certificaterequest

package
v0.0.0-...-f64d618 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 12, 2020 License: Apache-2.0 Imports: 38 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Add 

func Add(mgr manager.Manager) error

Add creates a new CertificateRequest Controller and adds it to the Manager. The Manager will set fields on the Controller and Start it when the Manager is Started.

func GetCertificate 

func GetCertificate(kubeClient client.Client, cr *certmanv1alpha1.CertificateRequest) (*x509.Certificate, error)

GetCertificate returns a certificate to the caller after retrieving the certificates secret.

func GetSecret 

func GetSecret(kubeClient client.Client, secretName, namespace string) (*corev1.Secret, error)

GetSecret returns a secret based on a secretName and namespace.

func ParseCertificateData 

func ParseCertificateData(data []byte) (*x509.Certificate, error)

ParseCertificateData returns a decoded x509 certificate to the caller.

func SecretExists 

func SecretExists(kubeClient client.Client, secretName, namespace string) bool

SecretExists returns a boolean to the caller basd on the secretName and namespace args.

func VerifyDnsResourceRecordUpdate 

func VerifyDnsResourceRecordUpdate(reqLogger logr.Logger, fqdn string, txtValue string) bool

VerifyDnsResourceRecordUpdate verifies the presence of a TXT record with Cloudflare DNS.

Types

type CloudflareAnswer 

type CloudflareAnswer struct {
	Name string `json:"name"`
	Type int    `json:"type"`
	TTL  int    `json:"TTL"`
	Data string `json:"data"`
}

type CloudflareQuestion 

type CloudflareQuestion struct {
	Name string `json:"name"`
	Type int    `json:"type"`
}

type CloudflareResponse 

type CloudflareResponse struct {
	Status    int                  `json:"Status"`
	TC        bool                 `json:"TC"`
	RC        bool                 `json:"RC"`
	RA        bool                 `json:"RA"`
	AD        bool                 `json:"AD"`
	CD        bool                 `json:"CD"`
	Questions []CloudflareQuestion `json:"Question"`
	Answers   []CloudflareAnswer   `json:"Answer"`
	Authority []CloudflareAnswer   `json:"Authority"`
}

func FetchResourceRecordUsingCloudflareDNS 

func FetchResourceRecordUsingCloudflareDNS(reqLogger logr.Logger, name string) (*CloudflareResponse, error)

FetchResourceRecordUsingCloudflareDNS contacts cloudflareDnsOverHttpsEndpoint and returns the json response.

type FakeAWSClient 

type FakeAWSClient struct {
	route53iface.Route53API
}

Mock certman-operator/pkg/client/aws The fake AWS client implements the certman-operator/pkg/clients.Client interface and just returns successes for everything.

func (FakeAWSClient) AnswerDNSChallenge 

func (f FakeAWSClient) AnswerDNSChallenge(reqLogger logr.Logger, acmeChallengeToken string, domain string, cr *certmanv1alpha1.CertificateRequest) (string, error)

func (FakeAWSClient) DeleteAcmeChallengeResourceRecords 

func (f FakeAWSClient) DeleteAcmeChallengeResourceRecords(reqLogger logr.Logger, cr *certmanv1alpha1.CertificateRequest) error

func (FakeAWSClient) ValidateDNSWriteAccess 

func (f FakeAWSClient) ValidateDNSWriteAccess(reqLogger logr.Logger, cr *certmanv1alpha1.CertificateRequest) (bool, error)

type ReconcileCertificateRequest 

type ReconcileCertificateRequest struct {
	// contains filtered or unexported fields
}

ReconcileCertificateRequest reconciles a CertificateRequest object

func (*ReconcileCertificateRequest) IssueCertificate 

func (r *ReconcileCertificateRequest) IssueCertificate(reqLogger logr.Logger, cr *certmanv1alpha1.CertificateRequest, certificateSecret *corev1.Secret) error

IssueCertificate validates DNS write access then assess letsencrypt endpoint (prod or stage) based on leclient url. It then iterates through the CertificateRequest.Spec.DnsNames, authorizes to letsencrypt and sets a challenge in the form of resource record. Certificates are then generated and issued to kubernetes via corev1.

func (*ReconcileCertificateRequest) Reconcile 

func (r *ReconcileCertificateRequest) Reconcile(request reconcile.Request) (reconcile.Result, error)

Reconcile reads that state of the cluster for a CertificateRequest object and makes changes based on the state read and what is in the CertificateRequest.Spec

func (*ReconcileCertificateRequest) RevokeCertificate 

func (r *ReconcileCertificateRequest) RevokeCertificate(reqLogger logr.Logger, cr *certmanv1alpha1.CertificateRequest) error

RevokeCertificate validates which letsencrypt endpoint is to be used along with corresponding account. Then revokes certificate upon matching the CommonName of LetsEncryptCertIssuingAuthority. Associated ACME challenge resources are also removed.

func (*ReconcileCertificateRequest) ShouldReissue 

func (r *ReconcileCertificateRequest) ShouldReissue(reqLogger logr.Logger, cr *certmanv1alpha1.CertificateRequest) (bool, error)

ShouldReissue retrieves a reissueCertificateBeforeDays int and returns `true` to the caller if it is <= the expiry of the CertificateRequest.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.