tls

package

v0.0.0-...-5756e46 Latest Latest Go to latest Published: Nov 3, 2024 License: Apache-2.0 Imports: 16 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/nholuongut/cert-manager

Links

Open Source Insights

Documentation ¶

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrNotAvailable = errors.New("no tls.Certificate available")
)

Functions ¶

This section is empty.

Types ¶

type Authority ¶

type Authority interface {
	// Run starts the authority and blocks until it is stopped or an error occurs.
	Run(ctx context.Context) error

	// WatchRotation adds a watcher to the authority that will notify the given
	// channel when the root CA has been rotated. It is guaranteed to post a message
	// to the channel when the root CA has been rotated and the channel is not full.
	WatchRotation(ch chan<- struct{})

	// StopWatchingRotation removes the watcher from the authority.
	StopWatchingRotation(ch chan<- struct{})

	// Sign signs the given certificate template and returns the signed certificate.
	// WARNING: The WatchRotation method should be called before Sign to ensure that
	// the rotation of the CA used to sign the certificate in this call is detected.
	Sign(template *x509.Certificate) (*x509.Certificate, error)
}

type CertificateSource ¶

type CertificateSource interface {
	// GetCertificate returns a Certificate based on the given
	// ClientHelloInfo. It will only be called if the client supplies SNI
	// information or if Certificates is empty.
	//
	// If GetCertificate is nil or returns nil, then the certificate is
	// retrieved from NameToCertificate. If NameToCertificate is nil, the
	// first element of Certificates will be used.
	GetCertificate(*tls.ClientHelloInfo) (*tls.Certificate, error)

	// Start will start the certificate source.
	// This may include setting up watches on certificate stores, or any other
	// kind of background operation.
	// The Start function should return when stopCh is closed, and may return an
	// error if an irrecoverable error occurs whilst running.
	Start(context.Context) error

	// Healthy can be used to check the status of the CertificateSource.
	// It will return true if the source has a certificate available.
	Healthy() bool
}

type DynamicSource ¶

type DynamicSource struct {
	// DNSNames that will be set on certificates this source produces.
	DNSNames []string

	// The authority used to sign certificate templates.
	Authority Authority

	RetryInterval time.Duration
	// contains filtered or unexported fields
}

DynamicSource provides certificate data for a golang HTTP server by automatically generating certificates using an authority.SignFunc.

func (*DynamicSource) GetCertificate ¶

func (f *DynamicSource) GetCertificate(*tls.ClientHelloInfo) (*tls.Certificate, error)

func (*DynamicSource) Healthy ¶

func (f *DynamicSource) Healthy() bool

func (*DynamicSource) NeedLeaderElection ¶

func (f *DynamicSource) NeedLeaderElection() bool

Implements LeaderElectionRunnable (https://github.com/kubernetes-sigs/controller-runtime/blob/56159419231e985c091ef3e7a8a3dee40ddf1d73/pkg/manager/manager.go#L305)

func (*DynamicSource) Start ¶

func (f *DynamicSource) Start(ctx context.Context) error

Implements Runnable (https://github.com/kubernetes-sigs/controller-runtime/blob/56159419231e985c091ef3e7a8a3dee40ddf1d73/pkg/manager/manager.go#L287)

type FileCertificateSource ¶

type FileCertificateSource struct {
	// CertPath is the path to the TLS certificate.
	// This file will be read periodically and will be used as the private key
	// for TLS connections.
	CertPath string

	// KeyPath is the path to the private key.
	// This file will be read periodically and will be used as the private key
	// for TLS connections.
	KeyPath string

	// UpdateInterval is how often the CertPath and KeyPath will be checked for
	// changes.
	// If not specified, a default of 10s will be used.
	UpdateInterval time.Duration

	// MaxFailures is the maximum number of times a failure to read data from
	// disk should be allowed before treating it as fatal.
	// If not specified, a default of 12 will be used.
	MaxFailures int
	// contains filtered or unexported fields
}

FileCertificateSource provides certificate data for a golang HTTP server by reloading data on disk periodically.

func (*FileCertificateSource) GetCertificate ¶

func (f *FileCertificateSource) GetCertificate(*tls.ClientHelloInfo) (*tls.Certificate, error)

func (*FileCertificateSource) Healthy ¶

func (f *FileCertificateSource) Healthy() bool

func (*FileCertificateSource) Start ¶

func (f *FileCertificateSource) Start(ctx context.Context) error

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
authority

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL