Documentation
¶
Index ¶
- func GetAWSLambdaServiceCertificate(ztsUrl, athenzProvider, athenzDomain, service, awsAccount string, ...) (tls.Certificate, error)deprecated
- func GetAthenzIdentity(athenzDomain, athenzService, athenzProvider, ztsUrl string, ...) (*util.SiaCertData, error)
- func StoreAthenzIdentityInParameterStore(athenzDomain, athenzService, parameterName, kmsId string, ...) error
- func StoreAthenzIdentityInParameterStoreCustomFormat(parameterName, kmsId string, siaCertData *util.SiaCertData, ...) error
- func StoreAthenzIdentityInSecretManager(athenzDomain, athenzService, secretName string, siaCertData *util.SiaCertData) error
- func StoreAthenzIdentityInSecretManagerCustomFormat(athenzDomain, athenzService, secretName string, siaCertData *util.SiaCertData, ...) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetAWSLambdaServiceCertificate
deprecated
func GetAthenzIdentity ¶ added in v1.11.38
func GetAthenzIdentity(athenzDomain, athenzService, athenzProvider, ztsUrl string, sanDNSDomains []string, spiffeTrustDomain string, csrSubjectFields util.CsrSubjectFields) (*util.SiaCertData, error)
func StoreAthenzIdentityInParameterStore ¶ added in v1.12.3
func StoreAthenzIdentityInParameterStore(athenzDomain, athenzService, parameterName, kmsId string, siaCertData *util.SiaCertData) error
StoreAthenzIdentityInParameterStore store the retrieved athenz identity in the specified parameter store as Secure String, without CA certificate. The secret is stored in the following keys:
"<domain>.<service>.cert.pem":"<x509-cert-pem>, "<domain>.<service>.key.pem":"<pkey-pem>, "time": <utc-timestamp>
The parameter specified by the name must be pre-created
func StoreAthenzIdentityInParameterStoreCustomFormat ¶ added in v1.12.3
func StoreAthenzIdentityInParameterStoreCustomFormat(parameterName, kmsId string, siaCertData *util.SiaCertData, jsonFieldMapper map[string]string) error
StoreAthenzIdentityInParameterStoreCustomFormat store the retrieved athenz identity in the specified parameter store as Secure String, without CA certificate. The secret is stored in the following keys
"<x509-cert-pem-key>":"<x509-cert-pem>, "<private-pem-key>":"<pkey-pem>, "<time-key>": <utc-timestamp>
It supports only 3 json fields 'cert_pem', 'key_pem' and 'time', where 'cert_pem' and 'key_pem' are mandatory. The resulted json will contain timestamp only if the corresponding json field name is set. It will ignore 'ca_pem' even if it is set.
sample `jsonFieldMapper` map: [{"cert_pem": "certPem"}, {"key_pem": "keyPem"}], will result json like
{ "certPem":"<x509-cert-pem>, "keyPem":"<pkey-pem> }
The parameter specified by the name must be pre-created
func StoreAthenzIdentityInSecretManager ¶ added in v1.11.38
func StoreAthenzIdentityInSecretManager(athenzDomain, athenzService, secretName string, siaCertData *util.SiaCertData) error
StoreAthenzIdentityInSecretManager store the retrieved athenz identity in the specified secret. The secret is stored in the following keys:
"<domain>.<service>.cert.pem":"<x509-cert-pem>, "<domain>.<service>.key.pem":"<pkey-pem>, "ca.cert.pem":"<ca-cert-pem>, "time": <utc-timestamp>
The secret specified by the name must be pre-created
func StoreAthenzIdentityInSecretManagerCustomFormat ¶ added in v1.12.3
func StoreAthenzIdentityInSecretManagerCustomFormat(athenzDomain, athenzService, secretName string, siaCertData *util.SiaCertData, jsonFieldMapper map[string]string) error
StoreAthenzIdentityInSecretManagerCustomFormat store the retrieved athenz identity in the specified secret in custom json format. The secret is stored in the following keys:
"<x509-cert-pem-key>":"<x509-cert-pem>, "<private-pem-key>":"<pkey-pem>, "<ca-cert-key>":"<ca-cert-pem>, "<time-key>": <utc-timestamp>
It supports only 4 json fields 'cert_pem', 'key_pem', 'ca_pem' and 'time'. Out of 4 fields 'cert_pem' and 'key_pem' are mandatory, and resulted json will contain X509CertificateSignerPem and timestamp only if the corresponding json field names are set.
sample `jsonFieldMapper` map: [{"cert_pem": "certPem"}, {"key_pem": "keyPem"}], will result json like
{ "certPem":"<x509-cert-pem>, "keyPem":"<pkey-pem> }
The secret specified by the name must be pre-created
Types ¶
This section is empty.
Source Files