provisioner

package

v0.0.0-...-6b233c2 Latest Latest Go to latest Published: Aug 6, 2024 License: Apache-2.0 Imports: 11 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/nokia/ncm-issuer

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
type ExternalProvisioner
type PendingCSR
type PendingCSRsMap
type Provisioner
- func NewProvisioner(ncmCfg *cfg.NCMConfig, log logr.Logger) (*Provisioner, error)
type ProvisionersMap
- func NewProvisionersMap() *ProvisionersMap

Constants ¶

View Source

const (
	// SingleCSRCheckLimit defines limit for checking single CSR status returned by NCM.
	// In case of need for manual approval ncm-issuer gives operator around 24h (1440m) to
	// accept CSR manually in NCM before rejecting that request.
	SingleCSRCheckLimit = 1440

	CSRStatusAccepted  = "accepted"
	CSRStatusApproved  = "approved"
	CSRStatusPending   = "pending"
	CSRStatusPostponed = "postponed"
	CSRStatusRejected  = "rejected"
)

Variables ¶

View Source

var (
	ErrCSRNotAccepted        = errors.New("CSR has not been accepted yet")
	ErrCSRRejected           = errors.New("CSR has been rejected")
	ErrCSRCheckLimitExceeded = errors.New("CSR has not been accepted for too long")
)

Functions ¶

This section is empty.

Types ¶

type ExternalProvisioner ¶

type ExternalProvisioner interface {
	Sign(cr *cmapi.CertificateRequest) ([]byte, []byte, string, error)
	Renew(cr *cmapi.CertificateRequest, certID string) ([]byte, []byte, string, error)
	PreventRenewal() bool
	Retire()
}

type PendingCSR ¶

type PendingCSR struct {
	// contains filtered or unexported fields
}

PendingCSR stores pending CSR href and "checked" which means how many times CSRStatusPending was encountered when checking CSR status in NCM.

type PendingCSRsMap ¶

type PendingCSRsMap struct {
	// contains filtered or unexported fields
}

PendingCSRsMap stores pending CSRs which have not yet been accepted by NCM as key-value pair where key is composed of namespace + certificate name (e.g. ncm-issuer-ns.example-certificate) and value is PendingCSR.

func (*PendingCSRsMap) Add ¶

func (cm *PendingCSRsMap) Add(namespace, certName, href string)

func (*PendingCSRsMap) Delete ¶

func (cm *PendingCSRsMap) Delete(namespace, certName string)

func (*PendingCSRsMap) Get ¶

func (cm *PendingCSRsMap) Get(namespace, certName string) *PendingCSR

func (*PendingCSRsMap) Has ¶

func (cm *PendingCSRsMap) Has(namespace, certName string) bool

func (*PendingCSRsMap) Increment ¶

func (cm *PendingCSRsMap) Increment(namespace, certName string)

func (*PendingCSRsMap) ResetCheckCounter ¶

func (cm *PendingCSRsMap) ResetCheckCounter(namespace, certName string)

type Provisioner ¶

type Provisioner struct {
	NCMConfig *cfg.NCMConfig
	NCMClient ncmapi.ExternalClient
	// contains filtered or unexported fields
}

Provisioner allows Sign or Renew certificate using NCMClient.

func NewProvisioner ¶

func NewProvisioner(ncmCfg *cfg.NCMConfig, log logr.Logger) (*Provisioner, error)

func (*Provisioner) PreventRenewal ¶

func (p *Provisioner) PreventRenewal() bool

func (*Provisioner) Renew ¶

func (p *Provisioner) Renew(cr *cmapi.CertificateRequest, certID string) ([]byte, []byte, string, error)

Renew uses NCMClient to communicate with NCM API to renew existing certificate.

func (*Provisioner) Retire ¶

func (p *Provisioner) Retire()

func (*Provisioner) Sign ¶

func (p *Provisioner) Sign(cr *cmapi.CertificateRequest) ([]byte, []byte, string, error)

Sign uses NCMClient to communicate with NCM API to sign CertificateRequest. NCM policy defines few statuses for CSR, which must be correctly handled by ncm-issuer. Thus, CSR status in NCM is checked every time to deduce current state - Provisioner stores in pendingCSRs href to pending CSR if request has not been accepted during first CertificateRequest.

type ProvisionersMap ¶

type ProvisionersMap struct {
	Provisioners map[types.NamespacedName]ExternalProvisioner
	// contains filtered or unexported fields
}

ProvisionersMap stores prepared (NCM API Client is configured) and ready to use provisioner.

func NewProvisionersMap ¶

func NewProvisionersMap() *ProvisionersMap

func (*ProvisionersMap) AddOrReplace ¶

func (pm *ProvisionersMap) AddOrReplace(namespacedName types.NamespacedName, provisioner ExternalProvisioner)

func (*ProvisionersMap) Delete ¶

func (pm *ProvisionersMap) Delete(namespacedName types.NamespacedName)

func (*ProvisionersMap) Get ¶

func (pm *ProvisionersMap) Get(namespacedName types.NamespacedName) (ExternalProvisioner, bool)

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
metrics

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL