dynamic_clientcert

package
v0.0.0-...-6a0d788 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 3, 2022 License: MIT Imports: 10 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var CertCallbackRefreshDuration = 1 * time.Minute

CertCallbackRefreshDuration is exposed so that integration tests can crank up the reload speed.

Functions

This section is empty.

Types

type DynamicClientCertificate

type DynamicClientCertificate interface {
	// run starts the controller and blocks until context expires
	// calling run is not necessary, but allows us to refresh certificates
	// before being required for a request (preventing long latency penalties)
	Run(ctx context.Context)

	// GetClientCertificate can be used in you tls config. It makes sure a new
	// certificate is fetched when the current certificate is expired or does not
	// match the server's *tls.CertificateRequestInfo.
	GetClientCertificate(cri *tls.CertificateRequestInfo) (*tls.Certificate, error)
}

func NewDynamicClientCertificate

func NewDynamicClientCertificate(ctx context.Context, log logr.Logger, newCertificate NewCertificate, closeIdleConnections func()) DynamicClientCertificate

Dynamic client cert: use file/ secret watch and acceptable server CAs to determine if certificate is still valid and fetch a new version of the cerificate if required. A certificate that is about to expire will cause the connection to be closed.

type NewCertificate

type NewCertificate func(ctx context.Context, existing *tls.Certificate) (*tls.Certificate, error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL