providers

package
v1.2.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 20, 2023 License: Apache-2.0 Imports: 23 Imported by: 0

Documentation

Overview

Package providers implements generic certificate provider related functionality

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ValidCertificateProviders is the list of supported certificate providers
	ValidCertificateProviders = []Kind{TresorKind, VaultKind, CertManagerKind}
)

Functions

func NewCertificateManager added in v1.2.0 

func NewCertificateManager(ctx context.Context, kubeClient kubernetes.Interface, kubeConfig *rest.Config, cfg configurator.Configurator,
	providerNamespace string, option Options, msgBroker *messaging.Broker, checkInterval time.Duration, trustDomain string) (*certificate.Manager, error)

NewCertificateManager returns a new certificate manager with a MRC compat client. TODO(4713): Remove and use NewCertificateManagerFromMRC

func NewCertificateManagerFromMRC added in v1.2.0 

func NewCertificateManagerFromMRC(ctx context.Context, kubeClient kubernetes.Interface, kubeConfig *rest.Config, cfg configurator.Configurator,
	providerNamespace string, option Options, msgBroker *messaging.Broker, ic *informers.InformerCollection, checkInterval time.Duration) (*certificate.Manager, error)

NewCertificateManagerFromMRC returns a new certificate manager.

Types

type CertManagerOptions 

type CertManagerOptions struct {
	IssuerName  string
	IssuerKind  string
	IssuerGroup string
}

CertManagerOptions is a type that specifies 'cert-manager.io' certificate provider options

func (CertManagerOptions) AsProviderSpec added in v1.2.0 

func (options CertManagerOptions) AsProviderSpec() v1alpha2.ProviderSpec

AsProviderSpec returns the provider spec generated from the CertManager options

func (CertManagerOptions) Validate added in v1.2.0 

func (options CertManagerOptions) Validate() error

Validate validates the options for cert-manager.io certificate provider

type Kind 

type Kind string

Kind specifies the certificate provider kind 

const (
	// TresorKind represents Tresor, an internal package which leverages Kubernetes secrets and signs certs on the OSM pod
	TresorKind Kind = "tresor"

	// VaultKind represents Hashi Vault; OSM is pointed to an external Vault; signing of certs happens on Vault
	VaultKind Kind = "vault"

	// CertManagerKind represents cert-manager.io; certificates are requested using cert-manager
	CertManagerKind Kind = "cert-manager"
)

func (Kind) String 

func (p Kind) String() string

String returns the Kind as a string

type MRCCompatClient added in v1.2.0 

type MRCCompatClient struct {
	MRCProviderGenerator
	// contains filtered or unexported fields
}

MRCCompatClient is a backwards compatible client to convert old certificate options into an MRC. It's intent is to match the custom interface that will wrap the MRC k8s informer. TODO(#4502): Remove this entirely once we are fully onboarded to MRC informers.

func (*MRCCompatClient) List added in v1.2.0 

func (c *MRCCompatClient) List() ([]*v1alpha2.MeshRootCertificate, error)

List returns the single, pre-generated MRC. It is intended to implement the certificate.MRCClient interface.

func (*MRCCompatClient) Watch added in v1.2.0 

func (c *MRCCompatClient) Watch(ctx context.Context) (<-chan certificate.MRCEvent, error)

Watch is a basic Watch implementation for the MRC attached to the compat client

type MRCComposer added in v1.2.0 

type MRCComposer struct {
	MRCProviderGenerator
	// contains filtered or unexported fields
}

MRCComposer is a composer object that allows consumers to observe MRCs (via List() and Watch()) as well as generate `certificate.Provider`s from those MRCs

func (*MRCComposer) List added in v1.2.0 

func (m *MRCComposer) List() ([]*v1alpha2.MeshRootCertificate, error)

List returns the MRCs stored in the informerCollection's store

func (*MRCComposer) Watch added in v1.2.0 

func (m *MRCComposer) Watch(ctx context.Context) (<-chan certificate.MRCEvent, error)

Watch returns a channel that receives events whenever MRCs are added, updated, and deleted from the informerCollection's MRC store. Channels returned from multiple invocations of Watch() are unique and have no coordination with each other. Events are guaranteed to be ordered for any particular resources, but NOT across different resources.

type MRCProviderGenerator added in v1.2.0 

type MRCProviderGenerator struct {

	// TODO(#4711): move these to the compat client once we have added these fields to the MRC.
	KeyBitSize int

	// TODO(#4745): Remove after deprecating the osm.vault.token option.
	DefaultVaultToken string
	// contains filtered or unexported fields
}

MRCProviderGenerator knows how to convert a given MRC to its appropriate provider.

func (*MRCProviderGenerator) GetCertIssuerForMRC added in v1.2.0 

func (c *MRCProviderGenerator) GetCertIssuerForMRC(mrc *v1alpha2.MeshRootCertificate) (certificate.Issuer, pem.RootCertificate, error)

GetCertIssuerForMRC returns a certificate.Issuer generated from the provided MRC.

type Options added in v1.2.0 

type Options interface {
	Validate() error

	AsProviderSpec() v1alpha2.ProviderSpec
}

Options is an interface that contains required fields to convert the old style options to the new style MRC for each provider type. TODO(#4502): Remove this interface, and all of the options below.

type TresorOptions 

type TresorOptions struct {
	// No options at the moment
	SecretName string
}

TresorOptions is a type that specifies 'Tresor' certificate provider options

func (TresorOptions) AsProviderSpec added in v1.2.0 

func (options TresorOptions) AsProviderSpec() v1alpha2.ProviderSpec

AsProviderSpec returns the provider spec generated from the tresor options

func (TresorOptions) Validate added in v1.2.0 

func (options TresorOptions) Validate() error

Validate validates the options for Tresor certificate provider

type VaultOptions 

type VaultOptions struct {
	VaultProtocol             string
	VaultHost                 string
	VaultToken                string // TODO(#4745): Remove after deprecating the osm.vault.token option. Replace with VaultTokenSecretName
	VaultRole                 string
	VaultPort                 int
	VaultTokenSecretNamespace string
	VaultTokenSecretName      string
	VaultTokenSecretKey       string
}

VaultOptions is a type that specifies 'Hashicorp Vault' certificate provider options

func (VaultOptions) AsProviderSpec added in v1.2.0 

func (options VaultOptions) AsProviderSpec() v1alpha2.ProviderSpec

AsProviderSpec returns the provider spec generated from the vault options

func (VaultOptions) Validate added in v1.2.0 

func (options VaultOptions) Validate() error

Validate validates the options for Hashi Vault certificate provider

Source Files

View all Source files

Directories

Path Synopsis
Package certmanager implements the certificate.Manager interface for cert-manager.io as the certificate provider.
 Package certmanager implements the certificate.Manager interface for cert-manager.io as the certificate provider.
Package tresor implements the certificate.Manager interface for Tresor, a custom certificate provider in OSM.
 Package tresor implements the certificate.Manager interface for Tresor, a custom certificate provider in OSM.
fake
Package vault implements the certificate.Manager interface for Hashicorp Vault as the certificate provider.
 Package vault implements the certificate.Manager interface for Hashicorp Vault as the certificate provider.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.