lambda

package
v1.12.6 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 7, 2024 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetAWSLambdaServiceCertificate deprecated

func GetAWSLambdaServiceCertificate(ztsUrl, athenzProvider, athenzDomain, service, awsAccount string, sanDNSDomains []string, instanceIdSanDNS bool) (tls.Certificate, error)

Deprecated: Use GetAthenzIdentity functions to get identity certificates

func GetAthenzIdentity added in v1.11.38

func GetAthenzIdentity(athenzDomain, athenzService, athenzProvider, ztsUrl string, sanDNSDomains []string, spiffeTrustDomain string, csrSubjectFields util.CsrSubjectFields) (*util.SiaCertData, error)

func StoreAthenzIdentityInParameterStore added in v1.12.3

func StoreAthenzIdentityInParameterStore(athenzDomain, athenzService, parameterName, kmsId string, siaCertData *util.SiaCertData) error

StoreAthenzIdentityInParameterStore store the retrieved athenz identity in the specified parameter store as Secure String, without CA certificate. The secret is stored in the following keys:

"<domain>.<service>.cert.pem":"<x509-cert-pem>,
"<domain>.<service>.key.pem":"<pkey-pem>,
"time": <utc-timestamp>

The parameter specified by the name must be pre-created

func StoreAthenzIdentityInParameterStoreCustomFormat added in v1.12.3

func StoreAthenzIdentityInParameterStoreCustomFormat(parameterName, kmsId string, siaCertData *util.SiaCertData, jsonFieldMapper map[string]string) error

StoreAthenzIdentityInParameterStoreCustomFormat store the retrieved athenz identity in the specified parameter store as Secure String, without CA certificate. The secret is stored in the following keys

"<x509-cert-pem-key>":"<x509-cert-pem>,
"<private-pem-key>":"<pkey-pem>,
"<time-key>": <utc-timestamp>

It supports only 3 json fields 'cert_pem', 'key_pem' and 'time', where 'cert_pem' and 'key_pem' are mandatory. The resulted json will contain timestamp only if the corresponding json field name is set. It will ignore 'ca_pem' even if it is set.

sample `jsonFieldMapper` map: [{"cert_pem": "certPem"}, {"key_pem": "keyPem"}], will result json like

{  "certPem":"<x509-cert-pem>, "keyPem":"<pkey-pem> }

The parameter specified by the name must be pre-created

func StoreAthenzIdentityInSecretManager added in v1.11.38

func StoreAthenzIdentityInSecretManager(athenzDomain, athenzService, secretName string, siaCertData *util.SiaCertData) error

StoreAthenzIdentityInSecretManager store the retrieved athenz identity in the specified secret. The secret is stored in the following keys:

"<domain>.<service>.cert.pem":"<x509-cert-pem>,
"<domain>.<service>.key.pem":"<pkey-pem>,
"ca.cert.pem":"<ca-cert-pem>,
"time": <utc-timestamp>

The secret specified by the name must be pre-created

func StoreAthenzIdentityInSecretManagerCustomFormat added in v1.12.3

func StoreAthenzIdentityInSecretManagerCustomFormat(athenzDomain, athenzService, secretName string, siaCertData *util.SiaCertData, jsonFieldMapper map[string]string) error

StoreAthenzIdentityInSecretManagerCustomFormat store the retrieved athenz identity in the specified secret in custom json format. The secret is stored in the following keys:

"<x509-cert-pem-key>":"<x509-cert-pem>,
"<private-pem-key>":"<pkey-pem>,
"<ca-cert-key>":"<ca-cert-pem>,
"<time-key>": <utc-timestamp>

It supports only 4 json fields 'cert_pem', 'key_pem', 'ca_pem' and 'time'. Out of 4 fields 'cert_pem' and 'key_pem' are mandatory, and resulted json will contain X509CertificateSignerPem and timestamp only if the corresponding json field names are set.

sample `jsonFieldMapper` map: [{"cert_pem": "certPem"}, {"key_pem": "keyPem"}], will result json like

{  "certPem":"<x509-cert-pem>, "keyPem":"<pkey-pem> }

The secret specified by the name must be pre-created

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL