provider

package
v1.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 16, 2026 License: Apache-2.0 Imports: 21 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	ProvisionerTypeCSR certmanager.ProvisionerType = "csr"
)
View Source 
const (
	StorageTypeFilesystem certmanager.StorageType = "filesystem"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type CSRProvisioner added in v1.1.0 

type CSRProvisioner struct {
	// contains filtered or unexported fields
}

CSRProvisioner handles certificate provisioning through Certificate Signing Requests. It generates a private key and CSR, submits it to the management server, and polls for approval and certificate issuance. This supports the standard Kubernetes CSR workflow.

func NewCSRProvisioner added in v1.1.0 

func NewCSRProvisioner(deviceName string, csrClient csrClient, identityProvider identity.ExportableProvider, cfg *CSRProvisionerConfig) (*CSRProvisioner, error)

NewCSRProvisioner creates a new CSR provisioner with the specified configuration.

func (*CSRProvisioner) Provision added in v1.1.0 

func (p *CSRProvisioner) Provision(ctx context.Context, _ certmanager.ProvisionRequest) (*certmanager.ProvisionResult, error)

Provision attempts to provision a certificate through the CSR workflow. On first call, it generates a private key and submits a CSR to the server. On subsequent calls, it checks the CSR status and returns the certificate when approved. Returns ready=true when certificate is available, ready=false when still processing.

type CSRProvisionerConfig added in v1.1.0 

type CSRProvisionerConfig struct {
	// Signer is the name of the signer for CSR provisioning
	Signer string `json:"signer"`
	// CommonName is the common name for the certificate
	CommonName string `json:"common-name,omitempty"`
	// Usages specifies a set of key usages requested in the issued certificate (e.g., "clientAuth", "serverAuth")
	Usages []string `json:"usages,omitempty"`
	// ExpirationSeconds requests a specific certificate validity duration (in seconds); signer may ignore
	ExpirationSeconds *int32 `json:"expiration-seconds,omitempty"`
	// IdentityType specifies the type of identity to use for this certificate ("software", "tpm", or empty for default)
	IdentityType string `json:"identity-type,omitempty"`
	// Additional CSR-specific configuration (future extensions)
	Config map[string]interface{} `json:"config,omitempty"`
}

CSRProvisionerConfig defines configuration for Certificate Signing Request (CSR) based provisioning. This provisioner generates a private key and CSR, submits it to the management server, and waits for approval and signing by the certificate authority.

type CSRProvisionerFactory added in v1.1.0 

type CSRProvisionerFactory struct {
	// contains filtered or unexported fields
}

CSRProvisionerFactory implements ProvisionerFactory for CSR-based provisioners. It creates CSR provisioners with device-specific configuration and validates CSR configs.

func NewCSRProvisionerFactory added in v1.1.0 

func NewCSRProvisionerFactory(deviceName string, managementClient csrClient, identityFactory identity.ExportableFactory) *CSRProvisionerFactory

NewCSRProvisionerFactory creates a new CSRProvisionerFactory with the specified dependencies.

func (*CSRProvisionerFactory) New added in v1.1.0 

func (f *CSRProvisionerFactory) New(log certmanager.Logger, cc certmanager.CertificateConfig) (certmanager.ProvisionerProvider, error)

New creates a new CSRProvisioner based on the provided certificate config. It decodes the CSR-specific configuration and performs common name substitution.

func (*CSRProvisionerFactory) Type added in v1.1.0 

func (f *CSRProvisionerFactory) Type() string

Type returns the provisioner type string used as map key in the certificate manager.

func (*CSRProvisionerFactory) Validate added in v1.1.0 

func (f *CSRProvisionerFactory) Validate(log certmanager.Logger, cc certmanager.CertificateConfig) error

Validate checks whether the provided config is valid for a CSR provisioner. It ensures required fields are present and the configuration is properly formatted.

type DropInConfigProvider added in v1.1.0 

type DropInConfigProvider struct {
	// contains filtered or unexported fields
}

DropInConfigProvider reads a base certificate configuration file and merges overrides from a derived ".d" directory. Certificates are keyed by Name; a drop-in with the same certificate name overrides the base definition. Example:

