Affected by 
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ComputeEngine ¶
type ComputeEngine struct {
// The ID of the instance's project.
ProjectID string `json:"project_id"`
// The instance's zone.
Zone string `json:"zone"`
// The instance's ID.
InstanceID string `json:"instance_id"`
// The instance's name.
InstanceName string `json:"instance_name"`
}
ComputeEngine contains VM-specific token claims.
type Google ¶
type Google struct {
ComputeEngine ComputeEngine `json:"compute_engine"`
}
Google contains Google-specific token claims.
type IDTokenClaims ¶
type IDTokenClaims struct {
// The email of the service account that this token was issued for.
Email string `json:"email"`
Google Google `json:"google"`
}
IDTokenClaims is the set of claims in a GCP ID token. GCP documentation for claims can be found at https://cloud.google.com/compute/docs/instances/verifying-instance-identity#payload
func (*IDTokenClaims) JoinAuditAttributes ¶
func (c *IDTokenClaims) JoinAuditAttributes() (map[string]interface{}, error)
JoinAuditAttributes returns a series of attributes that can be inserted into audit events related to a specific join.
type IDTokenValidator ¶
type IDTokenValidator struct {
IDTokenValidatorConfig
}
IDTokenValidator validates ID tokens from GCP.
func NewIDTokenValidator ¶
func NewIDTokenValidator(cfg IDTokenValidatorConfig) *IDTokenValidator
func (*IDTokenValidator) Validate ¶
func (id *IDTokenValidator) Validate(ctx context.Context, token string) (*IDTokenClaims, error)
Validate validates an ID token.
type IDTokenValidatorConfig ¶
type IDTokenValidatorConfig struct {
// Clock is used by the validator when checking expiry and issuer times of
// tokens. If omitted, a real clock will be used.
Clock clockwork.Clock
// contains filtered or unexported fields
}
IDTokenValidatorConfig is the config for IDTokenValidator.
Source Files
Click to show internal directories.
Click to hide internal directories.