util

package
v0.0.0-...-b0ce39f Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 20, 2021 License: BSD-3-Clause Imports: 22 Imported by: 2

Documentation

Overview

Copyright 2020, Verizon Media Inc. Licensed under the terms of the 3-Clause BSD license. See LICENSE file in github.com/yahoo/k8s-athenz-identity for terms.

Index

Constants

This section is empty.

Variables

View Source 
var DefaultPollInterval = 1 * time.Second // 1s default interval to allow 1m cert refreshes

Functions

func CertificateFromPEMBytes 

func CertificateFromPEMBytes(pemBytes []byte) (*x509.Certificate, error)

CertificateFromPEMBytes returns an X.509 certificate from its supplied PEM representation.

func DomainToDNSPart 

func DomainToDNSPart(domain string) (part string)

DomainToDNSPart converts the Athenz domain into a DNS label

func GenerateCSR 

func GenerateCSR(signer crypto.Signer, opts CSROptions) (csrPEM []byte, err error)

GenerateCSR generates a CSR using the supplied key, common name and options.

func GenerateKeyAndCSR 

func GenerateKeyAndCSR(opts CSROptions) (keyPEM, csrPEM []byte, err error)

GenerateKeyAndCSR generates a private key and returns the key and CSR PEMs.

func MarshalSANs 

func MarshalSANs(sans SubjectAlternateNames) (pkix.Extension, error)

func NamespaceToDomain 

func NamespaceToDomain(ns string) (domain string)

NamespaceToDomain converts a kube namespace to an Athenz domain

func PublicKeyFromPEMBytes 

func PublicKeyFromPEMBytes(pemBytes []byte) (crypto.PublicKey, error)

PublicKeyFromPEMBytes returns a public key from its supplied PEM representation.

func ServiceAccountToService 

func ServiceAccountToService(svc string) string

ServiceAccountToService converts a kube serviceaccount name to an Athenz service

func SpiffeURI 

func SpiffeURI(domain, service string) (*url.URL, error)

SpiffeURI returns the SPIFFE URI for the specified Athens domain and service.

Types

type CSROptions 

type CSROptions struct {
	Subject pkix.Name
	SANs    SubjectAlternateNames
}

CSROptions has optional config for creating a CSR request

type CertReloader 

type CertReloader struct {
	// contains filtered or unexported fields
}

CertReloader reloads the (key, cert) pair from the filesystem when the cert file is updated.

func NewCertReloader 

func NewCertReloader(config ReloadConfig) (*CertReloader, error)

NewCertReloader returns a CertReloader that reloads the (key, cert) pair whenever the cert file changes on the filesystem.

func (*CertReloader) Close 

func (w *CertReloader) Close() error

Close stops the background refresh.

func (*CertReloader) GetLatestCertificate 

func (w *CertReloader) GetLatestCertificate() (*tls.Certificate, error)

GetLatestCertificate returns the latest known certificate.

func (*CertReloader) GetLatestKeyAndCert 

func (w *CertReloader) GetLatestKeyAndCert() ([]byte, []byte, error)

GetLatestKeyAndCert returns the latest known key and certificate in raw bytes.

type KeyType 

type KeyType int

KeyType is the type of private key. 

const (
	RSA KeyType
	ECDSA
)

supported key types

func PrivateKeyFromPEMBytes 

func PrivateKeyFromPEMBytes(privatePEMBytes []byte) (KeyType, crypto.Signer, error)

PrivateKeyFromPEMBytes returns a private key along with its type from its supplied PEM representation.

type LogFn 

type LogFn func(format string, args ...interface{})

LogFn allows customized logging.

type ReloadConfig 

type ReloadConfig struct {
	CertFile     string // the cert file
	KeyFile      string // the key file
	Logger       LogFn  // custom log function for errors, optional
	PollInterval time.Duration
}

ReloadConfig contains the config for cert reload.

type SubjectAlternateNames 

type SubjectAlternateNames struct {
	DNSNames       []string
	IPAddresses    []net.IP
	URIs           []url.URL
	EmailAddresses []string
}

SubjectAlternateNames contains the SAN entities in a cert.

func UnmarshalSANs 

func UnmarshalSANs(extensions []pkix.Extension) (sans SubjectAlternateNames, err error)

func (*SubjectAlternateNames) IsEmpty 

func (s *SubjectAlternateNames) IsEmpty() bool

func (SubjectAlternateNames) String 

func (s SubjectAlternateNames) String() string

type Writer 

type Writer struct {
	// contains filtered or unexported fields
}

Writer writes multiple files with modified suffixes and renames all of them to their final names on save.

func NewWriter 

func NewWriter() *Writer

NewWriter returns a writer.

func (*Writer) AddBytes 

func (w *Writer) AddBytes(target string, perms os.FileMode, content []byte) error

AddBytes writes a file with the supplied bytes.

func (*Writer) AddFile 

func (w *Writer) AddFile(target string, perms os.FileMode, source string) error

AddFile writes a file using the supplied file as source.

func (*Writer) AddReader 

func (w *Writer) AddReader(target string, perms os.FileMode, content io.Reader) error

AddReader writes a file using the supplied reader as source.

func (*Writer) Save 

func (w *Writer) Save() error

Save renames all temp files written to their final names. When multiple files are involved, this reduces race conditions with inconsistent data but does not completely eliminate it.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.