gcpcas

package
v1.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 18, 2023 License: Apache-2.0 Imports: 24 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func BuiltIn 

func BuiltIn() catalog.BuiltIn

BuiltIn constructs a catalog Plugin using a new instance of this plugin.

Types

type CAClient 

type CAClient interface {
	CreateCertificate(ctx context.Context, req *privatecapb.CreateCertificateRequest) (*privatecapb.Certificate, error)
	LoadCertificateAuthorities(ctx context.Context, spec CertificateAuthoritySpec) ([]*privatecapb.CertificateAuthority, error)
}

type CertificateAuthoritySpec 

type CertificateAuthoritySpec struct {
	Project    string `hcl:"project_name"`
	Location   string `hcl:"region_name"`
	CaPool     string `hcl:"ca_pool"`
	LabelKey   string `hcl:"label_key"`
	LabelValue string `hcl:"label_value"`
}

type Configuration 

type Configuration struct {
	RootSpec CertificateAuthoritySpec `hcl:"root_cert_spec,block"`
}

type Plugin 

type Plugin struct {
	upstreamauthorityv1.UnsafeUpstreamAuthorityServer
	configv1.UnsafeConfigServer
	// contains filtered or unexported fields
}

func New 

func New() *Plugin

func (*Plugin) Configure 

func (p *Plugin) Configure(ctx context.Context, req *configv1.ConfigureRequest) (*configv1.ConfigureResponse, error)

func (*Plugin) MintX509CAAndSubscribe 

func (p *Plugin) MintX509CAAndSubscribe(request *upstreamauthorityv1.MintX509CARequest, stream upstreamauthorityv1.UpstreamAuthority_MintX509CAAndSubscribeServer) error

Mints an X.509 CA and responds with the signed X.509 CA certificate chain and upstream X.509 roots. If supported by the implementation, subsequent responses on the stream contain upstream X.509 root updates, otherwise the RPC is completed after sending the initial response.

Implementation note: The stream should be kept open in the face of transient errors encountered while tracking changes to the upstream X.509 roots as SPIRE core will not reopen a closed stream until the next X.509 CA rotation.

func (*Plugin) PublishJWTKeyAndSubscribe 

func (p *Plugin) PublishJWTKeyAndSubscribe(*upstreamauthorityv1.PublishJWTKeyRequest, upstreamauthorityv1.UpstreamAuthority_PublishJWTKeyAndSubscribeServer) error

PublishJWTKeyAndSubscribe is not yet supported. It will return with GRPC Unimplemented error

func (*Plugin) SetLogger 

func (p *Plugin) SetLogger(log hclog.Logger)

SetLogger will be called by the catalog system to provide the plugin with a logger when it is loaded. The logger is wired up to the SPIRE core logger

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.