spiffe

package
v0.25.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 17, 2024 License: BSD-2-Clause Imports: 9 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AcquireSourceForSentinel 

func AcquireSourceForSentinel(
	ctx context.Context,
) (*workloadapi.X509Source, bool)

AcquireSourceForSentinel initiates an asynchronous operation to obtain an X509Source from the SPIFFE workload API, using the context for cancellation and a correlation ID for logging purposes.

It attempts to create a new X509Source configured with the SPIRE server address from the environment, fetches the X509SVID from the source, and validates the SVID against a known VSecM Sentinel value to ensure the caller is operating within a trusted environment.

Parameters:

  • ctx: A context.Context object used for cancellation and to carry metadata across API boundaries, including a correlation ID for tracking the operation in logs.

Returns:

  • A pointer to a workloadapi.X509Source object if the source is successfully acquired and validated. This object can be used to obtain X.509 SVIDs for secure communication.
  • A boolean flag indicating whether the source was successfully acquired (true) or not (false). If false, the source pointer will be nil.

func IdAsString added in v0.25.3 

func IdAsString(cid string, r *http.Request) string

func IdFromRequest added in v0.25.3 

func IdFromRequest(r *http.Request) (*spiffeid.ID, error)

IdFromRequest extracts the SPIFFE ID from the TLS peer certificate of an HTTP request. It checks if the incoming request has a valid TLS connection and at least one peer certificate. The first certificate in the chain is used to extract the SPIFFE ID.

Params: 

r *http.Request - The HTTP request from which the SPIFFE ID is to be
extracted.

Returns: 

 *spiffeid.ID - The SPIFFE ID extracted from the first peer certificate,
 or nil if extraction fails.
 error - An error object indicating the failure reason. Possible errors
include the absence of peer certificates or a failure in extracting the
SPIFFE ID from the certificate.

Note: 

This function assumes that the request is already over a secured TLS
connection and will fail if the TLS connection state is not available or
the peer certificates are missing.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.