istio: istio.io/istio/pkg/mcp/creds Index | Files

package creds

import "istio.io/istio/pkg/mcp/creds"

Index

Package Files

create.go load.go notifyWatcher.go options.go pollingWatcher.go watcher.go

func CreateForClient Uses

func CreateForClient(serverName string, watcher CertificateWatcher) credentials.TransportCredentials

CreateForClient creates TransportCredentials for MCP clients.

func CreateForClientSkipVerify Uses

func CreateForClientSkipVerify() credentials.TransportCredentials

CreateForClientSkipVerify creates TransportCredentials for MCP clients which skips verify the server's certificate chain and host name..

func CreateForServer Uses

func CreateForServer(watcher CertificateWatcher) credentials.TransportCredentials

CreateForServer creates TransportCredentials for MCP servers.

type CertificateWatcher Uses

type CertificateWatcher interface {
    Get() tls.Certificate
    // contains filtered or unexported methods
}

CertificateWatcher watches a x509 cert/key file and loads it up in memory as needed.

func PollFiles Uses

func PollFiles(stopCh <-chan struct{}, credentials *Options) (CertificateWatcher, error)

PollFiles loads certificate & key files from the file system. The method will start a background go-routine and watch for credential file changes. Callers should pass the return result to one of the create functions to create a transport options that can dynamically use rotated certificates. The supplied stop channel can be used to stop the go-routine and the watch.

func WatchFiles Uses

func WatchFiles(stopCh <-chan struct{}, credentials *Options) (CertificateWatcher, error)

WatchFiles loads certificate & key files from the file system. The method will start a background go-routine and watch for credential file changes. Callers should pass the return result to one of the create functions to create a transport options that can dynamically use rotated certificates. The supplied stop channel can be used to stop the go-routine and the watch.

func WatchFolder Uses

func WatchFolder(stop <-chan struct{}, folder string) (CertificateWatcher, error)

WatchFolder loads certificates from the given folder. It expects the following files: cert-chain.pem, key.pem: Certificate/key files for the client/server on this side. root-cert.pem: certificate from the CA that will be used for validating peer's certificate.

Internally WatchFolder will call WatchFiles.

type Options Uses

type Options struct {
    // CertificateFile to use for mTLS gRPC.
    CertificateFile string
    // KeyFile to use for mTLS gRPC.
    KeyFile string
    // CACertificateFile is the trusted root certificate authority's cert file.
    CACertificateFile string
}

Options defines the credential options required for MCP.

func DefaultOptions Uses

func DefaultOptions() *Options

DefaultOptions returns default credential options.

func (*Options) AttachCobraFlags Uses

func (c *Options) AttachCobraFlags(cmd *cobra.Command)

AttachCobraFlags attaches a set of Cobra flags to the given Cobra command.

Cobra is the command-line processor that Istio uses. This command attaches the necessary set of flags to configure the MCP options.

Package creds imports 19 packages (graph) and is imported by 14 packages. Updated 2019-06-12. Refresh now. Tools for package owners.