delegatedidentity

package

v1.11.0 Latest Latest Go to latest Published: Oct 23, 2024 License: Apache-2.0 Imports: 25 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/spiffe/spire

Links

Open Source Insights

Documentation ¶

Index ¶

func RegisterService(s *grpc.Server, service *Service)
type Config
type Service
- func New(config Config) *Service

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func RegisterService ¶

func RegisterService(s *grpc.Server, service *Service)

RegisterService registers the delegated identity service on the provided server

Types ¶

type Config ¶

type Config struct {
	Log                 logrus.FieldLogger
	Metrics             telemetry.Metrics
	Manager             manager.Manager
	Attestor            workloadattestor.Attestor
	AuthorizedDelegates []string
}

type Service ¶

type Service struct {
	delegatedidentityv1.UnsafeDelegatedIdentityServer
	// contains filtered or unexported fields
}

Service implements the delegated identity server

func New ¶

func New(config Config) *Service

func (*Service) FetchJWTSVIDs ¶ added in v1.3.0

func (s *Service) FetchJWTSVIDs(ctx context.Context, req *delegatedidentityv1.FetchJWTSVIDsRequest) (resp *delegatedidentityv1.FetchJWTSVIDsResponse, err error)

Attempt to attest and authorize the delegate, and then

- Take a pre-atttested set of selectors from the delegate - the PID the delegate gave us and attempt to attest that into a set of selectors

and provide a JWT SVID for those selectors.

NOTE: - If supplying a PID, the trusted delegate is responsible for ensuring the PID is valid and not recycled, from initiation of this call until the response is returned, and if it is, must discard any response provided by this call as invalid. - If supplying selectors, the trusted delegate is responsible for ensuring they are correct.

func (*Service) SubscribeToJWTBundles ¶ added in v1.3.0

func (s *Service) SubscribeToJWTBundles(_ *delegatedidentityv1.SubscribeToJWTBundlesRequest, stream delegatedidentityv1.DelegatedIdentity_SubscribeToJWTBundlesServer) error

func (*Service) SubscribeToX509Bundles ¶

func (s *Service) SubscribeToX509Bundles(_ *delegatedidentityv1.SubscribeToX509BundlesRequest, stream delegatedidentityv1.DelegatedIdentity_SubscribeToX509BundlesServer) error

func (*Service) SubscribeToX509SVIDs ¶

func (s *Service) SubscribeToX509SVIDs(req *delegatedidentityv1.SubscribeToX509SVIDsRequest, stream delegatedidentityv1.DelegatedIdentity_SubscribeToX509SVIDsServer) error

Attempt to attest and authorize the delegate, and then

- Take a pre-atttested set of selectors from the delegate - the PID the delegate gave us and attempt to attest that into a set of selectors

and provide a SVID subscription for those selectors.

NOTE: - If supplying a PID, the trusted delegate is responsible for ensuring the PID is valid and not recycled, from initiation of this call until the termination of the response stream, and if it is, must discard any stream contents provided by this call as invalid. - If supplying selectors, the trusted delegate is responsible for ensuring they are correct.

Source Files ¶

View all Source files

service.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL