security

package

v0.0.0-...-b4459d8 Latest Latest Go to latest Published: Nov 18, 2024 License: Apache-2.0 Imports: 6 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/cockroachdb/helm-charts

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func CreateCAPair(certsDir, caKeyPath string, keySize int, lifetime time.Duration, ...) error
func CreateClientPair(certsDir, caKeyPath string, keySize int, lifetime time.Duration, ...) error
func CreateNodePair(certsDir, caKeyPath string, keySize int, lifetime time.Duration, ...) error
func GetCertObj(pemCert []byte) (*x509.Certificate, error)
type PemUsage
type SQLUsername

Constants ¶

View Source

const (
	KeyFileMode  = 0600
	CertFileMode = 0644
	RootUser     = "root"
)

View Source

const (
	CR            string = "cockroach"
	CERT          string = "cert"
	CREATE_CA     string = "create-ca"
	CREATE_NODE   string = "create-node"
	CREATE_CLIENT string = "create-client"

	CERTS_DIR  string = "--certs-dir=%s"
	CA_KEY     string = "--ca-key=%s"
	Life_Time  string = "--lifetime=%s"
	OVER_WRITE string = "--overwrite"
)

The following constants are used to run the crdb binary

Variables ¶

This section is empty.

Functions ¶

func CreateCAPair ¶

func CreateCAPair(
	certsDir, caKeyPath string,
	keySize int,
	lifetime time.Duration,
	allowKeyReuse bool,
	overwrite bool,
) error

CreateCAPair creates a general CA certificate and associated key.

func CreateClientPair ¶

func CreateClientPair(certsDir, caKeyPath string, keySize int, lifetime time.Duration, overwrite bool,
	user SQLUsername, wantPKCS8Key bool) error

CreateClientPair creates a node key and certificate. The CA cert and key must load properly. If multiple certificates exist in the CA cert, the first one is used. If a client CA exists, this is used instead. If wantPKCS8Key is true, the private key in PKCS#8 encoding is written as well.

func CreateNodePair ¶

func CreateNodePair(certsDir, caKeyPath string, keySize int, lifetime time.Duration, overwrite bool, hosts []string) error

CreateNodePair creates a node key and certificate. The CA cert and key must load properly. If multiple certificates exist in the CA cert, the first one is used.

func GetCertObj ¶

func GetCertObj(pemCert []byte) (*x509.Certificate, error)

Types ¶

type PemUsage ¶

type PemUsage uint32

PemUsage indicates the purpose of a given certificate.

const (

	// CAPem describes the main CA certificate.
	CAPem PemUsage
	// TenantClientCAPem describes the CA certificate used to broker authN/Z for SQL
	// tenants wishing to access the KV layer.
	TenantClientCAPem
	// ClientCAPem describes the CA certificate used to verify client certificates.
	ClientCAPem
	// UICAPem describes the CA certificate used to verify the Admin UI server certificate.
	UICAPem
	// NodePem describes the server certificate for the node, possibly a combined server/client
	// certificate for user Node if a separate 'client.node.crt' is not present.
	NodePem
	// UIPem describes the server certificate for the admin UI.
	UIPem
	// ClientPem describes a client certificate.
	ClientPem
	// TenantClientPem describes a SQL tenant client certificate.
	TenantClientPem
)

type SQLUsername ¶

type SQLUsername struct {
	U string
}

SQLUsername is used to define the username created in the client certificate

Source Files ¶

View all Source files

certs.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL