Documentation
¶
Index ¶
- Constants
- func NewAuthenticator(hostname string, signer crypto.Signer) (bootstrap.Authenticator, error)
- func NewAuthenticatorFromFile(p string) (bootstrap.Authenticator, error)
- func NewVerifier(options *Options, client client.Client) (bootstrap.Verifier, error)
- type AuthToken
- type AuthTokenData
- type Options
Constants ¶
View Source
const AudienceNodeAuthentication = "kops.k8s.io/node-bootstrap"
AudienceNodeAuthentication is used in case we have multiple audiences using the TPM in future
View Source
const AuthenticationTokenPrefix = "x-pki-tpm "
AuthenticationTokenPrefix is the prefix used for authentication using PKI
Variables ¶
This section is empty.
Functions ¶
func NewAuthenticator ¶
func NewAuthenticatorFromFile ¶
func NewAuthenticatorFromFile(p string) (bootstrap.Authenticator, error)
Types ¶
type AuthToken ¶
type AuthToken struct {
// Signature is the TPM or PKI signature for data
Signature []byte `json:"signature,omitempty"`
// Data is the data we are signing.
// It is a JSON encoded form of AuthTokenData.
Data []byte `json:"data,omitempty"`
}
AuthToken describes the authentication header data when using GCE TPM authentication.
type AuthTokenData ¶
type AuthTokenData struct {
// Instance is the name/id of the instance we are claiming
Instance string `json:"instance,omitempty"`
// KeyID is the identifier of the public key we are signing with, if we're using a fixed key.
KeyID string `json:"keyID,omitempty"`
// RequestHash is the hash of the request
RequestHash []byte `json:"requestHash,omitempty"`
// Timestamp is the time of this request (to help prevent replay attacks)
Timestamp int64 `json:"timestamp,omitempty"`
// Audience is the audience for this request (to help prevent replay attacks)
Audience string `json:"audience,omitempty"`
}
AuthTokenData is the code data that is signed as part of the header.
Source Files
Click to show internal directories.
Click to hide internal directories.