Documentation
¶
Index ¶
- Variables
- func CreateMtlsClient(source *workloadapi.X509Source, predicate func(string) bool) (*http.Client, error)
- func CreateMtlsServer(source *workloadapi.X509Source, tlsPort string, predicate func(string) bool) (*http.Server, error)
- func HandleRequestError(w http.ResponseWriter, err error) error
- func Post(client *http.Client, path string, mr []byte) ([]byte, error)
- func ReadRequestBody(r *http.Request, w http.ResponseWriter) []byte
- func Serve(source *workloadapi.X509Source, initializeRoutes func(), ...) error
Constants ¶
This section is empty.
Variables ¶
var ErrNotFound = errors.New("not found")
Functions ¶
func CreateMtlsClient ¶
func CreateMtlsClient( source *workloadapi.X509Source, predicate func(string) bool, ) (*http.Client, error)
func CreateMtlsServer ¶
func CreateMtlsServer(source *workloadapi.X509Source, tlsPort string, predicate func(string) bool) (*http.Server, error)
CreateMtlsServer creates an HTTP server configured for mutual TLS (mTLS) authentication using SPIFFE X.509 certificates. It sets up the server with a custom authorizer that validates client SPIFFE IDs against a provided predicate function.
Parameters:
- source: An X509Source that provides the server's identity credentials and validates client certificates. It must be initialized and valid.
- tlsPort: The network address and port for the server to listen on (e.g., ":8443").
- predicate: A function that takes a SPIFFE ID string and returns true if the client should be allowed access, false otherwise.
Returns:
- *http.Server: A configured HTTP server ready to be started with TLS enabled.
- error: An error if the server configuration fails.
The server uses the provided X509Source for both its own identity and for validating client certificates. Client connections are only accepted if their SPIFFE ID passes the provided predicate function.
func HandleRequestError ¶
func HandleRequestError(w http.ResponseWriter, err error) error
HandleRequestError handles HTTP request errors by writing a 400 Bad Request status to the response writer. If err is nil, it returns nil. Otherwise, it writes the error status and returns a joined error containing both the original error and any error encountered while writing the response.
func Post ¶
Post performs an HTTP POST request with a JSON payload and returns the response body. It handles the common cases of connection errors, non-200 status codes, and proper response body handling.
Parameters:
- client: An *http.Client used to make the request, typically configured with TLS settings.
- path: The URL path to send the POST request to.
- mr: A byte slice containing the marshaled JSON request body.
Returns:
- []byte: The response body if the request is successful.
- error: An error if any of the following occur:
- Connection failure during POST request
- Non-200 status code in response
- Failure to read response body
- Failure to close response body
The function ensures proper cleanup by always attempting to close the response body, even if an error occurs during reading. Any error from closing the body is joined with any existing error using errors.Join.
Example:
client := &http.Client{} data := []byte(`{"key": "value"}`) response, err := Post(client, "https://api.example.com/endpoint", data) if err != nil { log.Fatalf("failed to post: %v", err) }
func ReadRequestBody ¶
func ReadRequestBody(r *http.Request, w http.ResponseWriter) []byte
ReadRequestBody reads the entire request body from an HTTP request. It returns the body as a byte slice if successful. If there is an error reading the body or if the body is nil, it writes a 400 Bad Request status to the response writer and returns an empty byte slice. Any errors encountered are logged.
func Serve ¶
func Serve(source *workloadapi.X509Source, initializeRoutes func(), predicate func(string) bool, tlsPort string) error
Serve initializes and starts an HTTPS server using mTLS authentication with SPIFFE X.509 certificates. It sets up the server routes using the provided initialization function and listens for incoming connections on the specified port.
Parameters:
- source: An X509Source that provides the server's identity credentials and validates client certificates. Must not be nil.
- initializeRoutes: A function that sets up the HTTP route handlers for the server. This function is called before the server starts.
- tlsPort: The network address and port for the server to listen on (e.g., ":8443").
Returns:
- error: Returns nil if the server starts successfully, otherwise returns an error explaining the failure. Specific error cases include:
- If source is nil
- If server creation fails
- If the server fails to start or encounters an error while running
The function uses empty strings for the certificate and key file parameters in ListenAndServeTLS as the certificates are provided by the X509Source. The server's mTLS configuration is determined by the CreateMtlsServer function.
Types ¶
This section is empty.