dca

package
v0.53.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 11, 2021 License: BSD-3-Clause Imports: 5 Imported by: 0

Documentation

Overview

Package dca contains utils for implementing Device Certificate Authentication according to https://google.aip.dev/auth/4114

The overall logic for DCA is as follows:

  1. If both endpoint override and client certificate are specified, use them as is.
  2. If user does not specify client certificate, we will attempt to use default client certificate.
  3. If user does not specify endpoint override, we will use defaultMtlsEndpoint if client certificate is available and defaultEndpoint otherwise.

Implications of the above logic:

  1. If the user specifies a non-mTLS endpoint override but client certificate is available, we will pass along the cert anyway and let the server decide what to do.
  2. If the user specifies an mTLS endpoint override but client certificate is not available, we will not fail-fast, but let backend throw error when connecting.

We would like to avoid introducing client-side logic that parses whether the endpoint override is an mTLS url, since the url pattern may change at anytime.

This package is not intended for use by end developers. Use the google.golang.org/api/option package to configure API clients.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetClientCertificateSourceAndEndpoint

func GetClientCertificateSourceAndEndpoint(settings *internal.DialSettings) (cert.Source, string, error)

GetClientCertificateSourceAndEndpoint is a convenience function that invokes getClientCertificateSource and getEndpoint sequentially and returns the client cert source and endpoint as a tuple.

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL