util

package

v0.0.0-...-b0ce39f Latest Latest Go to latest Published: Mar 20, 2021 License: BSD-3-Clause Imports: 22 Imported by: 2

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/yahoo/k8s-athenz-identity

Links

Open Source Insights

Documentation ¶

Overview ¶

Index ¶

Variables
func CertificateFromPEMBytes(pemBytes []byte) (*x509.Certificate, error)
func DomainToDNSPart(domain string) (part string)
func GenerateCSR(signer crypto.Signer, opts CSROptions) (csrPEM []byte, err error)
func GenerateKeyAndCSR(opts CSROptions) (keyPEM, csrPEM []byte, err error)
func MarshalSANs(sans SubjectAlternateNames) (pkix.Extension, error)
func NamespaceToDomain(ns string) (domain string)
func PublicKeyFromPEMBytes(pemBytes []byte) (crypto.PublicKey, error)
func ServiceAccountToService(svc string) string
func SpiffeURI(domain, service string) (*url.URL, error)
type CSROptions
type CertReloader
- func NewCertReloader(config ReloadConfig) (*CertReloader, error)
- func (w *CertReloader) Close() error
- func (w *CertReloader) GetLatestCertificate() (*tls.Certificate, error)
- func (w *CertReloader) GetLatestKeyAndCert() ([]byte, []byte, error)
type KeyType
- func PrivateKeyFromPEMBytes(privatePEMBytes []byte) (KeyType, crypto.Signer, error)
type LogFn
type ReloadConfig
type SubjectAlternateNames
- func UnmarshalSANs(extensions []pkix.Extension) (sans SubjectAlternateNames, err error)
- func (s *SubjectAlternateNames) IsEmpty() bool
- func (s SubjectAlternateNames) String() string
type Writer
- func NewWriter() *Writer
- func (w *Writer) AddBytes(target string, perms os.FileMode, content []byte) error
- func (w *Writer) AddFile(target string, perms os.FileMode, source string) error
- func (w *Writer) AddReader(target string, perms os.FileMode, content io.Reader) error
- func (w *Writer) Save() error

Constants ¶

This section is empty.

Variables ¶

View Source

var DefaultPollInterval = 1 * time.Second // 1s default interval to allow 1m cert refreshes

Functions ¶

func CertificateFromPEMBytes ¶

func CertificateFromPEMBytes(pemBytes []byte) (*x509.Certificate, error)

CertificateFromPEMBytes returns an X.509 certificate from its supplied PEM representation.

func DomainToDNSPart ¶

func DomainToDNSPart(domain string) (part string)

DomainToDNSPart converts the Athenz domain into a DNS label

func GenerateCSR ¶

func GenerateCSR(signer crypto.Signer, opts CSROptions) (csrPEM []byte, err error)

GenerateCSR generates a CSR using the supplied key, common name and options.

func GenerateKeyAndCSR ¶

func GenerateKeyAndCSR(opts CSROptions) (keyPEM, csrPEM []byte, err error)

GenerateKeyAndCSR generates a private key and returns the key and CSR PEMs.

func MarshalSANs ¶

func MarshalSANs(sans SubjectAlternateNames) (pkix.Extension, error)

func NamespaceToDomain ¶

func NamespaceToDomain(ns string) (domain string)

NamespaceToDomain converts a kube namespace to an Athenz domain

func PublicKeyFromPEMBytes ¶

func PublicKeyFromPEMBytes(pemBytes []byte) (crypto.PublicKey, error)

PublicKeyFromPEMBytes returns a public key from its supplied PEM representation.

func ServiceAccountToService ¶

func ServiceAccountToService(svc string) string

ServiceAccountToService converts a kube serviceaccount name to an Athenz service

func SpiffeURI ¶

func SpiffeURI(domain, service string) (*url.URL, error)

SpiffeURI returns the SPIFFE URI for the specified Athens domain and service.

Types ¶

type CSROptions ¶

type CSROptions struct {
	Subject pkix.Name
	SANs    SubjectAlternateNames
}

CSROptions has optional config for creating a CSR request

type CertReloader ¶

type CertReloader struct {
	// contains filtered or unexported fields
}

CertReloader reloads the (key, cert) pair from the filesystem when the cert file is updated.

func NewCertReloader ¶

func NewCertReloader(config ReloadConfig) (*CertReloader, error)

NewCertReloader returns a CertReloader that reloads the (key, cert) pair whenever the cert file changes on the filesystem.

func (*CertReloader) Close ¶

func (w *CertReloader) Close() error

Close stops the background refresh.

func (*CertReloader) GetLatestCertificate ¶

func (w *CertReloader) GetLatestCertificate() (*tls.Certificate, error)

GetLatestCertificate returns the latest known certificate.

func (*CertReloader) GetLatestKeyAndCert ¶

func (w *CertReloader) GetLatestKeyAndCert() ([]byte, []byte, error)

GetLatestKeyAndCert returns the latest known key and certificate in raw bytes.

type KeyType ¶

type KeyType int

KeyType is the type of private key.

const (
	RSA KeyType
	ECDSA
)

supported key types

func PrivateKeyFromPEMBytes ¶

func PrivateKeyFromPEMBytes(privatePEMBytes []byte) (KeyType, crypto.Signer, error)

PrivateKeyFromPEMBytes returns a private key along with its type from its supplied PEM representation.

type LogFn ¶

type LogFn func(format string, args ...interface{})

LogFn allows customized logging.

type ReloadConfig ¶

type ReloadConfig struct {
	CertFile     string // the cert file
	KeyFile      string // the key file
	Logger       LogFn  // custom log function for errors, optional
	PollInterval time.Duration
}

ReloadConfig contains the config for cert reload.

type SubjectAlternateNames ¶

type SubjectAlternateNames struct {
	DNSNames       []string
	IPAddresses    []net.IP
	URIs           []url.URL
	EmailAddresses []string
}

SubjectAlternateNames contains the SAN entities in a cert.

func UnmarshalSANs ¶

func UnmarshalSANs(extensions []pkix.Extension) (sans SubjectAlternateNames, err error)

func (*SubjectAlternateNames) IsEmpty ¶

func (s *SubjectAlternateNames) IsEmpty() bool

func (SubjectAlternateNames) String ¶

func (s SubjectAlternateNames) String() string

type Writer ¶

type Writer struct {
	// contains filtered or unexported fields
}

Writer writes multiple files with modified suffixes and renames all of them to their final names on save.

func NewWriter ¶

func NewWriter() *Writer

NewWriter returns a writer.

func (*Writer) AddBytes ¶

func (w *Writer) AddBytes(target string, perms os.FileMode, content []byte) error

AddBytes writes a file with the supplied bytes.

func (*Writer) AddFile ¶

func (w *Writer) AddFile(target string, perms os.FileMode, source string) error

AddFile writes a file using the supplied file as source.

func (*Writer) AddReader ¶

func (w *Writer) AddReader(target string, perms os.FileMode, content io.Reader) error

AddReader writes a file using the supplied reader as source.

func (*Writer) Save ¶

func (w *Writer) Save() error

Save renames all temp files written to their final names. When multiple files are involved, this reduces race conditions with inconsistent data but does not completely eliminate it.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL