Documentation
¶
Overview ¶
Package cert contains certificate specifications and certificate-specific management.
Package cert contains certificate specifications and certificate-specific management.
Package cert contains certificate specifications and certificate-specific management.
Index ¶
- type CA
- type CertificateFile
- type File
- type Path
- type Spec
- func (spec *Spec) CAExpireTime() time.Time
- func (spec *Spec) CertExpireTime() time.Time
- func (spec *Spec) EnforcePKI(enableActions bool) error
- func (spec *Spec) ForceRenewal()
- func (spec *Spec) HasChangedOnDisk() (bool, bool, error)
- func (spec *Spec) Lifespan() time.Duration
- func (spec *Spec) String() string
- func (spec *Spec) WipeMetrics()
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CA ¶
type CA struct {
Name string `json:"name" yaml:"name"`
Remote string `json:"remote" yaml:"remote"`
Label string `json:"label" yaml:"label"`
Profile string `json:"profile" yaml:"profile"`
AuthKey string `json:"auth_key" yaml:"auth_key"`
AuthKeyFile string `json:"auth_key_file" yaml:"auth_key_file"`
File *CertificateFile `json:"file,omitempty" yaml:"file,omitempty"`
RootCACert string `json:"root_ca,omitempty" yaml:"root_ca,omitempty"`
}
A CA contains the core details for a CFSSL CA. There are two ways to use this: fill out Name to refer to a global CA (e.g. as defined in the config file) or fill out Remote, Label, Profile, and AuthKey.
type CertificateFile ¶
type CertificateFile struct {
File
}
CertificateFile is a convenience wrapper of File
func (*CertificateFile) ReadCertificate ¶
func (cf *CertificateFile) ReadCertificate() (*x509.Certificate, error)
ReadCertificate read and parse the on disk certificate
func (*CertificateFile) UnmarshalJSON ¶
func (cf *CertificateFile) UnmarshalJSON(data []byte) error
UnmarshalJSON implement json unmarshalling logic
func (*CertificateFile) UnmarshalYAML ¶
func (cf *CertificateFile) UnmarshalYAML(unmarshal func(interface{}) error) error
UnmarshalYAML implement yaml unmarshalling logic
func (*CertificateFile) WriteCertificate ¶
func (cf *CertificateFile) WriteCertificate(cert *x509.Certificate) error
WriteCertificate serialize and write a certificate to disk
type File ¶
type File struct {
Path string `json:"path" yaml:"path"`
Owner string `json:"owner" yaml:"owner"`
Group string `json:"group" yaml:"group"`
Mode string `json:"mode" yaml:"mode"`
// contains filtered or unexported fields
}
File contains path and ownership information for a file.
func (*File) UnmarshalJSON ¶
UnmarshalJSON implement json unmarshalling logic
func (*File) UnmarshalYAML ¶
UnmarshalYAML implement yaml unmarshalling logic
type Spec ¶
type Spec struct {
// This defines the service manager to use. This should be defined
// globally rather than per cert- it's allowed here to allow cert
// definitions to use a servicemanager of 'command' to allow freeform
// invocations.
ServiceManagerName string `json:"svcmgr" yaml:"svcmgr"`
// The service is the service that uses this certificate. If
// this field is not empty, the action below will be applied
// to this service upon certificate renewal. It can also be
// used to describe what this certificate is for.
Service string `json:"service" yaml:"service"`
// Action is one of empty, "nop", "reload", or "restart" (see
// the svcmgr package for details).
Action string `json:"action" yaml:"action"`
// Request contains the CSR metadata needed to request a
// certificate.
Request *csr.CertificateRequest `json:"request" yaml:"request"`
// Key contains the file metadata for the private key.
Key *File `json:"private_key" yaml:"private_key"`
// Cert contains the file metadata for the certificate.
Cert *CertificateFile `json:"certificate" yaml:"certificate"`
// CA specifies the certificate authority that should be used.
CA CA `json:"authority" yaml:"authority"`
// Path points to the on-disk location of the certificate
// spec.
Path string
// contains filtered or unexported fields
}
A Spec contains information needed to monitor and renew a certificate.
func (*Spec) CAExpireTime ¶
CAExpireTime returns the time at which this spec's CA is no longer valid.
func (*Spec) CertExpireTime ¶
CertExpireTime returns the time at which this spec's Certificate is no longer valid.
func (*Spec) EnforcePKI ¶
EnforcePKI processes a spec, updating content on disk, taking action as needed. Returns (TTL for PKI, error). If an error occurs, the ttl is at best a hint to the invoker as to when the next refresh is required- that said the invoker should back off and try a refresh.
func (*Spec) ForceRenewal ¶
func (spec *Spec) ForceRenewal()
ForceRenewal Reset the lifespan to force cfssl to regenerate
func (*Spec) HasChangedOnDisk ¶
HasChangedOnDisk returns (removed, changed, err) to indicate if the spec has changed
func (*Spec) WipeMetrics ¶
func (spec *Spec) WipeMetrics()
WipeMetrics Wipes any metrics that may be recorded for this spec. In general this should be invoked only when a spec is being removed from tracking.
Source Files