Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type BundleManager ¶
type BundleManager struct {
// contains filtered or unexported fields
}
BundleManager is responsible for managing the synchronization and watching of bundles.
func NewBundleManager ¶
func NewBundleManager(c *Config) *BundleManager
NewBundleManager creates a new BundleManager instance.
type Config ¶
type Config struct {
SpireClient spireclient.Client
GaladrielClient galadrielclient.Client
FederatedBundlesPollInterval time.Duration
SpireBundlePollInterval time.Duration
// BundleSigner is used to sign the bundle before uploading it to Galadriel Server.
BundleSigner integrity.Signer
// BundleVerifiers are used to verify the bundle received from the SPIRE Server.
BundleVerifiers []integrity.Verifier
Logger logrus.FieldLogger
}
Config holds the configuration for BundleManager.
type FederatedBundlesSynchronizer ¶
type FederatedBundlesSynchronizer struct {
// contains filtered or unexported fields
}
FederatedBundlesSynchronizer is responsible for periodically synchronizing the federated bundles in the SPIRE Server with those fetched from the Galadriel Server. The synchronization process consists of the following steps: 1. Fetch the federated bundles from the Galadriel Server. 2. Verify the integrity of these bundles using the provided bundle verifiers. 3. Update the SPIRE Server with the new bundles. 4. If any relationships no longer exist, remove the corresponding bundles from the SPIRE Server.
The removal of bundles is done in DISSOCIATE mode, which dissociates the registration entries from the non-existent federated trust domains. It also maintains a last-known state of federated bundles fetched from the Galadriel Server to optimize synchronizations.
func NewFederatedBundlesSynchronizer ¶
func NewFederatedBundlesSynchronizer(config *FederatedBundlesSynchronizerConfig) *FederatedBundlesSynchronizer
func (*FederatedBundlesSynchronizer) StartSyncing ¶
func (s *FederatedBundlesSynchronizer) StartSyncing(ctx context.Context) error
StartSyncing starts the synchronization process.
type FederatedBundlesSynchronizerConfig ¶
type FederatedBundlesSynchronizerConfig struct {
SpireClient spireclient.Client
GaladrielClient galadrielclient.Client
BundleVerifiers []integrity.Verifier
SyncInterval time.Duration
Logger logrus.FieldLogger
}
FederatedBundlesSynchronizerConfig holds the configuration for FederatedBundlesSynchronizer.
type SpireBundleSynchronizer ¶
type SpireBundleSynchronizer struct {
// contains filtered or unexported fields
}
SpireBundleSynchronizer manages the synchronization of bundles from the SPIRE server. It periodically fetches the bundle from the SPIRE Server, signs it, and uploads it to the Galadriel Server.
func NewSpireSynchronizer ¶
func NewSpireSynchronizer(config *SpireSynchronizerConfig) *SpireBundleSynchronizer
NewSpireSynchronizer creates a new SpireBundleSynchronizer instance.
func (*SpireBundleSynchronizer) StartSyncing ¶
func (s *SpireBundleSynchronizer) StartSyncing(ctx context.Context) error
StartSyncing initializes the SPIRE bundle synchronization process. It starts an infinite loop that periodically fetches the SPIRE bundle, signs it and uploads it to the Galadriel Server.
type SpireSynchronizerConfig ¶
type SpireSynchronizerConfig struct {
SpireClient spireclient.Client
GaladrielClient galadrielclient.Client
BundleSigner integrity.Signer
SyncInterval time.Duration
Logger logrus.FieldLogger
}
SpireSynchronizerConfig holds the configuration for SpireBundleSynchronizer.
Source Files