security

package
v1.0.1-0...-f351835 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 23, 2021 License: MIT Imports: 20 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// APITokenEnvVar is the environment variable for the api token
	APITokenEnvVar    = "DAPR_API_TOKEN"
	AppAPITokenEnvVar = "APP_API_TOKEN"
	// APITokenHeader is header name for http/gRPC calls to hold the token
	APITokenHeader = "dapr-api-token"
)

#nosec

View Source 
const (
	TLSServerName = "cluster.local"
)

Variables

This section is empty.

Functions

func CertPool 

func CertPool(certPem []byte) (*x509.CertPool, error)

func ExcludedRoute 

func ExcludedRoute(route string) bool

ExcludedRoute returns whether a given route should be excluded from a token check

func GetAPIToken 

func GetAPIToken() string

GetAPIToken returns the value of the api token from an environment variable

func GetAppToken 

func GetAppToken() string

GetAppToken returns the value of the app api token from an environment variable

func GetCertChain 

func GetCertChain() (*credentials.CertChain, error)

Types

type Authenticator 

type Authenticator interface {
	GetTrustAnchors() *x509.CertPool
	GetCurrentSignedCert() *SignedCertificate
	CreateSignedWorkloadCert(id, namespace, trustDomain string) (*SignedCertificate, error)
}

func GetSidecarAuthenticator 

func GetSidecarAuthenticator(sentryAddress string, certChain *credentials.CertChain) (Authenticator, error)

GetSidecarAuthenticator returns a new authenticator with the extracted trust anchors

type SignedCertificate 

type SignedCertificate struct {
	WorkloadCert  []byte
	PrivateKeyPem []byte
	Expiry        time.Time
	TrustChain    *x509.CertPool
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.