istio: istio.io/istio/security/pkg/nodeagent/secretfetcher Index | Files

package secretfetcher

import "istio.io/istio/security/pkg/nodeagent/secretfetcher"

Index

Package Files

secretfetcher.go

Constants

const (

    // IngressGatewaySdsCaSuffix is the suffix of the sds resource name for root CA. All resource
    // names for ingress gateway root certs end with "-cacert".
    IngressGatewaySdsCaSuffix = "-cacert"
)

type SecretFetcher Uses

type SecretFetcher struct {
    // If UseCaClient is true, use caClient to send CSR to CA.
    UseCaClient bool
    CaClient    caClientInterface.Client

    // Add all entries containing secretName in SecretCache. Called when K8S secret is added.
    AddCache func(secretName string, ns model.SecretItem)
    // Delete all entries containing secretName in SecretCache. Called when K8S secret is deleted.
    DeleteCache func(secretName string)
    // Update all entries containing secretName in SecretCache. Called when K8S secret is updated.
    UpdateCache func(secretName string, ns model.SecretItem)

    // FallbackSecretName stores the name of fallback secret which is set at env variable
    // INGRESS_GATEWAY_FALLBACK_SECRET. If INGRESS_GATEWAY_FALLBACK_SECRET is empty, then use
    // gateway-fallback as default name of fallback secret. If a fallback secret exists,
    // FindIngressGatewaySecret returns this fallback secret when expected secret is not available.
    FallbackSecretName string
    // contains filtered or unexported fields
}

SecretFetcher fetches secret via watching k8s secrets or sending CSR to CA.

func NewSecretFetcher Uses

func NewSecretFetcher(ingressGatewayAgent bool, endpoint, caProviderName string, tlsFlag bool,
    tlsRootCert []byte, vaultAddr, vaultRole, vaultAuthPath, vaultSignCsrPath string) (*SecretFetcher, error)

NewSecretFetcher returns a pointer to a newly constructed SecretFetcher instance.

func (*SecretFetcher) AddSecret Uses

func (sf *SecretFetcher) AddSecret(obj interface{})

AddSecret adds obj into local store. Only used for testing.

func (*SecretFetcher) DeleteSecret Uses

func (sf *SecretFetcher) DeleteSecret(obj interface{})

DeleteSecret deletes obj from local store. Only used for testing.

func (*SecretFetcher) FindIngressGatewaySecret Uses

func (sf *SecretFetcher) FindIngressGatewaySecret(key string) (secret model.SecretItem, ok bool)

FindIngressGatewaySecret returns the secret whose name matches the key, or empty secret if no secret is present. The ok result indicates whether secret was found. If there is a fallback secret named FallbackSecretName, return the fall back secret.

func (*SecretFetcher) InitWithKubeClient Uses

func (sf *SecretFetcher) InitWithKubeClient(core corev1.CoreV1Interface)

InitWithKubeClient initializes SecretFetcher to watch kubernetes secrets.

func (*SecretFetcher) Run Uses

func (sf *SecretFetcher) Run(ch chan struct{})

Run starts the SecretFetcher until a value is sent to ch. Only used when watching kubernetes gateway secrets.

Package secretfetcher imports 20 packages (graph) and is imported by 1 packages. Updated 2019-10-18. Refresh now. Tools for package owners.