package certs

import "github.com/GoogleCloudPlatform/cloudsql-proxy/proxy/certs"

Package certs implements a CertSource which speaks to the public Cloud SQL API endpoint.

Index

Types

type RemoteCertSource

type RemoteCertSource struct {

	// a list of ip address types that users select
	IPAddrTypes []string
	// flag to enable IAM proxy db authentication
	EnableIAMLogin bool
	// token source for the token information used in cert creation
	TokenSource oauth2.TokenSource
	// contains filtered or unexported fields
}

RemoteCertSource implements a CertSource, using Cloud SQL APIs to return Local certificates for identifying oneself as a specific user to the remote instance and Remote certificates for confirming the remote database's identity.

func NewCertSource

func NewCertSource(host string, c *http.Client, checkRegion bool) *RemoteCertSource

NewCertSource returns a CertSource which can be used to authenticate using the provided client, which must not be nil.

This function is deprecated; use NewCertSourceOpts instead.

func NewCertSourceOpts

func NewCertSourceOpts(c *http.Client, opts RemoteOpts) *RemoteCertSource

NewCertSourceOpts returns a CertSource configured with the provided Opts. The provided http.Client must not be nil.

Use this function instead of NewCertSource; it has a more forward-compatible signature.

func (*RemoteCertSource) Local

func (s *RemoteCertSource) Local(instance string) (tls.Certificate, error)

Local returns a certificate that may be used to establish a TLS connection to the specified instance.

func (*RemoteCertSource) Remote

func (s *RemoteCertSource) Remote(instance string) (cert *x509.Certificate, addr, name, version string, err error)

Remote returns the specified instance's CA certificate, address, and name.

type RemoteOpts

type RemoteOpts struct {
	// APIBasePath specifies the base path for the sqladmin API. If left blank,
	// the default from the autogenerated sqladmin library is used (which is
	// sufficient for nearly all users)
	APIBasePath string

	// IgnoreRegion specifies whether a missing or mismatched region in the
	// instance name should be ignored. In a future version this value will be
	// forced to 'false' by the RemoteCertSource.
	IgnoreRegion bool

	// A string for the RemoteCertSource to identify itself when contacting the
	// sqladmin API.
	UserAgent string

	// IP address type options
	IPAddrTypeOpts []string

	// Enable IAM proxy db authentication
	EnableIAMLogin bool

	// Token source for token information used in cert creation
	TokenSource oauth2.TokenSource

	// DelayKeyGenerate, if true, causes the RSA key to be generated lazily
	// on the first connection to a database. The default behavior is to generate
	// the key when the CertSource is created.
	DelayKeyGenerate bool
}

RemoteOpts are a collection of options for NewCertSourceOpts. All fields are optional.

Source Files

certs.go

Version
v1.37.7 (latest)
Published
Apr 16, 2025
Platform
linux/amd64
Imports
18 packages
Last checked
2 months ago

Tools for package owners.