identity

package
v0.5.6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 23, 2023 License: Apache-2.0 Imports: 33 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// default values for X.509 certificate signing request
	DEFAULT_COUNTRY             = "US"
	DEFAULT_PROVINCE            string
	DEFAULT_ORGANIZATION        string
	DEFAULT_ORGANIZATIONAL_UNIT = "Athenz"

	// default values for role tokens and access tokens
	DEFAULT_TOKEN_EXPIRY_TIME     = "120"
	DEFAULT_TOKEN_EXPIRY_TIME_INT int

	// DEFAULT_ROLE_CERT_EXPIRY_TIME_BUFFER_MINUTES may be overwritten with go build option (e.g. "-X identity.DEFAULT_ROLE_CERT_EXPIRY_TIME_BUFFER_MINUTES=5")
	DEFAULT_ROLE_CERT_EXPIRY_TIME_BUFFER_MINUTES     = "5"
	DEFAULT_ROLE_CERT_EXPIRY_TIME_BUFFER_MINUTES_INT int

	DEFAULT_ENDPOINT                     string
	DEFAULT_ROLE_AUTH_HEADER             = "Athenz-Role-Auth"
	DEFAULT_DNS_SUFFIX                   = "athenz.cloud"
	DEFAULT_ROLE_CERT_FILENAME_DELIMITER = ":role."
	DEFAULT_INTERMEDIATE_CERT_BUNDLE     string
)

Functions

func Authorizerd added in v0.5.6 

func Authorizerd(idConfig *IdentityConfig, stopChan <-chan struct{}) error

func Certificated 

func Certificated(idConfig *IdentityConfig, stopChan <-chan struct{}) error

func InitDefaultValues 

func InitDefaultValues()

InitDefaultValues initializes default values from build args

func InitIdentityHandler 

func InitIdentityHandler(config *IdentityConfig) (*identityHandler, error)

InitIdentityHandler initializes the ZTS client and parses the config to create CSR options

func Metricsd 

func Metricsd(idConfig *IdentityConfig, stopChan <-chan struct{}) error

func PrepareIdentityCsrOptions 

func PrepareIdentityCsrOptions(config *IdentityConfig, domain, service string) (*util.CSROptions, error)

PrepareIdentityCsrOptions prepares csrOptions for an X.509 certificate

func PrepareRoleCsrOptions 

func PrepareRoleCsrOptions(config *IdentityConfig, domain, service string) (*[]util.CSROptions, error)

PrepareRoleCsrOptions prepares csrOptions for an X.509 certificate

func PrivateKeyFromPEMBytes 

func PrivateKeyFromPEMBytes(privatePEMBytes []byte) (crypto.Signer, error)

PrivateKeyFromPEMBytes returns a private key along with its type from its supplied PEM representation.

func Tokend 

func Tokend(idConfig *IdentityConfig, stopChan <-chan struct{}) error

Types

type AccessToken 

type AccessToken struct {
	Domain      string
	Role        string
	TokenString string
	Expiry      int64
}

AccessToken stores access token

type IdentityConfig 

type IdentityConfig struct {
	Init                       bool
	Endpoint                   string
	ProviderService            string
	DNSSuffix                  string
	Refresh                    time.Duration
	DelayJitterSeconds         int64
	KeyFile                    string
	CertFile                   string
	CaCertFile                 string
	IntermediateCertBundle     string
	Backup                     string
	CertSecret                 string
	Namespace                  string
	AthenzDomain               string
	AthenzPrefix               string
	AthenzSuffix               string
	ServiceAccount             string
	SaTokenFile                string
	PodIP                      string
	PodUID                     string
	DeleteInstanceID           bool
	Reloader                   *util.CertReloader
	ServerCACert               string
	TargetDomainRoles          string
	RoleCertDir                string
	RoleCertFilenameDelimiter  string
	TokenDir                   string
	RoleAuthHeader             string
	TokenType                  string
	TokenRefresh               time.Duration
	TokenServerAddr            string
	AuthorizationPolicyDomains string
	AuthorizationServerAddr    string
	MetricsServerAddr          string
	PolicyRefreshInterval      string
	PublicKeyRefreshInterval   string
	AuthorizationCacheInterval string
}

IdentityConfig from cmd line args

type InstanceIdentity 

type InstanceIdentity struct {
	X509CertificatePEM   string
	X509CACertificatePEM string
}

InstanceIdentity stores instance identity certificate

func InstanceIdentityFromPEMBytes 

func InstanceIdentityFromPEMBytes(pemBytes []byte) (identity *InstanceIdentity, err error)

InstanceIdentityFromPEMBytes returns an InstanceIdentity from its supplied PEM representation.

type RoleCertificate 

type RoleCertificate struct {
	Domain          string
	Role            string
	Subject         pkix.Name
	Issuer          pkix.Name
	NotBefore       time.Time
	NotAfter        time.Time
	SerialNumber    *big.Int
	DNSNames        []string
	X509Certificate string
}

RoleCertificate stores role certificate

type RoleToken 

type RoleToken struct {
	Domain      string
	Role        string
	TokenString string
	Expiry      int64
}

RoleToken stores role token

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.