certificates

package
v0.0.0-...-5756e46 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 3, 2024 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AnnotationsForCertificate

func AnnotationsForCertificate(certificate *x509.Certificate) (map[string]string, error)

AnnotationsForCertificate returns a map which is set on all Certificate Secret's Annotations when issued. These annotations contain information about the Certificate. If the X.509 certificate is nil, an empty map will be returned.

func Apply

func Apply(ctx context.Context, cl cmclient.Interface, fieldManager string, crt *cmapi.Certificate) error

Apply will make an Apply API call with the given client to the certificates resource endpoint. All data in the given Certificate's status field is dropped. The given fieldManager is will be used as the FieldManager in the Apply call. Always sets Force Apply to true.

func ApplyStatus

func ApplyStatus(ctx context.Context, cl cmclient.Interface, fieldManager string, crt *cmapi.Certificate) error

ApplyStatus will make a Patch API call with the given client to the certificates status sub-resource endpoint. All data in the given Certificate object is dropped; expect for the name, namespace, and status object. The given fieldManager is will be used as the FieldManager in the Patch call. Always sets Force Patch to true.

func CertificateOwnsSecret

func CertificateOwnsSecret(
	ctx context.Context,
	certificateLister cmlisters.CertificateLister,
	secretLister internalinformers.SecretLister,
	crt *cmapi.Certificate,
) (bool, []string, error)

We determine whether a Certificate owns its Secret in order to prevent a CertificateRequest creation runaway. We use an annotation on the Secret to determine whether it is owned by a Certificate. We do not use the ownerReferences field on the Secret because the owner reference will not be set if the `--enable-certificate-owner-ref` flag is not set.

We determine if the passed Certificate owns its Secret as follows:

  1. If the target Secret exists and it is annotated with the name of this Certificate, then this Certificate is the owner.
  2. If the target Secret exists and it is annotated with the name of another Certificate that has the Secret as its secretRef, then that Certificate is the owner instead.
  3. If the target Secret exists and it is not annotated with the name of any Certificate, or it is annotated with the name of a Certificate that does not exist, or does not have the Secret as its secretRef, then the oldest Certificate which references it will be assumed to be the future owner.

func OutputFormatCombinedPEM

func OutputFormatCombinedPEM(privateKey, certificate []byte) []byte

OutputFormatCombinedPEM returns the byte slice of the PEM encoded private key and signed certificate chain, concatenated. To be used for Certificate's Additional Output Format Combined PEM.

func OutputFormatDER

func OutputFormatDER(privateKey []byte) []byte

OutputFormatDER returns the byte slice of the private key in DER format. To be used for Certificate's Additional Output Format DER.

Types

This section is empty.

Directories

Path Synopsis
Package policies provides functionality to evaluate Certificate's state
Package policies provides functionality to evaluate Certificate's state

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL