NewSource generates a cert source from the config options.
(cfg config.CertSource)
| 32 | |
| 33 | // NewSource generates a cert source from the config options. |
| 34 | func NewSource(cfg config.CertSource) (Source, error) { |
| 35 | switch cfg.Type { |
| 36 | case "file": |
| 37 | return FileSource{ |
| 38 | CertFile: cfg.CertPath, |
| 39 | KeyFile: cfg.KeyPath, |
| 40 | ClientAuthFile: cfg.ClientCAPath, |
| 41 | CAUpgradeCN: cfg.CAUpgradeCN, |
| 42 | }, nil |
| 43 | |
| 44 | case "path": |
| 45 | return PathSource{ |
| 46 | CertPath: cfg.CertPath, |
| 47 | ClientCAPath: cfg.ClientCAPath, |
| 48 | CAUpgradeCN: cfg.CAUpgradeCN, |
| 49 | Refresh: cfg.Refresh, |
| 50 | }, nil |
| 51 | |
| 52 | case "http": |
| 53 | return HTTPSource{ |
| 54 | CertURL: cfg.CertPath, |
| 55 | ClientCAURL: cfg.ClientCAPath, |
| 56 | CAUpgradeCN: cfg.CAUpgradeCN, |
| 57 | Refresh: cfg.Refresh, |
| 58 | }, nil |
| 59 | |
| 60 | case "consul": |
| 61 | return ConsulSource{ |
| 62 | CertURL: cfg.CertPath, |
| 63 | ClientCAURL: cfg.ClientCAPath, |
| 64 | CAUpgradeCN: cfg.CAUpgradeCN, |
| 65 | }, nil |
| 66 | |
| 67 | case "vault": |
| 68 | return &VaultSource{ |
| 69 | CertPath: cfg.CertPath, |
| 70 | ClientCAPath: cfg.ClientCAPath, |
| 71 | CAUpgradeCN: cfg.CAUpgradeCN, |
| 72 | Refresh: cfg.Refresh, |
| 73 | Client: NewVaultClient(cfg.VaultFetchToken), |
| 74 | }, nil |
| 75 | case "vault-pki": |
| 76 | src := NewVaultPKISource() |
| 77 | src.CertPath = cfg.CertPath |
| 78 | src.ClientCAPath = cfg.ClientCAPath |
| 79 | src.CAUpgradeCN = cfg.CAUpgradeCN |
| 80 | src.Refresh = cfg.Refresh |
| 81 | src.Client = NewVaultClient(cfg.VaultFetchToken) |
| 82 | return src, nil |
| 83 | |
| 84 | default: |
| 85 | return nil, fmt.Errorf("invalid certificate source %q", cfg.Type) |
| 86 | } |
| 87 | } |
| 88 | |
| 89 | // TLSConfig creates a tls.Config which sets the GetCertificate field to a |
| 90 | // certificate store which uses the given source to update the the certificates |