Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct { // Configurations for server plugins PluginConfigs common.PluginConfigs Log logrus.FieldLogger // LogReopener facilitates handling a signal to rotate log file. LogReopener func(context.Context) error // If true enables audit logs AuditLogEnabled bool // Address of SPIRE server BindAddress *net.TCPAddr // Address of SPIRE Server to be reached locally BindLocalAddress net.Addr // Directory to store runtime data DataDir string // Trust domain TrustDomain spiffeid.TrustDomain Experimental ExperimentalConfig // If true enables profiling. ProfilingEnabled bool // Port used by the pprof web server when ProfilingEnabled == true ProfilingPort int // Frequency in seconds by which each profile file will be generated. ProfilingFreq int // Array of profiles names that will be generated on each profiling tick. ProfilingNames []string // AgentTTL is time-to-live for agent SVIDs AgentTTL time.Duration // X509SVIDTTL is default time-to-live for X509-SVIDs (overrides SVIDTTL) X509SVIDTTL time.Duration // JWTSVIDTTL is default time-to-live for SVIDs (overrides SVIDTTL) JWTSVIDTTL time.Duration // CATTL is the time-to-live for the server CA. This only applies to // self-signed CA certificates, otherwise it is up to the upstream CA. CATTL time.Duration // JWTIssuer is used as the issuer claim in JWT-SVIDs minted by the server. // If unset, the JWT-SVID will not have an issuer claim. JWTIssuer string // CASubject is the subject used in the CA certificate CASubject pkix.Name // Telemetry provides the configuration for metrics exporting Telemetry telemetry.FileConfig // HealthChecks provides the configuration for health monitoring HealthChecks health.Config // CAKeyType is the key type used for the X509 and JWT signing keys CAKeyType keymanager.KeyType // JWTKeyType is the key type used for JWT signing keys JWTKeyType keymanager.KeyType // Federation holds the configuration needed to federate with other // trust domains. Federation FederationConfig // RateLimit holds rate limiting configurations. RateLimit endpoints.RateLimitConfig // CacheReloadInterval controls how often the in-memory entry cache reloads CacheReloadInterval time.Duration // EventsBasedCache enabled event driven cache reloads EventsBasedCache bool // PruneEventsOlderThan controls how long events can live before they are pruned PruneEventsOlderThan time.Duration // AuthPolicyEngineConfig determines the config for authz policy AuthOpaPolicyEngineConfig *authpolicy.OpaEngineConfig // AdminIDs are a list of fixed IDs that when presented by a caller in an // X509-SVID, are granted admin rights. AdminIDs []spiffeid.ID // Temporary flag to allow disabling the inclusion of serial number in X509 CAs Subject field ExcludeSNFromCASubject bool }
type ExperimentalConfig ¶
type ExperimentalConfig struct { }
type FederationConfig ¶ added in v0.11.0
type FederationConfig struct { // BundleEndpoint contains the federation bundle endpoint configuration. BundleEndpoint *bundle.EndpointConfig // FederatesWith holds the federation configuration for trust domains this // server federates with. FederatesWith map[spiffeid.TrustDomain]bundle_client.TrustDomainConfig }
type Server ¶
type Server struct {
// contains filtered or unexported fields
}
func (*Server) CheckHealth ¶ added in v1.0.0
CheckHealth is used as a top-level health check for the Server.
Directories ¶
Path | Synopsis |
---|---|
bundle
|
|
pubmanager
Package pubmanager manages the publishing of the trust bundle to external stores through the configured BundlePublisher plugins.
|
Package pubmanager manages the publishing of the trust bundle to external stores through the configured BundlePublisher plugins. |
cache
|
|
bundle/internal/acmetest
nolint // forked code
|
nolint // forked code |
bundle/internal/autocert
nolint // forked code
|
nolint // forked code |
hostservice
|
|
plugin
|
|
Click to show internal directories.
Click to hide internal directories.