Documentation
¶
Index ¶
- func AgentAuthorizer(log logrus.FieldLogger, ds datastore.DataStore, clk clock.Clock) middleware.AgentAuthorizer
- func Authorization(log logrus.FieldLogger, ds datastore.DataStore, clk clock.Clock) map[string]middleware.Authorizer
- func AuthorizedEntryFetcher(ds datastore.DataStore) api.AuthorizedEntryFetcher
- func AuthorizedEntryFetcherWithCache(ds datastore.DataStore) (api.AuthorizedEntryFetcher, error)
- func EntryFetcher(ds datastore.DataStore) middleware.EntryFetcher
- func Middleware(log logrus.FieldLogger, metrics telemetry.Metrics, ds datastore.DataStore, ...) middleware.Middleware
- func RateLimits(config RateLimitConfig) map[string]api.RateLimiter
- func UpstreamPublisher(manager *ca.Manager) bundle.UpstreamPublisher
- type APIServers
- type AuthorizedEntryFetcherWithFullCache
- type Config
- type Endpoints
- type OldAPIServers
- type RateLimitConfig
- type Server
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AgentAuthorizer ¶ added in v0.11.0
func AgentAuthorizer(log logrus.FieldLogger, ds datastore.DataStore, clk clock.Clock) middleware.AgentAuthorizer
func Authorization ¶ added in v0.11.0
func Authorization(log logrus.FieldLogger, ds datastore.DataStore, clk clock.Clock) map[string]middleware.Authorizer
func AuthorizedEntryFetcher ¶ added in v0.11.0
func AuthorizedEntryFetcher(ds datastore.DataStore) api.AuthorizedEntryFetcher
func AuthorizedEntryFetcherWithCache ¶ added in v0.11.0
func AuthorizedEntryFetcherWithCache(ds datastore.DataStore) (api.AuthorizedEntryFetcher, error)
func EntryFetcher ¶ added in v0.11.0
func EntryFetcher(ds datastore.DataStore) middleware.EntryFetcher
func Middleware ¶ added in v0.11.0
func Middleware(log logrus.FieldLogger, metrics telemetry.Metrics, ds datastore.DataStore, clk clock.Clock, rlConf RateLimitConfig) middleware.Middleware
func RateLimits ¶ added in v0.11.0
func RateLimits(config RateLimitConfig) map[string]api.RateLimiter
func UpstreamPublisher ¶ added in v0.11.0
Types ¶
type APIServers ¶ added in v0.11.0
type APIServers struct {
AgentServer agentv1_pb.AgentServer
BundleServer bundlev1_pb.BundleServer
DebugServer debugv1_pb.DebugServer
EntryServer entryv1_pb.EntryServer
SVIDServer svidv1_pb.SVIDServer
}
type AuthorizedEntryFetcherWithFullCache ¶ added in v0.12.0
type AuthorizedEntryFetcherWithFullCache struct {
// contains filtered or unexported fields
}
func NewAuthorizedEntryFetcherWithFullCache ¶ added in v0.12.0
func NewAuthorizedEntryFetcherWithFullCache(ctx context.Context, buildCache entryCacheBuilderFn, log logrus.FieldLogger, clk clock.Clock) (*AuthorizedEntryFetcherWithFullCache, error)
func (*AuthorizedEntryFetcherWithFullCache) FetchAuthorizedEntries ¶ added in v0.12.0
func (*AuthorizedEntryFetcherWithFullCache) RunRebuildCacheTask ¶ added in v0.12.0
func (a *AuthorizedEntryFetcherWithFullCache) RunRebuildCacheTask(ctx context.Context) error
RunRebuildCacheTask starts a ticker which rebuilds the in-memory entry cache.
type Config ¶
type Config struct {
// TPCAddr is the address to bind the TCP listener to.
TCPAddr *net.TCPAddr
// UDSAddr is the address to bind the UDS listener to.
UDSAddr *net.UnixAddr
// The svid rotator used to obtain the latest server credentials
SVIDObserver svid.Observer
// The server's configured trust domain. Used for validation, server SVID, etc.
TrustDomain spiffeid.TrustDomain
// Plugin catalog
Catalog catalog.Catalog
// Server CA for signing SVIDs
ServerCA ca.ServerCA
// Allow agentless spiffeIds when doing node attestation
AllowAgentlessNodeAttestors bool
// Bundle endpoint configuration
BundleEndpoint bundle.EndpointConfig
// CA Manager
Manager *ca.Manager
Log logrus.FieldLogger
Metrics telemetry.Metrics
// RateLimit holds rate limiting configurations.
RateLimit RateLimitConfig
Uptime func() time.Duration
Clock clock.Clock
}
Config is a configuration for endpoints
type Endpoints ¶
type Endpoints struct {
OldAPIServers
TCPAddr *net.TCPAddr
UDSAddr *net.UnixAddr
SVIDObserver svid.Observer
TrustDomain spiffeid.TrustDomain
DataStore datastore.DataStore
APIServers APIServers
BundleEndpointServer Server
Log logrus.FieldLogger
Metrics telemetry.Metrics
RateLimit RateLimitConfig
EntryFetcherCacheRebuildTask func(context.Context) error
}
func (*Endpoints) ListenAndServe ¶
ListenAndServe starts all endpoint servers and blocks until the context is canceled or any of the servers fails to run. If the context is canceled, the function returns nil. Otherwise, the error from the failed server is returned.
type OldAPIServers ¶ added in v0.11.0
type OldAPIServers struct {
RegistrationServer registration_pb.RegistrationServer
NodeServer node_pb.NodeServer
}
type RateLimitConfig ¶ added in v0.11.0
type RateLimitConfig struct {
// Attestation, if true, rate limits attestation
Attestation bool
// Signing, if true, rate limits JWT and X509 signing requests
Signing bool
}
RateLimitConfig holds rate limiting configurations.
type Server ¶
type Server interface {
// ListenAndServe starts all endpoint servers and blocks until the context
// is canceled or any of the servers fails to run. If the context is
// canceled, the function returns nil. Otherwise, the error from the failed
// server is returned.
ListenAndServe(ctx context.Context) error
}
Server manages gRPC and HTTP endpoint lifecycle
Source Files
¶
Directories
¶
| Path | Synopsis |
|---|---|
|
internal/acmetest
nolint // forked code
|
nolint // forked code |
|
internal/autocert
nolint // forked code nolint // forked code nolint // forked code
|
nolint // forked code nolint // forked code nolint // forked code |
Click to show internal directories.
Click to hide internal directories.