Documentation

Overview

    Package xds contains non-user facing functionality of the xds credentials.

    Index

    Constants

    This section is empty.

    Variables

    This section is empty.

    Functions

    func SetHandshakeInfo

    func SetHandshakeInfo(addr resolver.Address, hInfo *HandshakeInfo) resolver.Address

      SetHandshakeInfo returns a copy of addr in which the Attributes field is updated with hInfo.

      Types

      type HandshakeInfo

      type HandshakeInfo struct {
      	// contains filtered or unexported fields
      }

        HandshakeInfo wraps all the security configuration required by client and server handshake methods in xds credentials. The xDS implementation will be responsible for populating these fields.

        Safe for concurrent access.

        func GetHandshakeInfo

        func GetHandshakeInfo(attr *attributes.Attributes) *HandshakeInfo

          GetHandshakeInfo returns a pointer to the HandshakeInfo stored in attr.

          func NewHandshakeInfo

          func NewHandshakeInfo(root, identity certprovider.Provider) *HandshakeInfo

            NewHandshakeInfo returns a new instance of HandshakeInfo with the given root and identity certificate providers.

            func (*HandshakeInfo) ClientSideTLSConfig

            func (hi *HandshakeInfo) ClientSideTLSConfig(ctx context.Context) (*tls.Config, error)

              ClientSideTLSConfig constructs a tls.Config to be used in a client-side handshake based on the contents of the HandshakeInfo.

              func (*HandshakeInfo) GetSANMatchersForTesting

              func (hi *HandshakeInfo) GetSANMatchersForTesting() []xdsinternal.StringMatcher

                GetSANMatchersForTesting returns the SAN matchers stored in HandshakeInfo. To be used only for testing purposes.

                func (*HandshakeInfo) MatchingSANExists

                func (hi *HandshakeInfo) MatchingSANExists(cert *x509.Certificate) bool

                  MatchingSANExists returns true if the SANs contained in cert match the criteria enforced by the list of SAN matchers in HandshakeInfo.

                  If the list of SAN matchers in the HandshakeInfo is empty, this function returns true for all input certificates.

                  func (*HandshakeInfo) ServerSideTLSConfig

                  func (hi *HandshakeInfo) ServerSideTLSConfig(ctx context.Context) (*tls.Config, error)

                    ServerSideTLSConfig constructs a tls.Config to be used in a server-side handshake based on the contents of the HandshakeInfo.

                    func (*HandshakeInfo) SetIdentityCertProvider

                    func (hi *HandshakeInfo) SetIdentityCertProvider(identity certprovider.Provider)

                      SetIdentityCertProvider updates the identity certificate provider.

                      func (*HandshakeInfo) SetRequireClientCert

                      func (hi *HandshakeInfo) SetRequireClientCert(require bool)

                        SetRequireClientCert updates whether a client cert is required during the ServerHandshake(). A value of true indicates that we are performing mTLS.

                        func (*HandshakeInfo) SetRootCertProvider

                        func (hi *HandshakeInfo) SetRootCertProvider(root certprovider.Provider)

                          SetRootCertProvider updates the root certificate provider.

                          func (*HandshakeInfo) SetSANMatchers

                          func (hi *HandshakeInfo) SetSANMatchers(sanMatchers []xdsinternal.StringMatcher)

                            SetSANMatchers updates the list of SAN matchers.

                            func (*HandshakeInfo) UseFallbackCreds

                            func (hi *HandshakeInfo) UseFallbackCreds() bool

                              UseFallbackCreds returns true when fallback credentials are to be used based on the contents of the HandshakeInfo.