Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type BundleUpdater ¶
type BundleUpdater interface { // UpdateBundle fetches the local bundle from the datastore and the // endpoint bundle from the endpoint. The function will return an error if // the local bundle cannot be fetched, the endpoint bundle cannot be // downloaded, or there is a problem persisting the bundle. The local // bundle will always be returned if it was fetched, independent of any // other failures performing the update. The endpoint bundle is ONLY // returned if it can be successfully downloaded, is different from the // local bundle, and is successfully stored. UpdateBundle(ctx context.Context) (*bundleutil.Bundle, *bundleutil.Bundle, error) }
func NewBundleUpdater ¶
func NewBundleUpdater(config BundleUpdaterConfig) BundleUpdater
type BundleUpdaterConfig ¶
type BundleUpdaterConfig struct { TrustDomainConfig TrustDomain string DataStore datastore.DataStore // contains filtered or unexported fields }
type Client ¶
type Client interface {
FetchBundle(context.Context) (*bundleutil.Bundle, error)
}
Client is used to fetch a bundle and metadata from a bundle endpoint
func NewClient ¶
func NewClient(config ClientConfig) (Client, error)
type ClientConfig ¶
type ClientConfig struct { // TrustDomain is the federated trust domain (i.e. domain.test) TrustDomain string // EndpointAddress is the bundle endpoint for the trust domain. EndpointAddress string // SPIFFEAuth contains required configuration to authenticate the endpoint // using SPIFFE authentication. If unset, it is assumed that the endpoint // is authenticated via Web PKI. SPIFFEAuth *SPIFFEAuthConfig }
type Manager ¶
type Manager struct {
// contains filtered or unexported fields
}
func NewManager ¶
func NewManager(config ManagerConfig) *Manager
type ManagerConfig ¶
type ManagerConfig struct { Log logrus.FieldLogger Metrics telemetry.Metrics DataStore datastore.DataStore Clock clock.Clock TrustDomains map[string]TrustDomainConfig // contains filtered or unexported fields }
type SPIFFEAuthConfig ¶
type SPIFFEAuthConfig struct { // EndpointSpiffeID is the expected SPIFFE ID of the endpoint server. If unset, it // defaults to the SPIRE server ID within the trust domain. EndpointSpiffeID string // RootCAs is the set of root CA certificates used to authenticate the // endpoint server. RootCAs []*x509.Certificate }
type TrustDomainConfig ¶
type TrustDomainConfig struct { // EndpointAddress is the bundle endpoint for the trust domain. EndpointAddress string // EndpointSpiffeID is the expected SPIFFE ID of the endpoint server. If // unset, it defaults to the SPIRE server ID within the trust domain. EndpointSpiffeID string // UseWebPKI is true if the endpoint should be authenticated with Web PKI. // Otherwise, SPIFFE authentication is assumed. UseWebPKI bool }
Click to show internal directories.
Click to hide internal directories.