The highest tagged major version is v3.

identity

package

v0.3.0 Latest Latest Go to latest Published: Apr 20, 2023 License: Apache-2.0 Imports: 32 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/AthenZ/k8s-athenz-sia

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func Certificated(idConfig *IdentityConfig, stopChan <-chan struct{}) error
func InitDefaultValues()
func InitIdentityHandler(config *IdentityConfig) (*identityHandler, error)
func Metricsd(idConfig *IdentityConfig, stopChan <-chan struct{}) error
func PrepareIdentityCsrOptions(config *IdentityConfig, domain, service string) (*util.CSROptions, error)
func PrepareRoleCsrOptions(config *IdentityConfig, domain, service string) (*[]util.CSROptions, error)
func PrivateKeyFromPEMBytes(privatePEMBytes []byte) (crypto.Signer, error)
func Tokend(idConfig *IdentityConfig, stopChan <-chan struct{}) error
type AccessToken
type IdentityConfig
type InstanceIdentity
- func InstanceIdentityFromPEMBytes(pemBytes []byte) (identity *InstanceIdentity, err error)
type RoleCertificate
type RoleToken

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// default values for X.509 certificate signing request
	DEFAULT_COUNTRY             = "US"
	DEFAULT_PROVINCE            string
	DEFAULT_ORGANIZATION        string
	DEFAULT_ORGANIZATIONAL_UNIT = "Athenz"

	// default values for role tokens and access tokens
	DEFAULT_TOKEN_EXPIRY_TIME     = "120"
	DEFAULT_TOKEN_EXPIRY_TIME_INT int

	// DEFAULT_ROLE_CERT_EXPIRY_TIME_BUFFER_MINUTES may be overwritten with go build option (e.g. "-X identity.DEFAULT_ROLE_CERT_EXPIRY_TIME_BUFFER_MINUTES=5")
	DEFAULT_ROLE_CERT_EXPIRY_TIME_BUFFER_MINUTES     = "5"
	DEFAULT_ROLE_CERT_EXPIRY_TIME_BUFFER_MINUTES_INT int

	DEFAULT_ENDPOINT                     string
	DEFAULT_ROLE_AUTH_HEADER             = "Athenz-Role-Auth"
	DEFAULT_DNS_SUFFIX                   = "athenz.cloud"
	DEFAULT_ROLE_CERT_FILENAME_DELIMITER = ":role."
	DEFAULT_INTERMEDIATE_CERT_BUNDLE     string
)

Functions ¶

func Certificated ¶

func Certificated(idConfig *IdentityConfig, stopChan <-chan struct{}) error

func InitDefaultValues ¶

func InitDefaultValues()

InitDefaultValues initializes default values from build args

func InitIdentityHandler ¶

func InitIdentityHandler(config *IdentityConfig) (*identityHandler, error)

InitIdentityHandler initializes the ZTS client and parses the config to create CSR options

func Metricsd ¶

func Metricsd(idConfig *IdentityConfig, stopChan <-chan struct{}) error

func PrepareIdentityCsrOptions ¶

func PrepareIdentityCsrOptions(config *IdentityConfig, domain, service string) (*util.CSROptions, error)

PrepareIdentityCsrOptions prepares csrOptions for an X.509 certificate

func PrepareRoleCsrOptions ¶

func PrepareRoleCsrOptions(config *IdentityConfig, domain, service string) (*[]util.CSROptions, error)

PrepareRoleCsrOptions prepares csrOptions for an X.509 certificate

func PrivateKeyFromPEMBytes ¶

func PrivateKeyFromPEMBytes(privatePEMBytes []byte) (crypto.Signer, error)

PrivateKeyFromPEMBytes returns a private key along with its type from its supplied PEM representation.

func Tokend ¶

func Tokend(idConfig *IdentityConfig, stopChan <-chan struct{}) error

Types ¶

type AccessToken ¶

type AccessToken struct {
	Domain      string
	Role        string
	TokenString string
	Expiry      int64
}

AccessToken stores access token

type IdentityConfig ¶

type IdentityConfig struct {
	Init                      bool
	Endpoint                  string
	ProviderService           string
	DNSSuffix                 string
	Refresh                   time.Duration
	DelayJitterSeconds        int64
	KeyFile                   string
	CertFile                  string
	CaCertFile                string
	IntermediateCertBundle    string
	Backup                    string
	CertSecret                string
	Namespace                 string
	AthenzDomain              string
	AthenzPrefix              string
	AthenzSuffix              string
	ServiceAccount            string
	SaTokenFile               string
	PodIP                     string
	PodUID                    string
	Reloader                  *util.CertReloader
	ServerCACert              string
	TargetDomainRoles         string
	RoleCertDir               string
	RoleCertFilenameDelimiter string
	RoleAuthHeader            string
	TokenType                 string
	TokenRefresh              time.Duration
	TokenServerAddr           string
	TokenDir                  string
	MetricsServerAddr         string
	DeleteInstanceID          bool
}

IdentityConfig from cmd line args

type InstanceIdentity ¶

type InstanceIdentity struct {
	X509CertificatePEM   string
	X509CACertificatePEM string
}

InstanceIdentity stores instance identity certificate

func InstanceIdentityFromPEMBytes ¶

func InstanceIdentityFromPEMBytes(pemBytes []byte) (identity *InstanceIdentity, err error)

InstanceIdentityFromPEMBytes returns an InstanceIdentity from its supplied PEM representation.

type RoleCertificate ¶

type RoleCertificate struct {
	Domain          string
	Role            string
	Subject         pkix.Name
	Issuer          pkix.Name
	NotBefore       time.Time
	NotAfter        time.Time
	SerialNumber    *big.Int
	DNSNames        []string
	X509Certificate string
}

RoleCertificate stores role certificate

type RoleToken ¶

type RoleToken struct {
	Domain      string
	Role        string
	TokenString string
	Expiry      int64
}

RoleToken stores role token

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL