dynamic_rootca

package
v0.0.0-...-6a0d788 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 3, 2022 License: MIT Imports: 6 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var CertCallbackRefreshDuration = 5 * time.Minute

CertCallbackRefreshDuration is exposed so that integration tests can crank up the reload speed.

Functions

This section is empty.

Types

type DynamicRootCAs 

type DynamicRootCAs interface {
	// run starts the controller and blocks until context expires
	// calling run is not necessary, but allows us to refresh certificates
	// before being required for a request (preventing long latency penalties)
	Run(ctx context.Context)

	// GetCertPool returns the latest CA bundle that was read. The controller
	// tries to reload the certificates periodically.
	GetCertPool(ctx context.Context) (*x509.CertPool, error)
}

func NewDynamicClientCertificate 

func NewDynamicClientCertificate(ctx context.Context, log logr.Logger, newCertPool NewCertPool) DynamicRootCAs

Dynamic client cert: use file/ secret watch and acceptable server CAs to determine if certificate is still valid and fetch a new version of the cerificate if required. A certificate that is about to expire will cause the connection to be closed.

type NewCertPool 

type NewCertPool func(ctx context.Context, existing *x509.CertPool) (*x509.CertPool, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.