  • Base: /etc/flightctl/certs.yaml
  • Drop-ins dir: /etc/flightctl/certs.d/

All files in the drop-ins dir with .yaml/.yml extensions are applied in lexical order. Only YAML is supported for base and drop-ins.

func NewDropInConfigProvider added in v1.1.0 

func NewDropInConfigProvider(rw fileio.ReadWriter, basePath string) *DropInConfigProvider

NewDropInConfigProvider creates a configuration provider that loads a base YAML config and merges any drop-ins from a derived ".d" directory. Drop-ins override base certificates by matching Name.

func (*DropInConfigProvider) GetCertificateConfigs added in v1.1.0 

func (p *DropInConfigProvider) GetCertificateConfigs() ([]certmanager.CertificateConfig, error)

GetCertificateConfigs loads the base YAML (optional) and merges drop-ins from "<basename>.d/" (e.g., /etc/flightctl/certs.d/). Drop-ins override base by Name.

func (*DropInConfigProvider) Name added in v1.1.0 

func (p *DropInConfigProvider) Name() string

Name returns the unique identifier for this provider, including the base path

type FileSystemStorage added in v1.1.0 

type FileSystemStorage struct {
	// Path where the certificate file will be stored
	CertPath string
	// Path where the private key file will be stored
	KeyPath string
	// contains filtered or unexported fields
}

FileSystemStorage handles certificate storage on the local filesystem. It stores certificates and private keys as managed files with appropriate permissions and supports loading existing certificates from the filesystem.

func NewFileSystemStorage added in v1.1.0 

func NewFileSystemStorage(certPath, keyPath string, rw fileio.ReadWriter, log certmanager.Logger) *FileSystemStorage

NewFileSystemStorage creates a new filesystem storage provider with the specified configuration. It uses the provided file I/O interface and logger for operations.

func (*FileSystemStorage) LoadCertificate added in v1.1.0 

func (fs *FileSystemStorage) LoadCertificate(_ context.Context) (*x509.Certificate, error)

LoadCertificate loads a certificate from the filesystem. It reads the certificate file and parses it as a PEM-encoded X.509 certificate.

func (*FileSystemStorage) Store added in v1.1.0 

func (fs *FileSystemStorage) Store(ctx context.Context, req certmanager.StoreRequest) error

Store stores a certificate and private key to the filesystem. It creates the necessary directories and writes both files with appropriate permissions.

type FileSystemStorageConfig added in v1.1.0 

type FileSystemStorageConfig struct {
	// CertPath is the path where the certificate will be stored
	CertPath string `json:"cert-path"`
	// KeyPath is the path where the private key will be stored
	KeyPath string `json:"key-path"`
}

FileSystemStorageConfig defines configuration for filesystem-based certificate storage. It specifies where certificates and private keys should be stored on the filesystem and what permissions should be applied to the files.

type FileSystemStorageFactory added in v1.1.0 

type FileSystemStorageFactory struct {
	// contains filtered or unexported fields
}

FileSystemStorageFactory implements StorageFactory for filesystem-based certificate storage. It creates filesystem storage providers that store certificates and keys as files on disk.

func NewFileSystemStorageFactory added in v1.1.0 

func NewFileSystemStorageFactory(rw fileio.ReadWriter) *FileSystemStorageFactory

NewFileSystemStorageFactory creates a new filesystem storage factory with the specified file I/O interface.

func (*FileSystemStorageFactory) New added in v1.1.0 

func (f *FileSystemStorageFactory) New(log certmanager.Logger, cc certmanager.CertificateConfig) (certmanager.StorageProvider, error)

New creates a new FileSystemStorage instance from the certificate configuration. It decodes the filesystem-specific configuration and sets appropriate default values.

func (*FileSystemStorageFactory) Type added in v1.1.0 

func (f *FileSystemStorageFactory) Type() string

Type returns the storage type string used as map key in the certificate manager.

func (*FileSystemStorageFactory) Validate added in v1.1.0 

func (f *FileSystemStorageFactory) Validate(log certmanager.Logger, cc certmanager.CertificateConfig) error

Validate checks whether the provided configuration is valid for filesystem storage. It ensures required fields are present and the configuration is properly formatted.

Source Files

View all Source files

Directories

Path Synopsis
common

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.