shared

package
v0.23.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 20, 2026 License: Apache-2.0 Imports: 8 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// AnnotDNSClass is the annotation for the dns class
	AnnotDNSClass = "dns.gardener.cloud/class"
	// AnnotACMEDNSChallenge is the annotation for marking DNSEntries for DNS challenges
	AnnotACMEDNSChallenge = "cert.gardener.cloud/acme-dns-challenge"
)
View Source 
const (
	// IssuerTypeACME is the issuer type ACME
	IssuerTypeACME = "acme"
	// IssuerTypeCA is the issuer type CA
	IssuerTypeCA = "ca"
	// IssuerTypeSelfSigned is the issuer type selfsigned
	IssuerTypeSelfSigned = "selfSigned"
)

Variables

This section is empty.

Functions

func CheckDNSPropagation 

func CheckDNSPropagation(nameservers []string, fqdn string, values ...string) (bool, error)

CheckDNSPropagation checks if the expected TXT record has been propagated to all authoritative nameservers.

func CreateWrapPreCheckOption 

func CreateWrapPreCheckOption(nameservers []string) dns01.ChallengeOption

CreateWrapPreCheckOption creates lego DNS ChallengeOption for custom Precheck function, checking the DNS propagation of the DNS challenge TXT record.

func ExtractCommonNameAnDNSNames 

func ExtractCommonNameAnDNSNames(csr []byte) (cn *string, san []string, err error)

ExtractCommonNameAnDNSNames extracts values from a CSR (Certificate Signing Request).

func FollowCNAMEs 

func FollowCNAMEs(fqdn string, nameservers []string, fqdnChain ...string) (string, error)

FollowCNAMEs follows the CNAME records and returns the last non-CNAME fully qualified domain name that it finds. Returns an error when a loop is found in the CNAME chain. The argument fqdnChain is used by the function itself to keep track of which fqdns it already encountered and detect loops. Method copied from https://github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/util/wait.go

func MatchesWildcardAnySubdomain added in v0.23.0 

func MatchesWildcardAnySubdomain(host, h string) bool

MatchesWildcardAnySubdomain checks whether 'h' is a wildcard pattern (*.X) that matches 'host' with any level of subdomains.

func MatchesWildcardSingleSubdomain added in v0.23.0 

func MatchesWildcardSingleSubdomain(host, h string) bool

MatchesWildcardSingleSubdomain checks whether 'h' is a wildcard pattern (*.X) that matches 'host' as a single-level subdomain. It returns true only if 'h' starts with "*.", and 'host' has exactly one additional label prepended to the base domain of 'h'. Examples:

  • host: foo.gardener.cloud, h: *.gardener.cloud -> true
  • host: gardener.cloud, h: *.gardener.cloud -> false (host is the base domain itself)
  • host: a.b.gardener.cloud, h: *.gardener.cloud -> false (multi-level subdomain)
  • host: foo.gardener.cloud, h: docs.gardener.cloud -> false (h is not a wildcard)
  • host: example.com, h: *.gardener.cloud -> false (unrelated domain)

func NoPropagationCheckOption 

func NoPropagationCheckOption() dns01.ChallengeOption

NoPropagationCheckOption creates lego DNS ChallengeOption for custom Precheck function, performing no DNS propagation check of the DNS challenge TXT record at all.

func ParseRenewBefore added in v0.23.0 

func ParseRenewBefore(renewBeforeStr string) (*metav1.Duration, error)

ParseRenewBefore parses the renewBefore duration string and returns a *metav1.Duration and an optional error. Returns (nil, error) if the string is invalid or the duration is less than 5 minutes. Returns (nil, nil) if the string is empty. The default of 30 days is applied by the certificate controller if nil is returned.

func PreparePrecheckNameservers 

func PreparePrecheckNameservers(nameservers []string) []string

PreparePrecheckNameservers collects the nameservers for checking DNS propagation. If no nameservers are provided, it tries to read them from `/etc/resolv.conf`, and last resort is to use Google public DNS servers (8.8.8.8 and 8.8.4.4)

Types

type Cluster 

type Cluster int

Cluster is an enum for default and target cluster 

const (
	// ClusterDefault is the default cluster (= secondary)
	ClusterDefault Cluster = iota
	// ClusterTarget is the target cluster (= primary)
	ClusterTarget
)

type IssuerInfo 

type IssuerInfo struct {
	// contains filtered or unexported fields
}

IssuerInfo provides name and type of an issuer

func NewACMEIssuerInfo 

func NewACMEIssuerInfo(key IssuerKeyItf) IssuerInfo

NewACMEIssuerInfo creates info for an ACME issuer

func NewCAIssuerInfo 

func NewCAIssuerInfo(key IssuerKeyItf) IssuerInfo

NewCAIssuerInfo creates info for an CA issuer

func NewSelfSignedIssuerInfo 

func NewSelfSignedIssuerInfo(key IssuerKeyItf) IssuerInfo

NewSelfSignedIssuerInfo creates info for a selfSigned issuer.

func (*IssuerInfo) IssuerType 

func (i *IssuerInfo) IssuerType() string

IssuerType returns the issuer type

func (*IssuerInfo) Key 

func (i *IssuerInfo) Key() IssuerKeyItf

Key returns the issuer key

type IssuerKeyItf 

type IssuerKeyItf interface {
	Name() string
	Namespace() string
	Cluster() Cluster
	Secondary() bool
	String() string
}

IssuerKeyItf abstracts IssuerKey to simplify code reuse.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.