Documentation
¶
Index ¶
- func BuiltIn() catalog.BuiltIn
- type CertAuthConfig
- type Config
- type OAuthConfig
- type Plugin
- func (p *Plugin) Configure(_ context.Context, req *configv1.ConfigureRequest) (*configv1.ConfigureResponse, error)
- func (p *Plugin) MintX509CAAndSubscribe(req *upstreamauthorityv1.MintX509CARequest, ...) error
- func (p *Plugin) PublishJWTKeyAndSubscribe(_ *upstreamauthorityv1.PublishJWTKeyRequest, ...) error
- func (p *Plugin) SetLogger(logger hclog.Logger)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type CertAuthConfig ¶
type Config ¶
type Config struct {
Hostname string `hcl:"hostname" json:"hostname"`
CaCert string `hcl:"ca_cert" json:"ca_cert"`
CaCertPath string `hcl:"ca_cert_path" json:"ca_cert_path"`
CertAuth *CertAuthConfig `hcl:"cert_auth" json:"cert_auth,omitempty"`
OAuth *OAuthConfig `hcl:"oauth" json:"oauth,omitempty"`
CAName string `hcl:"ca_name" json:"ca_name"`
EndEntityProfileName string `hcl:"end_entity_profile_name" json:"end_entity_profile_name"`
CertificateProfileName string `hcl:"certificate_profile_name" json:"certificate_profile_name"`
DefaultEndEntityName string `hcl:"end_entity_name" json:"end_entity_name"`
AccountBindingID string `hcl:"account_binding_id" json:"account_binding_id"`
}
Config defines the configuration for the plugin.
type OAuthConfig ¶
type OAuthConfig struct {
TokenURL string `hcl:"token_url" json:"token_url"`
ClientID string `hcl:"client_id" json:"client_id"`
ClientSecret string `hcl:"client_secret" json:"client_secret"`
// Comma separated list of scopes
Scopes string `hcl:"scopes" json:"scopes"`
Audience string `hcl:"audience" json:"audience"`
}
type Plugin ¶
type Plugin struct {
// UnimplementedUpstreamAuthorityServer is embedded to satisfy gRPC
upstreamauthorityv1.UnimplementedUpstreamAuthorityServer
// UnimplementedConfigServer is embedded to satisfy gRPC
configv1.UnimplementedConfigServer
// contains filtered or unexported fields
}
Plugin implements the UpstreamAuthority plugin
func (*Plugin) Configure ¶
func (p *Plugin) Configure(_ context.Context, req *configv1.ConfigureRequest) (*configv1.ConfigureResponse, error)
Configure configures the EJBCA UpstreamAuthority plugin. This is invoked by SPIRE when the plugin is first loaded. After the first invocation, it may be used to reconfigure the plugin.
func (*Plugin) MintX509CAAndSubscribe ¶
func (p *Plugin) MintX509CAAndSubscribe(req *upstreamauthorityv1.MintX509CARequest, stream upstreamauthorityv1.UpstreamAuthority_MintX509CAAndSubscribeServer) error
MintX509CAAndSubscribe implements the UpstreamAuthority MintX509CAAndSubscribe RPC. Mints an X.509 CA and responds with the signed X.509 CA certificate chain and upstream X.509 roots. The stream is kept open but new roots will not be published unless the CA is rotated and a new X.509 CA is minted.
Implementation note:
- It's important that the EJBCA Certificate Profile and End Entity Profile are properly configured before using this plugin. The plugin does not attempt to configure these profiles.
func (*Plugin) PublishJWTKeyAndSubscribe ¶
func (p *Plugin) PublishJWTKeyAndSubscribe(_ *upstreamauthorityv1.PublishJWTKeyRequest, _ upstreamauthorityv1.UpstreamAuthority_PublishJWTKeyAndSubscribeServer) error
PublishJWTKeyAndSubscribe implements the UpstreamAuthority PublishJWTKeyAndSubscribe RPC. Publishes a JWT signing key upstream and responds with the upstream JWT keys. If supported by the implementation, subsequent responses on the stream contain upstream JWT key updates, otherwise the stream is closed after the initial response.
The EJBCA UpstreamAuthority plugin does not support publishing JWT keys.
Source Files