Documentation
¶
Index ¶
- Constants
- func BundleProtoFromRootCA(trustDomainID string, rootCA *x509.Certificate) *common.Bundle
- func BundleProtoFromRootCAs(trustDomainID string, rootCAs []*x509.Certificate) *common.Bundle
- func CalculateRefreshHint(bundle *spiffebundle.Bundle) time.Duration
- func CommonBundleFromProto(b *types.Bundle) (*common.Bundle, error)
- func Decode(trustDomain spiffeid.TrustDomain, r io.Reader) (*spiffebundle.Bundle, error)
- func JWTSigningKeysFromBundleProto(b *common.Bundle) (map[string]crypto.PublicKey, error)
- func Marshal(bundle *spiffebundle.Bundle, opts ...MarshalOption) ([]byte, error)
- func MergeBundles(a, b *common.Bundle) (*common.Bundle, bool)
- func PruneBundle(bundle *common.Bundle, expiration time.Time, log logrus.FieldLogger) (*common.Bundle, bool, error)
- func RootCAsFromBundleProto(b *common.Bundle) (out []*x509.Certificate, err error)
- func SPIFFEBundleFromProto(b *common.Bundle) (*spiffebundle.Bundle, error)
- func SPIFFEBundleToProto(b *spiffebundle.Bundle) (*common.Bundle, error)
- func Unmarshal(trustDomain spiffeid.TrustDomain, data []byte) (*spiffebundle.Bundle, error)
- type MarshalOption
Constants ¶
const ( // MinimumRefreshHint is the smallest refresh hint the client allows. // Anything smaller than the minimum will be reset to the minimum. MinimumRefreshHint = time.Minute )
Variables ¶
This section is empty.
Functions ¶
func BundleProtoFromRootCA ¶
func BundleProtoFromRootCA(trustDomainID string, rootCA *x509.Certificate) *common.Bundle
func BundleProtoFromRootCAs ¶
func BundleProtoFromRootCAs(trustDomainID string, rootCAs []*x509.Certificate) *common.Bundle
func CalculateRefreshHint ¶
func CalculateRefreshHint(bundle *spiffebundle.Bundle) time.Duration
CalculateRefreshHint is used to calculate the refresh hint for a given bundle. If the bundle already contains a refresh hint, then that is used, Otherwise, it looks at the lifetimes of the bundle contents and returns a fraction of the smallest. It is fairly aggressive but ensures clients don't miss a rotation period and lose their ability to fetch. TODO: reevaluate our strategy here when we rework the TTL story inside SPIRE.
func CommonBundleFromProto ¶ added in v0.11.0
func Decode ¶
func Decode(trustDomain spiffeid.TrustDomain, r io.Reader) (*spiffebundle.Bundle, error)
func Marshal ¶
func Marshal(bundle *spiffebundle.Bundle, opts ...MarshalOption) ([]byte, error)
func PruneBundle ¶
func PruneBundle(bundle *common.Bundle, expiration time.Time, log logrus.FieldLogger) (*common.Bundle, bool, error)
PruneBundle removes the bundle RootCAs and JWT keys that expired before a given time It returns an error if prunning results in a bundle with no CAs or keys
func RootCAsFromBundleProto ¶
func RootCAsFromBundleProto(b *common.Bundle) (out []*x509.Certificate, err error)
func SPIFFEBundleFromProto ¶ added in v1.6.3
func SPIFFEBundleFromProto(b *common.Bundle) (*spiffebundle.Bundle, error)
func SPIFFEBundleToProto ¶ added in v1.6.3
func SPIFFEBundleToProto(b *spiffebundle.Bundle) (*common.Bundle, error)
func Unmarshal ¶
func Unmarshal(trustDomain spiffeid.TrustDomain, data []byte) (*spiffebundle.Bundle, error)
Types ¶
type MarshalOption ¶
type MarshalOption interface {
// contains filtered or unexported methods
}
func NoJWTSVIDKeys ¶
func NoJWTSVIDKeys() MarshalOption
NoJWTSVIDKeys skips marshalling JWT SVID keys
func NoX509SVIDKeys ¶
func NoX509SVIDKeys() MarshalOption
NoX509SVIDKeys skips marshalling X509 SVID keys
func OverrideRefreshHint ¶
func OverrideRefreshHint(value time.Duration) MarshalOption
OverrideRefreshHint overrides the refresh hint in the bundle
func OverrideSequenceNumber ¶ added in v1.6.4
func OverrideSequenceNumber(value uint64) MarshalOption
OverrideSequenceNumber overrides the sequence number in the bundle
func StandardJWKS ¶ added in v0.12.0
func StandardJWKS() MarshalOption
StandardJWKS omits SPIFFE-specific parameters from the marshaled bundle
Source Files