Documentation
¶
Index ¶
- Variables
- func ReadBundle(bundleCachePath string) ([]*x509.Certificate, error)
- func ReadSVID(svidCachePath string) ([]*x509.Certificate, error)
- func StoreBundle(bundleCachePath string, bundle []*x509.Certificate) error
- func StoreSVID(svidCachePath string, svidChain []*x509.Certificate) error
- type Config
- type Manager
Constants ¶
This section is empty.
Variables ¶
View Source
var (
ErrNotCached = errors.New("not cached")
)
Cache Manager errors
Functions ¶
func ReadBundle ¶
func ReadBundle(bundleCachePath string) ([]*x509.Certificate, error)
ReadBundle returns the bundle located at bundleCachePath. Returns nil if there was some reason by which the bundle couldn't be loaded along with the error reason.
func ReadSVID ¶
func ReadSVID(svidCachePath string) ([]*x509.Certificate, error)
ReadSVID returns the SVID located at svidCachePath. Returns nil if there was some reason by which the SVID couldn't be loaded along with the error reason.
func StoreBundle ¶
func StoreBundle(bundleCachePath string, bundle []*x509.Certificate) error
StoreBundle writes the bundle to disk into bundleCachePath. Returns nil if all went fine, otherwise ir returns an error.
Types ¶
type Config ¶
type Config struct {
// Agent SVID and key resulting from successful attestation.
SVID []*x509.Certificate
SVIDKey *ecdsa.PrivateKey
Bundle *cache.Bundle
Catalog catalog.Catalog
TrustDomain url.URL
Log logrus.FieldLogger
Metrics telemetry.Metrics
ServerAddr string
SVIDCachePath string
BundleCachePath string
SyncInterval time.Duration
RotationInterval time.Duration
// Clk is the clock the manager will use to get time
Clk clock.Clock
}
Config holds a cache manager configuration
type Manager ¶
type Manager interface {
// Initialize initializes the manager.
Initialize(ctx context.Context) error
// Run runs the manager. It will block until the context is cancelled.
Run(ctx context.Context) error
// SubscribeToCacheChanges returns a Subscriber on which cache entry updates are sent
// for a particular set of selectors.
SubscribeToCacheChanges(key cache.Selectors) cache.Subscriber
// SubscribeToSVIDChanges returns a new observer.Stream on which svid.State instances are received
// each time an SVID rotation finishes.
SubscribeToSVIDChanges() observer.Stream
// SubscribeToBundleChanges returns a new bundle stream on which
// map[string][]*x509.Certificate instances are received each time the
// bundle changes.
SubscribeToBundleChanges() *cache.BundleStream
// GetRotationMtx returns a mutex that locks in SVIDs rotations
GetRotationMtx() *sync.RWMutex
// GetCurrentCredentials returns the current SVID and key
GetCurrentCredentials() svid.State
// SetRotationFinishedHook sets a hook that will be called when a rotation finished
SetRotationFinishedHook(func())
// MatchingIdentities returns all of the cached identities whose
// registration entry selectors are a subset of the passed selectors.
MatchingIdentities(selectors []*common.Selector) []cache.Identity
// FetchWorkloadUpdates gets the latest workload update for the selectors
FetchWorkloadUpdate(selectors []*common.Selector) *cache.WorkloadUpdate
// FetchJWTSVID returns a JWT SVID for the specified SPIFFEID and audience. If there
// is no JWT cached, the manager will get one signed upstream.
FetchJWTSVID(ctx context.Context, spiffeID string, audience []string) (*client.JWTSVID, error)
}
Manager provides cache management functionalities for agents.
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.