sia

package

v1.11.57 Latest Latest Go to latest Published: Apr 24, 2024 License: Apache-2.0 Imports: 16 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/AthenZ/athenz

Links

Open Source Insights

README ¶

SIA for AWS EC2

Configuration

SIA AWS requires a configuration file to be present in the /etc/sia/sia_config with the following required attributes if the property does not want to use the default settings which require the use of the EC2 instance-profile role in the name format of <property-domain-name>.<property-service-name>-service:

{
    "version": "1.0.0",
    "service": "property-service-name",
    "accounts": [
        {
            "domain":  "property-domain-name",
            "account": "account-aws-id"
        }
    ]
}

The AWS Account administrator must create an IAM Role called <property-domain-name>.<property-service-name> and this role must be setup with a trusted relationship with the role that the EC2 instance is configured to run as.

SIA Configuration file is also required if the user wants to change the default user/group settings that the private key is owned by. By default, the private key is owned by user root and readable by group athenz. If the user wants to provide access to their service identity private key to another user, it can be accomplished by adding the user to the group athenz. If the user wants to change the user and group values, a config file must be dropped with the following optional fields:

{
    "version": "1.0.0",
    "service": "property-service-name",
    "accounts": [
        {
            "domain":  "property-domain-name",
            "account": "account-aws-id",
            "user": "unix-username",
            "group": "unix-groupname"
        }
    ]
}

Documentation ¶

Index ¶

func GetEC2AccessProfile(configFile, profileRestrictToKey, metaEndpoint string, useRegionalSTS bool, ...) (*options.AccessProfileConfig, error)
func GetEC2Config(configFile, profileConfigFile, profileRestrictToKey, metaEndpoint string, ...) (*options.Config, *options.ConfigAccount, *options.AccessProfileConfig, error)
func GetEC2DocumentDetails(metaEndPoint string) ([]byte, []byte, string, string, string, string, *time.Time, error)
func GetEC2PublicIP(metaEndPoint string) (string, error)
func GetECSOnEC2TaskId() string
type EC2Provider

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GetEC2AccessProfile ¶ added in v1.11.9

func GetEC2AccessProfile(configFile, profileRestrictToKey, metaEndpoint string, useRegionalSTS bool, region string) (*options.AccessProfileConfig, error)

func GetEC2Config ¶ added in v1.10.40

func GetEC2Config(configFile, profileConfigFile, profileRestrictToKey, metaEndpoint string, useRegionalSTS bool, region, account string) (*options.Config, *options.ConfigAccount, *options.AccessProfileConfig, error)

func GetEC2DocumentDetails ¶ added in v1.10.40

func GetEC2DocumentDetails(metaEndPoint string) ([]byte, []byte, string, string, string, string, *time.Time, error)

func GetEC2PublicIP ¶ added in v1.11.54

func GetEC2PublicIP(metaEndPoint string) (string, error)

func GetECSOnEC2TaskId ¶ added in v1.10.40

func GetECSOnEC2TaskId() string

Types ¶

type EC2Provider ¶ added in v1.11.19

type EC2Provider struct {
	Name            string
	SSHCertPublicIP bool
}

func (EC2Provider) AttestationData ¶ added in v1.11.19

func (ec2 EC2Provider) AttestationData(_ string, _ crypto.PrivateKey, _ *signature.SignatureInfo) (string, error)

func (EC2Provider) CloudAttestationData ¶ added in v1.11.25

func (ec2 EC2Provider) CloudAttestationData(_, _, _ string) (string, error)

func (EC2Provider) GetAccessManagementProfileFromMeta ¶ added in v1.11.25

func (ec2 EC2Provider) GetAccessManagementProfileFromMeta(_ string) (string, error)

func (EC2Provider) GetAccountDomainServiceFromMeta ¶ added in v1.11.25

func (ec2 EC2Provider) GetAccountDomainServiceFromMeta(_ string) (string, string, string, error)

func (EC2Provider) GetAdditionalSshHostPrincipals ¶ added in v1.11.31

func (ec2 EC2Provider) GetAdditionalSshHostPrincipals(base string) (string, error)

GetAdditionalSshHostPrincipals returns the additional ssh host principals

func (EC2Provider) GetCsrDn ¶ added in v1.11.19

func (ec2 EC2Provider) GetCsrDn() pkix.Name

func (EC2Provider) GetEmail ¶ added in v1.11.19

func (ec2 EC2Provider) GetEmail(_ string) []string

func (EC2Provider) GetHostname ¶ added in v1.11.19

func (ec2 EC2Provider) GetHostname(fqdn bool) string

GetHostname returns the hostname as per the provider

func (EC2Provider) GetName ¶ added in v1.11.19

func (ec2 EC2Provider) GetName() string

GetName returns the name of the current provider

func (EC2Provider) GetRoleDnsNames ¶ added in v1.11.19

func (ec2 EC2Provider) GetRoleDnsNames(_ *x509.Certificate, _ string) []string

func (EC2Provider) GetSanDns ¶ added in v1.11.19

func (ec2 EC2Provider) GetSanDns(_ string, _ bool, _ bool, _ []string) []string

func (EC2Provider) GetSanIp ¶ added in v1.11.19

func (ec2 EC2Provider) GetSanIp(_ map[string]bool, _ []net.IP, _ ip.Opts) []net.IP

func (EC2Provider) GetSanUri ¶ added in v1.11.19

func (ec2 EC2Provider) GetSanUri(_ string, _ ip.Opts, _, _ string) []*url.URL

func (EC2Provider) GetSuffixes ¶ added in v1.11.54

func (ec2 EC2Provider) GetSuffixes() []string

func (EC2Provider) PrepareKey ¶ added in v1.11.19

func (ec2 EC2Provider) PrepareKey(_ string) (crypto.PrivateKey, error)

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
cmd
siad
devel
metamock

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL