functions

package
v1.12.5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 28, 2024 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetAthenzIdentity added in v1.11.36

func GetAthenzIdentity(athenzDomain, athenzService, athenzProvider, ztsUrl string, sanDNSDomains []string, spiffeTrustDomain string, csrSubjectFields util.CsrSubjectFields) (*util.SiaCertData, error)

GetAthenzIdentity this method can be called from within a GCF (Google Cloud Function) - to get an Athenz certificate from ZTS. See https://cloud.google.com/functions/docs/writing/write-http-functions#http-example-go

func StoreAthenzIdentityInSecretManager added in v1.11.36

func StoreAthenzIdentityInSecretManager(athenzDomain, athenzService, secretName string, siaCertData *util.SiaCertData) error

StoreAthenzIdentityInSecretManager store the retrieved athenz identity in the specified secret. The secret is stored in the following json format:

{
   "<domain>.<service>.cert.pem":"<x509-cert-pem>,
   "<domain>.<service>.key.pem":"<pkey-pem>,
   "ca.cert.pem":"<ca-cert-pem>,
   "time": <utc-timestamp>
}

The secret specified by the name must be pre-created and the service account that the function is invoked with must have been authorized to assume the "Secret Manager Secret Version Adder" role

func StoreAthenzIdentityInSecretManagerCustomFormat added in v1.12.3

func StoreAthenzIdentityInSecretManagerCustomFormat(athenzDomain, athenzService, secretName string, siaCertData *util.SiaCertData, jsonFieldMapper map[string]string) error

StoreAthenzIdentityInSecretManagerCustomFormat store the retrieved athenz identity in the specified secret. The secret is stored in the following json format:

{
   "<x509-cert-pem-key>":"<x509-cert-pem>,
   "<private-pem-key>":"<pkey-pem>,
   "<ca-cert-key>":"<ca-cert-pem>,
   "<time-key>": <utc-timestamp>
}

It supports only 4 json fields 'cert_pem', 'key_pem', 'ca_pem' and 'time'. Out of 4 fields 'cert_pem' and 'key_pem' are mandatory, and resulted json will contain X509CertificateSignerPem and timestamp only if the corresponding json field names are set.

sample `jsonFieldMapper` map: [{"cert_pem": "certPem"}, {"key_pem": "keyPem"}], will result json like

{  "certPem":"<x509-cert-pem>, "keyPem":"<pkey-pem> }

The secret specified by the name must be pre-created and the service account that the function is invoked with must have been authorized to assume the "Secret Manager Secret Version Adder" role

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL