svid

package
v1.11.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 12, 2024 License: Apache-2.0 Imports: 27 Imported by: 1

Documentation

Index

Constants

View Source
const DefaultRotatorInterval = 5 * time.Second

Variables

This section is empty.

Functions

This section is empty.

Types

type Client added in v1.1.1

type Client interface {
	RenewSVID(ctx context.Context, csr []byte) (*client.X509SVID, error)
	Release()
}

type Rotator

type Rotator interface {
	Run(ctx context.Context) error
	Reattest(ctx context.Context) error
	// NotifyTaintedAuthorities processes new tainted authorities. If the current SVID is compromised,
	// it is marked to force rotation.
	NotifyTaintedAuthorities([]*x509.Certificate) error
	IsTainted() bool

	State() State
	Subscribe() observer.Stream
	GetRotationMtx() *sync.RWMutex
	SetRotationFinishedHook(func())
}

func NewRotator

func NewRotator(c *RotatorConfig) (Rotator, client.Client)

type RotatorConfig

type RotatorConfig struct {
	SVIDKeyManager keymanager.SVIDKeyManager
	Log            logrus.FieldLogger
	Metrics        telemetry.Metrics
	TrustDomain    spiffeid.TrustDomain
	ServerAddr     string
	NodeAttestor   nodeattestor.NodeAttestor
	Reattestable   bool

	// Initial SVID and key
	SVID    []*x509.Certificate
	SVIDKey keymanager.Key

	BundleStream *cache.BundleStream

	// How long to wait between expiry checks
	Interval time.Duration

	// Clk is the clock that the rotator will use to create a ticker
	Clk clock.Clock

	RotationStrategy *rotationutil.RotationStrategy

	// TLSPolicy determines the post-quantum-safe policy for TLS connections.
	TLSPolicy tlspolicy.Policy
}

type State

type State struct {
	SVID         []*x509.Certificate
	Key          crypto.Signer
	Reattestable bool
}

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL