Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CurrentNamespace ¶
func CurrentNamespace() string
CurrentNamespace returns the namespace of this workload.
func CurrentNamespaceOrError ¶ added in v1.12.1
CurrentNamespaceOrError returns the namespace of this workload. If current Namespace is not found, error.
func GetAPIToken ¶
func GetAPIToken() string
GetAPIToken returns the value of the api token from an environment variable.
func GetAppToken ¶
func GetAppToken() string
GetAppToken returns the value of the app api token from an environment variable.
Types ¶
type Handler ¶
type Handler interface {
GRPCServerOptionMTLS() grpc.ServerOption
GRPCServerOptionNoClientAuth() grpc.ServerOption
GRPCDialOptionMTLSUnknownTrustDomain(ns, appID string) grpc.DialOption
GRPCDialOptionMTLS(spiffeid.ID) grpc.DialOption
TLSServerConfigNoClientAuth() *tls.Config
NetListenerID(net.Listener, spiffeid.ID) net.Listener
NetDialerID(context.Context, spiffeid.ID, time.Duration) func(network, addr string) (net.Conn, error)
MTLSClientConfig(spiffeid.ID) *tls.Config
ControlPlaneTrustDomain() spiffeid.TrustDomain
ControlPlaneNamespace() string
CurrentTrustAnchors(context.Context) ([]byte, error)
WithSVIDContext(context.Context) context.Context
MTLSEnabled() bool
ID() spiffeid.ID
WatchTrustAnchors(context.Context, chan<- []byte)
IdentityDir() *string
}
Handler implements middleware for client and server connection security.
type Options ¶
type Options struct {
// SentryAddress is the network address of the sentry server.
SentryAddress string
// ControlPlaneTrustDomain is the trust domain of the control plane
// components.
ControlPlaneTrustDomain string
// ControlPlaneNamespace is the dapr namespace of the control plane
// components.
ControlPlaneNamespace string
// TrustAnchors is the X.509 PEM encoded CA certificates for this Dapr
// installation. Cannot be used with TrustAnchorsFile. TrustAnchorsFile is
// preferred so changes to the file are automatically picked up.
TrustAnchors []byte
// TrustAnchorsFile is the path to the X.509 PEM encoded CA certificates for
// this Dapr installation. Prefer this over TrustAnchors so changes to the
// file are automatically picked up. Cannot be used with TrustAnchors.
TrustAnchorsFile *string
// AppID is the application ID of this workload.
AppID string
// MTLS is true if mTLS is enabled.
MTLSEnabled bool
// OverrideCertRequestFn is used to override where certificates are requested
// from. Default to an implementation requesting from Sentry.
OverrideCertRequestFn spiffe.RequestSVIDFn
// OverrideRequestNamespace is used to override the namespace used when
// requesting certificates.
OverrideRequestNamespace *string
// OverrideTrustAnchors is used to override where trust anchors are requested
// from.
OverrideTrustAnchors trustanchors.Interface
// Mode is the operation mode of this security instance (self-hosted or
// Kubernetes).
Mode modes.DaprMode
// SentryTokenFile is an optional file containing the token to authenticate
// to sentry.
SentryTokenFile *string
// Healthz is used to signal the health of the security provider.
Healthz healthz.Healthz
// WriteIdentityToFile is used to write the identity private key and
// certificate chain to file. The certificate chain and private key will be
// written to the `tls.cert` and `tls.key` files respectively in the given
// directory.
WriteIdentityToFile *string
// JSONWebKeySet is the JSON Web Key Set for this Dapr installation. Cannot be
// used with JSONWebKeySetFile or TrustAnchorsFile.
JSONWebKeySet []byte
// JSONWebKeySetFile is the path to the JSON Web Key Set for this Dapr
// installation. Prefer this over JSONWebKeySet so changes to the file are
// automatically picked up. Cannot be used with JSONWebKeySet or TrustAnchors.
JSONWebKeySetFile *string
// JwtAudiences is the list of JWT audiences to be included in the certificate request.
JwtAudiences []string
}
Options are the options for the security authenticator.
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.