certificates

package
v0.1.46 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 29, 2024 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Index

Constants

View Source 
const SignerDomain string = "hypershift.openshift.io"

SignerDomain is the domain all certificate signers identify under for HyperShift

Variables

This section is empty.

Functions

func CommonNamePrefix added in v0.1.19 

func CommonNamePrefix(signer SignerClass) string

func GetCertApprovalCondition 

func GetCertApprovalCondition(status *certificatesv1.CertificateSigningRequestStatus) (approved bool, denied bool)

func HasTrueCondition 

func HasTrueCondition(csr *certificatesv1.CertificateSigningRequest, conditionType certificatesv1.RequestConditionType) bool

HasTrueCondition returns true if the csr contains a condition of the specified type with a status that is set to True or is empty

func IsCertificateRequestApproved 

func IsCertificateRequestApproved(csr *certificatesv1.CertificateSigningRequest) bool

IsCertificateRequestApproved returns true if a certificate request has the "Approved" condition and no "Denied" conditions; false otherwise.

func KeyUsagesFromStrings added in v0.1.18 

func KeyUsagesFromStrings(usages []certificatesv1.KeyUsage) (x509.KeyUsage, []x509.ExtKeyUsage, error)

KeyUsagesFromStrings will translate a slice of usage strings from the certificates API ("pkg/apis/certificates".KeyUsage) to x509.KeyUsage and x509.ExtKeyUsage types.

func ParseCSR 

func ParseCSR(pemBytes []byte) (*x509.CertificateRequest, error)

ParseCSR decodes a PEM encoded CSR

func SignerNameForHC 

func SignerNameForHC(hc *hypershiftv1beta1.HostedCluster, signer SignerClass) string

SignerNameForHC derives a signer name that's unique to this signer class for this specific HostedControlPlane.

func SignerNameForHCP 

func SignerNameForHCP(hcp *hypershiftv1beta1.HostedControlPlane, signer SignerClass) string

SignerNameForHCP derives a signer name that's unique to this signer class for this specific HostedControlPlane.

func ValidSignerClass added in v0.1.19 

func ValidSignerClass(input string) bool

func ValidUsagesFor 

func ValidUsagesFor(signer SignerClass) (required, optional sets.Set[certificatesv1.KeyUsage])

ValidUsagesFor declares the valid usages for a CertificateSigningRequest, given a signer.

Types

type SignerClass 

type SignerClass string

SignerClass is a well-known identifier for a certificate signer known to the HostedControlPlane 

const (
	// CustomerBreakGlassSigner is the signer class used to mint break-glass credentials for customers.
	CustomerBreakGlassSigner SignerClass = "customer-break-glass"
	// SREBreakGlassSigner is the signer class used to mint break-glass credentials for SRE.
	SREBreakGlassSigner SignerClass = "sre-break-glass"
)

type ValidatorFunc 

type ValidatorFunc func(csr *certificatesv1.CertificateSigningRequest, x509cr *x509.CertificateRequest) error

ValidatorFunc knows how to validate a CertificateSigningRequest

func Validator 

func Validator(hcp *hypershiftv1beta1.HostedControlPlane, signer SignerClass) ValidatorFunc

Validator returns a function that validates CertificateSigningRequests

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.