secretfetcher

package

v0.0.0-...-149c2fc Latest Latest Go to latest Published: Oct 15, 2019 License: Apache-2.0 Imports: 18 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/istio/istio

Documentation ¶

Index ¶

Constants
type SecretFetcher
- func NewSecretFetcher(ingressGatewayAgent bool, endpoint, CAProviderName string, tlsFlag bool, ...) (*SecretFetcher, error)

Constants ¶

View Source

const (

	// IngressGatewaySdsCaSuffix is the suffix of the sds resource name for root CA. All resource
	// names for ingress gateway root certs end with "-cacert".
	IngressGatewaySdsCaSuffix = "-cacert"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type SecretFetcher ¶

type SecretFetcher struct {
	// If UseCaClient is true, use caClient to send CSR to CA.
	UseCaClient bool
	CaClient    caClientInterface.Client

	// Add all entries containing secretName in SecretCache. Called when K8S secret is added.
	AddCache func(secretName string, ns model.SecretItem)
	// Delete all entries containing secretName in SecretCache. Called when K8S secret is deleted.
	DeleteCache func(secretName string)
	// Update all entries containing secretName in SecretCache. Called when K8S secret is updated.
	UpdateCache func(secretName string, ns model.SecretItem)

	// FallbackSecretName stores the name of fallback secret which is set at env variable
	// INGRESS_GATEWAY_FALLBACK_SECRET. If INGRESS_GATEWAY_FALLBACK_SECRET is empty, then use
	// gateway-fallback as default name of fallback secret. If a fallback secret exists,
	// FindIngressGatewaySecret returns this fallback secret when expected secret is not available.
	FallbackSecretName string
	// contains filtered or unexported fields
}

SecretFetcher fetches secret via watching k8s secrets or sending CSR to CA.

func NewSecretFetcher ¶

func NewSecretFetcher(ingressGatewayAgent bool, endpoint, CAProviderName string, tlsFlag bool,
	tlsRootCert []byte, vaultAddr, vaultRole, vaultAuthPath, vaultSignCsrPath string) (*SecretFetcher, error)

NewSecretFetcher returns a pointer to a newly constructed SecretFetcher instance.

func (*SecretFetcher) AddSecret ¶

func (sf *SecretFetcher) AddSecret(obj interface{})

AddSecret adds obj into local store. Only used for testing.

func (*SecretFetcher) DeleteSecret ¶

func (sf *SecretFetcher) DeleteSecret(obj interface{})

DeleteSecret deletes obj from local store. Only used for testing.

func (*SecretFetcher) FindIngressGatewaySecret ¶

func (sf *SecretFetcher) FindIngressGatewaySecret(key string) (secret model.SecretItem, ok bool)

FindIngressGatewaySecret returns the secret whose name matches the key, or empty secret if no secret is present. The ok result indicates whether secret was found. If there is a fallback secret named FallbackSecretName, return the fall back secret.

func (*SecretFetcher) Init ¶

func (sf *SecretFetcher) Init(core corev1.CoreV1Interface)

Init initializes SecretFetcher to watch kubernetes secrets.

func (*SecretFetcher) Run ¶

func (sf *SecretFetcher) Run(ch chan struct{})

Run starts the SecretFetcher until a value is sent to ch. Only used when watching kubernetes gateway secrets.

Source Files ¶

View all Source files

secretfetcher.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL