Documentation ¶
Index ¶
- Constants
- func ClusterDNSNames(cluster *v1.NifiCluster, nodeId int32) (names []string)
- func ControllerUserForCluster(cluster *v1.NifiCluster) *v1.NifiUser
- func GetInternalDNSNames(cluster *v1.NifiCluster, nodeId int32) (dnsNames []string)
- func GetNodeUserName(cluster *v1.NifiCluster, nodeId int32) string
- func LabelsForNifiPKI(name string) map[string]string
- func NodeUsersForCluster(cluster *v1.NifiCluster, additionalHostnames []string) []*v1.NifiUser
- type Manager
- type UserCertificate
Constants ¶
const ( // NodeSelfSignerTemplate is the template used for self-signer resources NodeSelfSignerTemplate = "%s-self-signer" NodeCACertTemplate = "%s-ca-certificate" // NodeServerCertTemplate is the template used for node certificate resources NodeServerCertTemplate = "%s-%d-server-certificate" // NodeIssuerTemplate is the template used for node issuer resources NodeIssuerTemplate = "%s-issuer" // NodeControllerFQDNTemplate is combined with the above and cluster namespace // to create a 'fake' full-name for the controller user NodeControllerFQDNTemplate = "%s.%s.mgt.%s" // SpiffeIdTemplate = "spiffe://%s/ns/%s/nifiuser/%s" // CAIntermediateTemplate is the template used for intermediate CA resources CAIntermediateTemplate = "%s-intermediate.%s" // CAFQDNTemplate is the template used for the FQDN of a CA CAFQDNTemplate = "%s-ca.%s.%s" )
Variables ¶
This section is empty.
Functions ¶
func ClusterDNSNames ¶
func ClusterDNSNames(cluster *v1.NifiCluster, nodeId int32) (names []string)
ClusterDNSNames returns all the possible DNS Names for a NiFi Cluster
func ControllerUserForCluster ¶
func ControllerUserForCluster(cluster *v1.NifiCluster) *v1.NifiUser
ControllerUserForCluster returns a NifiUser CR for the controller/cc certificates in a NifiCluster
func GetInternalDNSNames ¶
func GetInternalDNSNames(cluster *v1.NifiCluster, nodeId int32) (dnsNames []string)
GetInternalDNSNames returns all potential DNS names for a nifi cluster - including nodes
func GetNodeUserName ¶
func GetNodeUserName(cluster *v1.NifiCluster, nodeId int32) string
func LabelsForNifiPKI ¶
LabelsForNifiPKI returns kubernetes labels for a PKI object
func NodeUsersForCluster ¶
func NodeUsersForCluster(cluster *v1.NifiCluster, additionalHostnames []string) []*v1.NifiUser
NodeUsersForCluster returns a NifiUser CR for the node certificates in a NifiCluster
Types ¶
type Manager ¶
type Manager interface { // ReconcilePKI ensures a PKI for a nifi cluster - should be idempotent. // This method should at least setup any issuer needed for user certificates // as well as node secrets ReconcilePKI(ctx context.Context, logger zap.Logger, scheme *runtime.Scheme, externalHostnames []string) error // FinalizePKI performs any cleanup steps necessary for a PKI backend FinalizePKI(ctx context.Context, logger zap.Logger) error // ReconcileUserCertificate ensures and returns a user certificate - should be idempotent ReconcileUserCertificate(ctx context.Context, user *v1.NifiUser, scheme *runtime.Scheme) (*UserCertificate, error) // FinalizeUserCertificate removes/revokes a user certificate FinalizeUserCertificate(ctx context.Context, user *v1.NifiUser) error // GetControllerTLSConfig retrieves a TLS configuration for a controller nifi client GetControllerTLSConfig() (*tls.Config, error) }
Manager is the main interface for objects performing PKI operations
type UserCertificate ¶
UserCertificate is a struct representing the key components of a user TLS certificate for use across operations from other packages and internally.
func (*UserCertificate) DN ¶
func (u *UserCertificate) DN() string
DN returns the Distinguished Name of a TLS certificate