Documentation ¶
Overview ¶
Package cache is the in-memory secret store.
Index ¶
Constants ¶
View Source
const (
// RootCertReqResourceName is resource name of discovery request for root certificate.
RootCertReqResourceName = "ROOTCA"
)
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ConnKey ¶
type ConnKey struct { ProxyID string // ResourceName of SDS request, get from SDS.DiscoveryRequest.ResourceName // Current it's `ROOTCA` for root cert request, and 'default' for normal key/cert request. ResourceName string }
ConnKey is the key of one SDS connection.
type Options ¶
type Options struct { // secret TTL. SecretTTL time.Duration // secret should be refreshed before it expired, SecretRefreshGraceDuration is the grace period; // secret should be refreshed if time.Now.After(secret.CreateTime + SecretTTL - SecretRefreshGraceDuration) SecretRefreshGraceDuration time.Duration // Key rotation job running interval. RotationInterval time.Duration // Cached secret will be removed from cache if (time.now - secretItem.CreatedTime >= evictionDuration), this prevents cache growing indefinitely. EvictionDuration time.Duration // TrustDomain corresponds to the trust root of a system. // https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain TrustDomain string // authentication provider specific plugins. Plugins []plugin.Plugin }
Options provides all of the configuration parameters for secret cache.
type SecretCache ¶
type SecretCache struct {
// contains filtered or unexported fields
}
SecretCache is the in-memory cache for secrets.
func NewSecretCache ¶
func NewSecretCache(cl ca.Client, notifyCb func(string, string, *model.SecretItem) error, options Options) *SecretCache
NewSecretCache creates a new secret cache.
func (*SecretCache) GenerateSecret ¶
func (sc *SecretCache) GenerateSecret(ctx context.Context, proxyID, resourceName, token string) (*model.SecretItem, error)
GenerateSecret generates new secret and cache the secret, this function is called by SDS.StreamSecrets and SDS.FetchSecret. Since credential passing from client may change, regenerate secret every time instead of reading from cache.
func (*SecretCache) SecretExist ¶
func (sc *SecretCache) SecretExist(proxyID, resourceName, token, version string) bool
SecretExist checks if secret already existed.
type SecretManager ¶
type SecretManager interface { // GenerateSecret generates new secret and cache the secret. GenerateSecret(ctx context.Context, proxyID, resourceName, token string) (*model.SecretItem, error) // SecretExist checks if secret already existed. SecretExist(proxyID, resourceName, token, version string) bool }
SecretManager defines secrets management interface which is used by SDS.
Click to show internal directories.
Click to hide internal directories.