grpc: Index | Files

package certprovider

import ""

Package certprovider defines APIs for certificate providers in gRPC.


Notice: All APIs in this package are experimental and may be removed in a later release.


Package Files

distributor.go provider.go store.go

func Register Uses

func Register(b Builder)

Register registers the provider builder, whose name as returned by its Name() method will be used as the name registered with this builder. Registered Builders are used by the Store to create Providers.

type Builder Uses

type Builder interface {
    // Build creates a new provider with the provided config.
    Build(StableConfig) Provider

    // ParseConfig converts config input in a format specific to individual
    // implementations and returns an implementation of the StableConfig
    // interface.
    // Equivalent configurations must return StableConfig types whose
    // Canonical() method returns the same output.
    ParseConfig(interface{}) (StableConfig, error)

    // Name returns the name of providers built by this builder.
    Name() string

Builder creates a Provider.

type Distributor Uses

type Distributor struct {
    // contains filtered or unexported fields

Distributor makes it easy for provider implementations to furnish new key materials by handling synchronization between the producer and consumers of the key material.

Provider implementations which choose to use a Distributor should do the following: - create a new Distributor using the NewDistributor() function. - invoke the Set() method whenever they have new key material or errors to


- delegate to the distributor when handing calls to KeyMaterial(). - invoke the Stop() method when they are done using the distributor.

func NewDistributor Uses

func NewDistributor() *Distributor

NewDistributor returns a new Distributor.

func (*Distributor) KeyMaterial Uses

func (d *Distributor) KeyMaterial(ctx context.Context) (*KeyMaterial, error)

KeyMaterial returns the most recent key material provided to the distributor. If no key material was provided at the time of this call, it will block until the deadline on the context expires or fresh key material arrives.

func (*Distributor) Set Uses

func (d *Distributor) Set(km *KeyMaterial, err error)

Set updates the key material in the distributor with km.

Provider implementations which use the distributor must not modify the contents of the KeyMaterial struct pointed to by km.

A non-nil err value indicates the error that the provider implementation ran into when trying to fetch key material, and makes it possible to surface the error to the user. A non-nil error value passed here causes distributor's KeyMaterial() method to return nil key material.

func (*Distributor) Stop Uses

func (d *Distributor) Stop()

Stop turns down the distributor, releases allocated resources and fails any active KeyMaterial() call waiting for new key material.

type KeyMaterial Uses

type KeyMaterial struct {
    // Certs contains a slice of cert/key pairs used to prove local identity.
    Certs []tls.Certificate
    // Roots contains the set of trusted roots to validate the peer's identity.
    Roots *x509.CertPool

KeyMaterial wraps the certificates and keys returned by a provider instance.

type Provider Uses

type Provider interface {
    // KeyMaterial returns the key material sourced by the provider.
    // Callers are expected to use the returned value as read-only.
    KeyMaterial(ctx context.Context) (*KeyMaterial, error)

    // Close cleans up resources allocated by the provider.

Provider makes it possible to keep channel credential implementations up to date with secrets that they rely on to secure communications on the underlying channel.

Provider implementations are free to rely on local or remote sources to fetch the latest secrets, and free to share any state between different instantiations as they deem fit.

func GetProvider Uses

func GetProvider(name string, config interface{}) (Provider, error)

GetProvider returns a provider instance corresponding to name and config. name is the registered name of the provider and config is the provider-specific configuration. Implementations of the Builder interface should clearly document the type of configuration accepted by them.

If a provider exists for the (name+config) combination, its reference count is incremented before returning. If no provider exists for the (name+config) combination, a new one is created using the registered builder. If no registered builder is found, or the provider configuration is rejected by it, a non-nil error is returned.

type StableConfig Uses

type StableConfig interface {
    // Canonical returns provider config as an arbitrary byte slice.
    // Equivalent configurations must return the same output.
    Canonical() []byte

StableConfig wraps the method to return a stable provider configuration.

Package certprovider imports 7 packages (graph). Updated 2020-08-05. Refresh now. Tools for package owners.