creds

package
v0.0.0-...-fe632b3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 26, 2020 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CreateForClient 

func CreateForClient(serverName string, watcher CertificateWatcher) credentials.TransportCredentials

CreateForClient creates TransportCredentials for MCP clients.

func CreateForClientSkipVerify 

func CreateForClientSkipVerify() credentials.TransportCredentials

CreateForClientSkipVerify creates TransportCredentials for MCP clients which skips verify the server's certificate chain and host name..

func CreateForServer 

func CreateForServer(watcher CertificateWatcher) credentials.TransportCredentials

CreateForServer creates TransportCredentials for MCP servers.

Types

type CertificateWatcher 

type CertificateWatcher interface {
	Get() tls.Certificate
	// contains filtered or unexported methods
}

CertificateWatcher watches a x509 cert/key file and loads it up in memory as needed.

func PollFiles 

func PollFiles(stopCh <-chan struct{}, credentials *Options) (CertificateWatcher, error)

PollFiles loads certificate & key files from the file system. The method will start a background go-routine and watch for credential file changes. Callers should pass the return result to one of the create functions to create a transport options that can dynamically use rotated certificates. The supplied stop channel can be used to stop the go-routine and the watch.

func PollFolder 

func PollFolder(stop <-chan struct{}, folder string) (CertificateWatcher, error)

PollFolder loads certificates from the given folder. It expects the following files: cert-chain.pem, key.pem: Certificate/key files for the client/server on this side. root-cert.pem: certificate from the CA that will be used for validating peer's certificate.

Internally PollFolder will call PollFiles.

func WatchFiles 

func WatchFiles(stopCh <-chan struct{}, credentials *Options) (CertificateWatcher, error)

WatchFiles loads certificate & key files from the file system. The method will start a background go-routine and watch for credential file changes. Callers should pass the return result to one of the create functions to create a transport options that can dynamically use rotated certificates. The supplied stop channel can be used to stop the go-routine and the watch.

func WatchFolder 

func WatchFolder(stop <-chan struct{}, folder string) (CertificateWatcher, error)

WatchFolder loads certificates from the given folder. It expects the following files: cert-chain.pem, key.pem: Certificate/key files for the client/server on this side. root-cert.pem: certificate from the CA that will be used for validating peer's certificate.

Internally WatchFolder will call WatchFiles.

type Options 

type Options struct {
	// CertificateFile to use for mTLS gRPC.
	CertificateFile string
	// KeyFile to use for mTLS gRPC.
	KeyFile string
	// CACertificateFile is the trusted root certificate authority's cert file.
	CACertificateFile string
}

Options defines the credential options required for MCP.

func DefaultOptions 

func DefaultOptions() *Options

DefaultOptions returns default credential options.

func (*Options) AttachCobraFlags 

func (c *Options) AttachCobraFlags(cmd *cobra.Command)

AttachCobraFlags attaches a set of Cobra flags to the given Cobra command.

Cobra is the command-line processor that Istio uses. This command attaches the necessary set of flags to configure the MCP options.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.