mtls

package
v0.12.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 7, 2022 License: MPL-2.0 Imports: 31 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AddRotator 

func AddRotator(ctx context.Context, mgr manager.Manager, cr *CertRotator) error

AddRotator adds the CertRotator and ReconcileWH to the manager.

func GetGRPCClientCredentials 

func GetGRPCClientCredentials(secret *corev1.Secret) (credentials.TransportCredentials, error)

GetGRPCClientCredentials returns transport credentials for a client connection

func GetGRPCServerCredentials 

func GetGRPCServerCredentials(secret *corev1.Secret) (credentials.TransportCredentials, error)

GetGRPCServerCredentials returns transport credentials for a server

func RunnerServe 

func RunnerServe(namespace, addr string, tlsSecretName string, sigterm chan os.Signal, maxMessageSizeInMiB int) error

func StartGRPCServerForTesting 

func StartGRPCServerForTesting(server *runner.TerraformRunnerServer, namespace string, addr string, mgr controllerruntime.Manager, rotator *CertRotator) error

StartGRPCServerForTesting should be used only for testing

func ValidCert 

func ValidCert(caCert, cert, key []byte, dnsName string, keyUsages *[]x509.ExtKeyUsage, at time.Time) (bool, error)

Types

type CertRotator 

type CertRotator struct {
	Ready chan struct{}

	CAName             string
	CAOrganization     string
	DNSName            string
	CAValidityDuration time.Duration
	// CertValidityDuration   time.Duration
	RotationCheckFrequency time.Duration
	LookaheadInterval      time.Duration

	TriggerCARotation             chan Trigger // trigger the CA rotation
	TriggerNamespaceTLSGeneration chan Trigger // trigger namespace TLS generation
	// contains filtered or unexported fields
}

CertRotator contains cert artifacts and a channel to close when the certs are ready.

func (*CertRotator) GetRunnerTLSSecretName added in v0.10.0 

func (cr *CertRotator) GetRunnerTLSSecretName() (string, error)

GetRunnerTLSSecretName returns the name of the TLS Secret. It is used by the controller to tell the runner the name of TLS.

func (*CertRotator) GetTLSGenerationResult added in v0.10.0 

func (cr *CertRotator) GetTLSGenerationResult(namespace string) (*corev1.Secret, error)

func (*CertRotator) IsCAValid added in v0.10.0 

func (cr *CertRotator) IsCAValid() (bool, error)

IsCAValid checks that the CA[n-1] is valid.

func (*CertRotator) ResetCACache added in v0.10.0 

func (cr *CertRotator) ResetCACache()

func (*CertRotator) Start 

func (cr *CertRotator) Start(ctx context.Context) error

Start starts the CertRotator runnable to rotate certs and ensure the certs are ready.

type KeyPairArtifacts 

type KeyPairArtifacts struct {
	Cert    *x509.Certificate
	Key     *rsa.PrivateKey
	CertPEM []byte
	KeyPEM  []byte
	// contains filtered or unexported fields
}

KeyPairArtifacts stores cert artifacts.

type PartialManager added in v0.10.0 

type PartialManager interface {
	GetConfig() *rest.Config
	GetScheme() *runtime.Scheme
	GetRESTMapper() meta.RESTMapper
	Elected() <-chan struct{}
}

PartialManager is a subset of the manager.Manager interface that is used by the CertRotator.

type Trigger added in v0.10.0 

type Trigger struct {
	Namespace string
	Ready     chan *TriggerResult
}

type TriggerResult added in v0.10.0 

type TriggerResult struct {
	Secret *corev1.Secret
	Err    error
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.