Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // ErrInvalidOrg defines a global error for invalid organization ErrInvalidOrg = errors.New("invalid organization") // ErrInvalidCN defines a global error for invalid subject common name ErrInvalidCN = errors.New("invalid subject Common Name") // ErrProfileSupport defines a global error for a profile which was not backed by a CA signer cert.. ErrProfileSupport = errors.New("csr profile is not currently supported") )
Functions ¶
func HandleHealthCheck ¶
func HandleHealthCheck(w http.ResponseWriter, r *http.Request)
HandleHealthCheck handles health check
func StartSignerServer ¶
StartSignerServer initializes a new signer instance.
Types ¶
type CertKey ¶
type CertKey struct {
CertFile, KeyFile string
}
CertKey stores files for the cert and key pair.
type CertServer ¶
type CertServer struct {
// contains filtered or unexported fields
}
CertServer is the object that handles the HTTP requests and responses. It recieves CSR approval requests from the client agent which the `signer` then attempts to sign. If successful, the approved CSR is returned to the agent which contains the signed certificate.
func NewServer ¶
func NewServer(c Config) (*CertServer, error)
NewServer returns a CertServer object that has a CertSigner object as a part of it
func (*CertServer) HandleGetCSR ¶
func (s *CertServer) HandleGetCSR(w http.ResponseWriter, r *http.Request)
HandleGetCSR retrieves a CSR from a directory location (`csrDir`) and returns it to an agent.
func (*CertServer) HandlePostCSR ¶
func (s *CertServer) HandlePostCSR(w http.ResponseWriter, r *http.Request)
HandlePostCSR takes in a CSR, attempts to approve it and writes the CSR to a file in the `csrDir`. It returns a `http.StatusOK` to the client if the recieved CSR can be sucessfully decoded.
func (*CertServer) ServeHTTP ¶
func (s *CertServer) ServeHTTP(w http.ResponseWriter, r *http.Request)
type CertSigner ¶
type CertSigner struct {
// contains filtered or unexported fields
}
CertSigner signs a certiifcate using a `cfssl` Signer.
NOTE: the CertSigner only signs certificates for `etcd` nodes, any other certificate request from other nodes will be declined.
func NewSigner ¶
func NewSigner(s *SignerCA, policy *config.Signing) (*CertSigner, error)
NewSigner returns a CertSigner object after filling in its attibutes from the `Config` provided.
func (*CertSigner) Sign ¶
func (s *CertSigner) Sign(csr *capi.CertificateSigningRequest) (*capi.CertificateSigningRequest, error)
Sign sends a signature request to the local signer, receiving a signed certificate or an error in response. If successful, It then returns the CSR which contains the newly signed certificate.
Note: A signed certificate is issued only for etcd profiles.
type Config ¶
type Config struct {
// SignerCAFiles
SignerCAFiles
// ServerCertKeys is a list of server certificates for serving on TLS based on SNI
ServerCertKeys []CertKey
// ListenAddress is the address at which the server listens for requests
ListenAddress string
// InsecureHealthCheckAddress is the address at which the server listens for insecure health checks
InsecureHealthCheckAddress string
// EtcdMetricCertDuration
EtcdMetricCertDuration time.Duration
// EtcdPeerCertDuration is the cert duration for the `EtcdPeer` profile
EtcdPeerCertDuration time.Duration
// EtcdServerCertDuration is the cert duration for the `EtcdServer` profile
EtcdServerCertDuration time.Duration
// CSRDir is the directory location where the signer stores CSRs and serves them
CSRDir string
}
Config holds the configuration values required to start a new signer
type SignerCA ¶
type SignerCA struct {
// contains filtered or unexported fields
}
SignerCA stores the PEM encoded cert and key blocks.
type SignerCAFiles ¶
type SignerCAFiles struct {
// CACert is the file location of the Certificate Authority certificate
CACert string
// CAKey is the file location of the Certificate Authority private key
CAKey string
// MetricCACert is the file location of the metrics Certificate Authority certificate
MetricCACert string
// MetricCAKey is the file location of the metrics Certificate Authority private key
MetricCAKey string
}
SignerCAFiles holds the file paths to the signer CA assets
Source Files