istio: istio.io/istio/security/pkg/platform Index | Files | Directories

package platform

import "istio.io/istio/security/pkg/platform"

Index

Package Files

aws.go client.go gcp.go onprem.go

Constants

const (
    AWSCertificatePem = "" /* 1148 byte string literal not displayed */

)
const CitadelDNSSan = "istio-citadel"

CitadelDNSSan is the hardcoded DNS SAN used to identify citadel server. The user may use an IP address to connect to the mesh.

type AwsClientImpl Uses

type AwsClientImpl struct {
    // contains filtered or unexported fields
}

AwsClientImpl is the implementation of AWS metadata client.

func NewAwsClientImpl Uses

func NewAwsClientImpl(rootCert string) *AwsClientImpl

NewAwsClientImpl creates a new AwsClientImpl.

func (*AwsClientImpl) GetAgentCredential Uses

func (ci *AwsClientImpl) GetAgentCredential() ([]byte, error)

GetAgentCredential retrieves the instance identity document as the agent credential used by node agent

func (*AwsClientImpl) GetCredentialType Uses

func (ci *AwsClientImpl) GetCredentialType() string

GetCredentialType returns the credential type as "aws".

func (*AwsClientImpl) GetDialOptions Uses

func (ci *AwsClientImpl) GetDialOptions() ([]grpc.DialOption, error)

GetDialOptions returns the GRPC dial options to connect to the CA.

func (*AwsClientImpl) GetServiceIdentity Uses

func (ci *AwsClientImpl) GetServiceIdentity() (string, error)

GetServiceIdentity extracts service identity from userdata. This function should be pluggable for different AWS deployments in the future.

func (*AwsClientImpl) IsProperPlatform Uses

func (ci *AwsClientImpl) IsProperPlatform() bool

IsProperPlatform returns whether the AWS platform client is available.

type Client Uses

type Client interface {
    GetDialOptions() ([]grpc.DialOption, error)
    // Whether the node agent is running on the right platform, e.g., if gcpPlatformImpl should only
    // run on GCE.
    IsProperPlatform() bool
    // Get the service identity.
    GetServiceIdentity() (string, error)
    // Get node agent credential
    GetAgentCredential() ([]byte, error)
    // Get type of the credential
    GetCredentialType() string
}

Client is the interface for implementing the client to access platform metadata.

func NewClient Uses

func NewClient(platform, rootCertFile, keyFile, certChainFile string) (Client, error)

NewClient is the function to create implementations of the platform metadata client.

type GcpClientImpl Uses

type GcpClientImpl struct {
    // contains filtered or unexported fields
}

GcpClientImpl is the implementation of GCP metadata client.

func (*GcpClientImpl) GetAgentCredential Uses

func (ci *GcpClientImpl) GetAgentCredential() ([]byte, error)

GetAgentCredential returns the GCP JWT for the serivce account.

func (*GcpClientImpl) GetCredentialType Uses

func (ci *GcpClientImpl) GetCredentialType() string

GetCredentialType returns the credential type as "gcp".

func (*GcpClientImpl) GetDialOptions Uses

func (ci *GcpClientImpl) GetDialOptions() ([]grpc.DialOption, error)

GetDialOptions returns the GRPC dial options to connect to the CA.

func (*GcpClientImpl) GetServiceIdentity Uses

func (ci *GcpClientImpl) GetServiceIdentity() (string, error)

GetServiceIdentity gets the identity of the GCE service.

func (*GcpClientImpl) IsProperPlatform Uses

func (ci *GcpClientImpl) IsProperPlatform() bool

IsProperPlatform returns whether the client is on GCE.

type OnPremClientImpl Uses

type OnPremClientImpl struct {
    // contains filtered or unexported fields
}

OnPremClientImpl is the implementation of on premise metadata client.

func NewOnPremClientImpl Uses

func NewOnPremClientImpl(rootCert, key, certChain string) (*OnPremClientImpl, error)

NewOnPremClientImpl creates a new OnPremClientImpl.

func (*OnPremClientImpl) GetAgentCredential Uses

func (ci *OnPremClientImpl) GetAgentCredential() ([]byte, error)

GetAgentCredential passes the certificate to control plane to authenticate

func (*OnPremClientImpl) GetCredentialType Uses

func (ci *OnPremClientImpl) GetCredentialType() string

GetCredentialType returns "onprem".

func (*OnPremClientImpl) GetDialOptions Uses

func (ci *OnPremClientImpl) GetDialOptions() ([]grpc.DialOption, error)

GetDialOptions returns the GRPC dial options to connect to the CA.

func (*OnPremClientImpl) GetServiceIdentity Uses

func (ci *OnPremClientImpl) GetServiceIdentity() (string, error)

GetServiceIdentity gets the service account from the cert SAN field.

func (*OnPremClientImpl) IsProperPlatform Uses

func (ci *OnPremClientImpl) IsProperPlatform() bool

IsProperPlatform returns whether the platform is on premise.

Directories

PathSynopsis
mock

Package platform imports 18 packages (graph) and is imported by 3 packages. Updated 2019-09-19. Refresh now. Tools for package owners.