Documentation ¶
Index ¶
- func Add(mgr manager.Manager) error
- func GetCertificate(kubeClient client.Client, cr *certmanv1alpha1.CertificateRequest) (*x509.Certificate, error)
- func GetSecret(kubeClient client.Client, secretName, namespace string) (*corev1.Secret, error)
- func ParseCertificateData(data []byte) (*x509.Certificate, error)
- func SecretExists(kubeClient client.Client, secretName, namespace string) bool
- func VerifyDnsResourceRecordUpdate(reqLogger logr.Logger, fqdn string, txtValue string) bool
- type CloudflareAnswer
- type CloudflareQuestion
- type CloudflareResponse
- type FakeAWSClient
- func (f FakeAWSClient) AnswerDNSChallenge(reqLogger logr.Logger, acmeChallengeToken string, domain string, ...) (string, error)
- func (f FakeAWSClient) DeleteAcmeChallengeResourceRecords(reqLogger logr.Logger, cr *certmanv1alpha1.CertificateRequest) error
- func (f FakeAWSClient) ValidateDNSWriteAccess(reqLogger logr.Logger, cr *certmanv1alpha1.CertificateRequest) (bool, error)
- type ReconcileCertificateRequest
- func (r *ReconcileCertificateRequest) IssueCertificate(reqLogger logr.Logger, cr *certmanv1alpha1.CertificateRequest, ...) error
- func (r *ReconcileCertificateRequest) Reconcile(request reconcile.Request) (reconcile.Result, error)
- func (r *ReconcileCertificateRequest) RevokeCertificate(reqLogger logr.Logger, cr *certmanv1alpha1.CertificateRequest) error
- func (r *ReconcileCertificateRequest) ShouldReissue(reqLogger logr.Logger, cr *certmanv1alpha1.CertificateRequest) (bool, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Add ¶
Add creates a new CertificateRequest Controller and adds it to the Manager. The Manager will set fields on the Controller and Start it when the Manager is Started.
func GetCertificate ¶
func GetCertificate(kubeClient client.Client, cr *certmanv1alpha1.CertificateRequest) (*x509.Certificate, error)
GetCertificate returns a certificate to the caller after retrieving the certificates secret.
func ParseCertificateData ¶
func ParseCertificateData(data []byte) (*x509.Certificate, error)
ParseCertificateData returns a decoded x509 certificate to the caller.
func SecretExists ¶
SecretExists returns a boolean to the caller basd on the secretName and namespace args.
Types ¶
type CloudflareAnswer ¶
type CloudflareQuestion ¶
type CloudflareResponse ¶
type CloudflareResponse struct { Status int `json:"Status"` TC bool `json:"TC"` RC bool `json:"RC"` RA bool `json:"RA"` AD bool `json:"AD"` CD bool `json:"CD"` Questions []CloudflareQuestion `json:"Question"` Answers []CloudflareAnswer `json:"Answer"` Authority []CloudflareAnswer `json:"Authority"` }
func FetchResourceRecordUsingCloudflareDNS ¶
func FetchResourceRecordUsingCloudflareDNS(reqLogger logr.Logger, name string) (*CloudflareResponse, error)
FetchResourceRecordUsingCloudflareDNS contacts cloudflareDnsOverHttpsEndpoint and returns the json response.
type FakeAWSClient ¶
type FakeAWSClient struct {
route53iface.Route53API
}
Mock certman-operator/pkg/client/aws The fake AWS client implements the certman-operator/pkg/clients.Client interface and just returns successes for everything.
func (FakeAWSClient) AnswerDNSChallenge ¶
func (f FakeAWSClient) AnswerDNSChallenge(reqLogger logr.Logger, acmeChallengeToken string, domain string, cr *certmanv1alpha1.CertificateRequest) (string, error)
func (FakeAWSClient) DeleteAcmeChallengeResourceRecords ¶
func (f FakeAWSClient) DeleteAcmeChallengeResourceRecords(reqLogger logr.Logger, cr *certmanv1alpha1.CertificateRequest) error
func (FakeAWSClient) ValidateDNSWriteAccess ¶
func (f FakeAWSClient) ValidateDNSWriteAccess(reqLogger logr.Logger, cr *certmanv1alpha1.CertificateRequest) (bool, error)
type ReconcileCertificateRequest ¶
type ReconcileCertificateRequest struct {
// contains filtered or unexported fields
}
ReconcileCertificateRequest reconciles a CertificateRequest object
func (*ReconcileCertificateRequest) IssueCertificate ¶
func (r *ReconcileCertificateRequest) IssueCertificate(reqLogger logr.Logger, cr *certmanv1alpha1.CertificateRequest, certificateSecret *corev1.Secret) error
IssueCertificate validates DNS write access then assess letsencrypt endpoint (prod or stage) based on leclient url. It then iterates through the CertificateRequest.Spec.DnsNames, authorizes to letsencrypt and sets a challenge in the form of resource record. Certificates are then generated and issued to kubernetes via corev1.
func (*ReconcileCertificateRequest) Reconcile ¶
func (r *ReconcileCertificateRequest) Reconcile(request reconcile.Request) (reconcile.Result, error)
Reconcile reads that state of the cluster for a CertificateRequest object and makes changes based on the state read and what is in the CertificateRequest.Spec
func (*ReconcileCertificateRequest) RevokeCertificate ¶
func (r *ReconcileCertificateRequest) RevokeCertificate(reqLogger logr.Logger, cr *certmanv1alpha1.CertificateRequest) error
RevokeCertificate validates which letsencrypt endpoint is to be used along with corresponding account. Then revokes certificate upon matching the CommonName of LetsEncryptCertIssuingAuthority. Associated ACME challenge resources are also removed.
func (*ReconcileCertificateRequest) ShouldReissue ¶
func (r *ReconcileCertificateRequest) ShouldReissue(reqLogger logr.Logger, cr *certmanv1alpha1.CertificateRequest) (bool, error)
ShouldReissue retrieves a reissueCertificateBeforeDays int and returns `true` to the caller if it is <= the expiry of the CertificateRequest.