Documentation
¶
Overview ¶
Package certprovider defines APIs for Certificate Providers in gRPC.
Experimental ¶
Notice: All APIs in this package are experimental and may be removed in a later release.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type BuildOptions ¶
type BuildOptions struct {
// CertName holds the certificate name, whose key material is of interest to
// the caller.
CertName string
// WantRoot indicates if the caller is interested in the root certificate.
WantRoot bool
// WantIdentity indicates if the caller is interested in the identity
// certificate.
WantIdentity bool
}
BuildOptions contains parameters passed to a Provider at build time.
type BuildableConfig ¶
type BuildableConfig struct {
// contains filtered or unexported fields
}
BuildableConfig wraps parsed provider configuration and functionality to instantiate provider instances.
func NewBuildableConfig ¶
func NewBuildableConfig(name string, config []byte, starter func(BuildOptions) Provider) *BuildableConfig
NewBuildableConfig creates a new BuildableConfig with the given arguments. Provider implementations are expected to invoke this function after parsing the given configuration as part of their ParseConfig() method. Equivalent configurations are expected to invoke this function with the same config argument.
func ParseConfig ¶
func ParseConfig(name string, config interface{}) (*BuildableConfig, error)
ParseConfig is a convenience function to create a BuildableConfig given a provider name and configuration. Returns an error if there is no registered builder for the given name or if the config parsing fails.
func (*BuildableConfig) Build ¶
func (bc *BuildableConfig) Build(opts BuildOptions) (Provider, error)
Build kicks off a provider instance with the wrapped configuration. Multiple invocations of this method with the same opts will result in provider instances being reused.
func (*BuildableConfig) String ¶
func (bc *BuildableConfig) String() string
String returns the provider name and config as a colon separated string.
type Builder ¶
type Builder interface {
// ParseConfig parses the given config, which is in a format specific to individual
// implementations, and returns a BuildableConfig on success.
ParseConfig(interface{}) (*BuildableConfig, error)
// Name returns the name of providers built by this builder.
Name() string
}
Builder creates a Provider.
type Distributor ¶
type Distributor struct {
// contains filtered or unexported fields
}
Distributor makes it easy for provider implementations to furnish new key materials by handling synchronization between the producer and consumers of the key material.
Provider implementations which choose to use a Distributor should do the following:
- create a new Distributor using the NewDistributor() function.
- invoke the Set() method whenever they have new key material or errors to report.
- delegate to the distributor when handing calls to KeyMaterial().
- invoke the Stop() method when they are done using the distributor.
func (*Distributor) KeyMaterial ¶
func (d *Distributor) KeyMaterial(ctx context.Context) (*KeyMaterial, error)
KeyMaterial returns the most recent key material provided to the Distributor. If no key material was provided at the time of this call, it will block until the deadline on the context expires or fresh key material arrives.
func (*Distributor) Set ¶
func (d *Distributor) Set(km *KeyMaterial, err error)
Set updates the key material in the distributor with km.
Provider implementations which use the distributor must not modify the contents of the KeyMaterial struct pointed to by km.
A non-nil err value indicates the error that the provider implementation ran into when trying to fetch key material, and makes it possible to surface the error to the user. A non-nil error value passed here causes distributor's KeyMaterial() method to return nil key material.
func (*Distributor) Stop ¶
func (d *Distributor) Stop()
Stop turns down the distributor, releases allocated resources and fails any active KeyMaterial() call waiting for new key material.
type KeyMaterial ¶
type KeyMaterial struct {
// Certs contains a slice of cert/key pairs used to prove local identity.
Certs []tls.Certificate
// Roots contains the set of trusted roots to validate the peer's identity.
Roots *x509.CertPool
}
KeyMaterial wraps the certificates and keys returned by a Provider instance.
type Provider ¶
type Provider interface {
// KeyMaterial returns the key material sourced by the Provider.
// Callers are expected to use the returned value as read-only.
KeyMaterial(ctx context.Context) (*KeyMaterial, error)
// Close cleans up resources allocated by the Provider.
Close()
}
Provider makes it possible to keep channel credential implementations up to date with secrets that they rely on to secure communications on the underlying channel.
Provider implementations are free to rely on local or remote sources to fetch the latest secrets, and free to share any state between different instantiations as they deem fit.
func GetProvider ¶
func GetProvider(name string, config interface{}, opts BuildOptions) (Provider, error)
GetProvider is a convenience function to create a provider given the name, config and build options.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Package meshca provides an implementation of the Provider interface which communicates with MeshCA to get certificates signed.
|
Package meshca provides an implementation of the Provider interface which communicates with MeshCA to get certificates signed. |
|
Package pemfile provides a file watching certificate provider plugin implementation which works for files with PEM contents.
|
Package pemfile provides a file watching certificate provider plugin implementation which works for files with PEM contents. |