Interface ZtsClient
-
- All Superinterfaces:
AutoCloseable
- All Known Implementing Classes:
DefaultZtsClient
public interface ZtsClient extends AutoCloseable
Interface for a ZTS client.- Author:
- bjorncs
-
-
Method Summary
All Methods Instance Methods Abstract Methods Default Methods Modifier and Type Method Description voidclose()AthenzAccessTokengetAccessToken(AthenzDomain domain)Fetch an access token for the target domainAthenzAccessTokengetAccessToken(List<AthenzRole> athenzRole)Fetch an access token for the target rolesdefault AwsTemporaryCredentialsgetAwsTemporaryCredentials(AthenzDomain athenzDomain, AwsRole awsRole)Get aws temporary credentialsdefault AwsTemporaryCredentialsgetAwsTemporaryCredentials(AthenzDomain athenzDomain, AwsRole awsRole, String externalId)Get aws temporary credentialsAwsTemporaryCredentialsgetAwsTemporaryCredentials(AthenzDomain athenzDomain, AwsRole awsRole, Duration duration, String externalId)Get aws temporary credentialsX509CertificategetRoleCertificate(AthenzRole role, com.yahoo.security.Pkcs10Csr csr)Fetch role certificate for the target domain and roleX509CertificategetRoleCertificate(AthenzRole role, com.yahoo.security.Pkcs10Csr csr, Duration expiry)Fetch role certificate for the target domain and roleZTokengetRoleToken(AthenzDomain domain)Fetch a role token for the target domainZTokengetRoleToken(AthenzRole athenzRole)Fetch a role token for the target roleIdentitygetServiceIdentity(AthenzIdentity identity, String keyId, com.yahoo.security.Pkcs10Csr csr)Get service identityIdentitygetServiceIdentity(AthenzIdentity identity, String keyId, KeyPair keyPair, String dnsSuffix)Get service identityList<AthenzDomain>getTenantDomains(AthenzIdentity providerIdentity, AthenzIdentity userIdentity, String roleName)For a given provider, get a list of tenant domains that the user is a member ofInstanceIdentityrefreshInstance(AthenzIdentity providerIdentity, AthenzIdentity instanceIdentity, String instanceId, com.yahoo.security.Pkcs10Csr csr)Refresh an existing instanceInstanceIdentityregisterInstance(AthenzIdentity providerIdentity, AthenzIdentity instanceIdentity, String attestationData, com.yahoo.security.Pkcs10Csr csr)Register an instance using the specified provider.
-
-
-
Method Detail
-
registerInstance
InstanceIdentity registerInstance(AthenzIdentity providerIdentity, AthenzIdentity instanceIdentity, String attestationData, com.yahoo.security.Pkcs10Csr csr)
Register an instance using the specified provider.- Parameters:
attestationData- The signed identity documented serialized to a string.- Returns:
- A x509 certificate + service token (optional)
-
refreshInstance
InstanceIdentity refreshInstance(AthenzIdentity providerIdentity, AthenzIdentity instanceIdentity, String instanceId, com.yahoo.security.Pkcs10Csr csr)
Refresh an existing instance- Returns:
- A x509 certificate + service token (optional)
-
getServiceIdentity
Identity getServiceIdentity(AthenzIdentity identity, String keyId, com.yahoo.security.Pkcs10Csr csr)
Get service identity- Returns:
- A x509 certificate with CA certificates
-
getServiceIdentity
Identity getServiceIdentity(AthenzIdentity identity, String keyId, KeyPair keyPair, String dnsSuffix)
Get service identity- Returns:
- A x509 certificate with CA certificates
-
getRoleToken
ZToken getRoleToken(AthenzDomain domain)
Fetch a role token for the target domain- Parameters:
domain- Target domain- Returns:
- A role token
-
getRoleToken
ZToken getRoleToken(AthenzRole athenzRole)
Fetch a role token for the target role- Parameters:
athenzRole- Target role- Returns:
- A role token
-
getAccessToken
AthenzAccessToken getAccessToken(AthenzDomain domain)
Fetch an access token for the target domain- Parameters:
domain- Target domain- Returns:
- An Athenz access token
-
getAccessToken
AthenzAccessToken getAccessToken(List<AthenzRole> athenzRole)
Fetch an access token for the target roles- Parameters:
athenzRole- List of athenz roles to get access token for- Returns:
- An Athenz access token
-
getRoleCertificate
X509Certificate getRoleCertificate(AthenzRole role, com.yahoo.security.Pkcs10Csr csr, Duration expiry)
Fetch role certificate for the target domain and role- Parameters:
role- Target rolecsr- Certificate signing request matching roleexpiry- Certificate expiry- Returns:
- A role certificate
-
getRoleCertificate
X509Certificate getRoleCertificate(AthenzRole role, com.yahoo.security.Pkcs10Csr csr)
Fetch role certificate for the target domain and role- Parameters:
role- Target rolecsr- Certificate signing request matching role- Returns:
- A role certificate
-
getTenantDomains
List<AthenzDomain> getTenantDomains(AthenzIdentity providerIdentity, AthenzIdentity userIdentity, String roleName)
For a given provider, get a list of tenant domains that the user is a member of- Parameters:
providerIdentity- Provider identityuserIdentity- User identityroleName- Role name- Returns:
- List of domains
-
getAwsTemporaryCredentials
default AwsTemporaryCredentials getAwsTemporaryCredentials(AthenzDomain athenzDomain, AwsRole awsRole)
Get aws temporary credentials- Parameters:
awsRole- AWS role to get credentials for- Returns:
- AWS temporary credentials
-
getAwsTemporaryCredentials
default AwsTemporaryCredentials getAwsTemporaryCredentials(AthenzDomain athenzDomain, AwsRole awsRole, String externalId)
Get aws temporary credentials- Parameters:
awsRole- AWS role to get credentials forexternalId- External Id to get credentials, ornullif not required- Returns:
- AWS temporary credentials
-
getAwsTemporaryCredentials
AwsTemporaryCredentials getAwsTemporaryCredentials(AthenzDomain athenzDomain, AwsRole awsRole, Duration duration, String externalId)
Get aws temporary credentials- Parameters:
awsRole- AWS role to get credentials forduration- Duration for which the credentials should be valid, ornullto use defaultexternalId- External Id to get credentials, ornullif not required- Returns:
- AWS temporary credentials
-
close
void close()
- Specified by:
closein interfaceAutoCloseable
-
-