workload

package

v0.0.0-...-730bba4 Latest Latest Go to latest Published: Mar 12, 2018 License: Apache-2.0 Imports: 19 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/baranov1ch/istio

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type Config
- func NewSecretFileServerConfig(certFile string, keyFile string) Config
type SDSServer
- func NewSDSServer() *SDSServer
type SecretFileServer
type SecretServer
- func NewSecretServer(cfg Config) (SecretServer, error)

Constants ¶

View Source

const (
	// SecretFile propages the key/cert to the workload through file.
	SecretFile int = iota // 0
	// SecretDiscoveryServiceAPI propages the key/cert to the workload through SDS API.
	SecretDiscoveryServiceAPI // 1
)

View Source

const (

	// SecretTypeURL defines the type URL for Envoy secret proto.
	SecretTypeURL = "type.googleapis.com/envoy.api.v2.auth.Secret"

	// SecretName defines the type of the secrets to fetch from the SDS server.
	SecretName = "SPKI"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Config ¶

type Config struct {
	// Mode specifies how the node agent communications to workload.
	Mode int

	// FileUtil is valid in FILE mode. It supports file I/O in a FS.
	FileUtil util.FileUtil

	// ServiceIdentityCertFile is valid in FILE mode. It specifies the file path for service identity certificate.
	ServiceIdentityCertFile string

	// ServiceIdentityPrivateKeyFile is valid in FILE mode. It specifies the file path for service identity private key.
	ServiceIdentityPrivateKeyFile string
}

Config is the configuration for node agent to workload communication.

func NewSecretFileServerConfig ¶

func NewSecretFileServerConfig(certFile string, keyFile string) Config

NewSecretFileServerConfig creates a Config for propogating key/cert to workload through file.

type SDSServer ¶

type SDSServer struct {
	// contains filtered or unexported fields
}

SDSServer implements api.SecretDiscoveryServiceServer that listens on a list of Unix Domain Sockets.

func NewSDSServer ¶

func NewSDSServer() *SDSServer

NewSDSServer creates the SDSServer that registers SecretDiscoveryServiceServer, a gRPC server.

func (*SDSServer) FetchSecrets ¶

func (s *SDSServer) FetchSecrets(ctx context.Context, request *api.DiscoveryRequest) (*api.DiscoveryResponse, error)

FetchSecrets fetches the X.509 key/cert for a given workload whose identity can be derived from the UDS path where this call is received.

func (*SDSServer) GetTLSCertificate ¶

func (s *SDSServer) GetTLSCertificate(udsPath string) (*auth.TlsCertificate, error)

GetTLSCertificate generates the X.509 key/cert for the workload identity derived from udsPath, which is where the FetchSecrets grpc request is received. SecretServer implementations could have diffent implementation

func (*SDSServer) RegisterUdsPath ¶

func (s *SDSServer) RegisterUdsPath(udsPath string) error

RegisterUdsPath registers a path for Unix Domain Socket and has SDSServer's gRPC server listen on it.

func (*SDSServer) SetServiceIdentityCert ¶

func (s *SDSServer) SetServiceIdentityCert(content []byte) error

SetServiceIdentityCert sets the service identity certificate into the memory.

func (*SDSServer) SetServiceIdentityPrivateKey ¶

func (s *SDSServer) SetServiceIdentityPrivateKey(content []byte) error

SetServiceIdentityPrivateKey sets the service identity private key into the memory.

func (*SDSServer) StreamSecrets ¶

func (s *SDSServer) StreamSecrets(stream sds.SecretDiscoveryService_StreamSecretsServer) error

StreamSecrets is not supported.

type SecretFileServer ¶

type SecretFileServer struct {
	// contains filtered or unexported fields
}

SecretFileServer is an implementation of SecretServer that writes the key/cert into file system.

func (*SecretFileServer) GetServiceIdentityCert ¶

func (sf *SecretFileServer) GetServiceIdentityCert() ([]byte, error)

GetServiceIdentityCert sets the service identity cert to the channel accessible to the workload.

func (*SecretFileServer) GetServiceIdentityPrivateKey ¶

func (sf *SecretFileServer) GetServiceIdentityPrivateKey() ([]byte, error)

GetServiceIdentityPrivateKey sets the service identity private key to the channel accessible to the workload.

func (*SecretFileServer) SetServiceIdentityCert ¶

func (sf *SecretFileServer) SetServiceIdentityCert(content []byte) error

SetServiceIdentityCert sets the service identity certificate into the file system.

func (*SecretFileServer) SetServiceIdentityPrivateKey ¶

func (sf *SecretFileServer) SetServiceIdentityPrivateKey(content []byte) error

SetServiceIdentityPrivateKey sets the service identity private key into the file system.

type SecretServer ¶

type SecretServer interface {
	// SetServiceIdentityPrivateKey sets the service identity private key to the channel accessible to the workload.
	SetServiceIdentityPrivateKey([]byte) error
	// SetServiceIdentityCert sets the service identity cert to the channel accessible to the workload.
	SetServiceIdentityCert([]byte) error
}

SecretServer is for implementing the communication from the node agent to the workload.

func NewSecretServer ¶

func NewSecretServer(cfg Config) (SecretServer, error)

NewSecretServer instantiates a SecretServer according to the configuration.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL