certificates

package
v0.1.52 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 28, 2024 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Index

Constants

View Source
const SignerDomain string = "hypershift.openshift.io"

SignerDomain is the domain all certificate signers identify under for HyperShift

Variables

This section is empty.

Functions

func CommonNamePrefix added in v0.1.19

func CommonNamePrefix(signer SignerClass) string

func GetCertApprovalCondition

func GetCertApprovalCondition(status *certificatesv1.CertificateSigningRequestStatus) (approved bool, denied bool)

func HasTrueCondition

HasTrueCondition returns true if the csr contains a condition of the specified type with a status that is set to True or is empty

func IsCertificateRequestApproved

func IsCertificateRequestApproved(csr *certificatesv1.CertificateSigningRequest) bool

IsCertificateRequestApproved returns true if a certificate request has the "Approved" condition and no "Denied" conditions; false otherwise.

func KeyUsagesFromStrings added in v0.1.18

func KeyUsagesFromStrings(usages []certificatesv1.KeyUsage) (x509.KeyUsage, []x509.ExtKeyUsage, error)

KeyUsagesFromStrings will translate a slice of usage strings from the certificates API ("pkg/apis/certificates".KeyUsage) to x509.KeyUsage and x509.ExtKeyUsage types.

func ParseCSR

func ParseCSR(pemBytes []byte) (*x509.CertificateRequest, error)

ParseCSR decodes a PEM encoded CSR

func SignerNameForHC

func SignerNameForHC(hc *hypershiftv1beta1.HostedCluster, signer SignerClass) string

SignerNameForHC derives a signer name that's unique to this signer class for this specific HostedControlPlane.

func SignerNameForHCP

func SignerNameForHCP(hcp *hypershiftv1beta1.HostedControlPlane, signer SignerClass) string

SignerNameForHCP derives a signer name that's unique to this signer class for this specific HostedControlPlane.

func ValidSignerClass added in v0.1.19

func ValidSignerClass(input string) bool

func ValidUsagesFor

func ValidUsagesFor(signer SignerClass) (required, optional sets.Set[certificatesv1.KeyUsage])

ValidUsagesFor declares the valid usages for a CertificateSigningRequest, given a signer.

Types

type SignerClass

type SignerClass string

SignerClass is a well-known identifier for a certificate signer known to the HostedControlPlane

const (
	// CustomerBreakGlassSigner is the signer class used to mint break-glass credentials for customers.
	CustomerBreakGlassSigner SignerClass = "customer-break-glass"
	// SREBreakGlassSigner is the signer class used to mint break-glass credentials for SRE.
	SREBreakGlassSigner SignerClass = "sre-break-glass"
)

type ValidatorFunc

type ValidatorFunc func(csr *certificatesv1.CertificateSigningRequest, x509cr *x509.CertificateRequest) error

ValidatorFunc knows how to validate a CertificateSigningRequest

func Validator

Validator returns a function that validates CertificateSigningRequests

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL