pki

package
v0.5.3-release Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 18, 2021 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// NodeSelfSignerTemplate is the template used for self-signer resources
	NodeSelfSignerTemplate = "%s-self-signer"

	NodeCACertTemplate = "%s-ca-certificate"
	// NodeServerCertTemplate is the template used for node certificate resources
	NodeServerCertTemplate = "%s-%d-server-certificate"
	// NodeIssuerTemplate is the template used for node issuer resources
	NodeIssuerTemplate = "%s-issuer"
	// NodeControllerTemplate is the template used for operator certificate resources
	NodeControllerTemplate = "%s-controller"
	// NodeControllerFQDNTemplate is combined with the above and cluster namespace
	// to create a 'fake' full-name for the controller user
	NodeControllerFQDNTemplate = "%s.%s.mgt.%s"
	//
	SpiffeIdTemplate = "spiffe://%s/ns/%s/nifiuser/%s"
	// CAIntermediateTemplate is the template used for intermediate CA resources
	CAIntermediateTemplate = "%s-intermediate.%s"
	// CAFQDNTemplate is the template used for the FQDN of a CA
	CAFQDNTemplate = "%s-ca.%s.%s"
)

Variables

This section is empty.

Functions

func ClusterDNSNames

func ClusterDNSNames(cluster *v1alpha1.NifiCluster, nodeId int32) (names []string)

clusterDNSNames returns all the possible DNS Names for a NiFi Cluster

func ControllerUserForCluster

func ControllerUserForCluster(cluster *v1alpha1.NifiCluster) *v1alpha1.NifiUser

ControllerUserForCluster returns a NifiUser CR for the controller/cc certificates in a NifiCluster

func GetInternalDNSNames

func GetInternalDNSNames(cluster *v1alpha1.NifiCluster, nodeId int32) (dnsNames []string)

GetInternalDNSNames returns all potential DNS names for a nifi cluster - including nodes

func GetNodeUserName

func GetNodeUserName(cluster *v1alpha1.NifiCluster, nodeId int32) string

func LabelsForNifiPKI

func LabelsForNifiPKI(name string) map[string]string

LabelsForNifiPKI returns kubernetes labels for a PKI object

func NodeUsersForCluster

func NodeUsersForCluster(cluster *v1alpha1.NifiCluster, additionalHostnames []string) []*v1alpha1.NifiUser

NodeUsersForCluster returns a NifiUser CR for the node certificates in a NifiCluster

Types

type Manager

type Manager interface {
	// ReconcilePKI ensures a PKI for a nifi cluster - should be idempotent.
	// This method should at least setup any issuer needed for user certificates
	// as well as node secrets
	ReconcilePKI(ctx context.Context, logger logr.Logger, scheme *runtime.Scheme, externalHostnames []string) error

	// FinalizePKI performs any cleanup steps necessary for a PKI backend
	FinalizePKI(ctx context.Context, logger logr.Logger) error

	// ReconcileUserCertificate ensures and returns a user certificate - should be idempotent
	ReconcileUserCertificate(ctx context.Context, user *v1alpha1.NifiUser, scheme *runtime.Scheme) (*UserCertificate, error)

	// FinalizeUserCertificate removes/revokes a user certificate
	FinalizeUserCertificate(ctx context.Context, user *v1alpha1.NifiUser) error

	// GetControllerTLSConfig retrieves a TLS configuration for a controller nifi client
	GetControllerTLSConfig() (*tls.Config, error)
}

Manager is the main interface for objects performing PKI operations

type UserCertificate

type UserCertificate struct {
	CA          []byte
	Certificate []byte
	Key         []byte
}

UserCertificate is a struct representing the key components of a user TLS certificate for use across operations from other packages and internally.

func (*UserCertificate) DN

func (u *UserCertificate) DN() string

DN returns the Distinguished Name of a TLS certificate

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL