(logger *zap.Logger, makeCache bool)
| 610 | } |
| 611 | |
| 612 | func (ident *IdentityConfig) certmagicConfig(logger *zap.Logger, makeCache bool) *certmagic.Config { |
| 613 | var cmCfg *certmagic.Config |
| 614 | if ident == nil { |
| 615 | // user might not have configured identity; that's OK, we can still make a |
| 616 | // certmagic config, although it'll be mostly useless for remote management |
| 617 | ident = new(IdentityConfig) |
| 618 | } |
| 619 | // Choose storage: prefer the package-level test override when present, |
| 620 | // otherwise use the configured DefaultStorage. Tests may set an override |
| 621 | // to divert storage into a temporary location. Otherwise, in production |
| 622 | // we use the DefaultStorage since we don't want to act as part of a |
| 623 | // cluster; this storage is for the server's local identity only. |
| 624 | var storage certmagic.Storage |
| 625 | if testCertMagicStorageOverride != nil { |
| 626 | storage = testCertMagicStorageOverride |
| 627 | } else { |
| 628 | storage = DefaultStorage |
| 629 | } |
| 630 | template := certmagic.Config{ |
| 631 | Storage: storage, |
| 632 | Logger: logger, |
| 633 | Issuers: ident.issuers, |
| 634 | } |
| 635 | if makeCache { |
| 636 | identityCertCache = certmagic.NewCache(certmagic.CacheOptions{ |
| 637 | GetConfigForCert: func(certmagic.Certificate) (*certmagic.Config, error) { |
| 638 | return cmCfg, nil |
| 639 | }, |
| 640 | Logger: logger.Named("cache"), |
| 641 | }) |
| 642 | } |
| 643 | cmCfg = certmagic.New(identityCertCache, template) |
| 644 | return cmCfg |
| 645 | } |
| 646 | |
| 647 | // IdentityCredentials returns this instance's configured, managed identity credentials |
| 648 | // that can be used in TLS client authentication. |
no outgoing calls
no test coverage detected