server

package
v1.9.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 5, 2024 License: Apache-2.0 Imports: 44 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Config 

type Config struct {
	// Configurations for server plugins
	PluginConfigs common.PluginConfigs

	Log loggerv1.Logger

	// LogReopener facilitates handling a signal to rotate log file.
	LogReopener func(context.Context) error

	// If true enables audit logs
	AuditLogEnabled bool

	// Address of SPIRE server
	BindAddress *net.TCPAddr

	// Address of SPIRE Server to be reached locally
	BindLocalAddress net.Addr

	// Directory to store runtime data
	DataDir string

	// Trust domain
	TrustDomain spiffeid.TrustDomain

	Experimental ExperimentalConfig

	// If true enables profiling.
	ProfilingEnabled bool

	// Port used by the pprof web server when ProfilingEnabled == true
	ProfilingPort int

	// Frequency in seconds by which each profile file will be generated.
	ProfilingFreq int

	// Array of profiles names that will be generated on each profiling tick.
	ProfilingNames []string

	// AgentTTL is time-to-live for agent SVIDs
	AgentTTL time.Duration

	// X509SVIDTTL is default time-to-live for X509-SVIDs (overrides SVIDTTL)
	X509SVIDTTL time.Duration

	// JWTSVIDTTL is default time-to-live for SVIDs (overrides SVIDTTL)
	JWTSVIDTTL time.Duration

	// CATTL is the time-to-live for the server CA. This only applies to
	// self-signed CA certificates, otherwise it is up to the upstream CA.
	CATTL time.Duration

	// JWTIssuer is used as the issuer claim in JWT-SVIDs minted by the server.
	// If unset, the JWT-SVID will not have an issuer claim.
	JWTIssuer string

	// CASubject is the subject used in the CA certificate
	CASubject pkix.Name

	// Telemetry provides the configuration for metrics exporting
	Telemetry telemetry.FileConfig

	// HealthChecks provides the configuration for health monitoring
	HealthChecks health.Config

	// CAKeyType is the key type used for the X509 and JWT signing keys
	CAKeyType keymanager.KeyType

	// JWTKeyType is the key type used for JWT signing keys
	JWTKeyType keymanager.KeyType

	// Federation holds the configuration needed to federate with other
	// trust domains.
	Federation FederationConfig

	// RateLimit holds rate limiting configurations.
	RateLimit endpoints.RateLimitConfig

	// CacheReloadInterval controls how often the in-memory entry cache reloads
	CacheReloadInterval time.Duration

	// EventsBasedCache enabled event driven cache reloads
	EventsBasedCache bool

	// PruneEventsOlderThan controls how long events can live before they are pruned
	PruneEventsOlderThan time.Duration

	// AuthPolicyEngineConfig determines the config for authz policy
	AuthOpaPolicyEngineConfig *authpolicy.OpaEngineConfig

	// AdminIDs are a list of fixed IDs that when presented by a caller in an
	// X509-SVID, are granted admin rights.
	AdminIDs []spiffeid.ID

	// Temporary flag to allow disabling the inclusion of serial number in X509 CAs Subject field
	ExcludeSNFromCASubject bool
}

type ExperimentalConfig 

type ExperimentalConfig struct {
}

type FederationConfig added in v0.11.0 

type FederationConfig struct {
	// BundleEndpoint contains the federation bundle endpoint configuration.
	BundleEndpoint *bundle.EndpointConfig
	// FederatesWith holds the federation configuration for trust domains this
	// server federates with.
	FederatesWith map[spiffeid.TrustDomain]bundle_client.TrustDomainConfig
}

type Server 

type Server struct {
	// contains filtered or unexported fields
}

func New 

func New(config Config) *Server

func (*Server) CheckHealth added in v1.0.0 

func (s *Server) CheckHealth() health.State

CheckHealth is used as a top-level health check for the Server.

func (*Server) Run 

func (s *Server) Run(ctx context.Context) error

Run the server This method initializes the server, including its plugins, and then blocks until it's shut down or an error is encountered.

Source Files

View all Source files

Directories

Path Synopsis
api
agent/v1
audit
bundle/v1
debug/v1
entry/v1
health/v1
limits
localauthority/v1
logger/v1
middleware
rpccontext
svid/v1
trustdomain/v1
bundle
client
datastore
pubmanager
Package pubmanager manages the publishing of the trust bundle to external stores through the configured BundlePublisher plugins.
 Package pubmanager manages the publishing of the trust bundle to external stores through the configured BundlePublisher plugins.
ca
manager
rotator
cache
dscache
entrycache
sqldriver/awsrds
sqlstore
bundle
bundle/internal/acmetest
nolint // forked code
 nolint // forked code
bundle/internal/autocert
nolint // forked code
 nolint // forked code
hostservice
agentstore
identityprovider
plugin
bundlepublisher
bundlepublisher/awss3
credentialcomposer
credentialcomposer/uniqueid
keymanager
keymanager/awskms
keymanager/azurekeyvault
keymanager/base
keymanager/disk
keymanager/gcpkms
keymanager/memory
keymanager/test
nodeattestor
nodeattestor/awsiid
nodeattestor/awsiid/awsrsa1024
nodeattestor/awsiid/awsrsa2048
nodeattestor/azuremsi
nodeattestor/base
nodeattestor/gcpiit
nodeattestor/jointoken
nodeattestor/k8spsat
nodeattestor/k8ssat
nodeattestor/sshpop
nodeattestor/tpmdevid
nodeattestor/x509pop
notifier
notifier/gcsbundle
notifier/k8sbundle
upstreamauthority
upstreamauthority/awspca
upstreamauthority/awssecret
upstreamauthority/certmanager
upstreamauthority/certmanager/internal/v1
upstreamauthority/disk
upstreamauthority/gcpcas
upstreamauthority/spire
upstreamauthority/vault

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.