gcetpm

package
v1.27.0-beta.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 1, 2023 License: Apache-2.0 Imports: 0 Imported by: 0

Documentation

Index

Constants

View Source 
const AudienceNodeAuthentication = "kops.k8s.io/node-bootstrap"

AudienceNodeAuthentication is used in case we have multiple audiences using the TPM in future

View Source 
const GCETPMAuthenticationTokenPrefix = "x-gce-tpm "

GCETPMAuthenticationTokenPrefix is the prefix used for authentication using the GCE TPM

Variables

This section is empty.

Functions

This section is empty.

Types

type AuthToken 

type AuthToken struct {
	// Signature is the TPM signature for data
	Signature []byte `json:"signature,omitempty"`

	// Data is the data we are signing.
	// It is a JSON encoded form of AuthTokenData.
	Data []byte `json:"data,omitempty"`
}

AuthToken describes the authentication header data when using GCE TPM authentication.

type AuthTokenData 

type AuthTokenData struct {
	// GCPProjectID is the GCP project we claim to be part of
	GCPProjectID string `json:"gcpProjectID,omitempty"`

	// Zone is the availability zone we claim to be part of
	Zone string `json:"zone,omitempty"`

	// Instance is the name/id of the instance we are claiming
	Instance string `json:"instance,omitempty"`

	// RequestHash is the hash of the request
	RequestHash []byte `json:"requestHash,omitempty"`

	// Timestamp is the time of this request (to help prevent replay attacks)
	Timestamp int64 `json:"timestamp,omitempty"`

	// Audience is the audience for this request (to help prevent replay attacks)
	Audience string `json:"audience,omitempty"`
}

AuthTokenData is the code data that is signed as part of the header.

type TPMVerifierOptions 

type TPMVerifierOptions struct {
	// ProjectID is the GCP project we require
	ProjectID string `json:"projectID,omitempty"`

	// Region is the region we require instances to be in.
	Region string `json:"region,omitempty"`

	// ClusterName is the cluster-name tag we require
	ClusterName string `json:"clusterName,omitempty"`

	// MaxTimeSkew is the maximum time skew to allow (in seconds)
	MaxTimeSkew int64 `json:"MaxTimeSkew,omitempty"`
}

TPMVerifierOptions describes how we authenticate instances with GCE TPM authentication.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.