Documentation ¶
Index ¶
- Variables
- type Config
- type ProvisionerConfig
- type Service
- func (srv *Service) DeltaSecrets(sds secret.SecretDiscoveryService_DeltaSecretsServer) (err error)
- func (srv *Service) FetchSecrets(ctx context.Context, r *discovery.DiscoveryRequest) (*discovery.DiscoveryResponse, error)
- func (srv *Service) Register(s *grpc.Server)
- func (srv *Service) Stop() error
- func (srv *Service) StreamSecrets(sds secret.SecretDiscoveryService_StreamSecretsServer) (err error)
Constants ¶
This section is empty.
Variables ¶
var Identifier = "Smallstep SDS/0000000-dev"
Identifier is the identifier of the secret discovery service.
var ValidationContextAltName = "validation_context"
ValidationContextAltName is an alternative name used as a resource name for the validation context.
var ValidationContextName = "trusted_ca"
ValidationContextName is the name used as a resource name for the validation context.
var ValidationContextRenewPeriod = 8 * time.Hour
ValidationContextRenewPeriod is the default period to check for new roots.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct { Network string `json:"network"` Address string `json:"address"` Root string `json:"root,omitempty"` Certificate string `json:"crt,omitempty"` CertificateKey string `json:"key,omitempty"` Password string `json:"password,omitempty"` AuthorizedIdentity string `json:"authorizedIdentity"` AuthorizedFingerprint string `json:"authorizedFingerprint"` Provisioner ProvisionerConfig `json:"provisioner"` Logger json.RawMessage `json:"logger"` }
Config is the configuration used to initialize the SDS Service.
func LoadConfiguration ¶
LoadConfiguration parses the given filename in JSON format and returns the configuration struct.
type ProvisionerConfig ¶
type ProvisionerConfig struct { Issuer string `json:"issuer"` KeyID string `json:"kid"` Password string `json:"password,omitempty"` CaURL string `json:"ca-url"` CaRoot string `json:"root"` }
ProvisionerConfig is the configuration used to initialize the provisioner.
func (ProvisionerConfig) Validate ¶
func (c ProvisionerConfig) Validate() error
Validate validates the configuration in ProvisionerConfig.
type Service ¶
type Service struct {
// contains filtered or unexported fields
}
Service is the interface that an Envoy secret discovery service (SDS) has to implement. They server TLS certificates to Envoy using gRPC.
type Service interface { Register(s *grpc.Server) discovery.SecretDiscoveryServiceServer }
func New ¶
New creates a new sds.Service that will support multiple TLS certificates. It will use the given CA provisioner to generate the CA tokens used to sign certificates.
func (*Service) DeltaSecrets ¶ added in v0.2.0
func (srv *Service) DeltaSecrets(sds secret.SecretDiscoveryService_DeltaSecretsServer) (err error)
func (*Service) FetchSecrets ¶
func (srv *Service) FetchSecrets(ctx context.Context, r *discovery.DiscoveryRequest) (*discovery.DiscoveryResponse, error)
FetchSecrets implements gRPC SecretDiscoveryService service and returns one TLS certificate.
func (*Service) StreamSecrets ¶
func (srv *Service) StreamSecrets(sds secret.SecretDiscoveryService_StreamSecretsServer) (err error)
StreamSecrets implements the gRPC SecretDiscoveryService service and returns a stream of TLS certificates.