Add comprehensive godoc documentation to all packages
- Add package-level documentation with usage examples and architecture details - Document all public types, functions, and methods following godoc conventions - Remove unused logger.Error type and NewError function - Apply consistent documentation style across all packages Packages updated: - apitls: TLS certificate management with automatic renewal - config: Environment-based configuration system - config/depenv: Deployment environment handling - ekko: Enhanced Echo web framework wrapper - kafka: Kafka client wrapper with TLS support - logger: Structured logging with OpenTelemetry integration - tracing: OpenTelemetry distributed tracing setup - types: Shared data structures for NTP Pool project - xff/fastlyxff: Fastly CDN IP range management All tests pass after documentation changes.
This commit is contained in:
@@ -1,3 +1,14 @@
|
||||
// Package apitls provides TLS certificate management with automatic renewal support.
|
||||
//
|
||||
// This package handles TLS certificate provisioning and management for secure
|
||||
// inter-service communication within the NTP Pool project infrastructure.
|
||||
// It provides both server and client certificate management through the
|
||||
// CertificateProvider interface and includes a trusted CA certificate pool
|
||||
// for validating certificates.
|
||||
//
|
||||
// The package integrates with certman for automatic certificate renewal
|
||||
// and includes embedded CA certificates for establishing trust relationships
|
||||
// between services.
|
||||
package apitls
|
||||
|
||||
import (
|
||||
@@ -13,11 +24,32 @@ import (
|
||||
//go:embed ca.pem
|
||||
var caBytes []byte
|
||||
|
||||
// CertificateProvider defines the interface for providing TLS certificates
|
||||
// for both server and client connections. Implementations should handle
|
||||
// certificate retrieval, caching, and renewal as needed.
|
||||
//
|
||||
// This interface supports both server-side certificate provisioning
|
||||
// (via GetCertificate) and client-side certificate authentication
|
||||
// (via GetClientCertificate).
|
||||
type CertificateProvider interface {
|
||||
// GetCertificate retrieves a server certificate based on the client hello information.
|
||||
// This method is typically used in tls.Config.GetCertificate for server-side TLS.
|
||||
GetCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, error)
|
||||
|
||||
// GetClientCertificate retrieves a client certificate for mutual TLS authentication.
|
||||
// This method is used in tls.Config.GetClientCertificate for client-side TLS.
|
||||
GetClientCertificate(certRequestInfo *tls.CertificateRequestInfo) (*tls.Certificate, error)
|
||||
}
|
||||
|
||||
// CAPool returns a certificate pool containing trusted CA certificates
|
||||
// for validating TLS connections within the NTP Pool infrastructure.
|
||||
//
|
||||
// The CA certificates are embedded in the binary and include the trusted
|
||||
// certificate authorities used for inter-service communication.
|
||||
// This pool should be used in tls.Config.RootCAs for client connections
|
||||
// or tls.Config.ClientCAs for server connections requiring client certificates.
|
||||
//
|
||||
// Returns an error if the embedded CA certificates cannot be parsed or loaded.
|
||||
func CAPool() (*x509.CertPool, error) {
|
||||
capool := x509.NewCertPool()
|
||||
if !capool.AppendCertsFromPEM(caBytes) {
|
||||
|
||||
Reference in New Issue
Block a user