Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type CancelableAuthReqestConstructor

type CancelableAuthReqestConstructor func() (authn.CancelableAuthRequest, error)

AuthReqConstructor knows how to construct an authn.CancelableAuthRequest instance

type CancelableAuthReqestHolder

type CancelableAuthReqestHolder struct {
	// contains filtered or unexported fields
}

CancelableAuthReqestHolder keeps an authenticator.Request instance. It allows for Get/Set operations in a thread-safe way

func NewAuthReqHolder

func NewAuthReqHolder() *CancelableAuthReqestHolder

NewAuthReqHolder returns new CancelableAuthReqestHolder instance

func (*CancelableAuthReqestHolder) Get

Get returns the instances stored in the CancelableAuthReqestHolder

func (*CancelableAuthReqestHolder) Set

Set stores given instances in the CancelableAuthReqestHolder

type CancelableAuthReqestReloader

type CancelableAuthReqestReloader struct {
	// contains filtered or unexported fields
}

CancelableAuthReqestReloader enables to create and re-create an instance of authn.CancelableAuthRequest in a thread-safe way. It implements authenticator.Request interface so it can be easily plugged in instead of a "real" instance.

func NewCancelableAuthReqestReloader

func NewCancelableAuthReqestReloader(constructor CancelableAuthReqestConstructor) (*CancelableAuthReqestReloader, error)

NewCancelableAuthReqestReloader creates a new instance of CancelableAuthReqestReloader. It requires a constructor to re-create the internal instance once Reload() is invoked.

func (*CancelableAuthReqestReloader) AuthenticateRequest

func (rar *CancelableAuthReqestReloader) AuthenticateRequest(req *http.Request) (*authenticator.Response, bool, error)

AuthenticateRequest implements authenticator.Request interface

func (*CancelableAuthReqestReloader) Reload

func (rar *CancelableAuthReqestReloader) Reload()

Reload reloads internal instance. It's safe to call it from other goroutines.

type TLSCertConstructor

type TLSCertConstructor func() (*tls.Certificate, error)

TLSCertConstructor knows how to construct a tls.Certificate instance

type TLSCertHolder

type TLSCertHolder struct {
	// contains filtered or unexported fields
}

TLSCertHolder keeps a tls.Certificate instance and allows for Get/Set operations in a thread-safe way

func NewTLSCertHolder

func NewTLSCertHolder() *TLSCertHolder

NewTLSCertHolder returns new TLSCertHolder instance

func (*TLSCertHolder) Get

func (tlsh *TLSCertHolder) Get() *tls.Certificate

Get returns the tls.Certificate instance stored in the TLSCertHolder

func (*TLSCertHolder) Set

func (tlsh *TLSCertHolder) Set(v *tls.Certificate)

Set stores given tls.Certificate in the TLSCertHolder

type TLSCertReloader

type TLSCertReloader struct {
	// contains filtered or unexported fields
}

TLSCertReloader enables to create and re-create an instance of tls.Certificate in a thread-safe way. It's GetCertificateFunc conforms to tls.Config.GetCertificate function type.

func NewTLSCertReloader

func NewTLSCertReloader(constructor TLSCertConstructor) (*TLSCertReloader, error)

NewTLSCertReloader creates a new instance of TLSCertReloader.

func (*TLSCertReloader) GetCertificateFunc

func (ckpr *TLSCertReloader) GetCertificateFunc(*tls.ClientHelloInfo) (*tls.Certificate, error)

GetCertificateFunc conforms to tls.Config.GetCertificate function type

func (*TLSCertReloader) Reload

func (ckpr *TLSCertReloader) Reload()

Reload reloads the internal instance. It's safe to call it from other goroutines.

type Watcher

type Watcher interface {
	// Run start the watcher loop (blocking call)
	// context is used to terminate the loop
	Run(context.Context)
}

Watcher is designed to provide notifications about changes to files mounted inside kubernetes Pod, like Secrets or ConfigMaps Because file watches breaks in kubernetes when mounts are updated, we watch for directories instead. This happens because files mounted in a Pod are actually symbolic links pointing to "real" files. On updating mounted files, kubernetes deletes the existing file, which sends a DELETE file event and breaks the watch

func NewWatcher

func NewWatcher(name string, filePaths []string, evBatchDelaySeconds uint8, notifyFunc func()) Watcher

NewWatcher creates a new watcher instance name is used in logging filePaths parameter is a list of file paths to watch notifyFunc is a function that is invoked after watcher detects changes to monitored files.