cert

package
v0.10.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 6, 2024 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Provider

type Provider func(*tls.CertificateRequestInfo) (*tls.Certificate, error)

Provider is a function that can be passed into crypto/tls.Config.GetClientCertificate.

func DefaultProvider

func DefaultProvider() (Provider, error)

DefaultProvider returns a certificate source using the preferred EnterpriseCertificateProxySource. If EnterpriseCertificateProxySource is not available, fall back to the legacy SecureConnectSource.

If neither source is available (due to missing configurations), a nil Source and a nil Error are returned to indicate that a default certificate source is unavailable.

func NewEnterpriseCertificateProxyProvider

func NewEnterpriseCertificateProxyProvider(configFilePath string) (Provider, error)

NewEnterpriseCertificateProxyProvider creates a certificate source using the Enterprise Certificate Proxy client, which delegates certifcate related operations to an OS-specific "signer binary" that communicates with the native keystore (ex. keychain on MacOS).

The configFilePath points to a config file containing relevant parameters such as the certificate issuer and the location of the signer binary. If configFilePath is empty, the client will attempt to load the config from a well-known gcloud location.

func NewSecureConnectProvider

func NewSecureConnectProvider(configFilePath string) (Provider, error)

NewSecureConnectProvider creates a certificate source using the Secure Connect Helper and its associated metadata file.

The configFilePath points to the location of the context aware metadata file. If configFilePath is empty, use the default context aware metadata location.

func NewWorkloadX509CertProvider added in v0.5.0

func NewWorkloadX509CertProvider(configFilePath string) (Provider, error)

NewWorkloadX509CertProvider creates a certificate source that reads a certificate and private key file from the local file system. This is intended to be used for workload identity federation.

The configFilePath points to a config file containing relevant parameters such as the certificate and key file paths. If configFilePath is empty, the client will attempt to load the config from a well-known gcloud location.

Directories

Path Synopsis
test_signer.go is a net/rpc server that listens on stdin/stdout, exposing mock methods for testing enterprise certificate proxy flow.
test_signer.go is a net/rpc server that listens on stdin/stdout, exposing mock methods for testing enterprise certificate proxy flow.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL