Package xds provides a transport credentials implementation where the security configuration is pushed by a management server using xDS APIs.


Notice: All APIs in this package are EXPERIMENTAL and may be removed in a later release.



This section is empty.


This section is empty.


func NewClientCredentials

func NewClientCredentials(opts ClientOptions) (credentials.TransportCredentials, error)

NewClientCredentials returns a new client-side transport credentials implementation which uses xDS APIs to fetch its security configuration.

func SetHandshakeInfo

func SetHandshakeInfo(addr resolver.Address, hInfo *HandshakeInfo) resolver.Address

SetHandshakeInfo returns a copy of addr in which the Attributes field is updated with hInfo.


type ClientOptions

type ClientOptions struct {
	// FallbackCreds specifies the fallback credentials to be used when either
	// the `xds` scheme is not used in the user's dial target or when the xDS
	// server does not return any security configuration. Attempts to create
	// client credentials without a fallback credentials will fail.
	FallbackCreds credentials.TransportCredentials

ClientOptions contains parameters to configure a new client-side xDS credentials implementation.

type HandshakeInfo

type HandshakeInfo struct {
	// contains filtered or unexported fields

HandshakeInfo wraps all the security configuration required by client and server handshake methods in credsImpl. The xDS implementation will be responsible for populating these fields.

Safe for concurrent access.

func NewHandshakeInfo

func NewHandshakeInfo(root, identity certprovider.Provider, sans ...string) *HandshakeInfo

NewHandshakeInfo returns a new instance of HandshakeInfo with the given root and identity certificate providers.

func (*HandshakeInfo) SetAcceptedSANs

func (hi *HandshakeInfo) SetAcceptedSANs(sans []string)

SetAcceptedSANs updates the list of accepted SANs.

func (*HandshakeInfo) SetIdentityCertProvider

func (hi *HandshakeInfo) SetIdentityCertProvider(identity certprovider.Provider)

SetIdentityCertProvider updates the identity certificate provider.

func (*HandshakeInfo) SetRootCertProvider

func (hi *HandshakeInfo) SetRootCertProvider(root certprovider.Provider)

SetRootCertProvider updates the root certificate provider.

Source Files