Documentation
¶
Index ¶
- Variables
- type Config
- type ProvisionerConfig
- type Service
- func (srv *Service) DeltaSecrets(sds secret.SecretDiscoveryService_DeltaSecretsServer) (err error)
- func (srv *Service) FetchSecrets(ctx context.Context, r *discovery.DiscoveryRequest) (*discovery.DiscoveryResponse, error)
- func (srv *Service) Register(s *grpc.Server)
- func (srv *Service) Stop() error
- func (srv *Service) StreamSecrets(sds secret.SecretDiscoveryService_StreamSecretsServer) (err error)
Constants ¶
This section is empty.
Variables ¶
var Identifier = "Smallstep SDS/0000000-dev"
Identifier is the identifier of the secret discovery service.
var ValidationContextAltName = "validation_context"
ValidationContextAltName is an alternative name used as a resource name for the validation context.
var ValidationContextName = "trusted_ca"
ValidationContextName is the name used as a resource name for the validation context.
var ValidationContextRenewPeriod = 8 * time.Hour
ValidationContextRenewPeriod is the default period to check for new roots.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
Network string `json:"network"`
Address string `json:"address"`
Root string `json:"root,omitempty"`
Certificate string `json:"crt,omitempty"`
CertificateKey string `json:"key,omitempty"`
Password string `json:"password,omitempty"`
AuthorizedIdentity string `json:"authorizedIdentity"`
AuthorizedFingerprint string `json:"authorizedFingerprint"`
Provisioner ProvisionerConfig `json:"provisioner"`
Logger json.RawMessage `json:"logger"`
}
Config is the configuration used to initialize the SDS Service.
func LoadConfiguration ¶
LoadConfiguration parses the given filename in JSON format and returns the configuration struct.
type ProvisionerConfig ¶
type ProvisionerConfig struct {
Issuer string `json:"issuer"`
KeyID string `json:"kid"`
Password string `json:"password,omitempty"`
CaURL string `json:"ca-url"`
CaRoot string `json:"root"`
}
ProvisionerConfig is the configuration used to initialize the provisioner.
func (ProvisionerConfig) Validate ¶
func (c ProvisionerConfig) Validate() error
Validate validates the configuration in ProvisionerConfig.
type Service ¶
type Service struct {
// contains filtered or unexported fields
}
Service is the interface that an Envoy secret discovery service (SDS) has to implement. They server TLS certificates to Envoy using gRPC.
type Service interface {
Register(s *grpc.Server)
discovery.SecretDiscoveryServiceServer
}
func New ¶
New creates a new sds.Service that will support multiple TLS certificates. It will use the given CA provisioner to generate the CA tokens used to sign certificates.
func (*Service) DeltaSecrets ¶ added in v0.2.0
func (srv *Service) DeltaSecrets(sds secret.SecretDiscoveryService_DeltaSecretsServer) (err error)
func (*Service) FetchSecrets ¶
func (srv *Service) FetchSecrets(ctx context.Context, r *discovery.DiscoveryRequest) (*discovery.DiscoveryResponse, error)
FetchSecrets implements gRPC SecretDiscoveryService service and returns one TLS certificate.
func (*Service) StreamSecrets ¶
func (srv *Service) StreamSecrets(sds secret.SecretDiscoveryService_StreamSecretsServer) (err error)
StreamSecrets implements the gRPC SecretDiscoveryService service and returns a stream of TLS certificates.
Source Files