Documentation ¶
Index ¶
- Constants
- type AttestedNode
- type AttestedNodeEvent
- type Bundle
- type CAJournal
- type DNSName
- type FederatedTrustDomain
- type JoinToken
- type Migration
- type Model
- type NodeSelector
- type Plugin
- func (ds *Plugin) AppendBundle(ctx context.Context, b *common.Bundle) (bundle *common.Bundle, err error)
- func (ds *Plugin) Close() error
- func (ds *Plugin) Configure(_ context.Context, hclConfiguration string) error
- func (ds *Plugin) CountAttestedNodes(ctx context.Context, req *datastore.CountAttestedNodesRequest) (count int32, err error)
- func (ds *Plugin) CountBundles(ctx context.Context) (count int32, err error)
- func (ds *Plugin) CountRegistrationEntries(ctx context.Context, req *datastore.CountRegistrationEntriesRequest) (count int32, err error)
- func (ds *Plugin) CreateAttestedNode(ctx context.Context, node *common.AttestedNode) (attestedNode *common.AttestedNode, err error)
- func (ds *Plugin) CreateAttestedNodeEventForTesting(ctx context.Context, event *datastore.AttestedNodeEvent) error
- func (ds *Plugin) CreateBundle(ctx context.Context, b *common.Bundle) (bundle *common.Bundle, err error)
- func (ds *Plugin) CreateFederationRelationship(ctx context.Context, fr *datastore.FederationRelationship) (newFr *datastore.FederationRelationship, err error)
- func (ds *Plugin) CreateJoinToken(ctx context.Context, token *datastore.JoinToken) (err error)
- func (ds *Plugin) CreateOrReturnRegistrationEntry(ctx context.Context, entry *common.RegistrationEntry) (registrationEntry *common.RegistrationEntry, existing bool, err error)
- func (ds *Plugin) CreateRegistrationEntry(ctx context.Context, entry *common.RegistrationEntry) (registrationEntry *common.RegistrationEntry, err error)
- func (ds *Plugin) CreateRegistrationEntryEventForTesting(ctx context.Context, event *datastore.RegistrationEntryEvent) error
- func (ds *Plugin) DeleteAttestedNode(ctx context.Context, spiffeID string) (attestedNode *common.AttestedNode, err error)
- func (ds *Plugin) DeleteAttestedNodeEventForTesting(ctx context.Context, eventID uint) error
- func (ds *Plugin) DeleteBundle(ctx context.Context, trustDomainID string, mode datastore.DeleteMode) (err error)
- func (ds *Plugin) DeleteFederationRelationship(ctx context.Context, trustDomain spiffeid.TrustDomain) error
- func (ds *Plugin) DeleteJoinToken(ctx context.Context, token string) (err error)
- func (ds *Plugin) DeleteRegistrationEntry(ctx context.Context, entryID string) (registrationEntry *common.RegistrationEntry, err error)
- func (ds *Plugin) DeleteRegistrationEntryEventForTesting(ctx context.Context, eventID uint) error
- func (ds *Plugin) FetchAttestedNode(ctx context.Context, spiffeID string) (attestedNode *common.AttestedNode, err error)
- func (ds *Plugin) FetchAttestedNodeEvent(ctx context.Context, eventID uint) (event *datastore.AttestedNodeEvent, err error)
- func (ds *Plugin) FetchBundle(ctx context.Context, trustDomainID string) (resp *common.Bundle, err error)
- func (ds *Plugin) FetchCAJournal(ctx context.Context, activeX509AuthorityID string) (caJournal *datastore.CAJournal, err error)
- func (ds *Plugin) FetchFederationRelationship(ctx context.Context, trustDomain spiffeid.TrustDomain) (fr *datastore.FederationRelationship, err error)
- func (ds *Plugin) FetchJoinToken(ctx context.Context, token string) (resp *datastore.JoinToken, err error)
- func (ds *Plugin) FetchRegistrationEntry(ctx context.Context, entryID string) (*common.RegistrationEntry, error)
- func (ds *Plugin) FetchRegistrationEntryEvent(ctx context.Context, eventID uint) (event *datastore.RegistrationEntryEvent, err error)
- func (ds *Plugin) GetNodeSelectors(ctx context.Context, spiffeID string, ...) (selectors []*common.Selector, err error)
- func (ds *Plugin) ListAttestedNodeEvents(ctx context.Context, req *datastore.ListAttestedNodeEventsRequest) (resp *datastore.ListAttestedNodeEventsResponse, err error)
- func (ds *Plugin) ListAttestedNodes(ctx context.Context, req *datastore.ListAttestedNodesRequest) (resp *datastore.ListAttestedNodesResponse, err error)
- func (ds *Plugin) ListBundles(ctx context.Context, req *datastore.ListBundlesRequest) (resp *datastore.ListBundlesResponse, err error)
- func (ds *Plugin) ListCAJournalsForTesting(ctx context.Context) (caJournals []*datastore.CAJournal, err error)
- func (ds *Plugin) ListFederationRelationships(ctx context.Context, req *datastore.ListFederationRelationshipsRequest) (resp *datastore.ListFederationRelationshipsResponse, err error)
- func (ds *Plugin) ListNodeSelectors(ctx context.Context, req *datastore.ListNodeSelectorsRequest) (resp *datastore.ListNodeSelectorsResponse, err error)
- func (ds *Plugin) ListRegistrationEntries(ctx context.Context, req *datastore.ListRegistrationEntriesRequest) (resp *datastore.ListRegistrationEntriesResponse, err error)
- func (ds *Plugin) ListRegistrationEntryEvents(ctx context.Context, req *datastore.ListRegistrationEntryEventsRequest) (resp *datastore.ListRegistrationEntryEventsResponse, err error)
- func (ds *Plugin) PruneAttestedNodeEvents(ctx context.Context, olderThan time.Duration) (err error)
- func (ds *Plugin) PruneBundle(ctx context.Context, trustDomainID string, expiresBefore time.Time) (changed bool, err error)
- func (ds *Plugin) PruneCAJournals(ctx context.Context, allAuthoritiesExpireBefore int64) error
- func (ds *Plugin) PruneJoinTokens(ctx context.Context, expiry time.Time) (err error)
- func (ds *Plugin) PruneRegistrationEntries(ctx context.Context, expiresBefore time.Time) (err error)
- func (ds *Plugin) PruneRegistrationEntryEvents(ctx context.Context, olderThan time.Duration) (err error)
- func (ds *Plugin) RevokeJWTKey(ctx context.Context, trustDoaminID string, authorityID string) (*common.PublicKey, error)
- func (ds *Plugin) RevokeX509CA(ctx context.Context, trustDoaminID string, subjectKeyIDToRevoke string) error
- func (ds *Plugin) SetBundle(ctx context.Context, b *common.Bundle) (bundle *common.Bundle, err error)
- func (ds *Plugin) SetCAJournal(ctx context.Context, caJournal *datastore.CAJournal) (caj *datastore.CAJournal, err error)
- func (ds *Plugin) SetNodeSelectors(ctx context.Context, spiffeID string, selectors []*common.Selector) (err error)
- func (ds *Plugin) SetUseServerTimestamps(useServerTimestamps bool)
- func (ds *Plugin) TaintJWTKey(ctx context.Context, trustDoaminID string, authorityID string) (*common.PublicKey, error)
- func (ds *Plugin) TaintX509CA(ctx context.Context, trustDoaminID string, subjectKeyIDToTaint string) error
- func (ds *Plugin) UpdateAttestedNode(ctx context.Context, n *common.AttestedNode, mask *common.AttestedNodeMask) (node *common.AttestedNode, err error)
- func (ds *Plugin) UpdateBundle(ctx context.Context, b *common.Bundle, mask *common.BundleMask) (bundle *common.Bundle, err error)
- func (ds *Plugin) UpdateFederationRelationship(ctx context.Context, fr *datastore.FederationRelationship, ...) (newFr *datastore.FederationRelationship, err error)
- func (ds *Plugin) UpdateRegistrationEntry(ctx context.Context, e *common.RegistrationEntry, ...) (entry *common.RegistrationEntry, err error)
- type RegisteredEntry
- type RegisteredEntryEvent
- type Selector
- type V3AttestedNode
Constants ¶
const ( PluginName = "sql" // MySQL database type MySQL = "mysql" // PostgreSQL database type PostgreSQL = "postgres" // SQLite database type SQLite = "sqlite3" // MySQL database provided by an AWS service AWSMySQL = "aws_mysql" // PostgreSQL database type provided by an AWS service AWSPostgreSQL = "aws_postgres" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AttestedNode ¶
type AttestedNode struct { Model SpiffeID string `gorm:"unique_index"` DataType string SerialNumber string ExpiresAt time.Time `gorm:"index"` NewSerialNumber string NewExpiresAt *time.Time CanReattest bool Selectors []*NodeSelector }
AttestedNode holds an attested node (agent)
func (AttestedNode) TableName ¶
func (AttestedNode) TableName() string
TableName gets table name of AttestedNode
type AttestedNodeEvent ¶ added in v1.7.2
AttestedNodeEvent holds the SPIFFE ID of nodes that had an event
func (AttestedNodeEvent) TableName ¶ added in v1.7.2
func (AttestedNodeEvent) TableName() string
TableName gets table name for AttestedNodeEvent
type Bundle ¶
type Bundle struct { Model TrustDomain string `gorm:"not null;unique_index"` Data []byte `gorm:"size:16777215"` // make MySQL to use MEDIUMBLOB (max 16MB) - doesn't affect PostgreSQL/SQLite FederatedEntries []RegisteredEntry `gorm:"many2many:federated_registration_entries;"` }
Bundle holds a trust bundle.
type CAJournal ¶ added in v1.8.0
type CAJournal struct { Model // Information about X509 and JWT authorities of a single server. Data []byte `gorm:"size:16777215"` // Make MySQL to use MEDIUMBLOB(max 16MB) - doesn't affect PostgreSQL/SQLite // ActiveX509AuthorityID is the Subject Key ID of current active X509 // authority in a server. ActiveX509AuthorityID string `gorm:"index:idx_ca_journals_active_x509_authority_id"` // ActiveJWTAuthorityID is the JWT key ID (i.e. "kid" claim) of the current // active JWT authority in a server. ActiveJWTAuthorityID string `gorm:"index:idx_ca_journals_active_jwt_authority_id"` }
CAJournal holds information about prepared, active, and old X509 and JWT authorities of servers sharing this database. This information helps to manage the rotation of the keys in each server.
type DNSName ¶
type DNSName struct { Model RegisteredEntryID uint `gorm:"unique_index:idx_dns_entry"` Value string `gorm:"unique_index:idx_dns_entry"` }
DNSName holds a DNS for a registration entry
type FederatedTrustDomain ¶
type FederatedTrustDomain struct { Model // TrustDomain is the trust domain name (e.g., "example.org") to federate with. TrustDomain string `gorm:"not null;unique_index"` // BundleEndpointURL is the URL of the SPIFFE bundle endpoint that provides the trust // bundle to federate with. BundleEndpointURL string // BundleEndpointProfile is the endpoint profile type. BundleEndpointProfile string // EndpointSPIFFEID specifies the expected SPIFFE ID of the // SPIFFE bundle endpoint server when BundleEndpointProfile // is "https_spiffe" EndpointSPIFFEID string // Implicit indicates whether the trust domain automatically federates with // all registration entries by default or not. Implicit bool }
FederatedTrustDomain holds federated trust domains. It has the information needed to get updated bundles of the federated trust domain from a SPIFFE bundle endpoint server.
func (FederatedTrustDomain) TableName ¶
func (FederatedTrustDomain) TableName() string
TableName gets table name of FederatedTrustDomain
type Migration ¶
type Migration struct { Model // Database version Version int // SPIRE Code versioning CodeVersion string }
Migration holds database schema version number, and the SPIRE Code version number
type Model ¶
Model is used as a base for other models. Similar to gorm.Model without `DeletedAt`. We don't want soft-delete support.
type NodeSelector ¶
type NodeSelector struct { Model SpiffeID string `gorm:"unique_index:idx_node_resolver_map"` Type string `gorm:"unique_index:idx_node_resolver_map"` Value string `gorm:"unique_index:idx_node_resolver_map"` }
NodeSelector holds a node selector by spiffe ID
func (NodeSelector) TableName ¶
func (NodeSelector) TableName() string
TableName gets table name of NodeSelector
type Plugin ¶
type Plugin struct {
// contains filtered or unexported fields
}
Plugin is a DataStore plugin implemented via a SQL database
func New ¶
func New(log logrus.FieldLogger) *Plugin
New creates a new sql plugin struct. Configure must be called in order to start the db.
func (*Plugin) AppendBundle ¶
func (ds *Plugin) AppendBundle(ctx context.Context, b *common.Bundle) (bundle *common.Bundle, err error)
AppendBundle append bundle contents to the existing bundle (by trust domain). If no existing one is present, create it.
func (*Plugin) Configure ¶
Configure parses HCL config payload into config struct, opens new DB based on the result, and prunes all orphaned records
func (*Plugin) CountAttestedNodes ¶
func (ds *Plugin) CountAttestedNodes(ctx context.Context, req *datastore.CountAttestedNodesRequest) (count int32, err error)
CountAttestedNodes counts all attested nodes
func (*Plugin) CountBundles ¶
CountBundles can be used to count all existing bundles.
func (*Plugin) CountRegistrationEntries ¶
func (ds *Plugin) CountRegistrationEntries(ctx context.Context, req *datastore.CountRegistrationEntriesRequest) (count int32, err error)
CountRegistrationEntries counts all registrations (pagination available)
func (*Plugin) CreateAttestedNode ¶
func (ds *Plugin) CreateAttestedNode(ctx context.Context, node *common.AttestedNode) (attestedNode *common.AttestedNode, err error)
CreateAttestedNode stores the given attested node
func (*Plugin) CreateAttestedNodeEventForTesting ¶ added in v1.10.0
func (ds *Plugin) CreateAttestedNodeEventForTesting(ctx context.Context, event *datastore.AttestedNodeEvent) error
CreateRegistrationEntryEventForTestingForTesting creates an attested node event. Used for unit testing.
func (*Plugin) CreateBundle ¶
func (ds *Plugin) CreateBundle(ctx context.Context, b *common.Bundle) (bundle *common.Bundle, err error)
CreateBundle stores the given bundle
func (*Plugin) CreateFederationRelationship ¶ added in v1.1.0
func (ds *Plugin) CreateFederationRelationship(ctx context.Context, fr *datastore.FederationRelationship) (newFr *datastore.FederationRelationship, err error)
CreateFederationRelationship creates a new federation relationship. If the bundle endpoint profile is 'https_spiffe' and the given federation relationship contains a bundle, the current stored bundle is overridden. If no bundle is provided and there is not a previously stored bundle in the datastore, the federation relationship is not created.
func (*Plugin) CreateJoinToken ¶
CreateJoinToken takes a Token message and stores it
func (*Plugin) CreateOrReturnRegistrationEntry ¶ added in v1.1.0
func (ds *Plugin) CreateOrReturnRegistrationEntry(ctx context.Context, entry *common.RegistrationEntry, ) (registrationEntry *common.RegistrationEntry, existing bool, err error)
CreateOrReturnRegistrationEntry stores the given registration entry. If an entry already exists with the same (parentID, spiffeID, selector) tuple, that entry is returned instead.
func (*Plugin) CreateRegistrationEntry ¶
func (ds *Plugin) CreateRegistrationEntry(ctx context.Context, entry *common.RegistrationEntry, ) (registrationEntry *common.RegistrationEntry, err error)
CreateRegistrationEntry stores the given registration entry
func (*Plugin) CreateRegistrationEntryEventForTesting ¶ added in v1.10.0
func (ds *Plugin) CreateRegistrationEntryEventForTesting(ctx context.Context, event *datastore.RegistrationEntryEvent) error
CreateRegistrationEntryEventForTesting creates a registration entry event. Used for unit testing.
func (*Plugin) DeleteAttestedNode ¶
func (ds *Plugin) DeleteAttestedNode(ctx context.Context, spiffeID string) (attestedNode *common.AttestedNode, err error)
DeleteAttestedNode deletes the given attested node and the associated node selectors.
func (*Plugin) DeleteAttestedNodeEventForTesting ¶ added in v1.10.0
DeleteAttestedNodeEventForTesting deletes an attested node event by event ID. Used for unit testing.
func (*Plugin) DeleteBundle ¶
func (ds *Plugin) DeleteBundle(ctx context.Context, trustDomainID string, mode datastore.DeleteMode) (err error)
DeleteBundle deletes the bundle with the matching TrustDomain. Any CACert data passed is ignored.
func (*Plugin) DeleteFederationRelationship ¶ added in v1.1.0
func (ds *Plugin) DeleteFederationRelationship(ctx context.Context, trustDomain spiffeid.TrustDomain) error
DeleteFederationRelationship deletes the federation relationship to the given trust domain. The associated trust bundle is not deleted.
func (*Plugin) DeleteJoinToken ¶
DeleteJoinToken deletes the given join token
func (*Plugin) DeleteRegistrationEntry ¶
func (ds *Plugin) DeleteRegistrationEntry(ctx context.Context, entryID string, ) (registrationEntry *common.RegistrationEntry, err error)
DeleteRegistrationEntry deletes the given registration
func (*Plugin) DeleteRegistrationEntryEventForTesting ¶ added in v1.10.0
DeleteRegistrationEntryEventForTesting deletes the given registration entry event. Used for unit testing.
func (*Plugin) FetchAttestedNode ¶
func (ds *Plugin) FetchAttestedNode(ctx context.Context, spiffeID string) (attestedNode *common.AttestedNode, err error)
FetchAttestedNode fetches an existing attested node by SPIFFE ID
func (*Plugin) FetchAttestedNodeEvent ¶ added in v1.10.0
func (ds *Plugin) FetchAttestedNodeEvent(ctx context.Context, eventID uint) (event *datastore.AttestedNodeEvent, err error)
FetchAttestedNodeEvent fetches an existing attested node event by event ID
func (*Plugin) FetchBundle ¶
func (ds *Plugin) FetchBundle(ctx context.Context, trustDomainID string) (resp *common.Bundle, err error)
FetchBundle returns the bundle matching the specified Trust Domain.
func (*Plugin) FetchCAJournal ¶ added in v1.9.0
func (ds *Plugin) FetchCAJournal(ctx context.Context, activeX509AuthorityID string) (caJournal *datastore.CAJournal, err error)
FetchCAJournal fetches the CA journal that has the given active X509 authority domain. If the CA journal is not found, nil is returned.
func (*Plugin) FetchFederationRelationship ¶ added in v1.1.0
func (ds *Plugin) FetchFederationRelationship(ctx context.Context, trustDomain spiffeid.TrustDomain) (fr *datastore.FederationRelationship, err error)
FetchFederationRelationship fetches the federation relationship that matches the given trust domain. If the federation relationship is not found, nil is returned.
func (*Plugin) FetchJoinToken ¶
func (ds *Plugin) FetchJoinToken(ctx context.Context, token string) (resp *datastore.JoinToken, err error)
FetchJoinToken takes a Token message and returns one, populating the fields we have knowledge of
func (*Plugin) FetchRegistrationEntry ¶
func (ds *Plugin) FetchRegistrationEntry(ctx context.Context, entryID string, ) (*common.RegistrationEntry, error)
FetchRegistrationEntry fetches an existing registration by entry ID
func (*Plugin) FetchRegistrationEntryEvent ¶ added in v1.10.0
func (ds *Plugin) FetchRegistrationEntryEvent(ctx context.Context, eventID uint) (event *datastore.RegistrationEntryEvent, err error)
FetchRegistrationEntryEvent fetches an existing registration entry event by event ID
func (*Plugin) GetNodeSelectors ¶
func (ds *Plugin) GetNodeSelectors(ctx context.Context, spiffeID string, dataConsistency datastore.DataConsistency, ) (selectors []*common.Selector, err error)
GetNodeSelectors gets node (agent) selectors by SPIFFE ID
func (*Plugin) ListAttestedNodeEvents ¶ added in v1.11.0
func (ds *Plugin) ListAttestedNodeEvents(ctx context.Context, req *datastore.ListAttestedNodeEventsRequest) (resp *datastore.ListAttestedNodeEventsResponse, err error)
ListAttestedNodeEvents lists all attested node events
func (*Plugin) ListAttestedNodes ¶
func (ds *Plugin) ListAttestedNodes(ctx context.Context, req *datastore.ListAttestedNodesRequest, ) (resp *datastore.ListAttestedNodesResponse, err error)
ListAttestedNodes lists all attested nodes (pagination available)
func (*Plugin) ListBundles ¶
func (ds *Plugin) ListBundles(ctx context.Context, req *datastore.ListBundlesRequest) (resp *datastore.ListBundlesResponse, err error)
ListBundles can be used to fetch all existing bundles.
func (*Plugin) ListCAJournalsForTesting ¶ added in v1.9.0
func (ds *Plugin) ListCAJournalsForTesting(ctx context.Context) (caJournals []*datastore.CAJournal, err error)
ListCAJournalsForTesting returns all the CA journal records, and is meant to be used in tests.
func (*Plugin) ListFederationRelationships ¶ added in v1.1.0
func (ds *Plugin) ListFederationRelationships(ctx context.Context, req *datastore.ListFederationRelationshipsRequest) (resp *datastore.ListFederationRelationshipsResponse, err error)
ListFederationRelationships can be used to list all existing federation relationships
func (*Plugin) ListNodeSelectors ¶
func (ds *Plugin) ListNodeSelectors(ctx context.Context, req *datastore.ListNodeSelectorsRequest, ) (resp *datastore.ListNodeSelectorsResponse, err error)
ListNodeSelectors gets node (agent) selectors by SPIFFE ID
func (*Plugin) ListRegistrationEntries ¶
func (ds *Plugin) ListRegistrationEntries(ctx context.Context, req *datastore.ListRegistrationEntriesRequest, ) (resp *datastore.ListRegistrationEntriesResponse, err error)
ListRegistrationEntries lists all registrations (pagination available)
func (*Plugin) ListRegistrationEntryEvents ¶ added in v1.11.0
func (ds *Plugin) ListRegistrationEntryEvents(ctx context.Context, req *datastore.ListRegistrationEntryEventsRequest) (resp *datastore.ListRegistrationEntryEventsResponse, err error)
ListRegistrationEntryEvents lists all registration entry events
func (*Plugin) PruneAttestedNodeEvents ¶ added in v1.11.0
PruneAttestedNodeEvents deletes all attested node events older than a specified duration (i.e. more than 24 hours old)
func (*Plugin) PruneBundle ¶
func (ds *Plugin) PruneBundle(ctx context.Context, trustDomainID string, expiresBefore time.Time) (changed bool, err error)
PruneBundle removes expired certs and keys from a bundle
func (*Plugin) PruneCAJournals ¶ added in v1.9.0
PruneCAJournals prunes the CA journals that have all of their authorities expired.
func (*Plugin) PruneJoinTokens ¶
PruneJoinTokens takes a Token message, and deletes all tokens which have expired before the date in the message
func (*Plugin) PruneRegistrationEntries ¶
func (ds *Plugin) PruneRegistrationEntries(ctx context.Context, expiresBefore time.Time) (err error)
PruneRegistrationEntries takes a registration entry message, and deletes all entries which have expired before the date in the message
func (*Plugin) PruneRegistrationEntryEvents ¶ added in v1.11.0
func (ds *Plugin) PruneRegistrationEntryEvents(ctx context.Context, olderThan time.Duration) (err error)
PruneRegistrationEntryEvents deletes all registration entry events older than a specified duration (i.e. more than 24 hours old)
func (*Plugin) RevokeJWTKey ¶ added in v1.6.3
func (ds *Plugin) RevokeJWTKey(ctx context.Context, trustDoaminID string, authorityID string) (*common.PublicKey, error)
RevokeJWTAuthority removes JWT key from the bundle
func (*Plugin) RevokeX509CA ¶ added in v1.6.3
func (ds *Plugin) RevokeX509CA(ctx context.Context, trustDoaminID string, subjectKeyIDToRevoke string) error
RevokeX509CA removes a Root CA from the bundle
func (*Plugin) SetBundle ¶
func (ds *Plugin) SetBundle(ctx context.Context, b *common.Bundle) (bundle *common.Bundle, err error)
SetBundle sets bundle contents. If no bundle exists for the trust domain, it is created.
