Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CSRProvisioner ¶
type CSRProvisioner struct {
// contains filtered or unexported fields
}
CSRProvisioner handles certificate provisioning through Certificate Signing Requests. It generates a private key and CSR, submits it to the management server, and polls for approval and certificate issuance. This supports the standard Kubernetes CSR workflow.
func NewCSRProvisioner ¶
func NewCSRProvisioner(deviceName string, csrClient csrClient, identityProvider identity.ExportableProvider, cfg *CSRProvisionerConfig) (*CSRProvisioner, error)
NewCSRProvisioner creates a new CSR provisioner with the specified configuration.
func (*CSRProvisioner) Provision ¶
func (p *CSRProvisioner) Provision(ctx context.Context) (bool, *x509.Certificate, []byte, error)
Provision attempts to provision a certificate through the CSR workflow. On first call, it generates a private key and submits a CSR to the server. On subsequent calls, it checks the CSR status and returns the certificate when approved. Returns ready=true when certificate is available, ready=false when still processing.
type CSRProvisionerConfig ¶
type CSRProvisionerConfig struct {
// Signer is the name of the signer for CSR provisioning
Signer string `json:"signer"`
// CommonName is the common name for the certificate
CommonName string `json:"common-name,omitempty"`
// Usages specifies a set of key usages requested in the issued certificate (e.g., "clientAuth", "serverAuth")
Usages []string `json:"usages,omitempty"`
// ExpirationSeconds requests a specific certificate validity duration (in seconds); signer may ignore
ExpirationSeconds *int32 `json:"expiration-seconds,omitempty"`
// IdentityType specifies the type of identity to use for this certificate ("software", "tpm", or empty for default)
IdentityType string `json:"identity-type,omitempty"`
// Additional CSR-specific configuration (future extensions)
Config map[string]interface{} `json:"config,omitempty"`
}
CSRProvisionerConfig defines configuration for Certificate Signing Request (CSR) based provisioning. This provisioner generates a private key and CSR, submits it to the management server, and waits for approval and signing by the certificate authority.
type CSRProvisionerFactory ¶
type CSRProvisionerFactory struct {
// contains filtered or unexported fields
}
CSRProvisionerFactory implements ProvisionerFactory for CSR-based provisioners. It creates CSR provisioners with device-specific configuration and validates CSR configs.
func NewCSRProvisionerFactory ¶
func NewCSRProvisionerFactory(deviceName string, managementClient csrClient, identityFactory identity.ExportableFactory) *CSRProvisionerFactory
NewCSRProvisionerFactory creates a new CSRProvisionerFactory with the specified dependencies.
func (*CSRProvisionerFactory) New ¶
func (f *CSRProvisionerFactory) New(log provider.Logger, cc provider.CertificateConfig) (provider.ProvisionerProvider, error)
New creates a new CSRProvisioner based on the provided certificate config. It decodes the CSR-specific configuration and performs common name substitution.
func (*CSRProvisionerFactory) Type ¶
func (f *CSRProvisionerFactory) Type() string
Type returns the provisioner type string used as map key in the certificate manager.
func (*CSRProvisionerFactory) Validate ¶
func (f *CSRProvisionerFactory) Validate(log provider.Logger, cc provider.CertificateConfig) error
Validate checks whether the provided config is valid for a CSR provisioner. It ensures required fields are present and the configuration is properly formatted.
type SelfSignedProvisioner ¶
type SelfSignedProvisioner struct {
// contains filtered or unexported fields
}
SelfSignedProvisioner creates self-signed certificates using a temporary certificate authority. It generates a new CA for each certificate request and uses it to sign the client certificate. This is primarily intended for testing and development scenarios.
func NewSelfSignedProvisioner ¶
func NewSelfSignedProvisioner(cfg *SelfSignedProvisionerConfig, rw fileio.ReadWriter, log provider.Logger) (*SelfSignedProvisioner, error)
NewSelfSignedProvisioner creates a new self-signed provisioner with the specified configuration. It initializes the provisioner but doesn't generate the certificate until Provision is called.
func (*SelfSignedProvisioner) Provision ¶
func (p *SelfSignedProvisioner) Provision(ctx context.Context) (bool, *x509.Certificate, []byte, error)
Provision generates a self-signed certificate using a temporary certificate authority. It creates a new CA, generates a private key and CSR, then uses the CA to sign the certificate. This method always returns ready=true since self-signed certificates are generated synchronously.
type SelfSignedProvisionerConfig ¶
type SelfSignedProvisionerConfig struct {
// Common name for the certificate
CommonName string `json:"common-name"`
// Certificate validity period in seconds
ExpirationSeconds int `json:"expiration-seconds,omitempty"`
}
SelfSignedProvisionerConfig defines configuration for self-signed certificate provisioning. This provisioner creates a temporary certificate authority and uses it to sign certificates for testing, development, or bootstrap scenarios where no external CA is available.
type SelfSignedProvisionerFactory ¶
type SelfSignedProvisionerFactory struct {
// contains filtered or unexported fields
}
SelfSignedProvisionerFactory implements ProvisionerFactory for self-signed provisioners. It creates self-signed provisioners that generate certificates using temporary certificate authorities.
func NewSelfSignedProvisionerFactory ¶
func NewSelfSignedProvisionerFactory(rw fileio.ReadWriter) *SelfSignedProvisionerFactory
NewSelfSignedProvisionerFactory creates a new self-signed provisioner factory. This factory is stateless and requires no external dependencies.
func (*SelfSignedProvisionerFactory) New ¶
func (f *SelfSignedProvisionerFactory) New(log provider.Logger, cc provider.CertificateConfig) (provider.ProvisionerProvider, error)
New creates a new SelfSignedProvisioner based on the provided certificate config. It decodes the self-signed specific configuration and sets default values as needed.
func (*SelfSignedProvisionerFactory) Type ¶
func (f *SelfSignedProvisionerFactory) Type() string
Type returns the provisioner type string used as map key in the certificate manager.
func (*SelfSignedProvisionerFactory) Validate ¶
func (f *SelfSignedProvisionerFactory) Validate(log provider.Logger, cc provider.CertificateConfig) error
Validate checks whether the provided config is valid for a self-signed provisioner. It ensures the configuration can be properly decoded and contains valid settings.