functions

package

v1.12.6 Latest Latest Go to latest Published: Dec 7, 2024 License: Apache-2.0 Imports: 11 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/AthenZ/athenz

Links

Open Source Insights

Documentation ¶

Index ¶

func GetAthenzIdentity(athenzDomain, athenzService, athenzProvider, ztsUrl string, ...) (*util.SiaCertData, error)
func StoreAthenzIdentityInSecretManager(athenzDomain, athenzService, secretName string, siaCertData *util.SiaCertData) error
func StoreAthenzIdentityInSecretManagerCustomFormat(athenzDomain, athenzService, secretName string, siaCertData *util.SiaCertData, ...) error

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GetAthenzIdentity ¶ added in v1.11.36

func GetAthenzIdentity(athenzDomain, athenzService, athenzProvider, ztsUrl string, sanDNSDomains []string, spiffeTrustDomain string, csrSubjectFields util.CsrSubjectFields) (*util.SiaCertData, error)

GetAthenzIdentity this method can be called from within a GCF (Google Cloud Function) - to get an Athenz certificate from ZTS. See https://cloud.google.com/functions/docs/writing/write-http-functions#http-example-go

func StoreAthenzIdentityInSecretManager ¶ added in v1.11.36

func StoreAthenzIdentityInSecretManager(athenzDomain, athenzService, secretName string, siaCertData *util.SiaCertData) error

StoreAthenzIdentityInSecretManager store the retrieved athenz identity in the specified secret. The secret is stored in the following json format:

{
   "<domain>.<service>.cert.pem":"<x509-cert-pem>,
   "<domain>.<service>.key.pem":"<pkey-pem>,
   "ca.cert.pem":"<ca-cert-pem>,
   "time": <utc-timestamp>
}

The secret specified by the name must be pre-created and the service account that the function is invoked with must have been authorized to assume the "Secret Manager Secret Version Adder" role

func StoreAthenzIdentityInSecretManagerCustomFormat ¶ added in v1.12.3

func StoreAthenzIdentityInSecretManagerCustomFormat(athenzDomain, athenzService, secretName string, siaCertData *util.SiaCertData, jsonFieldMapper map[string]string) error

StoreAthenzIdentityInSecretManagerCustomFormat store the retrieved athenz identity in the specified secret. The secret is stored in the following json format:

{
   "<x509-cert-pem-key>":"<x509-cert-pem>,
   "<private-pem-key>":"<pkey-pem>,
   "<ca-cert-key>":"<ca-cert-pem>,
   "<time-key>": <utc-timestamp>
}

It supports only 4 json fields 'cert_pem', 'key_pem', 'ca_pem' and 'time'. Out of 4 fields 'cert_pem' and 'key_pem' are mandatory, and resulted json will contain X509CertificateSignerPem and timestamp only if the corresponding json field names are set.

sample `jsonFieldMapper` map: [{"cert_pem": "certPem"}, {"key_pem": "keyPem"}], will result json like

{  "certPem":"<x509-cert-pem>, "keyPem":"<pkey-pem> }

The secret specified by the name must be pre-created and the service account that the function is invoked with must have been authorized to assume the "Secret Manager Secret Version Adder" role

Types ¶

This section is empty.

Source Files ¶

View all Source files

identity.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL