client

package
v1.8.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 12, 2023 License: Apache-2.0 Imports: 19 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type BundleUpdater

type BundleUpdater interface {
	// UpdateBundle fetches the local bundle from the datastore and the
	// endpoint bundle from the endpoint. The function will return an error if
	// the local bundle cannot be fetched, the endpoint bundle cannot be
	// downloaded, or there is a problem persisting the bundle. The local
	// bundle will always be returned if it was fetched, independent of any
	// other failures performing the update. The endpoint bundle is ONLY
	// returned if it can be successfully downloaded, is different from the
	// local bundle, and is successfully stored.
	UpdateBundle(ctx context.Context) (*spiffebundle.Bundle, *spiffebundle.Bundle, error)

	// GetTrustDomainConfig returns the configuration for the updater
	GetTrustDomainConfig() TrustDomainConfig

	// SetTrustDomainConfig sets the configuration for the updater
	SetTrustDomainConfig(TrustDomainConfig) bool
}

func NewBundleUpdater

func NewBundleUpdater(config BundleUpdaterConfig) BundleUpdater

type BundleUpdaterConfig

type BundleUpdaterConfig struct {
	TrustDomain spiffeid.TrustDomain
	DataStore   datastore.DataStore

	TrustDomainConfig TrustDomainConfig
	// contains filtered or unexported fields
}

type Client

type Client interface {
	FetchBundle(context.Context) (*spiffebundle.Bundle, error)
}

Client is used to fetch a bundle and metadata from a bundle endpoint

func NewClient

func NewClient(config ClientConfig) (Client, error)

type ClientConfig

type ClientConfig struct {
	// TrustDomain is the federated trust domain (i.e. domain.test)
	TrustDomain spiffeid.TrustDomain

	// EndpointURL is the URL used to fetch the bundle of the federated
	// trust domain. Is served by a SPIFFE bundle endpoint server.
	EndpointURL string

	// SPIFFEAuth contains required configuration to authenticate the endpoint
	// using SPIFFE authentication. If unset, it is assumed that the endpoint
	// is authenticated via Web PKI.
	SPIFFEAuth *SPIFFEAuthConfig
	// contains filtered or unexported fields
}

type EndpointProfileInfo added in v1.0.0

type EndpointProfileInfo interface {
	// The name of the endpoint profile (e.g. "https_spiffe").
	Name() string
}

type HTTPSSPIFFEProfile added in v1.0.0

type HTTPSSPIFFEProfile struct {
	// EndpointSPIFFEID is the expected SPIFFE ID of the bundle endpoint server.
	EndpointSPIFFEID spiffeid.ID
}

func (HTTPSSPIFFEProfile) Name added in v1.0.0

func (p HTTPSSPIFFEProfile) Name() string

type HTTPSWebProfile added in v1.0.0

type HTTPSWebProfile struct{}

func (HTTPSWebProfile) Name added in v1.0.0

func (p HTTPSWebProfile) Name() string

type Manager

type Manager struct {
	// contains filtered or unexported fields
}

func NewManager

func NewManager(config ManagerConfig) *Manager

func (*Manager) RefreshBundleFor added in v1.1.0

func (m *Manager) RefreshBundleFor(ctx context.Context, td spiffeid.TrustDomain) (bool, error)

RefreshBundleFor refreshes the trust domain bundle for the given trust domain. If the trust domain is not managed by the manager, false is returned.

func (*Manager) Run

func (m *Manager) Run(ctx context.Context) error

func (*Manager) TriggerConfigReload added in v1.1.1

func (m *Manager) TriggerConfigReload()

TriggerConfigReload triggers the manager to reload the configuration

type ManagerConfig

type ManagerConfig struct {
	Log       logrus.FieldLogger
	Metrics   telemetry.Metrics
	DataStore datastore.DataStore
	Clock     clock.Clock
	Source    TrustDomainConfigSource
	// contains filtered or unexported fields
}

type SPIFFEAuthConfig

type SPIFFEAuthConfig struct {
	// EndpointSpiffeID is the expected SPIFFE ID of the bundle endpoint server.
	EndpointSpiffeID spiffeid.ID

	// RootCAs is the set of root CA certificates used to authenticate the
	// endpoint server.
	RootCAs []*x509.Certificate
}

type TrustDomainConfig

type TrustDomainConfig struct {
	// EndpointURL is the URL used to fetch the bundle of the federated
	// trust domain. Is served by a SPIFFE bundle endpoint server.
	EndpointURL string

	// EndpointProfile is the bundle endpoint profile used by the
	// SPIFFE bundle endpoint server.
	EndpointProfile EndpointProfileInfo
}

type TrustDomainConfigMap added in v1.1.0

type TrustDomainConfigMap = map[spiffeid.TrustDomain]TrustDomainConfig

type TrustDomainConfigSet added in v1.5.3

type TrustDomainConfigSet struct {
	// contains filtered or unexported fields
}

func NewTrustDomainConfigSet added in v1.5.3

func NewTrustDomainConfigSet(configs TrustDomainConfigMap) *TrustDomainConfigSet

func (*TrustDomainConfigSet) GetTrustDomainConfigs added in v1.5.3

func (*TrustDomainConfigSet) Set added in v1.5.3

func (*TrustDomainConfigSet) SetAll added in v1.5.3

func (s *TrustDomainConfigSet) SetAll(configMap TrustDomainConfigMap)

type TrustDomainConfigSource added in v1.1.0

type TrustDomainConfigSource interface {
	GetTrustDomainConfigs(ctx context.Context) (map[spiffeid.TrustDomain]TrustDomainConfig, error)
}

func DataStoreTrustDomainConfigSource added in v1.1.0

func DataStoreTrustDomainConfigSource(log logrus.FieldLogger, ds datastore.DataStore) TrustDomainConfigSource

func MergeTrustDomainConfigSources added in v1.1.0

func MergeTrustDomainConfigSources(sources ...TrustDomainConfigSource) TrustDomainConfigSource

type TrustDomainConfigSourceFunc added in v1.1.0

type TrustDomainConfigSourceFunc func(ctx context.Context) (map[spiffeid.TrustDomain]TrustDomainConfig, error)

func (TrustDomainConfigSourceFunc) GetTrustDomainConfigs added in v1.1.0

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL