Documentation
¶
Index ¶
Constants ¶
View Source
const (
DefaultFilepath = "./playbook.yaml"
)
View Source
const (
// JKSMinPasswordLength represents the minimum length a JKS password must have per the JKS specification
JKSMinPasswordLength = 6
)
Variables ¶
View Source
var ( // ErrNoConfig is thrown when the Playbook has no config section ErrNoConfig = fmt.Errorf("no config found on playbook") // ErrNoTasks is thrown when the Playbook has no certificateTasks section ErrNoTasks = fmt.Errorf("no certificate tasks found on playbook") // ErrNoInstallations is thrown when any task (item in Certificates section) has no installations defined ErrNoInstallations = fmt.Errorf("no installations found on certificate task") // ErrNoRequestZone is thrown when a certificate request is specified without a zone ErrNoRequestZone = fmt.Errorf("request.zone is required and was not found") // ErrNoRequestCN si thrown when a certificate request does not contain subject.CommonName ErrNoRequestCN = fmt.Errorf("request.subject.commonName is required and was not found") // ErrNoCredentials is thrown when the Playbook has no config section ErrNoCredentials = fmt.Errorf("no credentials defined on playbook") // ErrMultipleCredentials is thrown when the config.credentials section has both apikey and accessToken declared ErrMultipleCredentials = fmt.Errorf("credentials for multiple platforms set. Only one of ApiKey or AccessToken/RefreshToken pair should be declared") // ErrNoTPPURL is thrown when accessToken and/or refreshToken are declared in config.credentials but no url is specified ErrNoTPPURL = fmt.Errorf("no url defined. TPP platform requires an url to the TPP instance") // ErrTrustBundleNotExist is thrown when config.trustBundle is set but the path does not exist or cannot be read ErrTrustBundleNotExist = fmt.Errorf("trustBundle path does not exist") // ErrNoJKSAlias is thrown when certificates.installations[].type is JKS but no jksAlias is set ErrNoJKSAlias = fmt.Errorf("jksAlias should not be empty when installing a certificate in JKS format") // ErrNoJKSPassword is thrown when certificates.installations[].type is JKS but no jksPassword is set ErrNoJKSPassword = fmt.Errorf("jksPassword should not be empty when installing a certificate in JKS format") // ErrJKSPasswordLength is thrown when certificates.installations[].type is JKS but the jksPassword length is shorter than the minimum required ErrJKSPasswordLength = fmt.Errorf("jksPassword must be at least 6 characters long") // ErrKeyPasswordLength is thrown when certificates.installations[].type is JKS but the keyPassword length is shorter than the minimum required ErrKeyPasswordLength = fmt.Errorf("keyPassword must be at least 6 characters long") // ErrNoP12Password is thrown when certificates.installations[].type is JKS but no jksPassword is set ErrNoP12Password = fmt.Errorf("p12Password should not be empty when installing a certificate in PKCS12 format") // ErrNoChainFile is thrown when certificates.installations[].type is PEM but no pemChainFilename is set ErrNoChainFile = fmt.Errorf("chainFile should not be empty when installing a certificate in PEM format") // ErrNoKeyFile is thrown when certificates.installations[].type is PEM but no pemKeyFilename is set ErrNoKeyFile = fmt.Errorf("keyFile should not be empty when installing a certificate in PEM format") // ErrUndefinedInstallationFormat is thrown when certificates.installations[].type is unknown ErrUndefinedInstallationFormat = fmt.Errorf("unknown installation format specified") // ErrNoInstallationFile is thrown when certificates.installations[].File is not set ErrNoInstallationFile = fmt.Errorf("installation file not specified") // ErrCAPIOnNonWindows is thrown when certificates.installations[].type is CAPI but running on a non-windows build ErrCAPIOnNonWindows = fmt.Errorf("unable to specify CAPI installation type on non-windows system") // ErrNoCAPILocation is thrown when certificates.installations[].format is CAPI but certificates.installations[].location is not set ErrNoCAPILocation = fmt.Errorf("CAPI installation location not specified") // ErrMalformedCAPILocation is thrown when certificates.installations[].type is CAPI but the location is malformed ErrMalformedCAPILocation = fmt.Errorf("invalid CAPI location. Should be in form of 'StoreLocation\\StoreName' (i.e. 'LocalMachine\\My')") // ErrInvalidCAPILocation is thrown when certificates.installations[].type is CAPI but the location is malformed ErrInvalidCAPILocation = fmt.Errorf("invalid CAPI location. Should be either 'LocalMachine' or 'CurrentUser' (i.e. 'LocalMachine\\My')") // ErrInvalidCAPIStoreName is thrown when certificates.installations[].type is CAPI but the location is malformed ErrInvalidCAPIStoreName = fmt.Errorf("invalid CAPI store name. Should contain a valid storeName after the '\\' (i.e. 'LocalMachine\\My')") // WarningLocationFieldDeprecated is thrown when certificates.installations[].type is CAPI but the deprecated location field is set WarningLocationFieldDeprecated = "location field is deprecated and will be removed in a future release. Use capiLocation instead" // WarningNoCAPIFriendlyName is thrown when certificates.installations[].type is CAPI but no friendlyName is set WarningNoCAPIFriendlyName = "no capiFriendlyName defined. It is strongly recommended to define a " + "capiFriendlyName for CAPI installation type. This will become required in a future release" // ErrNoFireflyURL is thrown when platform is Firefly but no url is specified inf config.credentials ErrNoFireflyURL = fmt.Errorf("no url defined. Firefly platform requires an url to the Firefly instance") // ErrNoClientId is thrown when platform is Firefly and no config.credentials.clientId is defined ErrNoClientId = fmt.Errorf("no cliendId defined. Firefly platform requires a clientId to request OAuth2 token") // ErrNoIdentityProviderURL is thrown when platform is Firefly and no config.credentials.tokenURL is defined to request an OAuth2 Token ErrNoIdentityProviderURL = fmt.Errorf("no tokenURL defined in credentials. tokenURL is required to request OAuth2 token") // ErrNoExternalJWT is thrown when platform is TLSPC/VAAS/VCP, a tokenURL has been passed but no config.credentials.externalJWT is set ErrNoExternalJWT = fmt.Errorf("no externalJWT defined in credentials. externalJWT is required to request an access token from VCP") )
Functions ¶
This section is empty.
Types ¶
type Authentication ¶
type Authentication struct {
endpoint.Authentication `yaml:"-"`
P12Task string `yaml:"p12Task,omitempty"`
}
Authentication holds the credentials to connect to Venafi platforms: TPP and TLSPC
func (Authentication) MarshalYAML ¶ added in v5.1.0
func (a Authentication) MarshalYAML() (interface{}, error)
MarshalYAML customizes the behavior of Authentication when being marshaled into a YAML document. The returned value is marshaled in place of the original value implementing Marshaller
func (*Authentication) UnmarshalYAML ¶ added in v5.1.0
func (a *Authentication) UnmarshalYAML(value *yaml.Node) error
UnmarshalYAML customizes the behavior when being unmarshalled from a YAML document
type CertificateTask ¶
type CertificateTask struct {
Name string `yaml:"name,omitempty"`
Request PlaybookRequest `yaml:"request,omitempty"`
Installations Installations `yaml:"installations,omitempty"`
RenewBefore string `yaml:"renewBefore,omitempty"`
SetEnvVars []string `yaml:"setEnvVars,omitempty"`
}
CertificateTask represents a task to be run: A certificate to be requested/renewed and installed in one (or more) location(s)
func (CertificateTask) IsValid ¶
func (task CertificateTask) IsValid() (bool, error)
IsValid returns true if the CertificateTask has the minimum required fields to be run
type CertificateTasks ¶
type CertificateTasks []CertificateTask
CertificateTasks is a slice of CertificateTask
type Config ¶
type Config struct {
Connection Connection `yaml:"connection,omitempty"`
ForceRenew bool `yaml:"-"`
}
Config contains all the values necessary to connect to a given Venafi platform: TPP or TLSPC
type Connection ¶
type Connection struct {
Credentials Authentication `yaml:"credentials,omitempty"`
Insecure bool `yaml:"insecure,omitempty"`
Platform venafi.Platform `yaml:"platform,omitempty"`
TrustBundlePath string `yaml:"trustBundle,omitempty"`
URL string `yaml:"url,omitempty"`
}
Connection represents the issuer that vCert will connect to in order to issue certificates
func (Connection) GetConnectorType ¶
func (c Connection) GetConnectorType() endpoint.ConnectorType
GetConnectorType returns the type of vcert Connector this config will create
func (Connection) IsValid ¶
func (c Connection) IsValid() (bool, error)
IsValid returns true if the Connection is supported by vcert and has the necessary values to connect to the given platform
type Installation ¶
type Installation struct {
AfterAction string `yaml:"afterInstallAction,omitempty"`
BackupFiles bool `yaml:"backupFiles,omitempty"`
CAPIFriendlyName string `yaml:"capiFriendlyName,omitempty"` // In a future version of vCert this will become REQUIRED!
CAPIIsNonExportable bool `yaml:"capiIsNonExportable,omitempty"`
CAPILocation string `yaml:"capiLocation,omitempty"` // This is an alias for Location
ChainFile string `yaml:"chainFile,omitempty"`
File string `yaml:"file,omitempty"`
InstallValidation string `yaml:"installValidationAction,omitempty"`
JKSAlias string `yaml:"jksAlias,omitempty"`
JKSPassword string `yaml:"jksPassword,omitempty"`
KeyFile string `yaml:"keyFile,omitempty"`
KeyPassword string `yaml:"keyPassword,omitempty"`
// Deprecated: Location is deprecated in favor of CAPILocation. It will be removed on a future release
Location string `yaml:"location,omitempty"`
P12Password string `yaml:"p12Password,omitempty"`
Type InstallationFormat `yaml:"format,omitempty"`
}
Installation represents a location in which a certificate will be installed, along with the format in which it will be installed
func (Installation) IsValid ¶
func (installation Installation) IsValid() (bool, error)
IsValid returns true if the Installation type is supported by vcert
type InstallationFormat ¶
type InstallationFormat int64
InstallationFormat represents the type of installation to be done: PEM, PKCS12, JKS or CAPI (only on Windows environments)
const ( // FormatUnknown represents an invalid InstallationFormat FormatUnknown InstallationFormat = iota // FormatCAPI represents an installation in CAPI store FormatCAPI // FormatJKS represents an installation with the Java KeyStore format FormatJKS // FormatPEM represents an installation with PEM format FormatPEM // FormatPKCS12 represents an installation with the PKCS12 format FormatPKCS12 )
func (InstallationFormat) MarshalYAML ¶
func (it InstallationFormat) MarshalYAML() (interface{}, error)
MarshalYAML customizes the behavior of ChainOption when being marshaled into a YAML document. The returned value is marshaled in place of the original value implementing Marshaller
func (*InstallationFormat) String ¶
func (it *InstallationFormat) String() string
String returns a string representation of this object
func (*InstallationFormat) UnmarshalYAML ¶
func (it *InstallationFormat) UnmarshalYAML(value *yaml.Node) error
UnmarshalYAML customizes the behavior when being unmarshalled from a YAML document
type Playbook ¶
type Playbook struct {
CertificateTasks CertificateTasks `yaml:"certificateTasks,omitempty"`
Config Config `yaml:"config,omitempty"`
Location string `yaml:"-"`
}
Playbook represents a set of tasks to run.
The Config object holds the values required to connect to a Venafi platform.
A task includes:
- a Request object that defines the values of the certificate to request
- a list of locations where the certificate will be installed
func NewPlaybook ¶
func NewPlaybook() Playbook
NewPlaybook returns a Playbook with some default values
type PlaybookRequest ¶
type PlaybookRequest struct {
CADN string `yaml:"cadn,omitempty"`
ChainOption certificate.ChainOption `yaml:"chain,omitempty"`
CsrOrigin string `yaml:"csr,omitempty"`
CustomFields []certificate.CustomField `yaml:"fields,omitempty"`
DNSNames []string `yaml:"sanDNS,omitempty"`
EmailAddresses []string `yaml:"sanEmail,omitempty"`
FriendlyName string `yaml:"nickname,omitempty"`
IPAddresses []string `yaml:"sanIP,omitempty"`
IssuerHint util.IssuerHint `yaml:"issuerHint,omitempty"`
KeyCurve certificate.EllipticCurve `yaml:"keyCurve,omitempty"`
KeyLength int `yaml:"keySize,omitempty"`
KeyPassword string `yaml:"-"`
KeyType certificate.KeyType `yaml:"keyType,omitempty"`
Location certificate.Location `yaml:"location,omitempty"`
OmitSANs bool `yaml:"omitSans,omitempty"`
Origin string `yaml:"appInfo,omitempty"`
Subject Subject `yaml:"subject,omitempty"`
Timeout int `yaml:"timeout,omitempty"`
UPNs []string `yaml:"sanUPN,omitempty"`
URIs []string `yaml:"sanURI,omitempty"`
ValidDays string `yaml:"validDays,omitempty"`
Zone string `yaml:"zone,omitempty"`
}
PlaybookRequest Contains data needed to generate a certificate request CSR is a PEM-encoded Certificate Signing PlaybookRequest
type Subject ¶
type Subject struct {
CommonName string `yaml:"commonName,omitempty"`
Country string `yaml:"country,omitempty"`
Locality string `yaml:"locality,omitempty"`
Organization string `yaml:"organization,omitempty"`
OrgUnits []string `yaml:"orgUnits,omitempty"`
Province string `yaml:"state,omitempty"`
}
Subject represents the X.509 distinguished names of the certificate. This only includes the common elements of a DN
Source Files
Click to show internal directories.
Click to hide internal directories.