istio: Index | Files

package sdscompare

import ""


Package Files

sds_comparator.go util.go writer.go

type Format Uses

type Format int
const (
    JSON Format = iota

type SDSComparator Uses

type SDSComparator struct {
    // contains filtered or unexported fields

SDSComparator diffs secrets between a config dump from target envoy and its corresponding node agent's debug endpoints

func NewSDSComparator Uses

func NewSDSComparator(
    w SDSWriter, nodeAgentResponses map[string]sds.Debug, envoyResponse []byte, targetPod string) (*SDSComparator, error)

NewSDSComparator generates an SDSComparator

func (*SDSComparator) Diff Uses

func (c *SDSComparator) Diff() error

Diff will perform the diffing between node agent and envoy secrets, and display the results

type SDSWriter Uses

type SDSWriter interface {
    PrintSecretItems([]SecretItem) error
    PrintDiffs([]SecretItemDiff) error

SDSWriter takes lists of SecretItem or SecretItemDiff and prints them through supplied output writer

func NewSDSWriter Uses

func NewSDSWriter(w io.Writer, format Format) SDSWriter

NewSDSWriter generates a new instance which conforms to SDSWriter interface

type SecretItem Uses

type SecretItem struct {
    Name        string `json:"resource_name"`
    Data        string `json:"cert"`
    Source      string `json:"source"`
    Destination string `json:"destination"`
    State       string `json:"state"`

SecretItem is an intermediate representation of secrets, used to provide a common format between the envoy proxy secrets and node agent output which can be diffed

func GetEnvoySecrets Uses

func GetEnvoySecrets(
    wrapper *configdump.Wrapper) ([]SecretItem, error)

GetEnvoySecrets parses the secrets section of the config dump into []SecretItem

func GetNodeAgentSecrets Uses

func GetNodeAgentSecrets(
    agentResponses map[string]sds.Debug, connFilter connNameFilter) ([]SecretItem, error)

GetNodeAgentSecrets takes the sds.Debug results provided to the comparator and parses them into []SecretItem

type SecretItemBuilder Uses

type SecretItemBuilder interface {
    Name(string) SecretItemBuilder
    Data(string) SecretItemBuilder
    Source(string) SecretItemBuilder
    Destination(string) SecretItemBuilder
    State(string) SecretItemBuilder
    Build() (SecretItem, error)

SecretItemBuilder wraps the process of setting fields for the SecretItem and builds the Metadata fields from the cert contents behind the scenes

func NewSecretItemBuilder Uses

func NewSecretItemBuilder() SecretItemBuilder

NewSecretItemBuilder returns a new builder to create a secret item

type SecretItemDiff Uses

type SecretItemDiff struct {
    Agent string `json:"agent"`
    Proxy string `json:"proxy"`

SecretItemDiff represents a secret that has been diffed between nodeagent and proxy

type SecretMeta Uses

type SecretMeta struct {
    Valid        bool   `json:"cert_valid"`
    SerialNumber string `json:"serial_number"`
    NotAfter     string `json:"not_after"`
    NotBefore    string `json:"not_before"`
    Type         string `json:"type"`

SecretMeta holds selected fields which can be extracted from parsed x509 cert

Package sdscompare imports 13 packages (graph) and is imported by 3 packages. Updated 2019-12-14. Refresh now. Tools for package owners.