choria

package

v0.28.0 Latest Latest Go to latest Published: Feb 3, 2024 License: Apache-2.0 Imports: 23 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/choria-io/go-choria

Links

Documentation ¶

Index ¶

type BuildInfoProvider
type ChoriaSecurity
- func New(opts ...Option) (*ChoriaSecurity, error)
type Config
type Option

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type BuildInfoProvider ¶

type BuildInfoProvider interface {
	ClientIdentitySuffix() string
}

BuildInfoProvider provides info about the build

type ChoriaSecurity ¶

type ChoriaSecurity struct {
	// contains filtered or unexported fields
}

func New ¶

func New(opts ...Option) (*ChoriaSecurity, error)

func (*ChoriaSecurity) BackingTechnology ¶

func (s *ChoriaSecurity) BackingTechnology() inter.SecurityTechnology

func (*ChoriaSecurity) CallerIdentity ¶

func (s *ChoriaSecurity) CallerIdentity(caller string) (string, error)

func (*ChoriaSecurity) CallerName ¶

func (s *ChoriaSecurity) CallerName() string

func (*ChoriaSecurity) ChecksumBytes ¶

func (s *ChoriaSecurity) ChecksumBytes(data []byte) []byte

func (*ChoriaSecurity) ClientTLSConfig ¶

func (s *ChoriaSecurity) ClientTLSConfig() (*tls.Config, error)

func (*ChoriaSecurity) Enroll ¶

func (s *ChoriaSecurity) Enroll(ctx context.Context, wait time.Duration, cb func(digest string, try int)) error

func (*ChoriaSecurity) HTTPClient ¶

func (s *ChoriaSecurity) HTTPClient(secure bool) (*http.Client, error)

func (*ChoriaSecurity) Identity ¶

func (s *ChoriaSecurity) Identity() string

func (*ChoriaSecurity) IsRemoteSigning ¶

func (s *ChoriaSecurity) IsRemoteSigning() bool

func (*ChoriaSecurity) Provider ¶

func (s *ChoriaSecurity) Provider() string

func (*ChoriaSecurity) PublicCert ¶

func (s *ChoriaSecurity) PublicCert() (*x509.Certificate, error)

func (*ChoriaSecurity) PublicCertBytes ¶

func (s *ChoriaSecurity) PublicCertBytes() ([]byte, error)

func (*ChoriaSecurity) RemoteSignRequest ¶

func (s *ChoriaSecurity) RemoteSignRequest(ctx context.Context, request []byte) (signed []byte, err error)

func (*ChoriaSecurity) RemoteSignerSeedFile ¶ added in v0.27.0

func (s *ChoriaSecurity) RemoteSignerSeedFile() (string, error)

func (*ChoriaSecurity) RemoteSignerToken ¶

func (s *ChoriaSecurity) RemoteSignerToken() ([]byte, error)

func (*ChoriaSecurity) RemoteSignerURL ¶

func (s *ChoriaSecurity) RemoteSignerURL() (*url.URL, error)

func (*ChoriaSecurity) SSLContext ¶

func (s *ChoriaSecurity) SSLContext() (*http.Transport, error)

func (*ChoriaSecurity) ShouldAllowCaller ¶

func (s *ChoriaSecurity) ShouldAllowCaller(name string, callers ...[]byte) (privileged bool, err error)

func (*ChoriaSecurity) ShouldSignReplies ¶ added in v0.27.0

func (s *ChoriaSecurity) ShouldSignReplies() bool

func (*ChoriaSecurity) SignBytes ¶

func (s *ChoriaSecurity) SignBytes(b []byte) (signature []byte, err error)

func (*ChoriaSecurity) TLSConfig ¶

func (s *ChoriaSecurity) TLSConfig() (*tls.Config, error)

func (*ChoriaSecurity) TokenBytes ¶ added in v0.27.0

func (s *ChoriaSecurity) TokenBytes() ([]byte, error)

func (*ChoriaSecurity) Validate ¶

func (s *ChoriaSecurity) Validate() ([]string, bool)

func (*ChoriaSecurity) VerifySignatureBytes ¶

func (s *ChoriaSecurity) VerifySignatureBytes(dat []byte, sig []byte, public ...[]byte) (should bool, signer string)

type Config ¶

type Config struct {
	// Identity when not empty will force the identity to be used for validations etc
	Identity string

	// SeedFile is the file holding the ed25519 seed
	SeedFile string

	// TokenFile is the file holding the signed JWT file
	TokenFile string

	// Issuers are Organization issuers that may issue tokens
	Issuers map[string]ed25519.PublicKey

	// TrustedTokenSigners are keys allowed to sign tokens
	TrustedTokenSigners []ed25519.PublicKey

	// Is a URL where a remote signer is running
	RemoteSignerURL string

	// TLSSetup is the shared TLS configuration state between security providers
	TLSConfig *tlssetup.Config

	// RemoteSigner is the signer used to sign requests using a remote like AAA Service
	RemoteSigner inter.RequestSigner

	// DisableTLSVerify disables TLS verify in HTTP clients etc
	DisableTLSVerify bool

	// Certificate is the path to the public certificate
	Certificate string

	// Key is the path to the private key
	Key string

	// CA is the path to the Certificate Authority
	CA string

	// SignedReplies indicates that servers replying should sign their messages
	SignedReplies bool

	// InitiatedByServer indicates this is a server, it would require trusted signers
	InitiatedByServer bool
}

type Option ¶

type Option func(*ChoriaSecurity) error

Option is a function that can configure the Security Provider

func WithChoriaConfig ¶

func WithChoriaConfig(c *config.Config) Option

WithChoriaConfig optionally configures the Security Provider from settings found in a typical Choria configuration

func WithConfig ¶

func WithConfig(c *Config) Option

WithConfig optionally configures the Security Provider using its native configuration format

func WithLog ¶

func WithLog(l *logrus.Entry) Option

WithLog configures a logger for the Security Provider

func WithSeedFile ¶

func WithSeedFile(f string) Option

WithSeedFile sets the path to the ed25519 seed stored in a file

func WithSigner ¶

func WithSigner(signer inter.RequestSigner) Option

WithSigner configures a remote request signer

func WithTokenFile ¶

func WithTokenFile(f string) Option

WithTokenFile sets the path to the JWT token stored in a file

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL