Package certs

import "github.com/GoogleCloudPlatform/cloudsql-proxy/proxy/certs"

Overview

Index

Overview ▹

Overview ▾

Package certs implements a CertSource which speaks to the public Cloud SQL API endpoint.

Index ▹

Index ▾

type RemoteCertSource

func NewCertSource(host string, c *http.Client, checkRegion bool) *RemoteCertSource

func NewCertSourceOpts(c *http.Client, opts RemoteOpts) *RemoteCertSource

func (s *RemoteCertSource) Local(instance string) (tls.Certificate, error)

func (s *RemoteCertSource) Remote(instance string) (cert *x509.Certificate, addr, name, version string, err error)

type RemoteOpts

Package files

certs.go

type RemoteCertSource ¶

RemoteCertSource implements a CertSource, using Cloud SQL APIs to return Local certificates for identifying oneself as a specific user to the remote instance and Remote certificates for confirming the remote database's identity.

type RemoteCertSource struct {

    // a list of ip address types that users select
    IPAddrTypes []string
    // flag to enable IAM proxy db authentication
    EnableIAMLogin bool
    // token source for the token information used in cert creation
    TokenSource oauth2.TokenSource
    // contains filtered or unexported fields
}

func NewCertSource ¶

func NewCertSource(host string, c *http.Client, checkRegion bool) *RemoteCertSource

NewCertSource returns a CertSource which can be used to authenticate using the provided client, which must not be nil.

This function is deprecated; use NewCertSourceOpts instead.

func NewCertSourceOpts ¶

func NewCertSourceOpts(c *http.Client, opts RemoteOpts) *RemoteCertSource

NewCertSourceOpts returns a CertSource configured with the provided Opts. The provided http.Client must not be nil.

Use this function instead of NewCertSource; it has a more forward-compatible signature.

func (*RemoteCertSource) Local ¶

func (s *RemoteCertSource) Local(instance string) (tls.Certificate, error)

Local returns a certificate that may be used to establish a TLS connection to the specified instance.

func (*RemoteCertSource) Remote ¶

func (s *RemoteCertSource) Remote(instance string) (cert *x509.Certificate, addr, name, version string, err error)

Remote returns the specified instance's CA certificate, address, and name.

type RemoteOpts ¶

RemoteOpts are a collection of options for NewCertSourceOpts. All fields are optional.

type RemoteOpts struct {
    // APIBasePath specifies the base path for the sqladmin API. If left blank,
    // the default from the autogenerated sqladmin library is used (which is
    // sufficient for nearly all users)
    APIBasePath string

    // IgnoreRegion specifies whether a missing or mismatched region in the
    // instance name should be ignored. In a future version this value will be
    // forced to 'false' by the RemoteCertSource.
    IgnoreRegion bool

    // A string for the RemoteCertSource to identify itself when contacting the
    // sqladmin API.
    UserAgent string

    // IP address type options
    IPAddrTypeOpts []string

    // Enable IAM proxy db authentication
    EnableIAMLogin bool

    // Token source for token information used in cert creation
    TokenSource oauth2.TokenSource

    // DelayKeyGenerate, if true, causes the RSA key to be generated lazily
    // on the first connection to a database. The default behavior is to generate
    // the key when the CertSource is created.
    DelayKeyGenerate bool
}