provisioner

package
v1.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 7, 2026 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type CSRProvisioner

type CSRProvisioner struct {
	// contains filtered or unexported fields
}

CSRProvisioner handles certificate provisioning through Certificate Signing Requests. It generates a private key and CSR, submits it to the management server, and polls for approval and certificate issuance. This supports the standard Kubernetes CSR workflow.

func NewCSRProvisioner

func NewCSRProvisioner(deviceName string, csrClient csrClient, identityProvider identity.ExportableProvider, cfg *CSRProvisionerConfig) (*CSRProvisioner, error)

NewCSRProvisioner creates a new CSR provisioner with the specified configuration.

func (*CSRProvisioner) Provision

func (p *CSRProvisioner) Provision(ctx context.Context) (bool, *x509.Certificate, []byte, error)

Provision attempts to provision a certificate through the CSR workflow. On first call, it generates a private key and submits a CSR to the server. On subsequent calls, it checks the CSR status and returns the certificate when approved. Returns ready=true when certificate is available, ready=false when still processing.

type CSRProvisionerConfig

type CSRProvisionerConfig struct {
	// Signer is the name of the signer for CSR provisioning
	Signer string `json:"signer"`
	// CommonName is the common name for the certificate
	CommonName string `json:"common-name,omitempty"`
	// Usages specifies a set of key usages requested in the issued certificate (e.g., "clientAuth", "serverAuth")
	Usages []string `json:"usages,omitempty"`
	// ExpirationSeconds requests a specific certificate validity duration (in seconds); signer may ignore
	ExpirationSeconds *int32 `json:"expiration-seconds,omitempty"`
	// IdentityType specifies the type of identity to use for this certificate ("software", "tpm", or empty for default)
	IdentityType string `json:"identity-type,omitempty"`
	// Additional CSR-specific configuration (future extensions)
	Config map[string]interface{} `json:"config,omitempty"`
}

CSRProvisionerConfig defines configuration for Certificate Signing Request (CSR) based provisioning. This provisioner generates a private key and CSR, submits it to the management server, and waits for approval and signing by the certificate authority.

type CSRProvisionerFactory

type CSRProvisionerFactory struct {
	// contains filtered or unexported fields
}

CSRProvisionerFactory implements ProvisionerFactory for CSR-based provisioners. It creates CSR provisioners with device-specific configuration and validates CSR configs.

func NewCSRProvisionerFactory

func NewCSRProvisionerFactory(deviceName string, managementClient csrClient, identityFactory identity.ExportableFactory) *CSRProvisionerFactory

NewCSRProvisionerFactory creates a new CSRProvisionerFactory with the specified dependencies.

func (*CSRProvisionerFactory) New

New creates a new CSRProvisioner based on the provided certificate config. It decodes the CSR-specific configuration and performs common name substitution.

func (*CSRProvisionerFactory) Type

func (f *CSRProvisionerFactory) Type() string

Type returns the provisioner type string used as map key in the certificate manager.

func (*CSRProvisionerFactory) Validate

Validate checks whether the provided config is valid for a CSR provisioner. It ensures required fields are present and the configuration is properly formatted.

type SelfSignedProvisioner

type SelfSignedProvisioner struct {
	// contains filtered or unexported fields
}

SelfSignedProvisioner creates self-signed certificates using a temporary certificate authority. It generates a new CA for each certificate request and uses it to sign the client certificate. This is primarily intended for testing and development scenarios.

func NewSelfSignedProvisioner

func NewSelfSignedProvisioner(cfg *SelfSignedProvisionerConfig, rw fileio.ReadWriter, log provider.Logger) (*SelfSignedProvisioner, error)

NewSelfSignedProvisioner creates a new self-signed provisioner with the specified configuration. It initializes the provisioner but doesn't generate the certificate until Provision is called.

func (*SelfSignedProvisioner) Provision

func (p *SelfSignedProvisioner) Provision(ctx context.Context) (bool, *x509.Certificate, []byte, error)

Provision generates a self-signed certificate using a temporary certificate authority. It creates a new CA, generates a private key and CSR, then uses the CA to sign the certificate. This method always returns ready=true since self-signed certificates are generated synchronously.

type SelfSignedProvisionerConfig

type SelfSignedProvisionerConfig struct {
	// Common name for the certificate
	CommonName string `json:"common-name"`
	// Certificate validity period in seconds
	ExpirationSeconds int `json:"expiration-seconds,omitempty"`
}

SelfSignedProvisionerConfig defines configuration for self-signed certificate provisioning. This provisioner creates a temporary certificate authority and uses it to sign certificates for testing, development, or bootstrap scenarios where no external CA is available.

type SelfSignedProvisionerFactory

type SelfSignedProvisionerFactory struct {
	// contains filtered or unexported fields
}

SelfSignedProvisionerFactory implements ProvisionerFactory for self-signed provisioners. It creates self-signed provisioners that generate certificates using temporary certificate authorities.

func NewSelfSignedProvisionerFactory

func NewSelfSignedProvisionerFactory(rw fileio.ReadWriter) *SelfSignedProvisionerFactory

NewSelfSignedProvisionerFactory creates a new self-signed provisioner factory. This factory is stateless and requires no external dependencies.

func (*SelfSignedProvisionerFactory) New

New creates a new SelfSignedProvisioner based on the provided certificate config. It decodes the self-signed specific configuration and sets default values as needed.

func (*SelfSignedProvisionerFactory) Type

Type returns the provisioner type string used as map key in the certificate manager.

func (*SelfSignedProvisionerFactory) Validate

Validate checks whether the provided config is valid for a self-signed provisioner. It ensures the configuration can be properly decoded and contains valid settings.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL