mtls

package

v0.15.1 Latest Latest Go to latest Published: Jul 6, 2023 License: MPL-2.0 Imports: 32 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/weaveworks/tf-controller

Links

Open Source Insights

Documentation ¶

Index ¶

func AddRotator(_ context.Context, mgr manager.Manager, cr *CertRotator) error
func GetGRPCClientCredentials(secret *corev1.Secret) (credentials.TransportCredentials, error)
func GetGRPCServerCredentials(secret *corev1.Secret) (credentials.TransportCredentials, error)
func RunnerServe(namespace, addr string, tlsSecretName string, sigterm chan os.Signal, ...) error
func StartGRPCServerForTesting(server *runner.TerraformRunnerServer, namespace string, addr string, ...) error
func ValidCert(caCert, cert, key []byte, dnsName string, keyUsages *[]x509.ExtKeyUsage, ...) (bool, error)
type CertRotator
type KeyPairArtifacts
type PartialManager
type Trigger
type TriggerResult

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func AddRotator ¶

func AddRotator(_ context.Context, mgr manager.Manager, cr *CertRotator) error

AddRotator adds the CertRotator and ReconcileWH to the manager.

func GetGRPCClientCredentials ¶

func GetGRPCClientCredentials(secret *corev1.Secret) (credentials.TransportCredentials, error)

GetGRPCClientCredentials returns transport credentials for a client connection

func GetGRPCServerCredentials ¶

func GetGRPCServerCredentials(secret *corev1.Secret) (credentials.TransportCredentials, error)

GetGRPCServerCredentials returns transport credentials for a server

func RunnerServe ¶

func RunnerServe(namespace, addr string, tlsSecretName string, sigterm chan os.Signal, maxMessageSizeInMiB int) error

func StartGRPCServerForTesting ¶

func StartGRPCServerForTesting(server *runner.TerraformRunnerServer, namespace string, addr string, mgr controllerruntime.Manager, rotator *CertRotator) error

StartGRPCServerForTesting should be used only for testing

func ValidCert ¶

func ValidCert(caCert, cert, key []byte, dnsName string, keyUsages *[]x509.ExtKeyUsage, at time.Time) (bool, error)

Types ¶

type CertRotator ¶

type CertRotator struct {
	Ready chan struct{}

	CAName             string
	CAOrganization     string
	DNSName            string
	CAValidityDuration time.Duration
	// CertValidityDuration   time.Duration
	RotationCheckFrequency time.Duration
	LookaheadInterval      time.Duration

	TriggerCARotation             chan Trigger // trigger the CA rotation
	TriggerNamespaceTLSGeneration chan Trigger // trigger namespace TLS generation

	ClusterDomain string
	// contains filtered or unexported fields
}

CertRotator contains cert artifacts and a channel to close when the certs are ready.

func (*CertRotator) GetKnownNamespaceTLS ¶ added in v0.14.2

func (cr *CertRotator) GetKnownNamespaceTLS(namespace string) (*TriggerResult, bool)

GetKnownNamespaceTLS returns the TriggerResult for the given namespace.

func (*CertRotator) GetKnownNamespaces ¶ added in v0.14.2

func (cr *CertRotator) GetKnownNamespaces() []string

GetKnownNamespaces returns all the keys (namespaces) in knownNamespaceTLSMap.

func (*CertRotator) GetRunnerTLSSecretName ¶ added in v0.10.0

func (cr *CertRotator) GetRunnerTLSSecretName() (string, error)

GetRunnerTLSSecretName returns the name of the TLS Secret. It is used by the controller to tell the runner the name of TLS.

func (*CertRotator) IsCAValid ¶ added in v0.10.0

func (cr *CertRotator) IsCAValid() (bool, error)

IsCAValid checks that the CA[n-1] is valid.

func (*CertRotator) ResetCACache ¶ added in v0.10.0

func (cr *CertRotator) ResetCACache()

func (*CertRotator) SetKnownNamespaceTLS ¶ added in v0.14.2

func (cr *CertRotator) SetKnownNamespaceTLS(namespace string, result *TriggerResult)

SetKnownNamespaceTLS sets the TriggerResult for the given namespace.

func (*CertRotator) Start ¶

func (cr *CertRotator) Start(ctx context.Context) error

Start starts the CertRotator runnable to rotate certs and ensure the certs are ready.

type KeyPairArtifacts ¶

type KeyPairArtifacts struct {
	Cert    *x509.Certificate
	Key     *rsa.PrivateKey
	CertPEM []byte
	KeyPEM  []byte
	// contains filtered or unexported fields
}

KeyPairArtifacts stores cert artifacts.

type PartialManager ¶ added in v0.10.0

type PartialManager interface {
	GetConfig() *rest.Config
	GetScheme() *runtime.Scheme
	GetRESTMapper() meta.RESTMapper
	Elected() <-chan struct{}
}

PartialManager is a subset of the manager.Manager interface that is used by the CertRotator.

type Trigger ¶ added in v0.10.0

type Trigger struct {
	Namespace string
	Ready     chan *TriggerResult
}

type TriggerResult ¶ added in v0.10.0

type TriggerResult struct {
	Secret *corev1.Secret
	Err    error
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL