sat

package

v0.12.1 Latest Latest Go to latest Published: Mar 4, 2021 License: Apache-2.0 Imports: 22 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/spiffe/spire

Links

Open Source Insights

Documentation ¶

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func BuiltIn ¶

func BuiltIn() catalog.Plugin

Types ¶

type AttestorConfig ¶

type AttestorConfig struct {
	Clusters map[string]*ClusterConfig `hcl:"clusters"`
}

type AttestorPlugin ¶

type AttestorPlugin struct {
	nodeattestorbase.Base
	// contains filtered or unexported fields
}

func New ¶

func New() *AttestorPlugin

func (*AttestorPlugin) Attest ¶

func (p *AttestorPlugin) Attest(stream nodeattestor.NodeAttestor_AttestServer) error

func (*AttestorPlugin) Configure ¶

func (p *AttestorPlugin) Configure(ctx context.Context, req *spi.ConfigureRequest) (*spi.ConfigureResponse, error)

func (*AttestorPlugin) GetPluginInfo ¶

func (p *AttestorPlugin) GetPluginInfo(context.Context, *spi.GetPluginInfoRequest) (*spi.GetPluginInfoResponse, error)

type ClusterConfig ¶

type ClusterConfig struct {
	// Path on disk to a PEM encoded file containing public keys used in validating tokens for that cluster
	// If use_token_review_api_validation is true, then this path is ignored and TokenReview API is used for validation
	ServiceAccountKeyFile string `hcl:"service_account_key_file"`

	// ServiceAccountWhitelist is a list of service account names, qualified by
	// namespace (for example, "default:blog" or "production:web") to allow for node attestation
	ServiceAccountWhitelist []string `hcl:"service_account_whitelist"`

	// UseTokenReviewAPI
	//   If true token review API will be used for token validation
	//   If false ServiceAccountKeyFile will be used for token validation
	UseTokenReviewAPI bool `hcl:"use_token_review_api_validation"`

	// Kubernetes configuration file path
	// Used to create a client to query the Kubernetes API server. If string is empty, in-cluster configuration is used
	KubeConfigFile string `hcl:"kube_config_file"`
}

Source Files ¶

View all Source files

sat.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL