Documentation
¶
Overview ¶
Package provider represents existing credentials that you can swap your SPIFFE ID for.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AWSSTSAssumeRoleProvider ¶
type AWSSTSAssumeRoleProvider struct {
// contains filtered or unexported fields
}
AWSSTSAssumeRoleProvider is a provider used to get short lived credentials from AWS STS
func NewAWSSTSAssumeRoleProvider ¶
func NewAWSSTSAssumeRoleProvider(ctx context.Context, options AWSSTSAssumeRoleProviderOptions) (AWSSTSAssumeRoleProvider, error)
NewAWSSTSAssumeRoleProvider will configure a new AWSSTSAssumeRoleProvider using the supplied options
func (*AWSSTSAssumeRoleProvider) GetCredential ¶
func (p *AWSSTSAssumeRoleProvider) GetCredential(objectReference string) (*proto.Credential, error)
GetCredential will use STS to get a short lived credential for the given objectReference (Role) spiffe-connector must be able to AssumeRole for the supplied role for this to work
func (*AWSSTSAssumeRoleProvider) Name ¶
func (p *AWSSTSAssumeRoleProvider) Name() string
Name returns the name of the provider
func (*AWSSTSAssumeRoleProvider) Ping ¶
func (p *AWSSTSAssumeRoleProvider) Ping() error
Ping tests the configured credential providing endpoint is reachable Note: this does not test AWS authn/authz
type AWSSTSAssumeRoleProviderOptions ¶
type AWSSTSAssumeRoleProviderOptions struct {
// Endpoint is passed to the session to select with AWS endpoint to use, this is optional
Endpoint string
// Region will be used if endpoint is set, defaults to us-east-1
Region string
// Duration is how long credentials will be valid for, recommended max: 1hr. Durations greater than 1hr might be
// blocked by organisation settings.
Duration int64
// CredentialsOverride will use explicit credentials if set, rather than letting the AWS SDK discover them
CredentialsOverride *credentials.Credentials
}
AWSSTSAssumeRoleProviderOptions are the options available to configure a AWSSTSAssumeRoleProvider
type GoogleIAMServiceAccountKeyProvider ¶
type GoogleIAMServiceAccountKeyProvider struct {
// contains filtered or unexported fields
}
func NewGoogleIAMServiceAccountKeyProvider ¶
func NewGoogleIAMServiceAccountKeyProvider(ctx context.Context, options GoogleIAMServiceAccountKeyProviderOptions) (GoogleIAMServiceAccountKeyProvider, error)
func (*GoogleIAMServiceAccountKeyProvider) GetCredential ¶
func (p *GoogleIAMServiceAccountKeyProvider) GetCredential(objectReference string) (*proto.Credential, error)
func (*GoogleIAMServiceAccountKeyProvider) Name ¶
func (p *GoogleIAMServiceAccountKeyProvider) Name() string
func (*GoogleIAMServiceAccountKeyProvider) Ping ¶
func (p *GoogleIAMServiceAccountKeyProvider) Ping() error
type GoogleIAMServiceAccountKeyProviderOptions ¶
type GoogleIAMServiceAccountKeyProviderOptions struct {
// Endpoint is passed to the service client as withEndpoint but also used for the ping hostname
Endpoint string
// ClientOptions are GCP service client options which are used to initialize the nested GCP IAM service client
ClientOptions []option.ClientOption
// CredentialsOverride will configure the Google Cloud SDK with explicit credentials if set
CredentialsOverride *google.Credentials
}
Source Files