manager

package
v0.0.0-...-12b2128 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 21, 2023 License: Apache-2.0 Imports: 29 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Cache

type Cache interface {
	SVIDCache

	// Bundle gets latest cached bundle
	Bundle() *bundleutil.Bundle

	// SyncSVIDsWithSubscribers syncs SVID cache
	SyncSVIDsWithSubscribers()

	// SubscribeToWorkloadUpdates creates a subscriber for given selector set.
	SubscribeToWorkloadUpdates(ctx context.Context, selectors cache.Selectors) (cache.Subscriber, error)

	// SubscribeToBundleChanges creates a stream for providing bundle changes
	SubscribeToBundleChanges() *cache.BundleStream

	// MatchingRegistrationEntries with given selectors
	MatchingRegistrationEntries(selectors []*common.Selector) []*common.RegistrationEntry

	// CountSVIDs in cache stored
	CountSVIDs() int

	// FetchWorkloadUpdate for given selectors
	FetchWorkloadUpdate(selectors []*common.Selector) *cache.WorkloadUpdate

	// GetJWTSVID provides JWT-SVID
	GetJWTSVID(id spiffeid.ID, audience []string) (*client.JWTSVID, bool)

	// SetJWTSVID adds JWT-SVID to cache
	SetJWTSVID(id spiffeid.ID, audience []string, svid *client.JWTSVID)

	// Entries get all registration entries
	Entries() []*common.RegistrationEntry

	// Identities get all identities in cache
	Identities() []cache.Identity
}

Cache stores each registration entry, signed X509-SVIDs for those entries, bundles, and JWT SVIDs for the agent.

type Config

type Config struct {
	// Agent SVID and key resulting from successful attestation.
	SVID             []*x509.Certificate
	SVIDKey          keymanager.Key
	Bundle           *managerCache.Bundle
	Reattestable     bool
	Catalog          catalog.Catalog
	TrustDomain      spiffeid.TrustDomain
	Log              logrus.FieldLogger
	Metrics          telemetry.Metrics
	ServerAddr       string
	Storage          storage.Storage
	WorkloadKeyType  workloadkey.KeyType
	SyncInterval     time.Duration
	RotationInterval time.Duration
	SVIDStoreCache   *storecache.Cache
	SVIDCacheMaxSize int
	NodeAttestor     nodeattestor.NodeAttestor

	// Clk is the clock the manager will use to get time
	Clk clock.Clock
}

Config holds a cache manager configuration

type Manager

type Manager interface {
	// Initialize initializes the manager.
	Initialize(ctx context.Context) error

	// Run runs the manager. It will block until the context is cancelled.
	Run(ctx context.Context) error

	// SubscribeToCacheChanges returns a Subscriber on which cache entry updates are sent
	// for a particular set of selectors.
	SubscribeToCacheChanges(ctx context.Context, key cache.Selectors) (cache.Subscriber, error)

	// SubscribeToSVIDChanges returns a new observer.Stream on which svid.State instances are received
	// each time an SVID rotation finishes.
	SubscribeToSVIDChanges() observer.Stream

	// SubscribeToBundleChanges returns a new bundle stream on which
	// map[string][]*x509.Certificate instances are received each time the
	// bundle changes.
	SubscribeToBundleChanges() *cache.BundleStream

	// GetRotationMtx returns a mutex that locks in SVIDs rotations
	GetRotationMtx() *sync.RWMutex

	// GetCurrentCredentials returns the current SVID and key
	GetCurrentCredentials() svid.State

	// SetRotationFinishedHook sets a hook that will be called when a rotation finished
	SetRotationFinishedHook(func())

	// MatchingRegistrationEntries returns all of the cached registration entries whose
	// selectors are a subset of the passed selectors.
	MatchingRegistrationEntries(selectors []*common.Selector) []*common.RegistrationEntry

	// FetchWorkloadUpdates gets the latest workload update for the selectors
	FetchWorkloadUpdate(selectors []*common.Selector) *cache.WorkloadUpdate

	// FetchJWTSVID returns a JWT SVID for the specified SPIFFEID and audience. If there
	// is no JWT cached, the manager will get one signed upstream.
	FetchJWTSVID(ctx context.Context, spiffeID spiffeid.ID, audience []string) (*client.JWTSVID, error)

	// CountSVIDs returns the amount of X509 SVIDs on memory
	CountSVIDs() int

	// GetLastSync returns the last successful rotation timestamp
	GetLastSync() time.Time

	// GetBundle get latest cached bundle
	GetBundle() *cache.Bundle
}

Manager provides cache management functionalities for agents.

func New

func New(c *Config) Manager

New creates a cache manager based on c's configuration

type SVIDCache

type SVIDCache interface {
	// UpdateEntries updates entries on cache
	UpdateEntries(update *cache.UpdateEntries, checkSVID func(*common.RegistrationEntry, *common.RegistrationEntry, *cache.X509SVID) bool)

	// UpdateSVIDs updates SVIDs on provided records
	UpdateSVIDs(update *cache.UpdateSVIDs)

	// GetStaleEntries gets a list of records that need update SVIDs
	GetStaleEntries() []*cache.StaleEntry
}

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL