security

package
v1.10.8 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 21, 2023 License: Apache-2.0 Imports: 22 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	TLSServerName = "cluster.local"
)

Variables

This section is empty.

Functions

func CertPool added in v0.6.0 

func CertPool(certPem []byte) (*x509.CertPool, error)

func ExcludedRoute added in v0.8.0 

func ExcludedRoute(route string) bool

ExcludedRoute returns whether a given route should be excluded from a token check.

func GetAPIToken added in v0.8.0 

func GetAPIToken() string

GetAPIToken returns the value of the api token from an environment variable.

func GetAppToken added in v1.0.0 

func GetAppToken() string

GetAppToken returns the value of the app api token from an environment variable.

func GetCertChain added in v0.6.0 

func GetCertChain() (*credentials.CertChain, error)

Types

type Authenticator 

type Authenticator interface {
	GetTrustAnchors() *x509.CertPool
	GetCurrentSignedCert() *SignedCertificate
	CreateSignedWorkloadCert(id, namespace, trustDomain string) (*SignedCertificate, error)
}

func GetSidecarAuthenticator 

func GetSidecarAuthenticator(sentryAddress string, certChain *credentials.CertChain) (Authenticator, error)

GetSidecarAuthenticator returns a new authenticator with the extracted trust anchors.

type SignedCertificate 

type SignedCertificate struct {
	WorkloadCert  []byte
	PrivateKeyPem []byte
	Expiry        time.Time
	TrustChain    *x509.CertPool
}

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.