Go code to get SIA certs from a CGF (Google Cloud Function) #2220
Conversation
Signed-off-by: gilad.bendor <[email protected]>
| // | ||
| // to get an Athenz certificate from ZTS. | ||
| // | ||
| // This file should usually be copied without changes into the GCF source-code. |
There was a problem hiding this comment.
not sure what this is referring to. nobody should copy the source file. instead, they'll just import the module and call the methods, so let's remove this comment
There was a problem hiding this comment.
Archeological remnant removed...
| @@ -0,0 +1,263 @@ | |||
| package functions | |||
There was a problem hiding this comment.
need to add Athenz License header block
| if err != nil { | ||
| return nil, err | ||
| } | ||
| //log.Printf("GCP Attestation Data: %s", attestationData) // commented out - sensitive info |
There was a problem hiding this comment.
let's remove all the commented log entries
| } | ||
|
|
||
| // SiaCertData response of GcfGetSiaCerts() | ||
| type SiaCertData struct { |
There was a problem hiding this comment.
No need to define a new struct. This is already available as part of our RDL
import "github.com/AthenZ/athenz/clients/go/zts"
and generate and return zts.InstanceIdentity object
There was a problem hiding this comment.
Thing is, zts.InstanceIdentity is JSON-able: it only contain PEM stuff.
My SiaCertData also contains rsa.PrivateKey and x509.Certificate objects - so usage is simpler.
Also, zts.InstanceIdentitycontains many properties that I will not fill-in, and it would be confusing to users.
I would not make this change, but will yield to your judgment...
Are you sure you want to go that way?
Signed-off-by: gilad.bendor <[email protected]>
No description provided.