president

package

v0.0.0-...-cc8e7a3 Latest Latest Go to latest Published: Apr 17, 2024 License: Apache-2.0 Imports: 38 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/sapcc/kubernetes-operators

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func ExposeMetrics(options config.Options, stopCh <-chan struct{}, wg *sync.WaitGroup, ...)
type Operator
- func New(options config.Options, logger log.Logger) (*Operator, error)
- func (vp *Operator) Run(threadiness int, stopCh <-chan struct{}, wg *sync.WaitGroup)
type SymantecMetricsCollector
- func NewSymantecMetricsCollector(options config.Options, logger log.Logger) *SymantecMetricsCollector
- func (m *SymantecMetricsCollector) Collect(ch chan<- prometheus.Metric)
- func (m *SymantecMetricsCollector) Describe(ch chan<- *prometheus.Desc)
type TestSuite
type ViceCertificate
- func NewViceCertificate(ingress *extensionsv1beta1.Ingress, secretName, host string, sans []string, ...) *ViceCertificate

Constants ¶

View Source

const (
	// CertificateType is exactly that.
	CertificateType = "CERTIFICATE"

	// PrivateKeyType is exactly that.
	PrivateKeyType = "RSA PRIVATE KEY"

	// SecretTLSCertType defines under which key the certificate is stored in the secret.
	// The following cert types will also be considered:
	// (1) with underscore and dot, e.g.: tls_cert || tls.cert
	// (2) *.cert | *.crt
	SecretTLSCertType = "tls.crt"

	// SecretTLSKeyType defines under which key the private key is stored in the secret.
	// The following key types will be checked:
	// (1) with underscore and dot, e.g.: tls_key || tls.key
	SecretTLSKeyType = "tls.key"

	// IngressStateEnroll means a enrollment request has to be issued.
	IngressStateEnroll = "enroll"

	// IngressStateRenew means a renewal request has to be be issued.
	IngressStateRenew = "renew"

	// IngressStateApprove means that a certificate has to be approved.
	IngressStateApprove = "approve"

	// IngressStateApproved means that a certificate was approved.
	IngressStateApproved = "approved"

	// IngressStatePickup means that a certificate has to be picked up.
	IngressStatePickup = "pickup"

	// IngressStateReplace means that a certificate has to be replaced.
	IngressStateReplace = "replace"

	// BaseDelay defines the delay after which an ingress is added to the workqueue.
	BaseDelay = 5 * time.Second

	// TmpPath points to tmp directory.
	TmpPath = "/tmp"

	// AnnotationCertificateReplacement triggers one-time replacement of certificates for all hosts defined by the ingress.
	AnnotationCertificateReplacement = "vice-president/replace-cert"

	// AnnotationSecretClaimedByIngress is used to indicate that a secret is being used by another ingress.
	// This prevents multiple ingress' from using the same secret.
	AnnotationSecretClaimedByIngress = "vice-president/claimed-by-ingress"

	// RateLimitPeriod is the period after which all rate limits are reset.
	RateLimitPeriod = 1 * time.Hour

	// IngressFakeCN is the CN of the ingress controllers fake certificate.
	IngressFakeCN = "Kubernetes Ingress Controller Fake Certificate"

	// IngressFakeHost is the list of hosts used by the ingress controllers fake certificate.
	IngressFakeHost = "ingress.local"

	// ReasonSuperseded is the reason for replacing a existing certificate.
	ReasonSuperseded = "SUPERSEDED"

	// UpdateEvent is the type of an update event.
	UpdateEvent = "UpdateCertificate"
)

View Source

const (
	// FIXTURES path to the subfolder containing fixtures.
	FIXTURES = "fixtures"

	// TESTPORT the port used by the MockServer.
	TESTPORT = 8001
)

View Source

const (
	// MetricNamespace used as prefix for metrics
	MetricNamespace = "vice_president"
)

Variables ¶

View Source

var (
	// VERSION of the vice president
	VERSION = "0.0.0.dev"
)

Functions ¶

func ExposeMetrics ¶

func ExposeMetrics(options config.Options, stopCh <-chan struct{}, wg *sync.WaitGroup, logger log.Logger)

ExposeMetrics exposes the above defined metrics on <metricPort>:/metrics

Types ¶

type Operator ¶

type Operator struct {
	config.Options
	// contains filtered or unexported fields
}

Operator is the vice-president certificate operator

func New ¶

func New(options config.Options, logger log.Logger) (*Operator, error)

New creates a new operator using the given options

func (*Operator) Run ¶

func (vp *Operator) Run(threadiness int, stopCh <-chan struct{}, wg *sync.WaitGroup)

Run starts the operator.

type SymantecMetricsCollector ¶

type SymantecMetricsCollector struct {
	prometheus.Collector
	// contains filtered or unexported fields
}

SymantecMetricsCollector ..

func NewSymantecMetricsCollector ¶

func NewSymantecMetricsCollector(options config.Options, logger log.Logger) *SymantecMetricsCollector

NewSymantecMetricsCollector returns a new collector for Symantec metrics.

func (*SymantecMetricsCollector) Collect ¶

func (m *SymantecMetricsCollector) Collect(ch chan<- prometheus.Metric)

Collect ..

func (*SymantecMetricsCollector) Describe ¶

func (m *SymantecMetricsCollector) Describe(ch chan<- *prometheus.Desc)

Describe ..

type TestSuite ¶

type TestSuite struct {
	suite.Suite
	VP                   *Operator
	HTTPMux              *http.ServeMux
	TestPort             int
	Cert                 *x509.Certificate
	CertByte             []byte
	Key                  *rsa.PrivateKey
	KeyByte              []byte
	Secret               *coreV1.Secret
	ViceCert             *ViceCertificate
	IntermediateCertByte []byte
}

TestSuite ..

func (*TestSuite) SetupMockEndpoints ¶

func (s *TestSuite) SetupMockEndpoints()

SetupMockEndpoints defines the endpoints available during mock tests

func (*TestSuite) SetupSuite ¶

func (s *TestSuite) SetupSuite()

SetupSuite creates a new TestSuite.

func (*TestSuite) TearDownSuite ¶

func (s *TestSuite) TearDownSuite()

TearDownSuite tears down the testsuite

type ViceCertificate ¶

type ViceCertificate struct {
	// contains filtered or unexported fields
}

ViceCertificate contains all properties requires by the Symantec VICE API

func NewViceCertificate ¶

func NewViceCertificate(ingress *extensionsv1beta1.Ingress, secretName, host string, sans []string, intermediateCertificate *x509.Certificate, rootCertificates *x509.CertPool) *ViceCertificate

NewViceCertificate returns a new vice certificate.

func (*ViceCertificate) DoesCertificateAndHostMatch ¶

func (vc *ViceCertificate) DoesCertificateAndHostMatch() bool

DoesCertificateAndHostMatch checks that a given certificate is for the correct host and SANs.

func (*ViceCertificate) DoesCertificateExpireSoon ¶

func (vc *ViceCertificate) DoesCertificateExpireSoon(minCertValidityDays int) bool

DoesCertificateExpireSoon checks if a certificate is already expired or will expire within the next n month?

func (*ViceCertificate) DoesKeyAndCertificateTally ¶

func (vc *ViceCertificate) DoesKeyAndCertificateTally() bool

DoesKeyAndCertificateTally checks if a given private key is for the correct certificate.

func (*ViceCertificate) DoesRemoteCertificateMatch ¶

func (vc *ViceCertificate) DoesRemoteCertificateMatch() bool

DoesRemoteCertificateMatch connects to the URL, does the TLS handshake and checks if the certificates match

func (*ViceCertificate) IsRevoked ¶

func (vc *ViceCertificate) IsRevoked() bool

IsRevoked checks whether the certificate was revoked using OCSP (Online Certificate Status Protocol)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL