configtls

package

v0.4.0 Latest Latest Go to latest Published: Jun 16, 2020 License: Apache-2.0 Imports: 7 Imported by: 85

Documentation ¶

Index ¶

type TLSClientSetting
- func (c TLSClientSetting) LoadgRPCTLSClientCredentials() (grpc.DialOption, error)
type TLSSetting
- func (c TLSSetting) LoadTLSConfig() (*tls.Config, error)
- func (c TLSSetting) LoadgRPCTLSServerCredentials() (grpc.ServerOption, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type TLSClientSetting ¶

type TLSClientSetting struct {
	TLSSetting `mapstructure:",squash"` // squash ensures fields are correctly decoded in embedded struct

	// In gRPC when set to true, this is used to disable the client transport security.
	// See https://godoc.org/google.golang.org/grpc#WithInsecure.
	// In HTTP, this disables verifying the server's certificate chain and host name
	// (InsecureSkipVerify in the tls Config). Please refer to
	// https://godoc.org/crypto/tls#Config for more information.
	// (optional, default false)
	// TODO(ccaraman): With further research InsecureSkipVerify is a valid option
	// for gRPC connections. Add that ability to the TLSClientSettings in a subsequent
	// pr.
	Insecure bool `mapstructure:"insecure"`
	// ServerName requested by client for virtual hosting.
	// This sets the ServerName in the TLSConfig. Please refer to
	// https://godoc.org/crypto/tls#Config for more information. (optional)
	ServerName string `mapstructure:"server_name_override"`
}

TLSClientSetting contains TLS configurations that are specific to client connections in addition to the common configurations. This should be used by components configuring TLS client connections.

func (TLSClientSetting) LoadgRPCTLSClientCredentials ¶

func (c TLSClientSetting) LoadgRPCTLSClientCredentials() (grpc.DialOption, error)

type TLSSetting ¶

type TLSSetting struct {
	// Path to the CA cert. For a client this verifies the server certificate.
	// For a server this verifies client certificates. If empty uses system root CA.
	// (optional)
	CAFile string `mapstructure:"ca_file"`
	// Path to the TLS cert to use for TLS required connections. (optional)
	CertFile string `mapstructure:"cert_file"`
	// Path to the TLS key to use for TLS required connections. (optional)
	KeyFile string `mapstructure:"key_file"`
}

TLSSetting exposes the common client and server TLS configurations. Note: Since there isn't anything specific to a server connection. Components with server connections should use TLSSetting.

func (TLSSetting) LoadTLSConfig ¶

func (c TLSSetting) LoadTLSConfig() (*tls.Config, error)

LoadTLSConfig loads TLS certificates and returns a tls.Config. This will set the RootCAs and Certificates of a tls.Config.

func (TLSSetting) LoadgRPCTLSServerCredentials ¶

func (c TLSSetting) LoadgRPCTLSServerCredentials() (grpc.ServerOption, error)

Source Files ¶

View all Source files

configtls.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL