bundleutil

package
v1.11.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 12, 2024 License: Apache-2.0 Imports: 18 Imported by: 2

Documentation

Index

Constants

View Source
const (

	// MinimumRefreshHint is the smallest refresh hint the client allows.
	// Anything smaller than the minimum will be reset to the minimum.
	MinimumRefreshHint = time.Minute
)

Variables

This section is empty.

Functions

func BundleProtoFromRootCA

func BundleProtoFromRootCA(trustDomainID string, rootCA *x509.Certificate) *common.Bundle

func BundleProtoFromRootCAs

func BundleProtoFromRootCAs(trustDomainID string, rootCAs []*x509.Certificate) *common.Bundle

func CalculateRefreshHint

func CalculateRefreshHint(bundle *spiffebundle.Bundle) time.Duration

CalculateRefreshHint is used to calculate the refresh hint for a given bundle. If the bundle already contains a refresh hint, then that is used, Otherwise, it looks at the lifetimes of the bundle contents and returns a fraction of the smallest. It is fairly aggressive but ensures clients don't miss a rotation period and lose their ability to fetch. TODO: reevaluate our strategy here when we rework the TTL story inside SPIRE.

func CommonBundleFromProto added in v0.11.0

func CommonBundleFromProto(b *types.Bundle) (*common.Bundle, error)

func Decode

func Decode(trustDomain spiffeid.TrustDomain, r io.Reader) (*spiffebundle.Bundle, error)

func FindX509Authorities added in v1.11.0

func FindX509Authorities(bundle *spiffebundle.Bundle, subjectKeyIDs []string) ([]*x509.Certificate, error)

FindX509Authorities search for all X.509 authorities with provided subjectKeyIDs

func JWTSigningKeysFromBundleProto

func JWTSigningKeysFromBundleProto(b *common.Bundle) (map[string]crypto.PublicKey, error)

func Marshal

func Marshal(bundle *spiffebundle.Bundle, opts ...MarshalOption) ([]byte, error)

func MergeBundles

func MergeBundles(a, b *common.Bundle) (*common.Bundle, bool)

func PruneBundle

func PruneBundle(bundle *common.Bundle, expiration time.Time, log logrus.FieldLogger) (*common.Bundle, bool, error)

PruneBundle removes the bundle RootCAs and JWT keys that expired before a given time It returns an error if pruning results in a bundle with no CAs or keys

func RootCAsFromBundleProto

func RootCAsFromBundleProto(b *common.Bundle) (out []*x509.Certificate, err error)

func SPIFFEBundleFromProto added in v1.6.3

func SPIFFEBundleFromProto(b *common.Bundle) (*spiffebundle.Bundle, error)

func SPIFFEBundleToProto added in v1.6.3

func SPIFFEBundleToProto(b *spiffebundle.Bundle) (*common.Bundle, error)

func Unmarshal

func Unmarshal(trustDomain spiffeid.TrustDomain, data []byte) (*spiffebundle.Bundle, error)

Types

type MarshalOption

type MarshalOption interface {
	// contains filtered or unexported methods
}

func NoJWTSVIDKeys

func NoJWTSVIDKeys() MarshalOption

NoJWTSVIDKeys skips marshalling JWT SVID keys

func NoX509SVIDKeys

func NoX509SVIDKeys() MarshalOption

NoX509SVIDKeys skips marshalling X509 SVID keys

func OverrideRefreshHint

func OverrideRefreshHint(value time.Duration) MarshalOption

OverrideRefreshHint overrides the refresh hint in the bundle

func OverrideSequenceNumber added in v1.6.4

func OverrideSequenceNumber(value uint64) MarshalOption

OverrideSequenceNumber overrides the sequence number in the bundle

func StandardJWKS added in v0.12.0

func StandardJWKS() MarshalOption

StandardJWKS omits SPIFFE-specific parameters from the marshaled bundle

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL