tls

package
v1.15.2-alpha.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 23, 2024 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrNotAvailable = errors.New("no tls.Certificate available")
)

Functions

This section is empty.

Types

type Authority added in v1.15.0 

type Authority interface {
	// Run starts the authority and blocks until it is stopped or an error occurs.
	Run(ctx context.Context) error

	// WatchRotation adds a watcher to the authority that will notify the given
	// channel when the root CA has been rotated. It is guaranteed to post a message
	// to the channel when the root CA has been rotated and the channel is not full.
	WatchRotation(ch chan<- struct{})

	// StopWatchingRotation removes the watcher from the authority.
	StopWatchingRotation(ch chan<- struct{})

	// Sign signs the given certificate template and returns the signed certificate.
	// WARNING: The WatchRotation method should be called before Sign to ensure that
	// the rotation of the CA used to sign the certificate in this call is detected.
	Sign(template *x509.Certificate) (*x509.Certificate, error)
}

type CertificateSource 

type CertificateSource interface {
	// GetCertificate returns a Certificate based on the given
	// ClientHelloInfo. It will only be called if the client supplies SNI
	// information or if Certificates is empty.
	//
	// If GetCertificate is nil or returns nil, then the certificate is
	// retrieved from NameToCertificate. If NameToCertificate is nil, the
	// first element of Certificates will be used.
	GetCertificate(*tls.ClientHelloInfo) (*tls.Certificate, error)

	// Start will start the certificate source.
	// This may include setting up watches on certificate stores, or any other
	// kind of background operation.
	// The Start function should return when stopCh is closed, and may return an
	// error if an irrecoverable error occurs whilst running.
	Start(context.Context) error

	// Healthy can be used to check the status of the CertificateSource.
	// It will return true if the source has a certificate available.
	Healthy() bool
}

type DynamicSource 

type DynamicSource struct {
	// DNSNames that will be set on certificates this source produces.
	DNSNames []string

	// The authority used to sign certificate templates.
	Authority Authority

	RetryInterval time.Duration
	// contains filtered or unexported fields
}

DynamicSource provides certificate data for a golang HTTP server by automatically generating certificates using an authority.SignFunc.

func (*DynamicSource) GetCertificate 

func (f *DynamicSource) GetCertificate(*tls.ClientHelloInfo) (*tls.Certificate, error)

func (*DynamicSource) Healthy 

func (f *DynamicSource) Healthy() bool

func (*DynamicSource) NeedLeaderElection added in v1.15.0 

func (f *DynamicSource) NeedLeaderElection() bool

Implements LeaderElectionRunnable (https://github.com/kubernetes-sigs/controller-runtime/blob/56159419231e985c091ef3e7a8a3dee40ddf1d73/pkg/manager/manager.go#L305)

func (*DynamicSource) Start added in v1.15.0 

func (f *DynamicSource) Start(ctx context.Context) error

Implements Runnable (https://github.com/kubernetes-sigs/controller-runtime/blob/56159419231e985c091ef3e7a8a3dee40ddf1d73/pkg/manager/manager.go#L287)

type FileCertificateSource 

type FileCertificateSource struct {
	// CertPath is the path to the TLS certificate.
	// This file will be read periodically and will be used as the private key
	// for TLS connections.
	CertPath string

	// KeyPath is the path to the private key.
	// This file will be read periodically and will be used as the private key
	// for TLS connections.
	KeyPath string

	// UpdateInterval is how often the CertPath and KeyPath will be checked for
	// changes.
	// If not specified, a default of 10s will be used.
	UpdateInterval time.Duration

	// MaxFailures is the maximum number of times a failure to read data from
	// disk should be allowed before treating it as fatal.
	// If not specified, a default of 12 will be used.
	MaxFailures int
	// contains filtered or unexported fields
}

FileCertificateSource provides certificate data for a golang HTTP server by reloading data on disk periodically.

func (*FileCertificateSource) GetCertificate 

func (f *FileCertificateSource) GetCertificate(*tls.ClientHelloInfo) (*tls.Certificate, error)

func (*FileCertificateSource) Healthy 

func (f *FileCertificateSource) Healthy() bool

func (*FileCertificateSource) Start added in v1.15.0 

func (f *FileCertificateSource) Start(ctx context.Context) error

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.