provider

package

v1.2.0-main Latest Latest Go to latest Published: Jan 29, 2026 License: Apache-2.0 Imports: 21 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/flightctl/flightctl

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type CSRProvisioner
- func NewCSRProvisioner(deviceName string, csrClient csrClient, ...) (*CSRProvisioner, error)
- func (p *CSRProvisioner) Provision(ctx context.Context, _ certmanager.ProvisionRequest) (*certmanager.ProvisionResult, error)
type CSRProvisionerConfig
type CSRProvisionerFactory
- func NewCSRProvisionerFactory(deviceName string, managementClient csrClient, ...) *CSRProvisionerFactory
type DropInConfigProvider
- func NewDropInConfigProvider(rw fileio.ReadWriter, basePath string) *DropInConfigProvider
- func (p *DropInConfigProvider) GetCertificateConfigs() ([]certmanager.CertificateConfig, error)
- func (p *DropInConfigProvider) Name() string
type FileSystemStorage
- func NewFileSystemStorage(certPath, keyPath string, rw fileio.ReadWriter, log certmanager.Logger) *FileSystemStorage
- func (fs *FileSystemStorage) LoadCertificate(_ context.Context) (*x509.Certificate, error)
- func (fs *FileSystemStorage) Store(ctx context.Context, req certmanager.StoreRequest) error
type FileSystemStorageConfig
type FileSystemStorageFactory
- func NewFileSystemStorageFactory(rw fileio.ReadWriter) *FileSystemStorageFactory

Constants ¶

View Source

const (
	ProvisionerTypeCSR certmanager.ProvisionerType = "csr"
)

View Source

const (
	StorageTypeFilesystem certmanager.StorageType = "filesystem"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type CSRProvisioner ¶

type CSRProvisioner struct {
	// contains filtered or unexported fields
}

CSRProvisioner handles certificate provisioning through Certificate Signing Requests. It generates a private key and CSR, submits it to the management server, and polls for approval and certificate issuance. This supports the standard Kubernetes CSR workflow.

func NewCSRProvisioner ¶

func NewCSRProvisioner(deviceName string, csrClient csrClient, identityProvider identity.ExportableProvider, cfg *CSRProvisionerConfig) (*CSRProvisioner, error)

NewCSRProvisioner creates a new CSR provisioner with the specified configuration.

func (*CSRProvisioner) Provision ¶

func (p *CSRProvisioner) Provision(ctx context.Context, _ certmanager.ProvisionRequest) (*certmanager.ProvisionResult, error)

Provision attempts to provision a certificate through the CSR workflow. On first call, it generates a private key and submits a CSR to the server. On subsequent calls, it checks the CSR status and returns the certificate when approved. Returns ready=true when certificate is available, ready=false when still processing.

type CSRProvisionerConfig ¶

type CSRProvisionerConfig struct {
	// Signer is the name of the signer for CSR provisioning
	Signer string `json:"signer"`
	// CommonName is the common name for the certificate
	CommonName string `json:"common-name,omitempty"`
	// Usages specifies a set of key usages requested in the issued certificate (e.g., "clientAuth", "serverAuth")
	Usages []string `json:"usages,omitempty"`
	// ExpirationSeconds requests a specific certificate validity duration (in seconds); signer may ignore
	ExpirationSeconds *int32 `json:"expiration-seconds,omitempty"`
	// IdentityType specifies the type of identity to use for this certificate ("software", "tpm", or empty for default)
	IdentityType string `json:"identity-type,omitempty"`
	// Additional CSR-specific configuration (future extensions)
	Config map[string]interface{} `json:"config,omitempty"`
}

CSRProvisionerConfig defines configuration for Certificate Signing Request (CSR) based provisioning. This provisioner generates a private key and CSR, submits it to the management server, and waits for approval and signing by the certificate authority.

type CSRProvisionerFactory ¶

type CSRProvisionerFactory struct {
	// contains filtered or unexported fields
}

CSRProvisionerFactory implements ProvisionerFactory for CSR-based provisioners. It creates CSR provisioners with device-specific configuration and validates CSR configs.

func NewCSRProvisionerFactory ¶

func NewCSRProvisionerFactory(deviceName string, managementClient csrClient, identityFactory identity.ExportableFactory) *CSRProvisionerFactory

NewCSRProvisionerFactory creates a new CSRProvisionerFactory with the specified dependencies.

func (*CSRProvisionerFactory) New ¶

func (f *CSRProvisionerFactory) New(log certmanager.Logger, cc certmanager.CertificateConfig) (certmanager.ProvisionerProvider, error)

New creates a new CSRProvisioner based on the provided certificate config. It decodes the CSR-specific configuration and performs common name substitution.

func (*CSRProvisionerFactory) Type ¶

func (f *CSRProvisionerFactory) Type() string

Type returns the provisioner type string used as map key in the certificate manager.

func (*CSRProvisionerFactory) Validate ¶

func (f *CSRProvisionerFactory) Validate(log certmanager.Logger, cc certmanager.CertificateConfig) error

Validate checks whether the provided config is valid for a CSR provisioner. It ensures required fields are present and the configuration is properly formatted.

type DropInConfigProvider ¶

type DropInConfigProvider struct {
	// contains filtered or unexported fields
}

DropInConfigProvider reads a base certificate configuration file and merges overrides from a derived ".d" directory. Certificates are keyed by Name; a drop-in with the same certificate name overrides the base definition. Example:

Base: /etc/flightctl/certs.yaml
Drop-ins dir: /etc/flightctl/certs.d/

All files in the drop-ins dir with .yaml/.yml extensions are applied in lexical order. Only YAML is supported for base and drop-ins.

func NewDropInConfigProvider ¶

func NewDropInConfigProvider(rw fileio.ReadWriter, basePath string) *DropInConfigProvider

NewDropInConfigProvider creates a configuration provider that loads a base YAML config and merges any drop-ins from a derived ".d" directory. Drop-ins override base certificates by matching Name.

func (*DropInConfigProvider) GetCertificateConfigs ¶

func (p *DropInConfigProvider) GetCertificateConfigs() ([]certmanager.CertificateConfig, error)

GetCertificateConfigs loads the base YAML (optional) and merges drop-ins from "<basename>.d/" (e.g., /etc/flightctl/certs.d/). Drop-ins override base by Name.

func (*DropInConfigProvider) Name ¶

func (p *DropInConfigProvider) Name() string

Name returns the unique identifier for this provider, including the base path

type FileSystemStorage ¶

type FileSystemStorage struct {
	// Path where the certificate file will be stored
	CertPath string
	// Path where the private key file will be stored
	KeyPath string
	// contains filtered or unexported fields
}

FileSystemStorage handles certificate storage on the local filesystem. It stores certificates and private keys as managed files with appropriate permissions and supports loading existing certificates from the filesystem.

func NewFileSystemStorage ¶

func NewFileSystemStorage(certPath, keyPath string, rw fileio.ReadWriter, log certmanager.Logger) *FileSystemStorage

NewFileSystemStorage creates a new filesystem storage provider with the specified configuration. It uses the provided file I/O interface and logger for operations.

func (*FileSystemStorage) LoadCertificate ¶

func (fs *FileSystemStorage) LoadCertificate(_ context.Context) (*x509.Certificate, error)

LoadCertificate loads a certificate from the filesystem. It reads the certificate file and parses it as a PEM-encoded X.509 certificate.

func (*FileSystemStorage) Store ¶

func (fs *FileSystemStorage) Store(ctx context.Context, req certmanager.StoreRequest) error

Store stores a certificate and private key to the filesystem. It creates the necessary directories and writes both files with appropriate permissions.

type FileSystemStorageConfig ¶

type FileSystemStorageConfig struct {
	// CertPath is the path where the certificate will be stored
	CertPath string `json:"cert-path"`
	// KeyPath is the path where the private key will be stored
	KeyPath string `json:"key-path"`
}

FileSystemStorageConfig defines configuration for filesystem-based certificate storage. It specifies where certificates and private keys should be stored on the filesystem and what permissions should be applied to the files.

type FileSystemStorageFactory ¶

type FileSystemStorageFactory struct {
	// contains filtered or unexported fields
}

FileSystemStorageFactory implements StorageFactory for filesystem-based certificate storage. It creates filesystem storage providers that store certificates and keys as files on disk.

func NewFileSystemStorageFactory ¶

func NewFileSystemStorageFactory(rw fileio.ReadWriter) *FileSystemStorageFactory

NewFileSystemStorageFactory creates a new filesystem storage factory with the specified file I/O interface.

func (*FileSystemStorageFactory) New ¶

func (f *FileSystemStorageFactory) New(log certmanager.Logger, cc certmanager.CertificateConfig) (certmanager.StorageProvider, error)

New creates a new FileSystemStorage instance from the certificate configuration. It decodes the filesystem-specific configuration and sets appropriate default values.

func (*FileSystemStorageFactory) Type ¶

func (f *FileSystemStorageFactory) Type() string

Type returns the storage type string used as map key in the certificate manager.

func (*FileSystemStorageFactory) Validate ¶

func (f *FileSystemStorageFactory) Validate(log certmanager.Logger, cc certmanager.CertificateConfig) error

Validate checks whether the provided configuration is valid for filesystem storage. It ensures required fields are present and the configuration is properly formatted.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
management
common

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL