workload

package
v0.0.0-...-730bba4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 12, 2018 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// SecretFile propages the key/cert to the workload through file.
	SecretFile int = iota // 0
	// SecretDiscoveryServiceAPI propages the key/cert to the workload through SDS API.
	SecretDiscoveryServiceAPI // 1
)
View Source
const (

	// SecretTypeURL defines the type URL for Envoy secret proto.
	SecretTypeURL = "type.googleapis.com/envoy.api.v2.auth.Secret"

	// SecretName defines the type of the secrets to fetch from the SDS server.
	SecretName = "SPKI"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type Config

type Config struct {
	// Mode specifies how the node agent communications to workload.
	Mode int

	// FileUtil is valid in FILE mode. It supports file I/O in a FS.
	FileUtil util.FileUtil

	// ServiceIdentityCertFile is valid in FILE mode. It specifies the file path for service identity certificate.
	ServiceIdentityCertFile string

	// ServiceIdentityPrivateKeyFile is valid in FILE mode. It specifies the file path for service identity private key.
	ServiceIdentityPrivateKeyFile string
}

Config is the configuration for node agent to workload communication.

func NewSecretFileServerConfig

func NewSecretFileServerConfig(certFile string, keyFile string) Config

NewSecretFileServerConfig creates a Config for propogating key/cert to workload through file.

type SDSServer

type SDSServer struct {
	// contains filtered or unexported fields
}

SDSServer implements api.SecretDiscoveryServiceServer that listens on a list of Unix Domain Sockets.

func NewSDSServer

func NewSDSServer() *SDSServer

NewSDSServer creates the SDSServer that registers SecretDiscoveryServiceServer, a gRPC server.

func (*SDSServer) FetchSecrets

func (s *SDSServer) FetchSecrets(ctx context.Context, request *api.DiscoveryRequest) (*api.DiscoveryResponse, error)

FetchSecrets fetches the X.509 key/cert for a given workload whose identity can be derived from the UDS path where this call is received.

func (*SDSServer) GetTLSCertificate

func (s *SDSServer) GetTLSCertificate(udsPath string) (*auth.TlsCertificate, error)

GetTLSCertificate generates the X.509 key/cert for the workload identity derived from udsPath, which is where the FetchSecrets grpc request is received. SecretServer implementations could have diffent implementation

func (*SDSServer) RegisterUdsPath

func (s *SDSServer) RegisterUdsPath(udsPath string) error

RegisterUdsPath registers a path for Unix Domain Socket and has SDSServer's gRPC server listen on it.

func (*SDSServer) SetServiceIdentityCert

func (s *SDSServer) SetServiceIdentityCert(content []byte) error

SetServiceIdentityCert sets the service identity certificate into the memory.

func (*SDSServer) SetServiceIdentityPrivateKey

func (s *SDSServer) SetServiceIdentityPrivateKey(content []byte) error

SetServiceIdentityPrivateKey sets the service identity private key into the memory.

func (*SDSServer) StreamSecrets

StreamSecrets is not supported.

type SecretFileServer

type SecretFileServer struct {
	// contains filtered or unexported fields
}

SecretFileServer is an implementation of SecretServer that writes the key/cert into file system.

func (*SecretFileServer) GetServiceIdentityCert

func (sf *SecretFileServer) GetServiceIdentityCert() ([]byte, error)

GetServiceIdentityCert sets the service identity cert to the channel accessible to the workload.

func (*SecretFileServer) GetServiceIdentityPrivateKey

func (sf *SecretFileServer) GetServiceIdentityPrivateKey() ([]byte, error)

GetServiceIdentityPrivateKey sets the service identity private key to the channel accessible to the workload.

func (*SecretFileServer) SetServiceIdentityCert

func (sf *SecretFileServer) SetServiceIdentityCert(content []byte) error

SetServiceIdentityCert sets the service identity certificate into the file system.

func (*SecretFileServer) SetServiceIdentityPrivateKey

func (sf *SecretFileServer) SetServiceIdentityPrivateKey(content []byte) error

SetServiceIdentityPrivateKey sets the service identity private key into the file system.

type SecretServer

type SecretServer interface {
	// SetServiceIdentityPrivateKey sets the service identity private key to the channel accessible to the workload.
	SetServiceIdentityPrivateKey([]byte) error
	// SetServiceIdentityCert sets the service identity cert to the channel accessible to the workload.
	SetServiceIdentityCert([]byte) error
}

SecretServer is for implementing the communication from the node agent to the workload.

func NewSecretServer

func NewSecretServer(cfg Config) (SecretServer, error)

NewSecretServer instantiates a SecretServer according to the configuration.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL