Documentation ¶
Index ¶
Constants ¶
View Source
const DefaultRotatorInterval = 5 * time.Second
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Rotator ¶
type Rotator interface { Run(ctx context.Context) error Reattest(ctx context.Context) error // NotifyTaintedAuthorities processes new tainted authorities. If the current SVID is compromised, // it is marked to force rotation. NotifyTaintedAuthorities([]*x509.Certificate) error IsTainted() bool State() State Subscribe() observer.Stream GetRotationMtx() *sync.RWMutex SetRotationFinishedHook(func()) }
func NewRotator ¶
func NewRotator(c *RotatorConfig) (Rotator, client.Client)
type RotatorConfig ¶
type RotatorConfig struct { SVIDKeyManager keymanager.SVIDKeyManager Log logrus.FieldLogger Metrics telemetry.Metrics TrustDomain spiffeid.TrustDomain ServerAddr string NodeAttestor nodeattestor.NodeAttestor Reattestable bool // Initial SVID and key SVID []*x509.Certificate SVIDKey keymanager.Key BundleStream *cache.BundleStream // How long to wait between expiry checks Interval time.Duration // Clk is the clock that the rotator will use to create a ticker Clk clock.Clock RotationStrategy *rotationutil.RotationStrategy // TLSPolicy determines the post-quantum-safe policy for TLS connections. TLSPolicy tlspolicy.Policy }
Click to show internal directories.
Click to hide internal directories.