security

package

v1.13.6 Latest Latest Go to latest Published: Sep 25, 2024 License: Apache-2.0 Imports: 38 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/dapr/dapr

Links

Documentation ¶

Index ¶

func CurrentNamespace() string
func CurrentNamespaceOrError() (string, error)
func GetAPIToken() string
func GetAppToken() string
func SentryID(sentryTrustDomain spiffeid.TrustDomain, sentryNamespace string) (spiffeid.ID, error)
type Handler
type Options
type Provider
- func New(ctx context.Context, opts Options) (Provider, error)
type RequestFn

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func CurrentNamespace ¶

func CurrentNamespace() string

CurrentNamespace returns the namespace of this workload.

func CurrentNamespaceOrError ¶ added in v1.12.1

func CurrentNamespaceOrError() (string, error)

CurrentNamespaceOrError returns the namespace of this workload. If current Namespace is not found, error.

func GetAPIToken ¶

func GetAPIToken() string

GetAPIToken returns the value of the api token from an environment variable.

func GetAppToken ¶

func GetAppToken() string

GetAppToken returns the value of the app api token from an environment variable.

func SentryID ¶

func SentryID(sentryTrustDomain spiffeid.TrustDomain, sentryNamespace string) (spiffeid.ID, error)

SentryID returns the SPIFFE ID of the sentry server.

Types ¶

type Handler ¶

type Handler interface {
	GRPCServerOptionMTLS() grpc.ServerOption
	GRPCServerOptionNoClientAuth() grpc.ServerOption
	GRPCDialOptionMTLSUnknownTrustDomain(ns, appID string) grpc.DialOption
	GRPCDialOptionMTLS(spiffeid.ID) grpc.DialOption

	TLSServerConfigNoClientAuth() *tls.Config
	NetListenerID(net.Listener, spiffeid.ID) net.Listener
	NetDialerID(context.Context, spiffeid.ID, time.Duration) func(network, addr string) (net.Conn, error)

	ControlPlaneTrustDomain() spiffeid.TrustDomain
	ControlPlaneNamespace() string
	CurrentTrustAnchors() ([]byte, error)

	MTLSEnabled() bool
	WatchTrustAnchors(context.Context, chan<- []byte)
}

Handler implements middleware for client and server connection security.

type Options ¶

type Options struct {
	// SentryAddress is the network address of the sentry server.
	SentryAddress string

	// ControlPlaneTrustDomain is the trust domain of the control plane
	// components.
	ControlPlaneTrustDomain string

	// ControlPlaneNamespace is the dapr namespace of the control plane
	// components.
	ControlPlaneNamespace string

	// TrustAnchors is the X.509 PEM encoded CA certificates for this Dapr
	// installation. Cannot be used with TrustAnchorsFile. TrustAnchorsFile is
	// preferred so changes to the file are automatically picked up.
	TrustAnchors []byte

	// TrustAnchorsFile is the path to the X.509 PEM encoded CA certificates for
	// this Dapr installation. Prefer this over TrustAnchors so changes to the
	// file are automatically picked up. Cannot be used with TrustAnchors.
	TrustAnchorsFile string

	// AppID is the application ID of this workload.
	AppID string

	// MTLS is true if mTLS is enabled.
	MTLSEnabled bool

	// OverrideCertRequestSource is used to override where certificates are requested
	// from. Default to an implementation requesting from Sentry.
	OverrideCertRequestSource RequestFn

	// Mode is the operation mode of this security instance (self-hosted or
	// Kubernetes).
	Mode modes.DaprMode
}

Options are the options for the security authenticator.

type Provider ¶

type Provider interface {
	Run(context.Context) error
	Handler(context.Context) (Handler, error)
}

Provider is the security provider.

func New ¶

func New(ctx context.Context, opts Options) (Provider, error)

type RequestFn ¶

type RequestFn func(ctx context.Context, der []byte) ([]*x509.Certificate, error)

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
consts
legacy
pem
spiffe
token

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL