Documentation ¶
Overview ¶
Utility functions for managing HTTPS server certificates and SSH known host entries for ArgoCD
Index ¶
- Constants
- func DecodePEMCertificateToX509(pemData string) (*x509.Certificate, error)
- func GetCertBundlePathForRepository(serverName string) (string, error)
- func GetCertPoolFromPEMData(pemData []string) *x509.CertPool
- func GetCertificateForConnect(serverName string) ([]string, error)
- func GetSSHKnownHostsDataPath() string
- func GetTLSCertificateDataPath() string
- func IsValidHostname(hostname string, fqdn bool) bool
- func IsValidSSHKnownHostsEntry(line string) bool
- func KnownHostsLineToPublicKey(line string) ([]string, ssh.PublicKey, error)
- func MatchHostName(hostname, pattern string) bool
- func ParseSSHKnownHostsFromData(data string) ([]string, error)
- func ParseSSHKnownHostsFromPath(sourceFile string) ([]string, error)
- func ParseSSHKnownHostsFromStream(stream io.Reader) ([]string, error)
- func ParseTLSCertificatesFromData(data string) ([]string, error)
- func ParseTLSCertificatesFromPath(sourceFile string) ([]string, error)
- func ParseTLSCertificatesFromStream(stream io.Reader) ([]string, error)
- func SSHFingerprintSHA256(key ssh.PublicKey) string
- func SSHFingerprintSHA256FromString(key string) string
- func ServerNameWithoutPort(serverName string) string
- func TokenizeSSHKnownHostsEntry(knownHostsEntry string) (string, string, []byte, error)
- func TokenizedDataToPublicKey(hostname string, subType string, rawKeyData string) ([]string, ssh.PublicKey, error)
- type CertificateListSelector
- type SSHKnownHostsEntry
- type TLSCertificate
Constants ¶
const ( // Text marker indicating start of certificate in PEM format CertificateBeginMarker = "-----BEGIN CERTIFICATE-----" // Text marker indicating end of certificate in PEM format CertificateEndMarker = "-----END CERTIFICATE-----" // Maximum number of lines for a single certificate CertificateMaxLines = 128 // Maximum number of certificates or known host entries in a stream CertificateMaxEntriesPerStream = 256 )
Variables ¶
This section is empty.
Functions ¶
func DecodePEMCertificateToX509 ¶
func DecodePEMCertificateToX509(pemData string) (*x509.Certificate, error)
Decode a certificate in PEM format to X509 data structure
func GetCertBundlePathForRepository ¶
Gets the full path for a certificate bundle configured from a ConfigMap mount. This function makes sure that the path returned actually contain at least one valid certificate, and no invalid data.
func GetCertPoolFromPEMData ¶
Convert a list of certificates in PEM format to a x509.CertPool object, usable for most golang TLS functions.
func GetCertificateForConnect ¶
Load certificate data from a file. If the file does not exist, we do not consider it an error and just return empty data.
func GetSSHKnownHostsDataPath ¶
func GetSSHKnownHostsDataPath() string
Get the configured path to where SSH certificates are stored on the local filesystem. If ARGOCD_SSH_DATA_PATH environment is set, path is taken from there, otherwise the default will be returned.
func GetTLSCertificateDataPath ¶
func GetTLSCertificateDataPath() string
Get the configured path to where TLS certificates are stored on the local filesystem. If ARGOCD_TLS_DATA_PATH environment is set, path is taken from there, otherwise the default will be returned.
func IsValidHostname ¶
Can be used to test whether a given string represents a valid hostname If fqdn is true, given string must also be a FQDN representation.
func IsValidSSHKnownHostsEntry ¶
Checks whether we can use a line from ssh_known_hosts data as an actual data source for a RepoCertificate object. This function only checks for syntactic validity, not if the data in the line is valid.
func KnownHostsLineToPublicKey ¶
Parse a raw known hosts line into a PublicKey object and a list of hosts the key would be valid for.
func MatchHostName ¶
We do not use full fledged regular expression for matching the hostname. Instead, we use a less expensive file system glob, which should be fully sufficient for our use case.
func ParseSSHKnownHostsFromData ¶
Parse SSH Known Hosts data from a multiline string
func ParseSSHKnownHostsFromPath ¶
Parse SSH Known Hosts data from a file
func ParseSSHKnownHostsFromStream ¶
Parses a list of strings in SSH's known host data format from a stream and returns the valid entries in an array.
func ParseTLSCertificatesFromData ¶
Parse TLS certificates from a multiline string
func ParseTLSCertificatesFromPath ¶
Parse TLS certificates from a file
func ParseTLSCertificatesFromStream ¶
Parse TLS certificate data from a data stream. The stream may contain more than one certificate. Each found certificate will generate a unique entry in the returned slice, so the length of the slice indicates how many certificates have been found.
func SSHFingerprintSHA256 ¶
base64 sha256 hash with the trailing equal sign removed
func SSHFingerprintSHA256FromString ¶
Convenience wrapper around SSHFingerprintSHA256
func ServerNameWithoutPort ¶
Remove possible port number from hostname and return just the FQDN
func TokenizeSSHKnownHostsEntry ¶
Tokenize a known_hosts entry into hostname, key sub type and actual key data
Types ¶
type CertificateListSelector ¶
type CertificateListSelector struct { // Pattern to match the hostname with HostNamePattern string // Type of certificate to match CertType string // Subtype of certificate to match CertSubType string }
Helper struct for certificate selection
type SSHKnownHostsEntry ¶
type SSHKnownHostsEntry struct { // Hostname the key is for Host string // The type of the key SubType string // The data of the key, including the type Data string // The SHA256 fingerprint of the key Fingerprint string }
A struct representing an entry in the list of SSH known hosts.
type TLSCertificate ¶
type TLSCertificate struct { // Subject of the certificate Subject string // Issuer of the certificate Issuer string // Certificate data Data string }
A representation of a TLS certificate