cache

package

v0.0.0-...-fe632b3 Latest Latest Go to latest Published: Feb 26, 2020 License: Apache-2.0 Imports: 18 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/sofastack/sofa-mesh

Links

Open Source Insights

Documentation ¶

Overview ¶

Package cache is the in-memory secret store.

Index ¶

Constants
type ConnKey
type Options
type SecretCache
- func NewSecretCache(fetcher *secretfetcher.SecretFetcher, ...) *SecretCache
type SecretManager

Constants ¶

View Source

const (

	// RootCertReqResourceName is resource name of discovery request for root certificate.
	RootCertReqResourceName = "ROOTCA"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type ConnKey ¶

type ConnKey struct {
	ConnectionID string

	// ResourceName of SDS request, get from SDS.DiscoveryRequest.ResourceName
	// Current it's `ROOTCA` for root cert request, and 'default' for normal key/cert request.
	ResourceName string
}

ConnKey is the key of one SDS connection.

type Options ¶

type Options struct {
	// secret TTL.
	SecretTTL time.Duration

	// The initial backoff time in millisecond to avoid the thundering herd problem.
	InitialBackoff int64

	// secret should be refreshed before it expired, SecretRefreshGraceDuration is the grace period;
	// secret should be refreshed if time.Now.After(secret.CreateTime + SecretTTL - SecretRefreshGraceDuration)
	SecretRefreshGraceDuration time.Duration

	// Key rotation job running interval.
	RotationInterval time.Duration

	// Cached secret will be removed from cache if (time.now - secretItem.CreatedTime >= evictionDuration), this prevents cache growing indefinitely.
	EvictionDuration time.Duration

	// TrustDomain corresponds to the trust root of a system.
	// https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain
	TrustDomain string

	// authentication provider specific plugins.
	Plugins []plugin.Plugin

	// set this flag to true for if token used is always valid(ex, normal k8s JWT)
	AlwaysValidTokenFlag bool
}

Options provides all of the configuration parameters for secret cache.

type SecretCache ¶

type SecretCache struct {
	// contains filtered or unexported fields
}

SecretCache is the in-memory cache for secrets.

func NewSecretCache ¶

func NewSecretCache(fetcher *secretfetcher.SecretFetcher, notifyCb func(string, string, *model.SecretItem) error, options Options) *SecretCache

NewSecretCache creates a new secret cache.

func (*SecretCache) Close ¶

func (sc *SecretCache) Close()

Close shuts down the secret cache.

func (*SecretCache) DeleteK8sSecret ¶

func (sc *SecretCache) DeleteK8sSecret(secretName string)

DeleteK8sSecret deletes all entries that match secretName. This is called when a K8s secret for ingress gateway is deleted.

func (*SecretCache) DeleteSecret ¶

func (sc *SecretCache) DeleteSecret(connectionID, resourceName string)

DeleteSecret deletes a secret by its key from cache.

func (*SecretCache) GenerateSecret ¶

func (sc *SecretCache) GenerateSecret(ctx context.Context, connectionID, resourceName, token string) (*model.SecretItem, error)

GenerateSecret generates new secret and cache the secret, this function is called by SDS.StreamSecrets and SDS.FetchSecret. Since credential passing from client may change, regenerate secret every time instead of reading from cache.

func (*SecretCache) SecretExist ¶

func (sc *SecretCache) SecretExist(connectionID, resourceName, token, version string) bool

SecretExist checks if secret already existed.

func (*SecretCache) ShouldWaitForIngressGatewaySecret ¶

func (sc *SecretCache) ShouldWaitForIngressGatewaySecret(connectionID, resourceName, token string) bool

IsIngressGatewaySecretReady returns true if node agent is working in ingress gateway agent mode and needs to wait for ingress gateway secret to be ready.

func (*SecretCache) UpdateK8sSecret ¶

func (sc *SecretCache) UpdateK8sSecret(secretName string, ns model.SecretItem)

UpdateK8sSecret updates all entries that match secretName. This is called when a K8s secret for ingress gateway is updated.

type SecretManager ¶

type SecretManager interface {
	// GenerateSecret generates new secret and cache the secret.
	GenerateSecret(ctx context.Context, connectionID, resourceName, token string) (*model.SecretItem, error)

	// ShouldWaitForIngressGatewaySecret indicates whether a valid ingress gateway secret is expected.
	ShouldWaitForIngressGatewaySecret(connectionID, resourceName, token string) bool

	// SecretExist checks if secret already existed.
	SecretExist(connectionID, resourceName, token, version string) bool

	// DeleteSecret deletes a secret by its key from cache.
	DeleteSecret(connectionID, resourceName string)
}

SecretManager defines secrets management interface which is used by SDS.

Source Files ¶

View all Source files

secretcache.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL