Documentation
¶
Index ¶
- Constants
- Variables
- func CreateDirectory(path string) error
- func DomainToDNSPart(domain string) (part string)
- func GeneratePath(namingFormat, domain, role, delimiter string) (string, error)
- func NamespaceToDomain(ns, pre, d, suf string) (domain string)
- func RoleSpiffeURI(domain, role string) (*url.URL, error)
- func ServiceAccountToService(svc string) string
- func ServiceSpiffeURI(domain, service string) (*url.URL, error)
- type CertReloader
- type LogFn
- type ReloadConfig
Constants ¶
const DOMAIN_DELIMITER = "."
const NS_DELIMITER = "-"
Variables ¶
var DefaultPollInterval = 1 * time.Second // 1s default interval to allow 1m cert refreshes
Functions ¶
func CreateDirectory ¶ added in v3.3.0
CreateDirectory creates the necessary directories for file output from the specified file path for the output token or certificate.
func DomainToDNSPart ¶
DomainToDNSPart converts the Athenz domain into a DNS label
func GeneratePath ¶ added in v3.3.0
GeneratePath generates the output path for the credentials by applying the domain name, role name, and delimiter to a specified naming format. i.e) namingFormat=="/var/run/athenz/rolecerts/{{domain}}{{delimiter}}{{role}}"
func NamespaceToDomain ¶
NamespaceToDomain converts a kube namespace to an Athenz domain
func RoleSpiffeURI ¶
RoleSpiffeURI returns the SPIFFE URI for the specified Athens domain and service.
func ServiceAccountToService ¶
ServiceAccountToService converts a kube serviceaccount name to an Athenz service
Types ¶
type CertReloader ¶
type CertReloader struct {
// contains filtered or unexported fields
}
CertReloader reloads the (key, cert) pair from the filesystem when the cert file is updated.
func NewCertReloader ¶
func NewCertReloader(config ReloadConfig) (*CertReloader, error)
NewCertReloader returns a CertReloader that reloads the (key, cert) pair whenever the cert file changes on the filesystem.
func (*CertReloader) Close ¶
func (w *CertReloader) Close() error
Close stops the background refresh.
func (*CertReloader) GetLatestCertificate ¶
func (w *CertReloader) GetLatestCertificate() (*tls.Certificate, error)
GetLatestCertificate returns the latest known certificate.
func (*CertReloader) GetLatestKeyAndCert ¶
func (w *CertReloader) GetLatestKeyAndCert() ([]byte, []byte, error)
GetLatestKeyAndCert returns the latest known key and certificate in raw bytes.
func (*CertReloader) UpdateCertificate ¶
func (w *CertReloader) UpdateCertificate(certPEM []byte, keyPEM []byte) error
UpdateCertificate update certificate and key in cert reloader.