Interface ZtsClient
-
- All Superinterfaces:
AutoCloseable
- All Known Implementing Classes:
DefaultZtsClient
public interface ZtsClient extends AutoCloseable
Interface for a ZTS client.- Author:
- bjorncs
-
-
Method Summary
All Methods Instance Methods Abstract Methods Default Methods Modifier and Type Method Description void
close()
AthenzAccessToken
getAccessToken(AthenzDomain domain)
Fetch an access token for the target domainAthenzAccessToken
getAccessToken(List<AthenzRole> athenzRole)
Fetch an access token for the target rolesdefault AwsTemporaryCredentials
getAwsTemporaryCredentials(AthenzDomain athenzDomain, AwsRole awsRole)
Get aws temporary credentialsdefault AwsTemporaryCredentials
getAwsTemporaryCredentials(AthenzDomain athenzDomain, AwsRole awsRole, String externalId)
Get aws temporary credentialsAwsTemporaryCredentials
getAwsTemporaryCredentials(AthenzDomain athenzDomain, AwsRole awsRole, Duration duration, String externalId)
Get aws temporary credentialsX509Certificate
getRoleCertificate(AthenzRole role, com.yahoo.security.Pkcs10Csr csr)
Fetch role certificate for the target domain and roleX509Certificate
getRoleCertificate(AthenzRole role, com.yahoo.security.Pkcs10Csr csr, Duration expiry)
Fetch role certificate for the target domain and roleZToken
getRoleToken(AthenzDomain domain)
Fetch a role token for the target domainZToken
getRoleToken(AthenzRole athenzRole)
Fetch a role token for the target roleIdentity
getServiceIdentity(AthenzIdentity identity, String keyId, com.yahoo.security.Pkcs10Csr csr)
Get service identityIdentity
getServiceIdentity(AthenzIdentity identity, String keyId, KeyPair keyPair, String dnsSuffix)
Get service identityList<AthenzDomain>
getTenantDomains(AthenzIdentity providerIdentity, AthenzIdentity userIdentity, String roleName)
For a given provider, get a list of tenant domains that the user is a member ofInstanceIdentity
refreshInstance(AthenzIdentity providerIdentity, AthenzIdentity instanceIdentity, String instanceId, com.yahoo.security.Pkcs10Csr csr)
Refresh an existing instanceInstanceIdentity
registerInstance(AthenzIdentity providerIdentity, AthenzIdentity instanceIdentity, String attestationData, com.yahoo.security.Pkcs10Csr csr)
Register an instance using the specified provider.
-
-
-
Method Detail
-
registerInstance
InstanceIdentity registerInstance(AthenzIdentity providerIdentity, AthenzIdentity instanceIdentity, String attestationData, com.yahoo.security.Pkcs10Csr csr)
Register an instance using the specified provider.- Parameters:
attestationData
- The signed identity documented serialized to a string.- Returns:
- A x509 certificate + service token (optional)
-
refreshInstance
InstanceIdentity refreshInstance(AthenzIdentity providerIdentity, AthenzIdentity instanceIdentity, String instanceId, com.yahoo.security.Pkcs10Csr csr)
Refresh an existing instance- Returns:
- A x509 certificate + service token (optional)
-
getServiceIdentity
Identity getServiceIdentity(AthenzIdentity identity, String keyId, com.yahoo.security.Pkcs10Csr csr)
Get service identity- Returns:
- A x509 certificate with CA certificates
-
getServiceIdentity
Identity getServiceIdentity(AthenzIdentity identity, String keyId, KeyPair keyPair, String dnsSuffix)
Get service identity- Returns:
- A x509 certificate with CA certificates
-
getRoleToken
ZToken getRoleToken(AthenzDomain domain)
Fetch a role token for the target domain- Parameters:
domain
- Target domain- Returns:
- A role token
-
getRoleToken
ZToken getRoleToken(AthenzRole athenzRole)
Fetch a role token for the target role- Parameters:
athenzRole
- Target role- Returns:
- A role token
-
getAccessToken
AthenzAccessToken getAccessToken(AthenzDomain domain)
Fetch an access token for the target domain- Parameters:
domain
- Target domain- Returns:
- An Athenz access token
-
getAccessToken
AthenzAccessToken getAccessToken(List<AthenzRole> athenzRole)
Fetch an access token for the target roles- Parameters:
athenzRole
- List of athenz roles to get access token for- Returns:
- An Athenz access token
-
getRoleCertificate
X509Certificate getRoleCertificate(AthenzRole role, com.yahoo.security.Pkcs10Csr csr, Duration expiry)
Fetch role certificate for the target domain and role- Parameters:
role
- Target rolecsr
- Certificate signing request matching roleexpiry
- Certificate expiry- Returns:
- A role certificate
-
getRoleCertificate
X509Certificate getRoleCertificate(AthenzRole role, com.yahoo.security.Pkcs10Csr csr)
Fetch role certificate for the target domain and role- Parameters:
role
- Target rolecsr
- Certificate signing request matching role- Returns:
- A role certificate
-
getTenantDomains
List<AthenzDomain> getTenantDomains(AthenzIdentity providerIdentity, AthenzIdentity userIdentity, String roleName)
For a given provider, get a list of tenant domains that the user is a member of- Parameters:
providerIdentity
- Provider identityuserIdentity
- User identityroleName
- Role name- Returns:
- List of domains
-
getAwsTemporaryCredentials
default AwsTemporaryCredentials getAwsTemporaryCredentials(AthenzDomain athenzDomain, AwsRole awsRole)
Get aws temporary credentials- Parameters:
awsRole
- AWS role to get credentials for- Returns:
- AWS temporary credentials
-
getAwsTemporaryCredentials
default AwsTemporaryCredentials getAwsTemporaryCredentials(AthenzDomain athenzDomain, AwsRole awsRole, String externalId)
Get aws temporary credentials- Parameters:
awsRole
- AWS role to get credentials forexternalId
- External Id to get credentials, ornull
if not required- Returns:
- AWS temporary credentials
-
getAwsTemporaryCredentials
AwsTemporaryCredentials getAwsTemporaryCredentials(AthenzDomain athenzDomain, AwsRole awsRole, Duration duration, String externalId)
Get aws temporary credentials- Parameters:
awsRole
- AWS role to get credentials forduration
- Duration for which the credentials should be valid, ornull
to use defaultexternalId
- External Id to get credentials, ornull
if not required- Returns:
- AWS temporary credentials
-
close
void close()
- Specified by:
close
in interfaceAutoCloseable
-
-