policies

package
v1.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 22, 2020 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CurrentCertificateHasExpired

func CurrentCertificateHasExpired(input Input) (string, string, bool)

CurrentCertificateHasExpired is used exclusively to check if the current issued certificate has actually expired rather than just nearing expiry.

func CurrentCertificateRequestValidForSpec

func CurrentCertificateRequestValidForSpec(input Input) (string, string, bool)

func SecretDoesNotExist

func SecretDoesNotExist(input Input) (string, string, bool)

func SecretHasData

func SecretHasData(input Input) (string, string, bool)

func SecretHasUpToDateIssuerAnnotations

func SecretHasUpToDateIssuerAnnotations(input Input) (string, string, bool)

func SecretPrivateKeyMatchesSpec

func SecretPrivateKeyMatchesSpec(input Input) (string, string, bool)

func SecretPublicKeysMatch

func SecretPublicKeysMatch(input Input) (string, string, bool)

Types

type Chain

type Chain []Func

A chain of PolicyFuncs to be evaluated in order.

func NewTriggerPolicyChain

func NewTriggerPolicyChain(c clock.Clock) Chain

func (Chain) Evaluate

func (c Chain) Evaluate(input Input) (string, string, bool)

Evaluate will evaluate the entire policy chain using the provided input. As soon as a policy function indicates a re-issuance is required, the method will return and not evaluate the rest of the chain.

type Func

type Func func(Input) (reason, message string, reissue bool)

A Func evaluates the given input data and decides whether a re-issuance is required, returning additional human readable information in the 'reason' and 'message' return parameters if so.

func CurrentCertificateNearingExpiry

func CurrentCertificateNearingExpiry(c clock.Clock) Func

type Gatherer

type Gatherer struct {
	CertificateRequestLister cmlisters.CertificateRequestLister
	SecretLister             corelisters.SecretLister
}

Gatherer is used to gather data about a Certificate in order to evaluate its current readiness/state by applying policy functions to it.

func (*Gatherer) DataForCertificate

func (g *Gatherer) DataForCertificate(ctx context.Context, crt *cmapi.Certificate) (Input, error)

type Input

type Input struct {
	Certificate            *cmapi.Certificate
	CurrentRevisionRequest *cmapi.CertificateRequest
	Secret                 *corev1.Secret
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL