Documentation
¶
Index ¶
- func AcquireSource(ctx context.Context, acquiredSvid chan<- bool) *workloadapi.X509Source
- func CreateRootKey(id *string, updatedSecret chan<- bool)
- func Monitor(correlationId *string, channels ChannelsToMonitor, timedOut <-chan bool)
- func NotifyTimeout(timedOut chan<- bool)
- func PersistRootKeysToRootKeyBackingStore(rkt data.RootKeyCollection) error
- func PollForConfig(id string, ctx context.Context) (*data.VSecMSafeInternalConfig, error)
- type ChannelsToMonitor
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AcquireSource ¶
func AcquireSource( ctx context.Context, acquiredSvid chan<- bool, ) *workloadapi.X509Source
AcquireSource establishes a connection to the workload API, fetches the X.509 bundle, and returns an X509Source. It takes a context and a channel acquiredSvid to signal when the SVID has been acquired. If there are any errors during the process, the function logs a fatal message and exits.
func CreateRootKey ¶ added in v0.25.3
CreateRootKey generates or reuses a cryptographic key pair for the application, taking an id for logging purposes and a channel updatedSecret to signal when the secret has been updated. If the secret key is not mounted at the expected location or there are any errors reading the key file, the function logs a fatal message and exits. If the secret has not been set in the cluster, the function generates a new key pair, persists them, and signals the updatedSecret channel.
func Monitor ¶
func Monitor( correlationId *string, channels ChannelsToMonitor, timedOut <-chan bool, )
Monitor listens to various channels to track the progress of acquiring an identity, updating the age key, and starting the server. It takes a correlationId for logging purposes and four channels: acquiredSvid, updatedSecret, serverStarted, and timedOut. When all three of the first events (acquiring identity, updating age key, and starting the server) have occurred, the function initializes the state and creates a readiness probe. If a timeout occurs before all three events happen, the function logs a fatal message.
func NotifyTimeout ¶
func NotifyTimeout(timedOut chan<- bool)
NotifyTimeout waits for the duration specified by env.BootstrapTimeoutForSafe() and then sends a 'true' value to the provided 'timedOut' channel. This function can be used to notify other parts of the application when a specific timeout has been reached.
func PersistRootKeysToRootKeyBackingStore ¶ added in v0.25.3
func PersistRootKeysToRootKeyBackingStore(rkt data.RootKeyCollection) error
PersistRootKeysToRootKeyBackingStore persists the root keys to the configured backing store. This is useful to restore VSecM Safe back to operation if it crashes or gets temporarily evicted by the scheduler.
If the persist operation succeed, it updates the root keys stored in the memory too.
This function is typically called during the first bootstrapping of VSecM Safe when there are no keys that have been registered yet.
Note that changing the root key without backing up the existing one means the secrets backed up with the old key will be impossible to decrypt.
func PollForConfig ¶ added in v0.28.0
PollForConfig continuously polls for the VSecM Safe internal configuration.
This function attempts to read the configuration from a secret. It will keep polling until a valid configuration is found or the context is cancelled.
Parameters:
- ctx: A context.Context for cancellation and timeout control.
- id: A correlation ID for logging purposes.
Returns:
- *data.VSecMSafeInternalConfig: A pointer to the parsed VSecM Safe internal configuration.
- error: An error if the context is cancelled or if there's an issue parsing the configuration.
The function will log informational messages about its progress and any errors encountered. It sleeps for 5 seconds between each polling attempt.
Types ¶
type ChannelsToMonitor ¶ added in v0.22.0
type ChannelsToMonitor struct {
AcquiredSvid <-chan bool
UpdatedSecret <-chan bool
ServerStarted <-chan bool
}
ChannelsToMonitor holds channels to monitor various asynchronous signals.
func (ChannelsToMonitor) Size ¶ added in v0.25.3
func (c ChannelsToMonitor) Size() int
Size returns the number of fields in the ChannelsToMonitor struct. This is useful to programmatically check the count of different channels that need to be monitored.
Source Files