Documentation
¶
Index ¶
- Constants
- Variables
- func ExposeMetrics(options config.Options, stopCh <-chan struct{}, wg *sync.WaitGroup, ...)
- type Operator
- type SymantecMetricsCollector
- type TestSuite
- type ViceCertificate
- func (vc *ViceCertificate) DoesCertificateAndHostMatch() bool
- func (vc *ViceCertificate) DoesCertificateExpireSoon(minCertValidityDays int) bool
- func (vc *ViceCertificate) DoesKeyAndCertificateTally() bool
- func (vc *ViceCertificate) DoesRemoteCertificateMatch() bool
- func (vc *ViceCertificate) IsRevoked() bool
Constants ¶
View Source
const ( // CertificateType is exactly that. CertificateType = "CERTIFICATE" // PrivateKeyType is exactly that. PrivateKeyType = "RSA PRIVATE KEY" // SecretTLSCertType defines under which key the certificate is stored in the secret. // The following cert types will also be considered: // (1) with underscore and dot, e.g.: tls_cert || tls.cert // (2) *.cert | *.crt SecretTLSCertType = "tls.crt" // SecretTLSKeyType defines under which key the private key is stored in the secret. // The following key types will be checked: // (1) with underscore and dot, e.g.: tls_key || tls.key SecretTLSKeyType = "tls.key" // IngressStateEnroll means a enrollment request has to be issued. IngressStateEnroll = "enroll" // IngressStateRenew means a renewal request has to be be issued. IngressStateRenew = "renew" // IngressStateApprove means that a certificate has to be approved. IngressStateApprove = "approve" // IngressStateApproved means that a certificate was approved. IngressStateApproved = "approved" // IngressStatePickup means that a certificate has to be picked up. IngressStatePickup = "pickup" // IngressStateReplace means that a certificate has to be replaced. IngressStateReplace = "replace" // BaseDelay defines the delay after which an ingress is added to the workqueue. BaseDelay = 5 * time.Second // TmpPath points to tmp directory. TmpPath = "/tmp" // AnnotationCertificateReplacement triggers one-time replacement of certificates for all hosts defined by the ingress. AnnotationCertificateReplacement = "vice-president/replace-cert" // AnnotationSecretClaimedByIngress is used to indicate that a secret is being used by another ingress. // This prevents multiple ingress' from using the same secret. AnnotationSecretClaimedByIngress = "vice-president/claimed-by-ingress" // RateLimitPeriod is the period after which all rate limits are reset. RateLimitPeriod = 1 * time.Hour // IngressFakeCN is the CN of the ingress controllers fake certificate. IngressFakeCN = "Kubernetes Ingress Controller Fake Certificate" // IngressFakeHost is the list of hosts used by the ingress controllers fake certificate. IngressFakeHost = "ingress.local" // ReasonSuperseded is the reason for replacing a existing certificate. ReasonSuperseded = "SUPERSEDED" // UpdateEvent is the type of an update event. UpdateEvent = "UpdateCertificate" )
View Source
const ( // FIXTURES path to the subfolder containing fixtures. FIXTURES = "fixtures" // TESTPORT the port used by the MockServer. TESTPORT = 8001 )
View Source
const (
// MetricNamespace used as prefix for metrics
MetricNamespace = "vice_president"
)
Variables ¶
View Source
var (
// VERSION of the vice president
VERSION = "0.0.0.dev"
)
Functions ¶
Types ¶
type Operator ¶
Operator is the vice-president certificate operator
type SymantecMetricsCollector ¶
type SymantecMetricsCollector struct {
prometheus.Collector
// contains filtered or unexported fields
}
SymantecMetricsCollector ..
func NewSymantecMetricsCollector ¶
func NewSymantecMetricsCollector(options config.Options, logger log.Logger) *SymantecMetricsCollector
NewSymantecMetricsCollector returns a new collector for Symantec metrics.
func (*SymantecMetricsCollector) Collect ¶
func (m *SymantecMetricsCollector) Collect(ch chan<- prometheus.Metric)
Collect ..
func (*SymantecMetricsCollector) Describe ¶
func (m *SymantecMetricsCollector) Describe(ch chan<- *prometheus.Desc)
Describe ..
type TestSuite ¶
type TestSuite struct {
suite.Suite
VP *Operator
HTTPMux *http.ServeMux
TestPort int
Cert *x509.Certificate
CertByte []byte
Key *rsa.PrivateKey
KeyByte []byte
Secret *coreV1.Secret
ViceCert *ViceCertificate
IntermediateCertByte []byte
}
TestSuite ..
func (*TestSuite) SetupMockEndpoints ¶
func (s *TestSuite) SetupMockEndpoints()
SetupMockEndpoints defines the endpoints available during mock tests
func (*TestSuite) TearDownSuite ¶
func (s *TestSuite) TearDownSuite()
TearDownSuite tears down the testsuite
type ViceCertificate ¶
type ViceCertificate struct {
// contains filtered or unexported fields
}
ViceCertificate contains all properties requires by the Symantec VICE API
func NewViceCertificate ¶
func NewViceCertificate(ingress *extensionsv1beta1.Ingress, secretName, host string, sans []string, intermediateCertificate *x509.Certificate, rootCertificates *x509.CertPool) *ViceCertificate
NewViceCertificate returns a new vice certificate.
func (*ViceCertificate) DoesCertificateAndHostMatch ¶
func (vc *ViceCertificate) DoesCertificateAndHostMatch() bool
DoesCertificateAndHostMatch checks that a given certificate is for the correct host and SANs.
func (*ViceCertificate) DoesCertificateExpireSoon ¶
func (vc *ViceCertificate) DoesCertificateExpireSoon(minCertValidityDays int) bool
DoesCertificateExpireSoon checks if a certificate is already expired or will expire within the next n month?
func (*ViceCertificate) DoesKeyAndCertificateTally ¶
func (vc *ViceCertificate) DoesKeyAndCertificateTally() bool
DoesKeyAndCertificateTally checks if a given private key is for the correct certificate.
func (*ViceCertificate) DoesRemoteCertificateMatch ¶
func (vc *ViceCertificate) DoesRemoteCertificateMatch() bool
DoesRemoteCertificateMatch connects to the URL, does the TLS handshake and checks if the certificates match
func (*ViceCertificate) IsRevoked ¶
func (vc *ViceCertificate) IsRevoked() bool
IsRevoked checks whether the certificate was revoked using OCSP (Online Certificate Status Protocol)
Source Files
Click to show internal directories.
Click to hide internal directories.