Documentation ¶
Index ¶
- Constants
- func ValidateBundleEndpointURL(s string) error
- type BundleClient
- type BundleEndpointProfile
- type Client
- type Entry
- type EntryClient
- type FederationRelationship
- type Field
- type HTTPSSPIFFEProfile
- type HTTPSWebProfile
- type JWTKey
- type SVIDClient
- type Selector
- type Status
- type TrustDomainClient
- type X509SVID
- type X509SVIDParams
Constants ¶
View Source
const (
DefaultX509SVIDTTL = time.Hour
)
Variables ¶
This section is empty.
Functions ¶
Types ¶
type BundleClient ¶
type BundleClient interface { // MintX509SVID mints an X509-SVID GetBundle(ctx context.Context) (*spiffebundle.Bundle, error) }
func NewBundleClient ¶
func NewBundleClient(conn grpc.ClientConnInterface) BundleClient
type BundleEndpointProfile ¶
type BundleEndpointProfile interface { Name() string Equal(BundleEndpointProfile) bool // contains filtered or unexported methods }
type Client ¶
type Client interface { EntryClient TrustDomainClient SVIDClient BundleClient io.Closer }
type EntryClient ¶
type EntryClient interface { ListEntries(ctx context.Context) ([]Entry, error) CreateEntries(ctx context.Context, entries []Entry) ([]Status, error) UpdateEntries(ctx context.Context, entries []Entry) ([]Status, error) DeleteEntries(ctx context.Context, entryIDs []string) ([]Status, error) GetUnsupportedFields(ctx context.Context, td string) (map[Field]struct{}, error) }
func NewEntryClient ¶
func NewEntryClient(conn grpc.ClientConnInterface) EntryClient
type FederationRelationship ¶
type FederationRelationship struct { TrustDomain spiffeid.TrustDomain BundleEndpointURL string BundleEndpointProfile BundleEndpointProfile TrustDomainBundle *spiffebundle.Bundle }
func (FederationRelationship) Equal ¶
func (fr FederationRelationship) Equal(other FederationRelationship) bool
type HTTPSSPIFFEProfile ¶
func (HTTPSSPIFFEProfile) Equal ¶
func (profile HTTPSSPIFFEProfile) Equal(other BundleEndpointProfile) bool
func (HTTPSSPIFFEProfile) Name ¶
func (HTTPSSPIFFEProfile) Name() string
type HTTPSWebProfile ¶
type HTTPSWebProfile struct{}
func (HTTPSWebProfile) Equal ¶
func (HTTPSWebProfile) Equal(other BundleEndpointProfile) bool
func (HTTPSWebProfile) Name ¶
func (HTTPSWebProfile) Name() string
type SVIDClient ¶
type SVIDClient interface { // MintX509SVID mints an X509-SVID MintX509SVID(ctx context.Context, params X509SVIDParams) (*X509SVID, error) }
func NewSVIDClient ¶
func NewSVIDClient(conn grpc.ClientConnInterface) SVIDClient
type TrustDomainClient ¶
type TrustDomainClient interface { ListFederationRelationships(ctx context.Context) ([]FederationRelationship, error) CreateFederationRelationships(ctx context.Context, federationRelationships []FederationRelationship) ([]Status, error) UpdateFederationRelationships(ctx context.Context, federationRelationships []FederationRelationship) ([]Status, error) DeleteFederationRelationships(ctx context.Context, tds []spiffeid.TrustDomain) ([]Status, error) }
func NewTrustDomainClient ¶
func NewTrustDomainClient(conn grpc.ClientConnInterface) TrustDomainClient
type X509SVID ¶
type X509SVID struct { // ID is the SPIFFE ID of the X509-SVID. ID spiffeid.ID // Key is the private key of the X509-SVID Key crypto.Signer // CertChain contains the X509-SVID and any intermediates required to // chain back to trusted root in the trust domain bundle. The X509-SVID // is the first certificate in the chain. CertChain []*x509.Certificate // ExpiresAt contains the expiration time of the X509-SVID. ExpiresAt time.Time }
type X509SVIDParams ¶
type X509SVIDParams struct { // Key is the X509-SVID private key. Key crypto.Signer // ID is the SPIFFE ID of the X509-SVID. Required. ID spiffeid.ID // DNSNames are optional DNS SANs to add to the X509-SVID. Optional. DNSNames []string // Subject is the Subject of the X509-SVID. Optional. Subject pkix.Name // TTL is the requested time-to-live. The actual TTL may be smaller than // requested. Optional. If unset, the TTL is at most one hour. TTL time.Duration }
Click to show internal directories.
Click to hide internal directories.