Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Feature ¶
type Feature string
const ( // IPAddressFeature denotes tests that set the IPAddresses field. // Some issuer's are never going to allow issuing certificates with IP SANs // set as they are considered bad-practice. IPAddressFeature Feature = "IPAddresses" // DurationFeature denotes tests that set the 'duration' field to some // custom value. // Some issuers enforce a particular certificate duration, meaning they // will never pass tests that validate the duration is as expected. DurationFeature Feature = "Duration" // WildcardsFeature denotes tests that request certificates for wildcard // domains. Some issuer's disable wildcard certificate issuance, so this // feature allows runs of the suite to exclude those tests that utilise // wildcards. WildcardsFeature Feature = "Wildcards" // ECDSAFeature denotes whether the target issuer is able to sign // certificates with an elliptic curve private key. This is useful for some // issuers that have trouble being configured to support this feature. ECDSAFeature Feature = "ECDSA" // ReusePrivateKey denotes whether the target issuer is able to sign multiple // certificates for the same private key. This is useful for some issuers // that have trouble being configured to support this feature. ReusePrivateKeyFeature Feature = "ReusePrivateKey" // URISANs denotes whether to the target issuer is able to sign a certificate // that includes a URISANs. ACME providers do not support this. URISANsFeature Feature = "URISANs" // CommonName denotes whether the target issuer is able to sign certificates // with a distinct CommonName. This is useful for issuers such as ACME // providers that ignore, or otherwise have special requirements for the // CommonName such as needing to be present in the DNS Name list. CommonNameFeature = "CommonName" // KeyUsages denotes whether the target issuer is able to sign certificates // with arbitary key usages. KeyUsagesFeature = "KeyUsages" )
type FeatureSet ¶
type FeatureSet map[Feature]struct{}
FeatureSet represents a set of features. This type does not indicate whether or not features are enabled, rather it just defines a grouping of features (i.e. a 'set').
func NewFeatureSet ¶
func NewFeatureSet(feats ...Feature) FeatureSet
NewFeatureSet constructs a new feature set with the given features.
func (FeatureSet) Contains ¶
func (fs FeatureSet) Contains(f Feature) bool
Contains returns true if the FeatureSet contains the given feature
func (FeatureSet) Delete ¶
func (fs FeatureSet) Delete(f Feature)
Delete removes a feature from the set
func (FeatureSet) String ¶
func (fs FeatureSet) String() string
String returns this FeatureSet as a comma separated string
type Suite ¶
type Suite struct { // Name is the name of the issuer being tested, e.g. SelfSigned, CA, ACME // This field must be provided. Name string // CreateIssuerFunc is a function that provisions a new issuer resource and // returns an ObjectReference to that Issuer that will be used as the // IssuerRef on Certificate resources that this suite creates. // This field must be provided. CreateIssuerFunc func(*framework.Framework) cmmeta.ObjectReference // DeleteIssuerFunc is a function that is run after the test has completed // in order to clean up resources created for a test (e.g. the resources // created in CreateIssuerFunc). // This function will be run regardless whether the test passes or fails. // If not specified, this function will be skipped. DeleteIssuerFunc func(*framework.Framework, cmmeta.ObjectReference) // DomainSuffix is a suffix used on all domain requests. // This is useful when the issuer being tested requires special // configuration for a set of domains in order for certificates to be // issued, such as the ACME issuer. // If not set, this will be defaulted to the configured 'domain' for the // nginx-ingress addon. DomainSuffix string // UnsupportedFeatures is a list of features that are not supported by this // invocation of the test suite. // This is useful if a particular issuers explicitly does not support // certain features due to restrictions in their implementation. UnsupportedFeatures FeatureSet // contains filtered or unexported fields }
Suite defines a reusable conformance test suite that can be used against any Issuer implementation.
Click to show internal directories.
Click to hide internal directories.