKey *rsa.PrivateKey) string

func ReadAthenzJwkConf added in v1.11.2

func ReadAthenzJwkConf(jwkConfFile string, jwkConfObj *zts.AthenzJWKConfig) error

func SanDNSHostname added in v1.11.36

func SanDNSHostname(domain, service, cloudDomain string) string

func SanURIInstanceId added in v1.11.36

func SanURIInstanceId(athenzProvider, instanceId string) string

func SaveRoleCertKey added in v1.11.18

func SaveRoleCertKey(key, cert []byte, keyFile, certFile, svcKeyFile, roleName string, uid, gid, fileMode int, createKey, rotateKey bool, backupDir string, fileDirectUpdate bool) error

func SaveServiceCertKey added in v1.11.18

func SaveServiceCertKey(key, cert []byte, keyFile, certFile, serviceName string, uid, gid, fileMode int, rotateKey bool, backupDir string, fileDirectUpdate bool) error

SaveServiceCertKey writes the key and cert to disk and takes backup of existing key and cert if rotateKey is true this method is only called when we're refreshing the service certificate. during service registration we directly update key/cert/ca-cert files

func SetupSIADir added in v1.11.18

func SetupSIADir(siaDir string, ownerUid, ownerGid int) error

func SetupSIADirs

func SetupSIADirs(siaMainDir, siaLinkDir string, ownerUid, ownerGid int) error

func SplitDomain

func SplitDomain(domain string) (string, string)

func SplitRoleName

func SplitRoleName(roleName string) (string, string, error)

func SvcAttrs

func SvcAttrs(username, groupname string) (int, int, int)

func SyscallSetGid added in v1.10.53

func SyscallSetGid(gid int) error

func SyscallSetUid added in v1.10.53

func SyscallSetUid(uid int) error

func TestGidForGroupCommand added in v1.10.40

func TestGidForGroupCommand(t *testing.T)

func TestGidForInvalidGroupCommand added in v1.10.40

func TestGidForInvalidGroupCommand(t *testing.T)

func TestUidGidForUserGroupCommand added in v1.10.40

func TestUidGidForUserGroupCommand(t *testing.T)

func TestValidateScriptArgumens added in v1.11.50

func TestValidateScriptArgumens(t *testing.T)

func UidGidForUserGroup

func UidGidForUserGroup(username, groupname string) (int, int)

func UpdateFile

func UpdateFile(fileName string, contents []byte, uid, gid int, perm os.FileMode, directUpdate, verbose bool) error

func UpdateFileContents added in v1.11.18

func UpdateFileContents(fileName string, contents []byte, perm os.FileMode, fileDirectUpdate, verbose bool) error

func UpdateKeyOwnership added in v1.11.27

func UpdateKeyOwnership(keyFile string, uid, gid int, fileMode os.FileMode, fileDirectUpdate bool)

func WriteAthenzJWKFile added in v1.11.2

func WriteAthenzJWKFile(athenzJwk *zts.AthenzJWKConfig, siaDir string, uid int, gid int) error

func ZtsClient

func ZtsClient(ztsUrl, ztsServerName string, keyFile, certFile, caCertFile string) (*zts.ZTSClient, error)

Types

type CertReqDetails

type CertReqDetails struct {
	CommonName string
	Country    string
	Province   string
	Locality   string
	Org        string
	OrgUnit    string
	IpList     []string
	HostList   []string
	EmailList  []string
	URIs       []*url.URL
}

CertReqDetails - struct with details to generate a certificate CSR

type CsrSubjectFields added in v1.11.38

type CsrSubjectFields struct {
	Country          string
	State            string
	Locality         string
	Organization     string
	OrganizationUnit string
}

CsrSubjectFields are optional fields for the CSR: the fields will appear in the created certificate's "Subject".

type RoleCertReqOptions added in v1.11.34

type RoleCertReqOptions struct {
	Country           string
	OrgName           string
	Domain            string
	Service           string
	RoleName          string
	InstanceId        string
	Provider          string
	EmailDomain       string
	SpiffeTrustDomain string
}

RoleCertReqOptions - struct with details to generate a role certificate CSR

type SSHKeyReq added in v1.10.40

type SSHKeyReq struct {
	Principals []string `json:"principals"`
	Ips        []string `json:"ips,omitempty" rdl:"optional"`
	Pubkey     string   `json:"pubkey"`
	Reqip      string   `json:"reqip"`
	Requser    string   `json:"requser"`
	Certtype   string   `json:"certtype"`
	Transid    string   `json:"transid"`
	Command    string   `json:"command,omitempty" rdl:"optional"`
}

SSHKeyReq - congruent with certsign-rdl/certsign.rdl

type SiaCertData added in v1.11.38

type SiaCertData struct {
	PrivateKey               *rsa.PrivateKey
	PrivateKeyPem            string
	X509Certificate          *x509.Certificate
	X509CertificatePem       string
	X509CertificateSignerPem string
	TLSCertificate           tls.Certificate
}

SiaCertData response of GetAthenzIdentity()

func RegisterIdentity added in v1.11.38

func RegisterIdentity(athenzDomain, athenzService, athenzProvider, ztsUrl, instanceId, attestationData, spiffeTrustDomain string, sanDNSDomains []string, csrSubjectFields CsrSubjectFields, instanceIdSanDNS bool, privateKey *rsa.PrivateKey) (*SiaCertData, error)

type SvcCertReqOptions added in v1.11.34

type SvcCertReqOptions struct {
	Country           string
	OrgName           string
	Domain            string
	Service           string
	CommonName        string
	Account           string
	InstanceName      string
	InstanceId        string
	Provider          string
	Hostname          string
	SpiffeTrustDomain string
	SpiffeNamespace   string
	AddlSanDNSEntries []string
	ZtsDomains        []string
	WildCardDnsName   bool
	InstanceIdSanDNS  bool
}

SvcCertReqOptions - struct with details to generate a service certificate CSR

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL