Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Cache ¶
type Cache interface { SVIDCache // Bundle gets latest cached bundle Bundle() *bundleutil.Bundle // SyncSVIDsWithSubscribers syncs SVID cache SyncSVIDsWithSubscribers() // SubscribeToWorkloadUpdates creates a subscriber for given selector set. SubscribeToWorkloadUpdates(ctx context.Context, selectors cache.Selectors) (cache.Subscriber, error) // SubscribeToBundleChanges creates a stream for providing bundle changes SubscribeToBundleChanges() *cache.BundleStream // MatchingRegistrationEntries with given selectors MatchingRegistrationEntries(selectors []*common.Selector) []*common.RegistrationEntry // CountSVIDs in cache stored CountSVIDs() int // FetchWorkloadUpdate for given selectors FetchWorkloadUpdate(selectors []*common.Selector) *cache.WorkloadUpdate // GetJWTSVID provides JWT-SVID GetJWTSVID(id spiffeid.ID, audience []string) (*client.JWTSVID, bool) // SetJWTSVID adds JWT-SVID to cache SetJWTSVID(id spiffeid.ID, audience []string, svid *client.JWTSVID) // Entries get all registration entries Entries() []*common.RegistrationEntry // Identities get all identities in cache Identities() []cache.Identity }
Cache stores each registration entry, signed X509-SVIDs for those entries, bundles, and JWT SVIDs for the agent.
type Config ¶
type Config struct { // Agent SVID and key resulting from successful attestation. SVID []*x509.Certificate SVIDKey keymanager.Key Bundle *managerCache.Bundle Reattestable bool Catalog catalog.Catalog TrustDomain spiffeid.TrustDomain Log logrus.FieldLogger Metrics telemetry.Metrics ServerAddr string Storage storage.Storage WorkloadKeyType workloadkey.KeyType SyncInterval time.Duration RotationInterval time.Duration SVIDStoreCache *storecache.Cache SVIDCacheMaxSize int NodeAttestor nodeattestor.NodeAttestor // Clk is the clock the manager will use to get time Clk clock.Clock }
Config holds a cache manager configuration
type Manager ¶
type Manager interface { // Initialize initializes the manager. Initialize(ctx context.Context) error // Run runs the manager. It will block until the context is cancelled. Run(ctx context.Context) error // SubscribeToCacheChanges returns a Subscriber on which cache entry updates are sent // for a particular set of selectors. SubscribeToCacheChanges(ctx context.Context, key cache.Selectors) (cache.Subscriber, error) // SubscribeToSVIDChanges returns a new observer.Stream on which svid.State instances are received // each time an SVID rotation finishes. SubscribeToSVIDChanges() observer.Stream // SubscribeToBundleChanges returns a new bundle stream on which // map[string][]*x509.Certificate instances are received each time the // bundle changes. SubscribeToBundleChanges() *cache.BundleStream // GetRotationMtx returns a mutex that locks in SVIDs rotations GetRotationMtx() *sync.RWMutex // GetCurrentCredentials returns the current SVID and key GetCurrentCredentials() svid.State // SetRotationFinishedHook sets a hook that will be called when a rotation finished SetRotationFinishedHook(func()) // MatchingRegistrationEntries returns all of the cached registration entries whose // selectors are a subset of the passed selectors. MatchingRegistrationEntries(selectors []*common.Selector) []*common.RegistrationEntry // FetchWorkloadUpdates gets the latest workload update for the selectors FetchWorkloadUpdate(selectors []*common.Selector) *cache.WorkloadUpdate // FetchJWTSVID returns a JWT SVID for the specified SPIFFEID and audience. If there // is no JWT cached, the manager will get one signed upstream. FetchJWTSVID(ctx context.Context, spiffeID spiffeid.ID, audience []string) (*client.JWTSVID, error) // CountSVIDs returns the amount of X509 SVIDs on memory CountSVIDs() int // GetLastSync returns the last successful rotation timestamp GetLastSync() time.Time // GetBundle get latest cached bundle GetBundle() *cache.Bundle }
Manager provides cache management functionalities for agents.
type SVIDCache ¶
type SVIDCache interface { // UpdateEntries updates entries on cache UpdateEntries(update *cache.UpdateEntries, checkSVID func(*common.RegistrationEntry, *common.RegistrationEntry, *cache.X509SVID) bool) // UpdateSVIDs updates SVIDs on provided records UpdateSVIDs(update *cache.UpdateSVIDs) // GetStaleEntries gets a list of records that need update SVIDs GetStaleEntries() []*cache.StaleEntry }
Click to show internal directories.
Click to hide internal directories.