pub struct OidcClientAssertionKey {
pub pem_key: String,
pub pem_key_file: String,
pub key_id_header: OidcClientAssertionKeyIdHeader,
pub key_id: String,
pub pem_cert: String,
pub pem_cert_file: String,
}
Expand description
OIDCClientAssertionKey contains key material provided by users for Nomad to use to sign the private key JWT.
PemKey or PemKeyFile must contain an RSA private key in PEM format.
PemCert, PemCertFile may contain an x509 certificate created with the Key, used to derive the KeyID. Alternatively, KeyID may be set manually.
PemKeyFile and PemCertFile, if set, must be an absolute path to a file present on disk on any Nomad servers that may become cluster leaders.
This struct was generated based on the Go types of the official Nomad API client.
Fields§
§pem_key: String
PemKey is an RSA private key, in pem format. It is used to sign the JWT.
Mutually exclusive with PemKeyFile
.
pem_key_file: String
PemKeyFile is an absolute path to a private key on Nomad servers’ disk,
in pem format. It is used to sign the JWT.
Mutually exclusive with PemKey
.
key_id_header: OidcClientAssertionKeyIdHeader
KeyIDHeader is which header the provider will use to find the public key to verify the signed JWT. Its default values vary based on which of the other required fields is set:
- KeyID: “kid”
- PemCert: “x5t#S256”
- PemCertFile: “x5t#S256”
Refer to the JWS RFC for information on these headers:
- “kid”: https://datatracker.ietf.org/doc/html/rfc7515#section-4.1.4
- “x5t”: https://datatracker.ietf.org/doc/html/rfc7515#section-4.1.7
- “x5t#S256”: https://datatracker.ietf.org/doc/html/rfc7515#section-4.1.8
If you need to set some other header not supported here, you may use OIDCClientAssertion.ExtraHeaders.
key_id: String
KeyID may be set manually and becomes the “kid” header.
Mutually exclusive with PemCert
and PemCertFile
.
Allowed KeyIDHeader
values: “kid” (the default)
pem_cert: String
PemCert is an x509 certificate, signed by the private key or a CA,
in pem format. It is used to derive an x5t#S256 (or x5t) header.
Mutually exclusive with PemCertFile
and KeyID
.
Allowed KeyIDHeader
values: “x5t”, “x5t#S256” (default “x5t#S256”)
pem_cert_file: String
PemCertFile is an absolute path to an x509 certificate on Nomad servers’
disk, signed by the private key or a CA, in pem format.
It is used to derive an x5t#S256 (or x5t) header.
Mutually exclusive with PemCert
and KeyID
.
Allowed KeyIDHeader
values: “x5t”, “x5t#S256” (default “x5t#S256”)
Trait Implementations§
Source§impl Clone for OidcClientAssertionKey
impl Clone for OidcClientAssertionKey
Source§fn clone(&self) -> OidcClientAssertionKey
fn clone(&self) -> OidcClientAssertionKey
1.0.0 · Source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source
. Read more