providers

package
v0.0.0-...-4b75dde Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 15, 2023 License: Apache-2.0 Imports: 22 Imported by: 0

Documentation

Overview

Package providers implements generic certificate provider related functionality

Index

Constants

This section is empty.

Variables

View Source
var (
	// ValidCertificateProviders is the list of supported certificate providers
	ValidCertificateProviders = []Kind{TresorKind, VaultKind, CertManagerKind}
)

Functions

func NewCertificateManager

func NewCertificateManager(ctx context.Context, kubeClient kubernetes.Interface, kubeConfig *rest.Config,
	providerNamespace string, option Options, computeClient compute.Interface, checkInterval time.Duration, trustDomain string) (*certificate.Manager, error)

NewCertificateManager returns a new certificate manager with a MRC compat client. TODO(4713): Remove and use NewCertificateManagerFromMRC

func NewCertificateManagerFromMRC

func NewCertificateManagerFromMRC(ctx context.Context, kubeClient kubernetes.Interface, kubeConfig *rest.Config,
	providerNamespace string, option Options, computeClient compute.Interface, checkInterval time.Duration) (*certificate.Manager, error)

NewCertificateManagerFromMRC returns a new certificate manager.

Types

type CertManagerOptions

type CertManagerOptions struct {
	IssuerName  string
	IssuerKind  string
	IssuerGroup string
}

CertManagerOptions is a type that specifies 'cert-manager.io' certificate provider options

func (CertManagerOptions) AsProviderSpec

func (options CertManagerOptions) AsProviderSpec() v1alpha2.ProviderSpec

AsProviderSpec returns the provider spec generated from the CertManager options

func (CertManagerOptions) Validate

func (options CertManagerOptions) Validate() error

Validate validates the options for cert-manager.io certificate provider

type Kind

type Kind string

Kind specifies the certificate provider kind

const (
	// TresorKind represents Tresor, an internal package which leverages Kubernetes secrets and signs certs on the OSM pod
	TresorKind Kind = "tresor"

	// VaultKind represents Hashi Vault; OSM is pointed to an external Vault; signing of certs happens on Vault
	VaultKind Kind = "vault"

	// CertManagerKind represents cert-manager.io; certificates are requested using cert-manager
	CertManagerKind Kind = "cert-manager"
)

func (Kind) String

func (p Kind) String() string

String returns the Kind as a string

type MRCCompatClient

type MRCCompatClient struct {
	MRCProviderGenerator
	// contains filtered or unexported fields
}

MRCCompatClient is a backwards compatible client to convert old certificate options into an MRC. Its intent is to match the custom interface that will wrap the MRC k8s informer. TODO(#4502): Remove this entirely once we are fully onboarded to MRC informers.

func (*MRCCompatClient) ListMeshRootCertificates

func (c *MRCCompatClient) ListMeshRootCertificates() ([]*v1alpha2.MeshRootCertificate, error)

ListMeshRootCertificates returns the single, pre-generated MRC. It is intended to implement the certificate.MRCClient interface.

func (*MRCCompatClient) UpdateMeshRootCertificate

func (c *MRCCompatClient) UpdateMeshRootCertificate(mrc *v1alpha2.MeshRootCertificate) error

UpdateMeshRootCertificate is not implemented on the compat client and always returns an error

func (*MRCCompatClient) Watch

func (c *MRCCompatClient) Watch(ctx context.Context) (<-chan certificate.MRCEvent, error)

Watch is a basic Watch implementation for the MRC attached to the compat client

type MRCComposer

type MRCComposer struct {
	compute.Interface
	MRCProviderGenerator
}

MRCComposer is a composer object that allows consumers to observe MRCs (via List() and Watch()) as well as generate `certificate.Provider`s from those MRCs

func (*MRCComposer) UpdateMeshRootCertificate

func (m *MRCComposer) UpdateMeshRootCertificate(mrc *v1alpha2.MeshRootCertificate) error

UpdateMeshRootCertificate updates the given mesh root certificate.

func (*MRCComposer) Watch

func (m *MRCComposer) Watch(ctx context.Context) (<-chan certificate.MRCEvent, error)

Watch returns a channel that receives events whenever MRCs are added, updated, and deleted from the informerCollection's MRC store. Channels returned from multiple invocations of Watch() are unique and have no coordination with each other. Events are guaranteed to be ordered for any particular resources, but NOT across different resources.

type MRCProviderGenerator

type MRCProviderGenerator struct {

	// TODO(#4711): move these to the compat client once we have added these fields to the MRC.
	KeyBitSize int

	// TODO(#4745): Remove after deprecating the osm.vault.token option.
	DefaultVaultToken string
	// contains filtered or unexported fields
}

MRCProviderGenerator knows how to convert a given MRC to its appropriate provider.

func (*MRCProviderGenerator) GetCertIssuerForMRC

GetCertIssuerForMRC returns a certificate.Issuer generated from the provided MRC.

type Options

type Options interface {
	Validate() error

	AsProviderSpec() v1alpha2.ProviderSpec
}

Options is an interface that contains required fields to convert the old style options to the new style MRC for each provider type. TODO(#4502): Remove this interface, and all of the options below.

type TresorOptions

type TresorOptions struct {
	// No options at the moment
	SecretName string
}

TresorOptions is a type that specifies 'Tresor' certificate provider options

func (TresorOptions) AsProviderSpec

func (options TresorOptions) AsProviderSpec() v1alpha2.ProviderSpec

AsProviderSpec returns the provider spec generated from the tresor options

func (TresorOptions) Validate

func (options TresorOptions) Validate() error

Validate validates the options for Tresor certificate provider

type VaultOptions

type VaultOptions struct {
	VaultProtocol             string
	VaultHost                 string
	VaultToken                string // TODO(#4745): Remove after deprecating the osm.vault.token option. Replace with VaultTokenSecretName
	VaultRole                 string
	VaultPort                 int
	VaultTokenSecretNamespace string
	VaultTokenSecretName      string
	VaultTokenSecretKey       string
}

VaultOptions is a type that specifies 'Hashicorp Vault' certificate provider options

func (VaultOptions) AsProviderSpec

func (options VaultOptions) AsProviderSpec() v1alpha2.ProviderSpec

AsProviderSpec returns the provider spec generated from the vault options

func (VaultOptions) Validate

func (options VaultOptions) Validate() error

Validate validates the options for Hashi Vault certificate provider

Directories

Path Synopsis
Package certmanager implements the certificate.Manager interface for cert-manager.io as the certificate provider.
Package certmanager implements the certificate.Manager interface for cert-manager.io as the certificate provider.
Package tresor implements the certificate.Manager interface for Tresor, a custom certificate provider in OSM.
Package tresor implements the certificate.Manager interface for Tresor, a custom certificate provider in OSM.
fake
Package fake moves fakes to their own sub-package
Package fake moves fakes to their own sub-package
Package vault implements the certificate.Manager interface for Hashicorp Vault as the certificate provider.
Package vault implements the certificate.Manager interface for Hashicorp Vault as the certificate provider.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL