Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ServiceCerts ¶
type ServiceCerts struct {
ServiceKeyPair *tls.Certificate
RootCACert *x509.Certificate
}
ServiceCerts contains the key pair the service should use, along with the CA cert to use for verifying clients
func ServiceCertsFromBytes ¶
func ServiceCertsFromBytes(serviceCertData, serviceKeyData, rootCertData []byte) (*ServiceCerts, error)
func (*ServiceCerts) NewCertPool ¶
func (serviceCerts *ServiceCerts) NewCertPool() *x509.CertPool
NewCertPool returns a x509.CertPool configured with the ServiceCerts' root ca
type TLSConfig ¶
type TLSConfig struct {
CertPath string `json:"cert_path" toml:"cert_path" mapstructure:"cert_path"`
KeyPath string `json:"key_path" toml:"key_path" mapstructure:"key_path"`
RootCACertPath string `json:"root_ca_path" toml:"root_ca_path" mapstructure:"root_ca_path"`
}
TLSConfig is the on-disk paths to the service cert, service key, and root CA cert. It represents the TLS config that every service needs to supply a configuration interface for, in order to use mutual TLS
Tags are provided for JSON and TOML, which allows configuration to be automatically unmarshaled from these formats plus YAML when using https://github.com/ghodss/yaml
Example (TOML)
type YourConfig struct {
MyOpt string `toml:"toml_key"`
TLSConfig `toml:"tls"`
}
Example (YAML via /ghodss/yaml)
type YourConfig struct {
MyOpt string `json:"json_key"`
TLSConfig `json:"tls"`
}
func (*TLSConfig) FixupRelativeTLSPaths ¶
In config files, paths to TLSConfig members are relative to the file, not CWD; we need to adjust the paths before we can pass them to a call like file.Open.
func (*TLSConfig) ReadCerts ¶
func (config *TLSConfig) ReadCerts() (*ServiceCerts, error)
Source Files