func (*Plugin) SetCAJournal ¶ added in v1.9.0
func (ds *Plugin) SetCAJournal(ctx context.Context, caJournal *datastore.CAJournal) (caj *datastore.CAJournal, err error)
SetCAJournal sets the content for the specified CA journal. If the CA journal does not exist, it is created.
func (*Plugin) SetNodeSelectors ¶
func (ds *Plugin) SetNodeSelectors(ctx context.Context, spiffeID string, selectors []*common.Selector) (err error)
SetNodeSelectors sets node (agent) selectors by SPIFFE ID, deleting old selectors first
func (*Plugin) SetUseServerTimestamps ¶ added in v1.7.1
SetUseServerTimestamps controls whether server-generated timestamps should be used in the database. This is only intended to be used by tests in order to produce deterministic timestamp data, since some databases round off timestamp data with lower precision.
func (*Plugin) TaintJWTKey ¶ added in v1.6.3
func (ds *Plugin) TaintJWTKey(ctx context.Context, trustDoaminID string, authorityID string) (*common.PublicKey, error)
TaintJWTKey taints a JWT Authority key
func (*Plugin) TaintX509CA ¶ added in v1.6.3
func (ds *Plugin) TaintX509CA(ctx context.Context, trustDoaminID string, subjectKeyIDToTaint string) error
TaintX509CAByKey taints an X.509 CA signed using the provided public key
func (*Plugin) UpdateAttestedNode ¶
func (ds *Plugin) UpdateAttestedNode(ctx context.Context, n *common.AttestedNode, mask *common.AttestedNodeMask) (node *common.AttestedNode, err error)
UpdateAttestedNode updates the given node's cert serial and expiration.
func (*Plugin) UpdateBundle ¶
func (ds *Plugin) UpdateBundle(ctx context.Context, b *common.Bundle, mask *common.BundleMask) (bundle *common.Bundle, err error)
UpdateBundle updates an existing bundle with the given CAs. Overwrites any existing certificates.
func (*Plugin) UpdateFederationRelationship ¶ added in v1.1.0
func (ds *Plugin) UpdateFederationRelationship(ctx context.Context, fr *datastore.FederationRelationship, mask *types.FederationRelationshipMask) (newFr *datastore.FederationRelationship, err error)
UpdateFederationRelationship updates the given federation relationship. Attributes are only updated if the correspondent mask value is set to true.
func (*Plugin) UpdateRegistrationEntry ¶
func (ds *Plugin) UpdateRegistrationEntry(ctx context.Context, e *common.RegistrationEntry, mask *common.RegistrationEntryMask) (entry *common.RegistrationEntry, err error)
UpdateRegistrationEntry updates an existing registration entry
type RegisteredEntry ¶
type RegisteredEntry struct { Model EntryID string `gorm:"unique_index"` SpiffeID string `gorm:"index"` ParentID string `gorm:"index"` // TTL of identities derived from this entry. This field represents the X509-SVID TTL of the Entry TTL int32 Selectors []Selector FederatesWith []Bundle `gorm:"many2many:federated_registration_entries;"` Admin bool Downstream bool // (optional) expiry of this entry Expiry int64 `gorm:"index"` // (optional) DNS entries DNSList []DNSName // RevisionNumber is a counter that is incremented when the entry is // updated. RevisionNumber int64 // StoreSvid determines if the issued SVID is exportable to a store StoreSvid bool // Hint is a "hint string" passed to the workload to distinguish between // multiple SVIDs Hint string `gorm:"index"` // TTL of JWT identities derived from this entry JWTSvidTTL int32 `gorm:"column:jwt_svid_ttl"` }
RegisteredEntry holds a registered entity entry
type RegisteredEntryEvent ¶ added in v1.7.2
RegisteredEntryEvent holds the entry id of a registered entry that had an event
func (RegisteredEntryEvent) TableName ¶ added in v1.7.2
func (RegisteredEntryEvent) TableName() string
TableName gets table name for RegisteredEntryEvent