certs

package
v1.17.0-pre.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 2, 2024 License: Apache-2.0 Imports: 4 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type CertificateProvider

type CertificateProvider interface {
	// GetTrustBundle gives the CA trust bundle for the certificate provider
	// this is then used to verify the certificates given by the peer in the handshake
	GetTrustBundle() (*x509.CertPool, error)

	// GetCertificateForIdentity gives the certificate and intermediates required
	// to send as trust chain for a certain identity as well as a private key
	GetCertificateForIdentity(id identity.NumericIdentity) (*tls.Certificate, error)

	// ValidateIdentity will check if the SANs or other identity methods are valid
	// for the given Cilium identity this function is needed as SPIFFE encodes the
	// full ID in the URI SAN.
	ValidateIdentity(id identity.NumericIdentity, cert *x509.Certificate) (bool, error)

	// NumericIdentityToSNI will return the SNI that should be used for a given Cilium Identity
	NumericIdentityToSNI(id identity.NumericIdentity) string

	// SNIToNumericIdentity will return the Cilium Identity for a given SNI
	SNIToNumericIdentity(sni string) (identity.NumericIdentity, error)

	// SubscribeToRotatedIdentities will return a channel with the identities that have rotated certificates
	SubscribeToRotatedIdentities() <-chan CertificateRotationEvent

	// Status will return the status of the certificate provider
	Status() *models.Status
}

type CertificateRotationEvent

type CertificateRotationEvent struct {
	Identity identity.NumericIdentity
	Deleted  bool
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL