certmanager

package

v1.0.0 Latest Latest Go to latest Published: Dec 21, 2025 License: Apache-2.0 Imports: 15 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/flightctl/flightctl

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type CertManager
- func NewManager(ctx context.Context, log provider.Logger, opts ...ManagerOption) (*CertManager, error)
- func (cm *CertManager) Sync(ctx context.Context, _ *config.Config) error
type CertificateInfo
type CertificateProcessingQueue
- func NewCertificateProcessingQueue(handler processHandlerFunc) *CertificateProcessingQueue
type HandlerFunc
type ManagerOption
type RetryQueue
- func NewRetryQueue[T any](handler HandlerFunc[T]) *RetryQueue[T]
- func (q *RetryQueue[T]) Add(item T)
- func (q *RetryQueue[T]) RunWorker(ctx context.Context)

Constants ¶

View Source

const DefaultRequeueDelay = 10 * time.Second

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type CertManager ¶

type CertManager struct {
	// contains filtered or unexported fields
}

CertManager manages the complete certificate lifecycle for flight control agents. It coordinates certificate provisioning, storage, and cleanup across multiple configuration providers. The manager supports pluggable provisioners (CSR, self-signed, etc.) and storage backends (filesystem, etc.) through factory patterns.

func NewManager ¶

func NewManager(ctx context.Context, log provider.Logger, opts ...ManagerOption) (*CertManager, error)

NewManager creates and initializes a new CertManager with the provided options.

func (*CertManager) Sync ¶

func (cm *CertManager) Sync(ctx context.Context, _ *config.Config) error

Sync performs a full synchronization of all certificate providers.

type CertificateInfo ¶

type CertificateInfo struct {
	// Certificate validity start time
	NotBefore *time.Time `json:"not_before,omitempty"`
	// Certificate validity end time (expiration)
	NotAfter *time.Time `json:"not_after,omitempty"`
}

CertificateInfo contains parsed certificate metadata.

type CertificateProcessingQueue ¶

type CertificateProcessingQueue struct {
	// contains filtered or unexported fields
}

CertificateProcessingQueue manages and processes certificate provisioning and storage tasks. It uses a retry queue to handle failed operations and tracks in-progress certificates to prevent duplicate processing.

func NewCertificateProcessingQueue ¶

func NewCertificateProcessingQueue(handler processHandlerFunc) *CertificateProcessingQueue

NewCertificateProcessingQueue creates a new CertificateProcessingQueue with the given handler. The handler function will be called for each certificate that needs processing.

func (*CertificateProcessingQueue) Get ¶

func (q *CertificateProcessingQueue) Get(providerName, certName string) (*certificate, provider.CertificateConfig)

Get retrieves the certificate and configuration for a certificate currently being processed. Returns nil certificate and empty config if the certificate is not currently being processed.

func (*CertificateProcessingQueue) IsProcessing ¶

func (q *CertificateProcessingQueue) IsProcessing(providerName, certName string) bool

IsProcessing returns true if the certificate with the given name is currently being processed.

func (*CertificateProcessingQueue) Len ¶

func (q *CertificateProcessingQueue) Len() int

Len returns the number of certificates currently being processed. This is useful for monitoring and debugging queue status.

func (*CertificateProcessingQueue) Process ¶

func (q *CertificateProcessingQueue) Process(providerName string, cert *certificate, cfg provider.CertificateConfig) error

Process adds a certificate to the processing queue using the provided context, or cancels and replaces an existing one if already in process. This is the main entry point for certificate processing requests.

func (*CertificateProcessingQueue) Remove ¶

func (q *CertificateProcessingQueue) Remove(providerName, certName string)

Remove stops and removes a certificate from the in-process map if it exists. This cancels the processing context and cleans up the tracking state.

func (*CertificateProcessingQueue) Run ¶

func (q *CertificateProcessingQueue) Run(ctx context.Context)

Run starts the certificate processing queue worker. This method should be called in a goroutine as it runs until the context is canceled.

type HandlerFunc ¶

type HandlerFunc[T any] func(ctx context.Context, item T, attempt int) *time.Duration

HandlerFunc defines a processing function for each item in the retry queue. It receives the item and its current attempt number (0 on first try). It returns a *time.Duration:

nil: drop the item, no requeue (processing complete or permanently failed)
non-nil: requeue after given duration (temporary failure, retry needed)

type ManagerOption ¶

type ManagerOption func(*CertManager) error

ManagerOption defines a functional option for configuring CertManager during initialization.

func WithBuiltins ¶

func WithBuiltins(
	deviceName string,
	managementClient client.Management,
	readWriter fileio.ReadWriter,
	cfg *agent_config.Config,
	idFactory identity.ExportableFactory,
) ManagerOption

WithBuiltins registers the standard certificate manager providers and factories.

func WithConfigProvider ¶

func WithConfigProvider(config provider.ConfigProvider) ManagerOption

WithConfigProvider adds a configuration provider to the manager. Configuration providers supply certificate configurations and can notify of changes. Multiple providers can be registered (e.g., agent-config, file-based, static).

func WithProvisionerProvider ¶

func WithProvisionerProvider(prov provider.ProvisionerFactory) ManagerOption

WithProvisionerProvider registers a provisioner factory with the manager. Provisioner factories create certificate provisioners (CSR, self-signed, etc.) based on certificate configuration. Each factory handles a specific provisioner type.

func WithRequeueDelay ¶

func WithRequeueDelay(delay time.Duration) ManagerOption

WithRequeueDelay sets a custom requeue delay for certificate provisioning checks. This delay is used when a certificate provisioning operation is not yet complete and needs to be retried (e.g., waiting for CSR approval).

func WithStorageProvider ¶

func WithStorageProvider(store provider.StorageFactory) ManagerOption

WithStorageProvider registers a storage factory with the manager. Storage factories create certificate storage providers (filesystem, etc.) that handle writing certificates and private keys to their final destinations.

type RetryQueue ¶

type RetryQueue[T any] struct {
	// contains filtered or unexported fields
}

RetryQueue represents a generic queue that processes items using a handler, supports delayed requeue for failed operations, and stops gracefully on context cancellation. It provides at-least-once delivery semantics with exponential backoff capabilities.

func NewRetryQueue ¶

func NewRetryQueue[T any](handler HandlerFunc[T]) *RetryQueue[T]

NewRetryQueue creates a new RetryQueue with the given handler function. The handler will be called for each item in the queue and can control retry behavior.

func (*RetryQueue[T]) Add ¶

func (q *RetryQueue[T]) Add(item T)

Add inserts a new item into the queue with attempt 0. This is the main entry point for adding items to be processed.

func (*RetryQueue[T]) RunWorker ¶

func (q *RetryQueue[T]) RunWorker(ctx context.Context)

RunWorker starts the worker loop to process items until context is canceled. This method blocks and should be run in a goroutine. It processes items sequentially and handles retry logic based on handler return values.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
provider
config
provisioner
storage

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL