server

package

v1.10.3 Latest Latest Go to latest Published: Sep 4, 2024 License: Apache-2.0 Imports: 44 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/spiffe/spire

Links

Open Source Insights

Documentation ¶

Index ¶

type Config
type ExperimentalConfig
type FederationConfig
type Server
- func New(config Config) *Server
- func (s *Server) CheckHealth() health.State
- func (s *Server) Run(ctx context.Context) error

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Config ¶

type Config struct {
	// Configurations for server plugins
	PluginConfigs common.PluginConfigs

	Log loggerv1.Logger

	// LogReopener facilitates handling a signal to rotate log file.
	LogReopener func(context.Context) error

	// If true enables audit logs
	AuditLogEnabled bool

	// Address of SPIRE server
	BindAddress *net.TCPAddr

	// Address of SPIRE Server to be reached locally
	BindLocalAddress net.Addr

	// Directory to store runtime data
	DataDir string

	// Trust domain
	TrustDomain spiffeid.TrustDomain

	Experimental ExperimentalConfig

	// If true enables profiling.
	ProfilingEnabled bool

	// Port used by the pprof web server when ProfilingEnabled == true
	ProfilingPort int

	// Frequency in seconds by which each profile file will be generated.
	ProfilingFreq int

	// Array of profiles names that will be generated on each profiling tick.
	ProfilingNames []string

	// AgentTTL is time-to-live for agent SVIDs
	AgentTTL time.Duration

	// X509SVIDTTL is default time-to-live for X509-SVIDs (overrides SVIDTTL)
	X509SVIDTTL time.Duration

	// JWTSVIDTTL is default time-to-live for SVIDs (overrides SVIDTTL)
	JWTSVIDTTL time.Duration

	// CATTL is the time-to-live for the server CA. This only applies to
	// self-signed CA certificates, otherwise it is up to the upstream CA.
	CATTL time.Duration

	// JWTIssuer is used as the issuer claim in JWT-SVIDs minted by the server.
	// If unset, the JWT-SVID will not have an issuer claim.
	JWTIssuer string

	// CASubject is the subject used in the CA certificate
	CASubject pkix.Name

	// Telemetry provides the configuration for metrics exporting
	Telemetry telemetry.FileConfig

	// HealthChecks provides the configuration for health monitoring
	HealthChecks health.Config

	// CAKeyType is the key type used for the X509 and JWT signing keys
	CAKeyType keymanager.KeyType

	// JWTKeyType is the key type used for JWT signing keys
	JWTKeyType keymanager.KeyType

	// Federation holds the configuration needed to federate with other
	// trust domains.
	Federation FederationConfig

	// RateLimit holds rate limiting configurations.
	RateLimit endpoints.RateLimitConfig

	// CacheReloadInterval controls how often the in-memory entry cache reloads
	CacheReloadInterval time.Duration

	// EventsBasedCache enabled event driven cache reloads
	EventsBasedCache bool

	// PruneEventsOlderThan controls how long events can live before they are pruned
	PruneEventsOlderThan time.Duration

	// SQLTransactionTimeout controls how long to wait for an event before giving up
	SQLTransactionTimeout time.Duration

	// AuthPolicyEngineConfig determines the config for authz policy
	AuthOpaPolicyEngineConfig *authpolicy.OpaEngineConfig

	// AdminIDs are a list of fixed IDs that when presented by a caller in an
	// X509-SVID, are granted admin rights.
	AdminIDs []spiffeid.ID

	// UseLegacyDownstreamX509CATTL, if true, the downstream X509CAs will use
	// the legacy TTL calculation (e.g. prefer downstream workload entry TTL,
	// then fall back to the default workload X509-SVID TTL) v.s. the new TTL
	// calculation (prefer the TTL passed by the downstream caller, then fall
	// back to the default X509 CA TTL).
	UseLegacyDownstreamX509CATTL bool
}

type ExperimentalConfig ¶

type ExperimentalConfig struct {
}

type FederationConfig ¶ added in v0.11.0

type FederationConfig struct {
	// BundleEndpoint contains the federation bundle endpoint configuration.
	BundleEndpoint *bundle.EndpointConfig
	// FederatesWith holds the federation configuration for trust domains this
	// server federates with.
	FederatesWith map[spiffeid.TrustDomain]bundle_client.TrustDomainConfig
}

type Server ¶

type Server struct {
	// contains filtered or unexported fields
}

func New ¶

func New(config Config) *Server

func (*Server) CheckHealth ¶ added in v1.0.0

func (s *Server) CheckHealth() health.State

CheckHealth is used as a top-level health check for the Server.

func (*Server) Run ¶

func (s *Server) Run(ctx context.Context) error

Run the server This method initializes the server, including its plugins, and then blocks until it's shut down or an error is encountered.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
api
agent/v1
audit
bundle/v1
debug/v1
entry/v1
health/v1
limits
localauthority/v1
logger/v1
middleware
rpccontext
svid/v1
trustdomain/v1
authorizedentries
authpolicy
bundle
client
datastore
pubmanager Package pubmanager manages the publishing of the trust bundle to external stores through the configured BundlePublisher plugins.	Package pubmanager manages the publishing of the trust bundle to external stores through the configured BundlePublisher plugins.
ca
manager
rotator
cache
dscache
entrycache
catalog
credtemplate
credvalidator
datastore
sqldriver/awsrds
sqlstore
endpoints
bundle
bundle/internal/acmetest nolint // forked code	nolint // forked code
bundle/internal/autocert nolint // forked code	nolint // forked code
hostservice
agentstore
identityprovider
plugin
bundlepublisher
bundlepublisher/awsrolesanywhere
bundlepublisher/awss3
bundlepublisher/gcpcloudstorage
credentialcomposer
credentialcomposer/uniqueid
keymanager
keymanager/awskms
keymanager/azurekeyvault
keymanager/base
keymanager/disk
keymanager/gcpkms
keymanager/memory
keymanager/test
nodeattestor
nodeattestor/awsiid
nodeattestor/awsiid/awsrsa1024
nodeattestor/awsiid/awsrsa2048
nodeattestor/azuremsi
nodeattestor/base
nodeattestor/gcpiit
nodeattestor/httpchallenge
nodeattestor/jointoken
nodeattestor/k8spsat
nodeattestor/k8ssat
nodeattestor/sshpop
nodeattestor/tpmdevid
nodeattestor/x509pop
notifier
notifier/gcsbundle
notifier/k8sbundle
upstreamauthority
upstreamauthority/awspca
upstreamauthority/awssecret
upstreamauthority/certmanager
upstreamauthority/certmanager/internal/v1
upstreamauthority/disk
upstreamauthority/gcpcas
upstreamauthority/spire
upstreamauthority/vault
registration
svid

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL