Documentation ¶
Index ¶
- Constants
- type CertServiceManager
- type Manager
- func (m *Manager) CheckCA(spec *CertServiceManager) error
- func (m *Manager) CheckCerts()
- func (m *Manager) CheckCertsSync() int
- func (m *Manager) Load() error
- func (m *Manager) MustCheckCerts(tolerance int) error
- func (m *Manager) ProcessQueue()
- func (m *Manager) Queue(spec *CertServiceManager)
- func (m *Manager) Server(sync bool)
- func (m *Manager) SetExpiresNext()
Constants ¶
const DefaultInterval = time.Hour
DefaultInterval is used if no interval is provided for a Manager. This defaults to one hour.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CertServiceManager ¶
This exists purely so we can bind custom svcmgr's per cert; this is primarily used for 'command' svcmgr's that don't follow the norm.
func (*CertServiceManager) TakeAction ¶
func (csm *CertServiceManager) TakeAction(change_type string) error
type Manager ¶
type Manager struct { // Dir is the directory containing the certificate specs. Dir string `json:"certspecs" yaml:"certspecs"` // DefaultRemote is used as the remote CA server when no // remote is specified. DefaultRemote string `json:"default_remote" yaml:"default_remote"` // ServiceManager is the service manager used to restart a // service. ServiceManager string `json:"service_manager" yaml:"service_manager"` // Before is how long before the cert expires to start // attempting to renew it. Before string `json:"before" yaml:"before"` // Interval is how often to update the NextExpires metric. Interval string `json:"interval" yaml:"interval"` // Certs contains the list of certificates to manage. Certs []*CertServiceManager `json:",omitempty" yaml:",omitempty"` // contains filtered or unexported fields }
The Manager structure contains the certificates to be managed. A manager needs to be constructed with one of the New functions, and should not be constructed by hand.
func New ¶
New constructs a new Manager from parameters. It is intended to be used in conjunction with command line flags.
func NewFromConfig ¶
NewFromConfig loads a new Manager from a config file. This does not load the certificate specs; to do that, see Load(). If the file looks like a JSON file, it will attempt to load it as a JSON file; otherwise, it assumes that it is a YAML file.
func (*Manager) CheckCA ¶
func (m *Manager) CheckCA(spec *CertServiceManager) error
CheckCA checks the CA on the certificate and restarts the service if needed.
func (*Manager) CheckCerts ¶
func (m *Manager) CheckCerts()
CheckCerts verifies that certificates and keys are present, and queues any certificates that need to be renewed. It returns time.Duration indicating how long until the next certificate check should occur.
func (*Manager) CheckCertsSync ¶
CheckCertsSync acts like CheckCerts, except that it doesn't queue the certificates: it makes an initial synchronous attempt at ensuring that each certificate exists. If an error occurs, the certificate is added to the renewal queue. This is useful, for example, on program startup. It returns the number of certificates that were unable to be generated.
func (*Manager) MustCheckCerts ¶
MustCheckCerts acts like CheckCerts, except it's synchronous and has a maxmimum number of failures that are tolerated. If tolerate is less than 1, it will be set to 1.
func (*Manager) ProcessQueue ¶
func (m *Manager) ProcessQueue()
ProcessQueue retrieves certificates from the renewal queue and attempts to renew them. It is intended to be run as a goroutine.
func (*Manager) Queue ¶
func (m *Manager) Queue(spec *CertServiceManager)
Queue adds the spec to the renewal queue if it isn't already queued.
func (*Manager) Server ¶
Server runs the Manager server. If sync is true, the first pass will be synchronous. It will autostart the renewal queue.
func (*Manager) SetExpiresNext ¶
func (m *Manager) SetExpiresNext()
SetExpiresNext sets the next expiration metric.