FetchJWTBundles fetches the JWT bundles for JWT-SVID validation, keyed by a SPIFFE ID of the trust domain to which they belong.

FetchJWTSVID fetches a JWT-SVID.

FetchJWTSVID fetches all JWT-SVIDs.

FetchX509Bundle fetches the X.509 bundles.

FetchX509Context fetches the X.509 context, which contains both X509-SVIDs and X.509 bundles.

FetchX509SVID fetches the default X509-SVID, i.e.

FetchX509SVIDs fetches all X509-SVIDs.

New dials the Workload API and returns a client.

NewBundleSource creates a new BundleSource.

NewJWTSource creates a new JWTSource.

NewX509Source creates a new X509Source.

TargetFromAddress parses the endpoint address and returns a gRPC target string for dialing.

ValidateAddress validates that the provided address can be parsed to a gRPC target string for dialing a Workload API endpoint exposed as either a Unix Domain Socket or TCP socket.

ValidateJWTSVID validates the JWT-SVID token.

WatchJWTBundles watches for changes to the JWT bundles.

WatchX509Bundles watches for changes to the X.509 bundles.

WatchX509Context watches for updates to the X.509 context.

WithAddr provides an address for the Workload API.

WithBackoff provides a custom backoff strategy that replaces the default backoff strategy (linear backoff).

WithClient provides a Client for the source to use.

WithClientOptions controls the options used to create a new Client for the source.

WithDefaultJWTSVIDPicker provides a function that is used to determine the default JWT-SVID when more than one is provided by the Workload API.

WithDefaultX509SVIDPicker provides a function that is used to determine the default X509-SVID when more than one is provided by the Workload API.

WithDialOptions provides extra GRPC dialing options when dialing the Workload API.

WithLogger provides a logger to the Client.

SocketEnv is the environment variable holding the default Workload API address.

BundleSource is a source of SPIFFE bundles maintained via the Workload API.

Client is a Workload API client.

JWTSource is a source of JWT-SVID and JWT bundles maintained via the Workload API.

X509Context conveys X.509 materials from the Workload API.

X509Source is a source of X509-SVIDs and X.509 bundles maintained via the Workload API.

Backoff provides backoff for a workload API operation.

BackoffStrategy provides backoff facilities.

BundleSourceOption is an option for the BundleSource.

ClientOption is an option used when creating a new Client.

JWTBundleWatcher receives JWT bundle updates from the Workload API.

JWTSourceOption is an option for the JWTSource.

SourceOption are options that are shared among all option types.

X509BundleWatcher receives X.509 bundle updates from the Workload API.

X509ContextWatcher receives X509Context updates from the Workload API.

X509SourceOption is an option for the X509Source.