Documentation
¶
Index ¶
- Variables
- type Algorithm
- type Attestation
- type AuthenticationKey
- type CertificateAuthority
- type CertificateMetadata
- type CertificateParameters
- type CertificateResponseData
- type ContextKey
- type EC2InstanceMetadata
- type EC2NodeAttestation
- type EnvironmentKey
- type Extensions
- type InstanceIdentityDocument
- type NodeAttestation
- type NodeIIDAttestation
- type ProvisionerAccountPayload
- type ServiceAccountPayload
- type UserKey
Constants ¶
This section is empty.
Variables ¶
View Source
var CertificateRequestExtension = map[string]Extensions{ "EndEntityClientAuthCertificate": { KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment, ExtendedKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}, TemplateArn: "arn:aws:acm-pca:::template/EndEntityClientAuthCertificate/V1", }, "EndEntityServerAuthCertificate": { KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment, ExtendedKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, TemplateArn: "arn:aws:acm-pca:::template/EndEntityServerAuthCertificate/V1", }, "CodeSigningCertificate": { KeyUsage: x509.KeyUsageDigitalSignature, ExtendedKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageCodeSigning}, TemplateArn: "arn:aws:acm-pca:::template/CodeSigningCertificate/V1", }, }
View Source
var Methods = map[string]AuthenticationKey{ "/grpc.health.v1.Health/Check": PassAuthentication, "/baseca.v1.Account/LoginUser": PassAuthentication, "/baseca.v1.Account/UpdateUserCredentials": PassAuthentication, "/baseca.v1.Certificate/SignCSR": ServiceAuthentication, "/baseca.v1.Certificate/OperationsSignCSR": ProvisionerAuthentication, "/baseca.v1.Certificate/QueryCertificateMetadata": ProvisionerAuthentication, "/baseca.v1.Service/ProvisionServiceAccount": ProvisionerAuthentication, "/baseca.v1.Service/GetServiceAccountByMetadata": ProvisionerAuthentication, "/baseca.v1.Service/DeleteProvisionedServiceAccount": ProvisionerAuthentication, }
View Source
var SubordinatePath string
View Source
var ValidNodeAttestation = map[string]bool{ "Local": false, "AWS": true, }
Functions ¶
This section is empty.
Types ¶
type Algorithm ¶
type Algorithm struct {
Algorithm x509.PublicKeyAlgorithm
KeySize map[int]interface{}
Signature map[string]bool
SigningAlgorithm map[x509.SignatureAlgorithm]bool
}
type Attestation ¶
type Attestation uint
const (
AWS_IID Attestation = iota
)
func (Attestation) String ¶
func (a Attestation) String() string
type AuthenticationKey ¶
type AuthenticationKey uint
const ( PassAuthentication AuthenticationKey = iota ServiceAuthentication ProvisionerAuthentication )
type CertificateAuthority ¶
type CertificateMetadata ¶
type CertificateParameters ¶
type CertificateResponseData ¶
type CertificateResponseData struct {
Certificate string `json:"certificate"`
IntermediateCertificateChain string `json:"intermediate_certificate_chain,omitempty"`
RootCertificateChain string `json:"root_certificate_chain,omitempty"`
Metadata CertificateMetadata `json:"metadata"`
}
type ContextKey ¶
type ContextKey uint
const ( // Context Metadata ServiceAuthenticationContextKey ContextKey = iota ProvisionerAuthenticationContextKey UserAuthenticationContextKey )
type EC2InstanceMetadata ¶
type EC2NodeAttestation ¶
type EC2NodeAttestation struct {
ClientID uuid.UUID `json:"client_id"`
RoleArn string `json:"instance_profile_arn,omitempty"`
AssumeRole string `json:"assume_role,omitempty"`
SecurityGroups []string `json:"security_groups,omitempty"`
Region string `json:"region,omitempty"`
InstanceID string `json:"instance_id,omitempty"`
ImageID string `json:"image_id,omitempty"`
InstanceTags map[string]string `json:"instance_tags,omitempty"`
}
Node Attestation Configured in Database
type EnvironmentKey ¶
type EnvironmentKey uint
const ( // Environments Production EnvironmentKey = iota PreProduction Staging Development Sandbox Local Corporate )
func (EnvironmentKey) String ¶
func (u EnvironmentKey) String() string
type Extensions ¶
type Extensions struct {
KeyUsage x509.KeyUsage
ExtendedKeyUsage []x509.ExtKeyUsage
TemplateArn string
}
type InstanceIdentityDocument ¶
type InstanceIdentityDocument struct {
AccountId string `json:"accountId"`
Architecture string `json:"architecture"`
AvailabilityZone string `json:"availabilityZone"`
ImageId string `json:"imageId"`
InstanceId string `json:"instanceId"`
InstanceType string `json:"instanceType"`
PrivateIp string `json:"privateIp"`
Region string `json:"region"`
Version string `json:"version"`
}
type NodeAttestation ¶
type NodeAttestation struct {
EC2NodeAttestation EC2NodeAttestation `json:"aws_iid"`
}
type NodeIIDAttestation ¶
type NodeIIDAttestation struct {
Uuid uuid.UUID
EC2InstanceMetadata aws_iid.EC2InstanceMetadata
Attestation EC2NodeAttestation
}
type ProvisionerAccountPayload ¶
type ProvisionerAccountPayload struct {
ClientId uuid.UUID `json:"client_id"`
ProvisionerAccount string `json:"provisioner_account"`
Environments []string `json:"environments"`
ValidSubjectAlternateNames []string `json:"subject_alternate_names"`
MaxCertificateValidity uint32 `json:"max_certificate_validity"`
ExtendedKeys []string `json:"certificate_request_extension"`
RegularExpression string `json:"regular_expression"`
}
type ServiceAccountPayload ¶
type ServiceAccountPayload struct {
ServiceID uuid.UUID `json:"service_id"`
ServiceAccount string `json:"service_account"`
Environment string `json:"environment"`
ValidSubjectAlternateName []string `json:"subject_alternate_name"`
ValidCertificateAuthorities []string `json:"certificate_authorities"`
CertificateValidity int16 `json:"certificate_validity"`
SubordinateCa string `json:"subordinate_ca"`
ExtendedKey string `json:"certificate_request_extension"`
SANRegularExpression string `json:"regular_expression"`
}
Source Files
Click to show internal directories.
Click to hide internal directories.