Documentation ¶
Index ¶
Constants ¶
const (
DefaultFilepath = "./playbook.yaml"
)
const (
// JKSMinPasswordLength represents the minimum length a JKS password must have per the JKS specification
JKSMinPasswordLength = 6
)
Variables ¶
var ( // ErrNoConfig is thrown when the Playbook has no config section ErrNoConfig = fmt.Errorf("no config found on playbook") // ErrNoTasks is thrown when the Playbook has no certificateTasks section ErrNoTasks = fmt.Errorf("no certificate tasks found on playbook") // ErrNoInstallations is thrown when any task (item in Certificates section) has no installations defined ErrNoInstallations = fmt.Errorf("no installations found on certificate task") // ErrNoRequestZone is thrown when a certificate request is specified without a zone ErrNoRequestZone = fmt.Errorf("request.zone is required and was not found") // ErrNoRequestCN si thrown when a certificate request does not contain subject.CommonName ErrNoRequestCN = fmt.Errorf("request.subject.commonName is required and was not found") // ErrNoCredentials is thrown when the Playbook has no config section ErrNoCredentials = fmt.Errorf("no credentials defined on playbook") // ErrMultipleCredentials is thrown when the config.credentials section has both apikey and accessToken declared ErrMultipleCredentials = fmt.Errorf("credentials for multiple platforms set. Only one of ApiKey or AccessToken/RefreshToken pair should be declared") // ErrNoTPPURL is thrown when accessToken and/or refreshToken are declared in config.credentials but no url is specified ErrNoTPPURL = fmt.Errorf("no url defined. TPP platform requires an url to the TPP instance") // ErrTrustBundleNotExist is thrown when config.trustBundle is set but the path does not exist or cannot be read ErrTrustBundleNotExist = fmt.Errorf("trustBundle path does not exist") // ErrNoJKSAlias is thrown when certificates.installations[].type is JKS but no jksAlias is set ErrNoJKSAlias = fmt.Errorf("jksAlias should not be empty when installing a certificate in JKS format") // ErrNoJKSPassword is thrown when certificates.installations[].type is JKS but no jksPassword is set ErrNoJKSPassword = fmt.Errorf("jksPassword should not be empty when installing a certificate in JKS format") // ErrJKSPasswordLength is thrown when certificates.installations[].type is JKS but the jksPassword length is shorter than the minimum required ErrJKSPasswordLength = fmt.Errorf("jksPassword must be at least 6 characters long") // ErrKeyPasswordLength is thrown when certificates.installations[].type is JKS but the keyPassword length is shorter than the minimum required ErrKeyPasswordLength = fmt.Errorf("keyPassword must be at least 6 characters long") // ErrNoP12Password is thrown when certificates.installations[].type is JKS but no jksPassword is set ErrNoP12Password = fmt.Errorf("p12Password should not be empty when installing a certificate in PKCS12 format") // ErrNoChainFile is thrown when certificates.installations[].type is PEM but no pemChainFilename is set ErrNoChainFile = fmt.Errorf("chainFile should not be empty when installing a certificate in PEM format") // ErrNoKeyFile is thrown when certificates.installations[].type is PEM but no pemKeyFilename is set ErrNoKeyFile = fmt.Errorf("keyFile should not be empty when installing a certificate in PEM format") // ErrUndefinedInstallationFormat is thrown when certificates.installations[].type is unknown ErrUndefinedInstallationFormat = fmt.Errorf("unknown installation format specified") // ErrNoInstallationFile is thrown when certificates.installations[].File is not set ErrNoInstallationFile = fmt.Errorf("installation file not specified") // ErrCAPIOnNonWindows is thrown when certificates.installations[].type is CAPI but running on a non-windows build ErrCAPIOnNonWindows = fmt.Errorf("unable to specify CAPI installation type on non-windows system") // ErrNoCAPILocation is thrown when certificates.installations[].format is CAPI but certificates.installations[].location is not set ErrNoCAPILocation = fmt.Errorf("CAPI installation location not specified") // ErrMalformedCAPILocation is thrown when certificates.installations[].type is CAPI but the location is malformed ErrMalformedCAPILocation = fmt.Errorf("invalid CAPI location. Should be in form of 'StoreLocation\\StoreName' (i.e. 'LocalMachine\\My')") // ErrInvalidCAPILocation is thrown when certificates.installations[].type is CAPI but the location is malformed ErrInvalidCAPILocation = fmt.Errorf("invalid CAPI location. Should be either 'LocalMachine' or 'CurrentUser' (i.e. 'LocalMachine\\My')") // ErrInvalidCAPIStoreName is thrown when certificates.installations[].type is CAPI but the location is malformed ErrInvalidCAPIStoreName = fmt.Errorf("invalid CAPI store name. Should contain a valid storeName after the '\\' (i.e. 'LocalMachine\\My')") // WarningLocationFieldDeprecated is thrown when certificates.installations[].type is CAPI but the deprecated location field is set WarningLocationFieldDeprecated = "location field is deprecated and will be removed in a future release. Use capiLocation instead" // WarningNoCAPIFriendlyName is thrown when certificates.installations[].type is CAPI but no friendlyName is set WarningNoCAPIFriendlyName = "no capiFriendlyName defined. It is strongly recommended to define a " + "capiFriendlyName for CAPI installation type. This will become required in a future release" // ErrNoFireflyURL is thrown when platform is Firefly but no url is specified inf config.credentials ErrNoFireflyURL = fmt.Errorf("no url defined. Firefly platform requires an url to the Firefly instance") // ErrNoClientId is thrown when platform is Firefly and no config.credentials.clientId is defined ErrNoClientId = fmt.Errorf("no cliendId defined. Firefly platform requires a clientId to request OAuth2 token") // ErrNoIdentityProviderURL is thrown when platform is Firefly and no config.credentials.tokenURL is defined to request an OAuth2 Token ErrNoIdentityProviderURL = fmt.Errorf("no tokenURL defined in credentials. tokenURL is required to request OAuth2 token") // ErrNoExternalJWT is thrown when platform is TLSPC/VAAS/VCP, a tokenURL has been passed but no config.credentials.externalJWT is set ErrNoExternalJWT = fmt.Errorf("no externalJWT defined in credentials. externalJWT is required to request an access token from VCP") )
Functions ¶
This section is empty.
Types ¶
type Authentication ¶
type Authentication struct { endpoint.Authentication `yaml:"-"` P12Task string `yaml:"p12Task,omitempty"` }
Authentication holds the credentials to connect to Venafi platforms: TPP and TLSPC
func (Authentication) MarshalYAML ¶ added in v5.1.0
func (a Authentication) MarshalYAML() (interface{}, error)
MarshalYAML customizes the behavior of Authentication when being marshaled into a YAML document. The returned value is marshaled in place of the original value implementing Marshaller
func (*Authentication) UnmarshalYAML ¶ added in v5.1.0
func (a *Authentication) UnmarshalYAML(value *yaml.Node) error
UnmarshalYAML customizes the behavior when being unmarshalled from a YAML document
type CertificateTask ¶
type CertificateTask struct { Name string `yaml:"name,omitempty"` Request PlaybookRequest `yaml:"request,omitempty"` Installations Installations `yaml:"installations,omitempty"` RenewBefore string `yaml:"renewBefore,omitempty"` SetEnvVars []string `yaml:"setEnvVars,omitempty"` }
CertificateTask represents a task to be run: A certificate to be requested/renewed and installed in one (or more) location(s)
func (CertificateTask) IsValid ¶
func (task CertificateTask) IsValid() (bool, error)
IsValid returns true if the CertificateTask has the minimum required fields to be run
type CertificateTasks ¶
type CertificateTasks []CertificateTask
CertificateTasks is a slice of CertificateTask
type Config ¶
type Config struct { Connection Connection `yaml:"connection,omitempty"` ForceRenew bool `yaml:"-"` }
Config contains all the values necessary to connect to a given Venafi platform: TPP or TLSPC
type Connection ¶
type Connection struct { Credentials Authentication `yaml:"credentials,omitempty"` Insecure bool `yaml:"insecure,omitempty"` Platform venafi.Platform `yaml:"platform,omitempty"` TrustBundlePath string `yaml:"trustBundle,omitempty"` URL string `yaml:"url,omitempty"` }
Connection represents the issuer that vCert will connect to in order to issue certificates
func (Connection) GetConnectorType ¶
func (c Connection) GetConnectorType() endpoint.ConnectorType
GetConnectorType returns the type of vcert Connector this config will create
func (Connection) IsValid ¶
func (c Connection) IsValid() (bool, error)
IsValid returns true if the Connection is supported by vcert and has the necessary values to connect to the given platform
type Installation ¶
type Installation struct { AfterAction string `yaml:"afterInstallAction,omitempty"` BackupFiles bool `yaml:"backupFiles,omitempty"` CAPIFriendlyName string `yaml:"capiFriendlyName,omitempty"` // In a future version of vCert this will become REQUIRED! CAPIIsNonExportable bool `yaml:"capiIsNonExportable,omitempty"` CAPILocation string `yaml:"capiLocation,omitempty"` // This is an alias for Location ChainFile string `yaml:"chainFile,omitempty"` File string `yaml:"file,omitempty"` InstallValidation string `yaml:"installValidationAction,omitempty"` JKSAlias string `yaml:"jksAlias,omitempty"` JKSPassword string `yaml:"jksPassword,omitempty"` KeyFile string `yaml:"keyFile,omitempty"` KeyPassword string `yaml:"keyPassword,omitempty"` // Deprecated: Location is deprecated in favor of CAPILocation. It will be removed on a future release Location string `yaml:"location,omitempty"` P12Password string `yaml:"p12Password,omitempty"` Type InstallationFormat `yaml:"format,omitempty"` }
Installation represents a location in which a certificate will be installed, along with the format in which it will be installed
func (Installation) IsValid ¶
func (installation Installation) IsValid() (bool, error)
IsValid returns true if the Installation type is supported by vcert
type InstallationFormat ¶
type InstallationFormat int64
InstallationFormat represents the type of installation to be done: PEM, PKCS12, JKS or CAPI (only on Windows environments)
const ( // FormatUnknown represents an invalid InstallationFormat FormatUnknown InstallationFormat = iota // FormatCAPI represents an installation in CAPI store FormatCAPI // FormatJKS represents an installation with the Java KeyStore format FormatJKS // FormatPEM represents an installation with PEM format FormatPEM // FormatPKCS12 represents an installation with the PKCS12 format FormatPKCS12 )
func (InstallationFormat) MarshalYAML ¶
func (it InstallationFormat) MarshalYAML() (interface{}, error)
MarshalYAML customizes the behavior of ChainOption when being marshaled into a YAML document. The returned value is marshaled in place of the original value implementing Marshaller
func (*InstallationFormat) String ¶
func (it *InstallationFormat) String() string
String returns a string representation of this object
func (*InstallationFormat) UnmarshalYAML ¶
func (it *InstallationFormat) UnmarshalYAML(value *yaml.Node) error
UnmarshalYAML customizes the behavior when being unmarshalled from a YAML document
type Playbook ¶
type Playbook struct { CertificateTasks CertificateTasks `yaml:"certificateTasks,omitempty"` Config Config `yaml:"config,omitempty"` Location string `yaml:"-"` }
Playbook represents a set of tasks to run.
The Config object holds the values required to connect to a Venafi platform.
A task includes:
- a Request object that defines the values of the certificate to request
- a list of locations where the certificate will be installed
func NewPlaybook ¶
func NewPlaybook() Playbook
NewPlaybook returns a Playbook with some default values
type PlaybookRequest ¶
type PlaybookRequest struct { CADN string `yaml:"cadn,omitempty"` ChainOption certificate.ChainOption `yaml:"chain,omitempty"` CsrOrigin string `yaml:"csr,omitempty"` CustomFields []certificate.CustomField `yaml:"fields,omitempty"` DNSNames []string `yaml:"sanDNS,omitempty"` EmailAddresses []string `yaml:"sanEmail,omitempty"` FriendlyName string `yaml:"nickname,omitempty"` IPAddresses []string `yaml:"sanIP,omitempty"` IssuerHint util.IssuerHint `yaml:"issuerHint,omitempty"` KeyCurve certificate.EllipticCurve `yaml:"keyCurve,omitempty"` KeyLength int `yaml:"keySize,omitempty"` KeyPassword string `yaml:"-"` KeyType certificate.KeyType `yaml:"keyType,omitempty"` Location certificate.Location `yaml:"location,omitempty"` OmitSANs bool `yaml:"omitSans,omitempty"` Origin string `yaml:"appInfo,omitempty"` Subject Subject `yaml:"subject,omitempty"` Timeout int `yaml:"timeout,omitempty"` UPNs []string `yaml:"sanUPN,omitempty"` URIs []string `yaml:"sanURI,omitempty"` ValidDays string `yaml:"validDays,omitempty"` Zone string `yaml:"zone,omitempty"` }
PlaybookRequest Contains data needed to generate a certificate request CSR is a PEM-encoded Certificate Signing PlaybookRequest
type Subject ¶
type Subject struct { CommonName string `yaml:"commonName,omitempty"` Country string `yaml:"country,omitempty"` Locality string `yaml:"locality,omitempty"` Organization string `yaml:"organization,omitempty"` OrgUnits []string `yaml:"orgUnits,omitempty"` Province string `yaml:"state,omitempty"` }
Subject represents the X.509 distinguished names of the certificate. This only includes the common elements of a DN