security

package
v1.0.1-0...-f351835 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 23, 2021 License: MIT Imports: 20 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// APITokenEnvVar is the environment variable for the api token
	APITokenEnvVar    = "DAPR_API_TOKEN"
	AppAPITokenEnvVar = "APP_API_TOKEN"
	// APITokenHeader is header name for http/gRPC calls to hold the token
	APITokenHeader = "dapr-api-token"
)

#nosec

View Source
const (
	TLSServerName = "cluster.local"
)

Variables

This section is empty.

Functions

func CertPool

func CertPool(certPem []byte) (*x509.CertPool, error)

func ExcludedRoute

func ExcludedRoute(route string) bool

ExcludedRoute returns whether a given route should be excluded from a token check

func GetAPIToken

func GetAPIToken() string

GetAPIToken returns the value of the api token from an environment variable

func GetAppToken

func GetAppToken() string

GetAppToken returns the value of the app api token from an environment variable

func GetCertChain

func GetCertChain() (*credentials.CertChain, error)

Types

type Authenticator

type Authenticator interface {
	GetTrustAnchors() *x509.CertPool
	GetCurrentSignedCert() *SignedCertificate
	CreateSignedWorkloadCert(id, namespace, trustDomain string) (*SignedCertificate, error)
}

func GetSidecarAuthenticator

func GetSidecarAuthenticator(sentryAddress string, certChain *credentials.CertChain) (Authenticator, error)

GetSidecarAuthenticator returns a new authenticator with the extracted trust anchors

type SignedCertificate

type SignedCertificate struct {
	WorkloadCert  []byte
	PrivateKeyPem []byte
	Expiry        time.Time
	TrustChain    *x509.CertPool
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL