The highest tagged major version is v2.

certmanager

package

v1.5.3 Latest Latest Go to latest Published: Jun 28, 2022 License: Apache-2.0 Imports: 19 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/megaease/easegress

Links

Open Source Insights

Documentation ¶

Index ¶

type CertManager
- func NewCertManager(superSpec *supervisor.Spec, service *service.Service, certProviderType string, ...) *CertManager
type CertProvider
type MeshCertProvider
- func NewMeshCertProvider() *MeshCertProvider

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type CertManager ¶

type CertManager struct {
	Provider CertProvider
	// contains filtered or unexported fields
}

CertManager manages the mesh-wide mTLS cert/keys's refreshing, storing into local Etcd.

func NewCertManager ¶

func NewCertManager(superSpec *supervisor.Spec, service *service.Service, certProviderType string, appCertTTL, rootCertTTL time.Duration, store storage.Storage) *CertManager

NewCertManager creates a certmanager.

func (*CertManager) Close ¶ added in v1.3.2

func (cm *CertManager) Close()

Close closes the certmanager

func (*CertManager) ForceSignAllServices ¶

func (cm *CertManager) ForceSignAllServices()

ForceSignAllServices resigns all services inside mesh regradless it's expired or not.

func (*CertManager) SignIngressController ¶

func (cm *CertManager) SignIngressController() error

SignIngressController signs ingress controller's cert.

func (*CertManager) SignRootCert ¶

func (cm *CertManager) SignRootCert() error

SignRootCert signs the root cert, once the root cert had been resigned it will cause the whole system's application certs to be resigned.

func (*CertManager) SignServiceInstances ¶

func (cm *CertManager) SignServiceInstances(instanceSpecs []*spec.ServiceInstanceSpec) error

SignServiceInstances signs services' instances cert by instanceSpecs parameter.

type CertProvider ¶

type CertProvider interface {
	// SignAppCertAndKey signs a cert, key pair for one service's instance
	SignAppCertAndKey(serviceName string, host, ip string, ttl time.Duration) (cert *spec.Certificate, err error)

	// SignRootCertAndKey signs a cert, key pair for root
	SignRootCertAndKey(time.Duration) (cert *spec.Certificate, err error)

	// GetAppCertAndKey gets cert and key for one service's instance
	GetAppCertAndKey(serviceName, host, ip string) (cert *spec.Certificate, err error)

	// GetRootCertAndKey gets root ca cert and key
	GetRootCertAndKey() (cert *spec.Certificate, err error)

	// ReleaseAppCertAndKey releases one service instance's cert and key
	ReleaseAppCertAndKey(serviceName, host, ip string) error

	// ReleaseRootCertAndKey releases root CA cert and key
	ReleaseRootCertAndKey() error

	// SetRootCertAndKey sets existing app cert
	SetAppCertAndKey(serviceName, host, ip string, cert *spec.Certificate) error

	// SetRootCertAndKey sets exists root cert into provider
	SetRootCertAndKey(cert *spec.Certificate) error
}

CertProvider is the interface declaring the methods for the Certificate provider, such as easemesh-self-sign, Valt, and so on.

type MeshCertProvider ¶

type MeshCertProvider struct {
	RootCert     *spec.Certificate
	ServiceCerts map[string]*spec.Certificate
	// contains filtered or unexported fields
}

MeshCertProvider is the EaseMesh in-memory, Self-Sign type cert provider.

func NewMeshCertProvider ¶

func NewMeshCertProvider() *MeshCertProvider

NewMeshCertProvider creates a new mesh in-memory, self-sign cert provider

func (*MeshCertProvider) GetAppCertAndKey ¶

func (mp *MeshCertProvider) GetAppCertAndKey(serviceName, host, ip string) (cert *spec.Certificate, err error)

GetAppCertAndKey get cert and key for one service

func (*MeshCertProvider) GetRootCertAndKey ¶

func (mp *MeshCertProvider) GetRootCertAndKey() (cert *spec.Certificate, err error)

GetRootCertAndKey get root ca cert and key

func (*MeshCertProvider) ReleaseAppCertAndKey ¶

func (mp *MeshCertProvider) ReleaseAppCertAndKey(serviceName, host, ip string) error

ReleaseAppCertAndKey releases one service's cert and key

func (*MeshCertProvider) ReleaseRootCertAndKey ¶

func (mp *MeshCertProvider) ReleaseRootCertAndKey() error

ReleaseRootCertAndKey releases root CA cert and key

func (*MeshCertProvider) SetAppCertAndKey ¶

func (mp *MeshCertProvider) SetAppCertAndKey(serviceName, host, ip string, cert *spec.Certificate) error

SetAppCertAndKey sets service cert into local memory

func (*MeshCertProvider) SetRootCertAndKey ¶

func (mp *MeshCertProvider) SetRootCertAndKey(cert *spec.Certificate) error

SetRootCertAndKey sets root cert into local memory

func (*MeshCertProvider) SignAppCertAndKey ¶

func (mp *MeshCertProvider) SignAppCertAndKey(serviceName, host, ip string, ttl time.Duration) (cert *spec.Certificate, err error)

SignAppCertAndKey Signs a cert, key pair for one service

func (*MeshCertProvider) SignRootCertAndKey ¶

func (mp *MeshCertProvider) SignRootCertAndKey(ttl time.Duration) (cert *spec.Certificate, err error)

SignRootCertAndKey signs a cert, key pair for root.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL