Documentation
¶
Overview ¶
Package policies provides functionality to evaluate Certificate's state
Index ¶
- Constants
- func CurrentCertificateRequestNotValidForSpec(input Input) (string, string, bool)
- func SecretDoesNotExist(input Input) (string, string, bool)
- func SecretIsMissingData(input Input) (string, string, bool)
- func SecretIssuerAnnotationsNotUpToDate(input Input) (string, string, bool)
- func SecretPrivateKeyMatchesSpec(input Input) (string, string, bool)
- func SecretPublicKeysDiffer(input Input) (string, string, bool)
- type Chain
- type Func
- type Gatherer
- type Input
Constants ¶
const ( // Certificate's spec.secretName secret does not exist DoesNotExist string = "DoesNotExist" // Certificate's spec.secretName secret has missing data MissingData string = "MissingData" // Public key of certificate does not match private key InvalidKeyPair string = "InvalidKeyPair" // Secret's private key does not match spec SecretMismatch string = "SecretMismatch" // Certificate has been issued by incorrect Issuer IncorrectIssuer string = "IncorrectIssuer" // CertificateRequest not valid for Certificate's spec RequestChanged string = "RequestChanged" // Certificate's renewal time is now or in past Renewing string = "Renewing" // Certificate has expired Expired string = "Expired" )
Variables ¶
This section is empty.
Functions ¶
func CurrentCertificateRequestNotValidForSpec ¶ added in v1.3.0
func SecretIsMissingData ¶ added in v1.3.0
func SecretIssuerAnnotationsNotUpToDate ¶ added in v1.3.0
Types ¶
type Chain ¶
type Chain []Func
A chain of PolicyFuncs to be evaluated in order.
func NewTriggerPolicyChain ¶
type Func ¶
A Func evaluates the given input data and decides whether a re-issuance is required, returning additional human readable information in the 'reason' and 'message' return parameters if so.
func CurrentCertificateHasExpired ¶
CurrentCertificateHasExpired is used exclusively to check if the current issued certificate has actually expired rather than just nearing expiry.
func CurrentCertificateNearingExpiry ¶
func CurrentCertificateNearingExpiry(c clock.Clock, defaultRenewBeforeExpiryDuration time.Duration) Func
CurrentCertificateNearingExpiry returns a policy function that can be used to check whether an X.509 cert currently issued for a Certificate should be renewed.
type Gatherer ¶
type Gatherer struct {
CertificateRequestLister cmlisters.CertificateRequestLister
SecretLister corelisters.SecretLister
}
Gatherer is used to gather data about a Certificate in order to evaluate its current readiness/state by applying policy functions to it.
func (*Gatherer) DataForCertificate ¶
DataForCertificate returns the secret as well as the "current" and "next" certificate request associated with the given certificate. It also returns the given certificate as-is. To know more about the "current" and "next" certificate requests and why we want to be fetching them along with the certificate's secret, take a look at the top comment on this file.
DataForCertificate returns an error when duplicate CRs are found for the "current" or the "next" revision. DataForCertificate does not return any apierrors.NewNotFound; instead, if either of the objects (current CR, next CR or secret) is not found, then the returned value of this object is left nil.
type Input ¶
type Input struct {
Certificate *cmapi.Certificate
Secret *corev1.Secret
// The "current" certificate request designates the certificate request that
// led to the current revision of the certificate. The "current" certificate
// request is by definition in a ready state, and can be seen as the source
// of information of the current certificate. Take a look at the gatherer
// package's documentation to see more about why we care about the "current"
// certificate request.
CurrentRevisionRequest *cmapi.CertificateRequest
// The "next" certificate request is the one that is currently being issued.
// Take a look at the gatherer package's documentation to see more about why
// we care about the "next" certificate request.
NextRevisionRequest *cmapi.CertificateRequest
}
Source Files