certificates

package
v0.16.0-alpha.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 16, 2020 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Feature

type Feature string
const (
	// IPAddressFeature denotes tests that set the IPAddresses field.
	// Some issuer's are never going to allow issuing certificates with IP SANs
	// set as they are considered bad-practice.
	IPAddressFeature Feature = "IPAddresses"

	// DurationFeature denotes tests that set the 'duration' field to some
	// custom value.
	// Some issuers enforce a particular certificate duration, meaning they
	// will never pass tests that validate the duration is as expected.
	DurationFeature Feature = "Duration"

	// WildcardsFeature denotes tests that request certificates for wildcard
	// domains. Some issuer's disable wildcard certificate issuance, so this
	// feature allows runs of the suite to exclude those tests that utilise
	// wildcards.
	WildcardsFeature Feature = "Wildcards"

	// ECDSAFeature denotes whether the target issuer is able to sign
	// certificates with an elliptic curve private key. This is useful for some
	// issuers that have trouble being configured to support this feature.
	ECDSAFeature Feature = "ECDSA"

	// ReusePrivateKey denotes whether the target issuer is able to sign multiple
	// certificates for the same private key. This is useful for some issuers
	// that have trouble being configured to support this feature.
	ReusePrivateKeyFeature Feature = "ReusePrivateKey"

	// URISANs denotes whether to the target issuer is able to sign a certificate
	// that includes a URISANs. ACME providers do not support this.
	URISANsFeature Feature = "URISANs"

	// EmailSANs denotes whether to the target issuer is able to sign a certificate
	// that includes a EmailSANs.
	EmailSANsFeature Feature = "EmailSANs"

	// CommonName denotes whether the target issuer is able to sign certificates
	// with a distinct CommonName. This is useful for issuers such as ACME
	// providers that ignore, or otherwise have special requirements for the
	// CommonName such as needing to be present in the DNS Name list.
	CommonNameFeature = "CommonName"

	// KeyUsages denotes whether the target issuer is able to sign certificates
	// with arbitrary key usages.
	KeyUsagesFeature = "KeyUsages"
)

func (Feature) String

func (f Feature) String() string

String returns the Feature name as a string

type FeatureSet

type FeatureSet map[Feature]struct{}

FeatureSet represents a set of features. This type does not indicate whether or not features are enabled, rather it just defines a grouping of features (i.e. a 'set').

func NewFeatureSet

func NewFeatureSet(feats ...Feature) FeatureSet

NewFeatureSet constructs a new feature set with the given features.

func (FeatureSet) Add

func (fs FeatureSet) Add(f Feature)

Add adds a feature to the set

func (FeatureSet) Contains

func (fs FeatureSet) Contains(f Feature) bool

Contains returns true if the FeatureSet contains the given feature

func (FeatureSet) Delete

func (fs FeatureSet) Delete(f Feature)

Delete removes a feature from the set

func (FeatureSet) String

func (fs FeatureSet) String() string

String returns this FeatureSet as a comma separated string

type Suite

type Suite struct {
	// Name is the name of the issuer being tested, e.g. SelfSigned, CA, ACME
	// This field must be provided.
	Name string

	// CreateIssuerFunc is a function that provisions a new issuer resource and
	// returns an ObjectReference to that Issuer that will be used as the
	// IssuerRef on Certificate resources that this suite creates.
	// This field must be provided.
	CreateIssuerFunc func(*framework.Framework) cmmeta.ObjectReference

	// DeleteIssuerFunc is a function that is run after the test has completed
	// in order to clean up resources created for a test (e.g. the resources
	// created in CreateIssuerFunc).
	// This function will be run regardless whether the test passes or fails.
	// If not specified, this function will be skipped.
	DeleteIssuerFunc func(*framework.Framework, cmmeta.ObjectReference)

	// DomainSuffix is a suffix used on all domain requests.
	// This is useful when the issuer being tested requires special
	// configuration for a set of domains in order for certificates to be
	// issued, such as the ACME issuer.
	// If not set, this will be defaulted to the configured 'domain' for the
	// nginx-ingress addon.
	DomainSuffix string

	// UnsupportedFeatures is a list of features that are not supported by this
	// invocation of the test suite.
	// This is useful if a particular issuers explicitly does not support
	// certain features due to restrictions in their implementation.
	UnsupportedFeatures FeatureSet
	// contains filtered or unexported fields
}

Suite defines a reusable conformance test suite that can be used against any Issuer implementation.

func (*Suite) Define

func (s *Suite) Define()

Defines simple conformance tests that can be run against any issuer type. If Complete has not been called on this Suite before Define, it will be automatically called.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL