mtls

package

v0.15.0 Latest Latest Go to latest Published: Jul 4, 2023 License: MPL-2.0 Imports: 32 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/weaveworks/tf-controller

Links

Open Source Insights

Documentation ¶

Index ¶

func AddRotator(_ context.Context, mgr manager.Manager, cr *CertRotator) error
func GetGRPCClientCredentials(secret *corev1.Secret) (credentials.TransportCredentials, error)
func GetGRPCServerCredentials(secret *corev1.Secret) (credentials.TransportCredentials, error)
func RunnerServe(namespace, addr string, tlsSecretName string, sigterm chan os.Signal, ...) error
func StartGRPCServerForTesting(server *runner.TerraformRunnerServer, namespace string, addr string, ...) error
func ValidCert(caCert, cert, key []byte, dnsName string, keyUsages *[]x509.ExtKeyUsage, ...) (bool, error)
type CertRotator
type KeyPairArtifacts
type PartialManager
type Trigger
type TriggerResult

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func AddRotator ¶

func AddRotator(_ context.Context, mgr manager.Manager, cr *CertRotator) error

AddRotator adds the CertRotator and ReconcileWH to the manager.

func GetGRPCClientCredentials ¶

func GetGRPCClientCredentials(secret *corev1.Secret) (credentials.TransportCredentials, error)

GetGRPCClientCredentials returns transport credentials for a client connection

func GetGRPCServerCredentials ¶

func GetGRPCServerCredentials(secret *corev1.Secret) (credentials.TransportCredentials, error)

GetGRPCServerCredentials returns transport credentials for a server

func RunnerServe ¶

func RunnerServe(namespace, addr string, tlsSecretName string, sigterm chan os.Signal, maxMessageSizeInMiB int) error

func StartGRPCServerForTesting ¶

func StartGRPCServerForTesting(server *runner.TerraformRunnerServer, namespace string, addr string, mgr controllerruntime.Manager, rotator *CertRotator) error

StartGRPCServerForTesting should be used only for testing

func ValidCert ¶

func ValidCert(caCert, cert, key []byte, dnsName string, keyUsages *[]x509.ExtKeyUsage, at time.Time) (bool, error)

Types ¶

type CertRotator ¶

type CertRotator struct {
	Ready chan struct{}

	CAName             string
	CAOrganization     string
	DNSName            string
	CAValidityDuration time.Duration
	// CertValidityDuration   time.Duration
	RotationCheckFrequency time.Duration
	LookaheadInterval      time.Duration

	TriggerCARotation             chan Trigger // trigger the CA rotation
	TriggerNamespaceTLSGeneration chan Trigger // trigger namespace TLS generation

	ClusterDomain string
	// contains filtered or unexported fields
}

CertRotator contains cert artifacts and a channel to close when the certs are ready.

func (*CertRotator) GetKnownNamespaceTLS ¶ added in v0.14.2

func (cr *CertRotator) GetKnownNamespaceTLS(namespace string) (*TriggerResult, bool)

GetKnownNamespaceTLS returns the TriggerResult for the given namespace.

func (*CertRotator) GetKnownNamespaces ¶ added in v0.14.2

func (cr *CertRotator) GetKnownNamespaces() []string

GetKnownNamespaces returns all the keys (namespaces) in knownNamespaceTLSMap.

func (*CertRotator) GetRunnerTLSSecretName ¶ added in v0.10.0

func (cr *CertRotator) GetRunnerTLSSecretName() (string, error)

GetRunnerTLSSecretName returns the name of the TLS Secret. It is used by the controller to tell the runner the name of TLS.

func (*CertRotator) IsCAValid ¶ added in v0.10.0

func (cr *CertRotator) IsCAValid() (bool, error)

IsCAValid checks that the CA[n-1] is valid.

func (*CertRotator) ResetCACache ¶ added in v0.10.0

func (cr *CertRotator) ResetCACache()

func (*CertRotator) SetKnownNamespaceTLS ¶ added in v0.14.2

func (cr *CertRotator) SetKnownNamespaceTLS(namespace string, result *TriggerResult)

SetKnownNamespaceTLS sets the TriggerResult for the given namespace.

func (*CertRotator) Start ¶

func (cr *CertRotator) Start(ctx context.Context) error

Start starts the CertRotator runnable to rotate certs and ensure the certs are ready.

type KeyPairArtifacts ¶

type KeyPairArtifacts struct {
	Cert    *x509.Certificate
	Key     *rsa.PrivateKey
	CertPEM []byte
	KeyPEM  []byte
	// contains filtered or unexported fields
}

KeyPairArtifacts stores cert artifacts.

type PartialManager ¶ added in v0.10.0

type PartialManager interface {
	GetConfig() *rest.Config
	GetScheme() *runtime.Scheme
	GetRESTMapper() meta.RESTMapper
	Elected() <-chan struct{}
}

PartialManager is a subset of the manager.Manager interface that is used by the CertRotator.

type Trigger ¶ added in v0.10.0

type Trigger struct {
	Namespace string
	Ready     chan *TriggerResult
}

type TriggerResult ¶ added in v0.10.0

type TriggerResult struct {
	Secret *corev1.Secret
	Err    error
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL