Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CreateForClient

func CreateForClient(serverName string, watcher CertificateWatcher) credentials.TransportCredentials

CreateForClient creates TransportCredentials for MCP clients.

func CreateForClientSkipVerify

func CreateForClientSkipVerify() credentials.TransportCredentials

CreateForClientSkipVerify creates TransportCredentials for MCP clients which skips verify the server's certificate chain and host name..

func CreateForServer

func CreateForServer(watcher CertificateWatcher) credentials.TransportCredentials

CreateForServer creates TransportCredentials for MCP servers.

Types

type CertificateWatcher

type CertificateWatcher interface {
	Get() tls.Certificate
	// contains filtered or unexported methods
}

CertificateWatcher watches a x509 cert/key file and loads it up in memory as needed.

func PollFiles

func PollFiles(stopCh <-chan struct{}, credentials *Options) (CertificateWatcher, error)

PollFiles loads certificate & key files from the file system. The method will start a background go-routine and watch for credential file changes. Callers should pass the return result to one of the create functions to create a transport options that can dynamically use rotated certificates. The supplied stop channel can be used to stop the go-routine and the watch.

func PollFolder

func PollFolder(stop <-chan struct{}, folder string) (CertificateWatcher, error)

PollFolder loads certificates from the given folder. It expects the following files: cert-chain.pem, key.pem: Certificate/key files for the client/server on this side. root-cert.pem: certificate from the CA that will be used for validating peer's certificate.

Internally PollFolder will call PollFiles.

func WatchFiles

func WatchFiles(stopCh <-chan struct{}, credentials *Options) (CertificateWatcher, error)

WatchFiles loads certificate & key files from the file system. The method will start a background go-routine and watch for credential file changes. Callers should pass the return result to one of the create functions to create a transport options that can dynamically use rotated certificates. The supplied stop channel can be used to stop the go-routine and the watch.

func WatchFolder

func WatchFolder(stop <-chan struct{}, folder string) (CertificateWatcher, error)

WatchFolder loads certificates from the given folder. It expects the following files: cert-chain.pem, key.pem: Certificate/key files for the client/server on this side. root-cert.pem: certificate from the CA that will be used for validating peer's certificate.

Internally WatchFolder will call WatchFiles.

type Options

type Options struct {
	// CertificateFile to use for mTLS gRPC.
	CertificateFile string
	// KeyFile to use for mTLS gRPC.
	KeyFile string
	// CACertificateFile is the trusted root certificate authority's cert file.
	CACertificateFile string
}

Options defines the credential options required for MCP.

func DefaultOptions

func DefaultOptions() *Options

DefaultOptions returns default credential options.

func (*Options) AttachCobraFlags

func (c *Options) AttachCobraFlags(cmd *cobra.Command)

AttachCobraFlags attaches a set of Cobra flags to the given Cobra command.

Cobra is the command-line processor that Istio uses. This command attaches the necessary set of flags to configure the MCP options.