core

package
v0.20.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 19, 2026 License: Apache-2.0 Imports: 21 Imported by: 1

Documentation

Index

Constants

View Source 
const (
	// ACMEType is the type name for ACME.
	ACMEType = "acme"
	// CAType is the type name for CA.
	CAType = "ca"
)
View Source 
const (
	// AnnotationClass is the annotation to set the cert class.
	AnnotationClass = "cert.gardener.cloud/class"
)

Variables

This section is empty.

Functions

func DomainsString 

func DomainsString(domains []string) string

DomainsString creates a comma separated string.

func IsSameExistingRegistration 

func IsSameExistingRegistration(raw *runtime.RawExtension, realSecretHash string) bool

IsSameExistingRegistration returns true if status ACME has same secret hash.

func NormalizeNamespace 

func NormalizeNamespace(namespace string) string

NormalizeNamespace returns the namespace or "default" for an empty input.

func ObjectKeyFromSecretReference 

func ObjectKeyFromSecretReference(secretRef *corev1.SecretReference) client.ObjectKey

ObjectKeyFromSecretReference returns an ObjectKey for a secret reference.

func WrapRegistration 

func WrapRegistration(raw []byte, secretHash string) ([]byte, error)

WrapRegistration wraps registration.

func WrapRegistrationFromResource 

func WrapRegistrationFromResource(raw []byte) (*wrappedRegistration, error)

WrapRegistrationFromResource unmarshalls a wrapped registration.

Types

type AssociatedObjects 

type AssociatedObjects struct {
	// contains filtered or unexported fields
}

AssociatedObjects stores bidi-associations between issuer and associated certificates.

func NewAssociatedObjects 

func NewAssociatedObjects() *AssociatedObjects

NewAssociatedObjects creates an AssociatedObjects

func (*AssociatedObjects) AddAssoc 

func (ao *AssociatedObjects) AddAssoc(issuer IssuerKey, cert client.ObjectKey)

AddAssoc adds an association.

func (*AssociatedObjects) AllIssuers 

func (ao *AssociatedObjects) AllIssuers() []IssuerKey

AllIssuers returns all sources.

func (*AssociatedObjects) CertificateCount 

func (ao *AssociatedObjects) CertificateCount(issuer IssuerKey) int

CertificateCount counts the certificates for the given issuer.

func (*AssociatedObjects) Certificates 

func (ao *AssociatedObjects) Certificates(issuer IssuerKey) []client.ObjectKey

Certificates returns all certificates for the given issuer.

func (*AssociatedObjects) RemoveByCertificate 

func (ao *AssociatedObjects) RemoveByCertificate(cert client.ObjectKey)

RemoveByCertificate removes an association by dest.

func (*AssociatedObjects) RemoveByIssuer 

func (ao *AssociatedObjects) RemoveByIssuer(issuer IssuerKey)

RemoveByIssuer removes an association by issuer.

type IssuerDNSSelections 

type IssuerDNSSelections struct {
	// contains filtered or unexported fields
}

IssuerDNSSelections stores last known DNS selection for an issuer

func NewIssuerDNSSelections 

func NewIssuerDNSSelections() *IssuerDNSSelections

NewIssuerDNSSelections creates an IssuerDNSSelections

func (*IssuerDNSSelections) Add 

func (s *IssuerDNSSelections) Add(key IssuerKey, sel *v1alpha1.DNSSelection)

Add adds a DNS selection

func (*IssuerDNSSelections) GetAll 

func (s *IssuerDNSSelections) GetAll() map[IssuerKey]*v1alpha1.DNSSelection

GetAll returns a map with all selections

func (*IssuerDNSSelections) GetSelection 

func (s *IssuerDNSSelections) GetSelection(key IssuerKey) *v1alpha1.DNSSelection

GetSelection returns the selection for the given key.

func (*IssuerDNSSelections) Issuers 

func (s *IssuerDNSSelections) Issuers() []IssuerKey

Issuers returns all issuer keys.

func (*IssuerDNSSelections) Remove 

func (s *IssuerDNSSelections) Remove(key IssuerKey)

Remove removes a DNS selection

type IssuerHandler 

type IssuerHandler interface {
	Type() string
	CanReconcile(issuer *v1alpha1.Issuer) bool
	Reconcile(ctx context.Context, log logr.Logger, issuer *v1alpha1.Issuer) (reconcile.Result, error)
	Delete(ctx context.Context, log logr.Logger, issuer *v1alpha1.Issuer) (reconcile.Result, error)
}

IssuerHandler can reconcile issuers.

type IssuerHandlerFactory 

type IssuerHandlerFactory func(support *Support) (IssuerHandler, error)

IssuerHandlerFactory is a function type to create an issuer handler

type IssuerKey 

type IssuerKey struct {
	client.ObjectKey
	// contains filtered or unexported fields
}

IssuerKey provides object key and cluster of an issuer.

func NewIssuerKey 

func NewIssuerKey(key client.ObjectKey, secondary bool) IssuerKey

NewIssuerKey creates key for an issuer.

func (IssuerKey) Cluster 

func (k IssuerKey) Cluster() shared.Cluster

Cluster provides cluster (from CML).

func (IssuerKey) Name 

func (k IssuerKey) Name() string

Name provides issuer name.

func (IssuerKey) Namespace 

func (k IssuerKey) Namespace() string

Namespace provides issuer namespace.

func (IssuerKey) Secondary 

func (k IssuerKey) Secondary() bool

Secondary returns true if issuer is from secondary cluster.

func (IssuerKey) String 

func (k IssuerKey) String() string

type Quotas 

type Quotas struct {
	// contains filtered or unexported fields
}

Quotas stores references issuer quotas.

func NewQuotas 

func NewQuotas() *Quotas

NewQuotas create a Quotas

func (*Quotas) RememberQuotas 

func (q *Quotas) RememberQuotas(issuerKey IssuerKey, requestsPerDay int)

RememberQuotas stores the requests per days quota and creates a new ratelimiter if the quota changed.

func (*Quotas) RemoveIssuer 

func (q *Quotas) RemoveIssuer(issuerKey IssuerKey)

RemoveIssuer removes all secretRefs for an issuer.

func (*Quotas) RequestsPerDay 

func (q *Quotas) RequestsPerDay(issuerName IssuerKey) int

RequestsPerDay gets the request per day quota

func (*Quotas) TryAccept 

func (q *Quotas) TryAccept(issuerKey IssuerKey) (bool, int)

TryAccept tries to accept a certificate request according to the quotas. Returns true if accepted and the requests per days quota value

type RecoverableError 

type RecoverableError struct {
	Msg      string
	Interval time.Duration
}

RecoverableError is a recoverable error, i.e. reconcile after same backoff may help

func (*RecoverableError) Error 

func (err *RecoverableError) Error() string

type ReferencedSecrets 

type ReferencedSecrets struct {
	// contains filtered or unexported fields
}

ReferencedSecrets stores references between issuers and their secrets.

func NewReferencedSecrets 

func NewReferencedSecrets() *ReferencedSecrets

NewReferencedSecrets create a ReferencedSecrets

func (*ReferencedSecrets) GetIssuerSecretHash 

func (rs *ReferencedSecrets) GetIssuerSecretHash(issuerKey IssuerKey) string

GetIssuerSecretHash gets the for an issuer secret

func (*ReferencedSecrets) IssuerNamesFor 

func (rs *ReferencedSecrets) IssuerNamesFor(secretKey SecretKey) sets.Set[IssuerKey]

IssuerNamesFor finds issuers for given secret name.

func (*ReferencedSecrets) RememberIssuerSecret 

func (rs *ReferencedSecrets) RememberIssuerSecret(issuerKey IssuerKey, secretRef *v1.SecretReference, hash string) bool

RememberIssuerSecret stores a secretRef for an issuer.

func (*ReferencedSecrets) RemoveIssuer 

func (rs *ReferencedSecrets) RemoveIssuer(issuerKey IssuerKey) bool

RemoveIssuer removes all secretRefs for an issuer.

type SecretKey 

type SecretKey struct {
	client.ObjectKey
	// contains filtered or unexported fields
}

SecretKey provides object key and cluster of a secret

func NewSecretKey 

func NewSecretKey(key client.ObjectKey, secondary bool) SecretKey

NewSecretKey creates key for a secret.

func (SecretKey) IsFromSecondaryCluster 

func (k SecretKey) IsFromSecondaryCluster() bool

IsFromSecondaryCluster returns true if secret is from secondary cluster.

type Support 

type Support struct {
	// contains filtered or unexported fields
}

Support provides common issuer/credentials functionality.

func NewHandlerSupport 

func NewHandlerSupport(defaultIssuerName string, issuerNamespace string, defaultRequestsPerDayQuota int) (*Support, error)

NewHandlerSupport creates the shared Support object

func (*Support) AddCertificate 

func (s *Support) AddCertificate(cert *v1alpha1.Certificate)

AddCertificate adds a certificate

func (*Support) AddIssuerDomains 

func (s *Support) AddIssuerDomains(issuerKey IssuerKey, sel *v1alpha1.DNSSelection)

AddIssuerDomains remembers the DNS selection for an ACME issuer

func (*Support) CalcSecretHash 

func (s *Support) CalcSecretHash(secret *corev1.Secret) string

CalcSecretHash calculates the secret hash If real is true, precalculated hash value of `IssuerSecretHashKey` is ignored

func (*Support) CertificateNamesForIssuer 

func (s *Support) CertificateNamesForIssuer(key IssuerKey) []client.ObjectKey

CertificateNamesForIssuer returns the certificate names for an issuer

func (*Support) ClearCertRenewalOverdue 

func (s *Support) ClearCertRenewalOverdue(certName client.ObjectKey)

ClearCertRenewalOverdue clears a certificate object as renewal overdue

func (*Support) ClearCertRevoked 

func (s *Support) ClearCertRevoked(certName client.ObjectKey)

ClearCertRevoked clears a certificate object as revoked

func (*Support) FindIssuerKeyByName 

func (s *Support) FindIssuerKeyByName(namespace, issuerName string) *IssuerKey

FindIssuerKeyByName tries to find an issuer key on target or default cluster

func (*Support) GetAllRenewalOverdue 

func (s *Support) GetAllRenewalOverdue() []client.ObjectKey

GetAllRenewalOverdue gets all certificate object object names which are renewal overdue

func (*Support) GetAllRevoked 

func (s *Support) GetAllRevoked() []client.ObjectKey

GetAllRevoked gets all certificate object keys which are revoked

func (*Support) GetIssuerSecretHash 

func (s *Support) GetIssuerSecretHash(issuer IssuerKey) string

GetIssuerSecretHash returns the issuer secret hash code

func (*Support) IssuerKeyFromCertSpec 

func (s *Support) IssuerKeyFromCertSpec(spec *v1alpha1.CertificateSpec) IssuerKey

IssuerKeyFromCertSpec returns either the specified issuer or it tries to find a matching issuer by matching domains. It tries to find the issuer first on the target cluster, then on the default cluster

func (*Support) IssuerNamesForSecretOrEABSecret 

func (s *Support) IssuerNamesForSecretOrEABSecret(key SecretKey) sets.Set[IssuerKey]

IssuerNamesForSecretOrEABSecret returns issuer names for a secret name

func (*Support) LoadEABHmacKey 

func (s *Support) LoadEABHmacKey(ctx context.Context, client client.Client, issuerKey IssuerKey, acme *v1alpha1.ACMESpec) (string, string, error)

LoadEABHmacKey reads the external account binding MAC key from the referenced secret

func (*Support) RememberIssuerEABSecret 

func (s *Support) RememberIssuerEABSecret(issuerKey IssuerKey, secretRef *corev1.SecretReference, hash string)

RememberIssuerEABSecret stores issuer EAB secret ref pair.

func (*Support) RememberIssuerQuotas 

func (s *Support) RememberIssuerQuotas(issuerKey IssuerKey, issuerRequestsPerDay *int) int

RememberIssuerQuotas stores the issuer quotas.

func (*Support) RememberIssuerSecret 

func (s *Support) RememberIssuerSecret(issuerKey IssuerKey, secretRef *corev1.SecretReference, hash string)

RememberIssuerSecret stores issuer secret ref pair.

func (*Support) RemoveCertificate 

func (s *Support) RemoveCertificate(certObjName client.ObjectKey)

RemoveCertificate removes a certificate

func (*Support) RemoveIssuer 

func (s *Support) RemoveIssuer(issuerKey IssuerKey) bool

RemoveIssuer removes an issuer

func (*Support) SetCertRenewalOverdue 

func (s *Support) SetCertRenewalOverdue(certName client.ObjectKey)

SetCertRenewalOverdue sets a certificate object as renewal overdue

func (*Support) SetCertRevoked 

func (s *Support) SetCertRevoked(certName client.ObjectKey)

SetCertRevoked sets a certificate object as revoked

func (*Support) TryAcceptCertificateRequest 

func (s *Support) TryAcceptCertificateRequest(issuer IssuerKey) (bool, int)

TryAcceptCertificateRequest tries to accept a certificate request according to the quotas. Return true if accepted and the requests per days quota value

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.