util

package
v3.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 21, 2025 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Index

Constants

View Source
const DOMAIN_DELIMITER = "."
View Source
const NS_DELIMITER = "-"

Variables

View Source
var DefaultPollInterval = 1 * time.Second // 1s default interval to allow 1m cert refreshes

Functions

func CreateDirectory added in v3.3.0

func CreateDirectory(path string) error

CreateDirectory creates the necessary directories for file output from the specified file path for the output token or certificate.

func DomainToDNSPart

func DomainToDNSPart(domain string) (part string)

DomainToDNSPart converts the Athenz domain into a DNS label

func GeneratePath added in v3.3.0

func GeneratePath(namingFormat, domain, role, delimiter string) (string, error)

GeneratePath generates the output path for the credentials by applying the domain name, role name, and delimiter to a specified naming format. i.e) namingFormat=="/var/run/athenz/rolecerts/{{domain}}{{delimiter}}{{role}}"

func NamespaceToDomain

func NamespaceToDomain(ns, pre, d, suf string) (domain string)

NamespaceToDomain converts a kube namespace to an Athenz domain

func RoleSpiffeURI

func RoleSpiffeURI(domain, role string) (*url.URL, error)

RoleSpiffeURI returns the SPIFFE URI for the specified Athens domain and service.

func ServiceAccountToService

func ServiceAccountToService(svc string) string

ServiceAccountToService converts a kube serviceaccount name to an Athenz service

func ServiceSpiffeURI

func ServiceSpiffeURI(domain, service string) (*url.URL, error)

ServiceSpiffeURI returns the SPIFFE URI for the specified Athens domain and service.

Types

type CertReloader

type CertReloader struct {
	// contains filtered or unexported fields
}

CertReloader reloads the (key, cert) pair from the filesystem when the cert file is updated.

func NewCertReloader

func NewCertReloader(config ReloadConfig) (*CertReloader, error)

NewCertReloader returns a CertReloader that reloads the (key, cert) pair whenever the cert file changes on the filesystem.

func (*CertReloader) Close

func (w *CertReloader) Close() error

Close stops the background refresh.

func (*CertReloader) GetLatestCertificate

func (w *CertReloader) GetLatestCertificate() (*tls.Certificate, error)

GetLatestCertificate returns the latest known certificate.

func (*CertReloader) GetLatestKeyAndCert

func (w *CertReloader) GetLatestKeyAndCert() ([]byte, []byte, error)

GetLatestKeyAndCert returns the latest known key and certificate in raw bytes.

func (*CertReloader) UpdateCertificate

func (w *CertReloader) UpdateCertificate(certPEM []byte, keyPEM []byte) error

UpdateCertificate update certificate and key in cert reloader.

type LogFn

type LogFn func(format string, args ...interface{})

LogFn allows customized logging.

type ReloadConfig

type ReloadConfig struct {
	Init            bool
	ProviderService string
	CertFile        string // the cert file
	KeyFile         string // the key file
	Logger          LogFn  // custom log function for errors, optional
	PollInterval    time.Duration
}

ReloadConfig contains the config for cert reload.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL