README
¶
TLS Config
The TLS Config package provides an easy way for any clients that takes a tlsconfig.Providerto configure itself for TLS
The TLs Config package does this by enabling the following properties
type Properties struct {
// type can be vault or file
Type string `json:"type"`
MinVersion string `json:"min-version"`
// vault type related properties
Path string `json:"path"`
Role string `json:"role"`
CN string `json:"cn"`
IpSans string `json:"ip-sans"`
AltNames string `json:"alt-names"`
Ttl string `json:"ttl"`
MinRenewInterval string `json:"min-renew-interval"`
// file type related properties
CaCertFile string `json:"ca-cert-file"`
CertFile string `json:"cert-file"`
KeyFile string `json:"key-file"`
KeyPass string `json:"key-pass"`
}
You can use add this struct to any properties you define in the application, and use the ProviderFactory to get a
tlsconfig.Provider from the properties.
Documentation
¶
Overview ¶
Package certs Defines necessary interfaces and types for certificate management
Index ¶
Constants ¶
View Source
const (
FxGroup = "certs"
)
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CertificateFiles ¶
type CertificateFiles struct {
RootCAPaths []string
CertificatePath string
PrivateKeyPath string
PrivateKeyPassphrase string
}
CertificateFiles filesystem based certificates and keys. All values in this struct are corresponding file's path on local filesystem. Some system can only reference certificates by path on filesystem
type DefaultManager ¶
type DefaultManager struct {
sync.Mutex
Properties Properties
ConfigLoaderFunc func(target interface{}, configPath string) error
// contains filtered or unexported fields
}
func NewDefaultManager ¶
func NewDefaultManager(opts ...func(mgr *DefaultManager)) *DefaultManager
func (*DefaultManager) Close ¶
func (m *DefaultManager) Close() error
func (*DefaultManager) MustRegister ¶
func (m *DefaultManager) MustRegister(items ...interface{})
func (*DefaultManager) Register ¶
func (m *DefaultManager) Register(items ...interface{}) error
type Option ¶
type Option struct {
// Preset name of the preset config. Set this field to reuse configuration from properties (tls.presets.<name>).
// This field is exclusive with ConfigPath, Type and RawConfig
Preset string
// ConfigPath is similar to Preset, but should be the full property path. e.g. "redis.tls.config".
// This field is exclusive with Preset, Type and RawConfig
ConfigPath string
// RawConfig raw configuration of the certificate source, required when Type is set.
// This field is exclusive with Preset and ConfigPath
// Supported types: json.RawMessage, []byte (JSON), string (JSON), or any struct compatible with corresponding SourceType
RawConfig interface{}
// Type type of the certificate source. Set this field for manual configuration
// This field is ignored if any of Preset or ConfigPath is set.
// If RawConfig includes "type" field, Type is optional. In such case, if Type is set, it overrides the value from RawConfig
Type SourceType
}
type Options ¶
type Options func(opt *Option)
func WithConfigPath ¶
func WithPreset ¶
func WithRawConfig ¶
func WithRawConfig(rawCfg interface{}) Options
func WithSourceProperties ¶
func WithSourceProperties(props *SourceProperties) Options
func WithType ¶
func WithType(srcType SourceType, cfg interface{}) Options
type Properties ¶
type Properties struct {
Sources map[SourceType]json.RawMessage `json:"sources"`
Presets map[string]json.RawMessage `json:"presets"`
}
func NewProperties ¶
func NewProperties() *Properties
type Registrar ¶
type Registrar interface {
Register(items ...interface{}) error
MustRegister(items ...interface{})
}
Registrar is the additional top-level interface for supported Provider to register itself Supported types: - SourceFactory
type Source ¶
type Source interface {
// TLSConfig get certificates as tls.Config. For native drivers that support standard tls.Config
TLSConfig(ctx context.Context, opts ...TLSOptions) (*tls.Config, error)
// Files get certificates as local files. For drivers that support filesystem based certificates config e.g. postgres DSN
Files(ctx context.Context) (*CertificateFiles, error)
}
type SourceConfig ¶
type SourceConfig struct {
RawConfig json.RawMessage
}
type SourceFactory ¶
type SourceFactory interface {
Type() SourceType
LoadAndInit(ctx context.Context, opts ...SourceOptions) (Source, error)
}
type SourceOptions ¶
type SourceOptions func(srcCfg *SourceConfig)
type SourceProperties ¶
type SourceProperties struct {
// Preset is optional. When set, it should match a key in Properties.Presets
Preset string `json:"preset"`
// Type is required when Preset is not set, optional and ignored when Preset is set.
Type SourceType `json:"type"`
// Raw stores configuration as JSON.
// When Preset is set, Raw might be empty. Otherwise, Raw should at least have "type"
Raw json.RawMessage `json:"-"`
}
SourceProperties convenient properties for other package to bind.
func (*SourceProperties) UnmarshalJSON ¶
func (p *SourceProperties) UnmarshalJSON(data []byte) error
type SourceType ¶
type SourceType string
const ( SourceVault SourceType = "vault" SourceFile SourceType = "file" SourceACM SourceType = "acm" )
type TLSOptions ¶
type TLSOptions func(opt *TLSOption)
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.