1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
package workloadapi
import (
"context"
"github.com/spiffe/go-spiffe/v2/bundle/jwtbundle"
"github.com/spiffe/go-spiffe/v2/bundle/x509bundle"
"github.com/spiffe/go-spiffe/v2/svid/jwtsvid"
"github.com/spiffe/go-spiffe/v2/svid/x509svid"
)
// FetchX509SVID fetches the default X509-SVID, i.e. the first in the list
// returned by the Workload API.
func FetchX509SVID(ctx context.Context, options ...ClientOption) (*x509svid.SVID, error) {
c, err := New(ctx, options...)
if err != nil {
return nil, err
}
defer c.Close()
return c.FetchX509SVID(ctx)
}
// FetchX509SVIDs fetches all X509-SVIDs.
func FetchX509SVIDs(ctx context.Context, options ...ClientOption) ([]*x509svid.SVID, error) {
c, err := New(ctx, options...)
if err != nil {
return nil, err
}
defer c.Close()
return c.FetchX509SVIDs(ctx)
}
// FetchX509Bundle fetches the X.509 bundles.
func FetchX509Bundles(ctx context.Context, options ...ClientOption) (*x509bundle.Set, error) {
c, err := New(ctx, options...)
if err != nil {
return nil, err
}
defer c.Close()
return c.FetchX509Bundles(ctx)
}
// FetchX509Context fetches the X.509 context, which contains both X509-SVIDs
// and X.509 bundles.
func FetchX509Context(ctx context.Context, options ...ClientOption) (*X509Context, error) {
c, err := New(ctx, options...)
if err != nil {
return nil, err
}
defer c.Close()
return c.FetchX509Context(ctx)
}
// WatchX509Context watches for updates to the X.509 context.
func WatchX509Context(ctx context.Context, watcher X509ContextWatcher, options ...ClientOption) error {
c, err := New(ctx, options...)
if err != nil {
return err
}
defer c.Close()
return c.WatchX509Context(ctx, watcher)
}
// FetchJWTSVID fetches a JWT-SVID.
func FetchJWTSVID(ctx context.Context, params jwtsvid.Params, options ...ClientOption) (*jwtsvid.SVID, error) {
c, err := New(ctx, options...)
if err != nil {
return nil, err
}
defer c.Close()
return c.FetchJWTSVID(ctx, params)
}
// FetchJWTSVID fetches all JWT-SVIDs.
func FetchJWTSVIDs(ctx context.Context, params jwtsvid.Params, options ...ClientOption) ([]*jwtsvid.SVID, error) {
c, err := New(ctx, options...)
if err != nil {
return nil, err
}
defer c.Close()
return c.FetchJWTSVIDs(ctx, params)
}
// FetchJWTBundles fetches the JWT bundles for JWT-SVID validation, keyed
// by a SPIFFE ID of the trust domain to which they belong.
func FetchJWTBundles(ctx context.Context, options ...ClientOption) (*jwtbundle.Set, error) {
c, err := New(ctx, options...)
if err != nil {
return nil, err
}
defer c.Close()
return c.FetchJWTBundles(ctx)
}
// WatchJWTBundles watches for changes to the JWT bundles.
func WatchJWTBundles(ctx context.Context, watcher JWTBundleWatcher, options ...ClientOption) error {
c, err := New(ctx, options...)
if err != nil {
return err
}
defer c.Close()
return c.WatchJWTBundles(ctx, watcher)
}
// WatchX509Bundles watches for changes to the X.509 bundles.
func WatchX509Bundles(ctx context.Context, watcher X509BundleWatcher, options ...ClientOption) error {
c, err := New(ctx, options...)
if err != nil {
return err
}
defer c.Close()
return c.WatchX509Bundles(ctx, watcher)
}
// ValidateJWTSVID validates the JWT-SVID token. The parsed and validated
// JWT-SVID is returned.
func ValidateJWTSVID(ctx context.Context, token, audience string, options ...ClientOption) (*jwtsvid.SVID, error) {
c, err := New(ctx, options...)
if err != nil {
return nil, err
}
defer c.Close()
return c.ValidateJWTSVID(ctx, token, audience)
}
|
