Documentation ¶
Index ¶
- Constants
- func GenerateCA() ([]byte, crypto.PrivateKey, error)
- func GenerateNodeCert(caCert *x509.Certificate, caKey crypto.PrivateKey, hosts []string) ([]byte, crypto.PrivateKey, error)
- func LoadClientTLSConfig(caPEM []byte) (*tls.Config, error)
- func LoadClientTLSConfigFromDir(certDir string) (*tls.Config, error)
- func LoadInsecureClientTLSConfig() *tls.Config
- func LoadInsecureTLSConfig() *tls.Config
- func LoadTLSConfig(certPEM, keyPEM, caPEM []byte) (*tls.Config, error)
- func LoadTLSConfigFromDir(certDir string) (*tls.Config, error)
- func ResetReadFileFn()
- func RunCreateCACert(certsDir string) error
- func RunCreateNodeCert(certsDir string, hosts []string) error
- func SetReadFileFn(f func(string) ([]byte, error))
Constants ¶
const (
// EmbeddedCertsDir is the certs directory inside embedded assets.
EmbeddedCertsDir = "test_certs"
)
Variables ¶
This section is empty.
Functions ¶
func GenerateCA ¶
func GenerateCA() ([]byte, crypto.PrivateKey, error)
GenerateCA generates a CA certificate and returns the cert bytes as well as the private key used to generate the certificate.
func GenerateNodeCert ¶
func GenerateNodeCert(caCert *x509.Certificate, caKey crypto.PrivateKey, hosts []string) ( []byte, crypto.PrivateKey, error)
GenerateNodeCert generates a node certificate and returns the cert bytes as well as the private key used to generate the certificate. The CA cert and private key should be passed in.
func LoadClientTLSConfig ¶
LoadClientTLSConfig creates a client TLSConfig from the supplied byte strings containing the certificate of the cluster CA.
func LoadClientTLSConfigFromDir ¶
LoadClientTLSConfigFromDir creates a client TLSConfig by loading the root CA certs from the specified directory. The directory must contain ca.crt.
func LoadInsecureClientTLSConfig ¶
LoadInsecureClientTLSConfig creates a TLSConfig that disables TLS.
func LoadInsecureTLSConfig ¶
LoadInsecureTLSConfig creates a TLSConfig that disables TLS.
func LoadTLSConfig ¶
LoadTLSConfig creates a TLSConfig from the supplied byte strings containing - the certificate of the cluster CA, - the certificate of this node (should be signed by the CA), - the private key of this node.
func LoadTLSConfigFromDir ¶
LoadTLSConfigFromDir creates a TLSConfig by loading our keys and certs from the specified directory. The directory must contain the following files: - ca.crt -- the certificate of the cluster CA - node.crt -- the certificate of this node; should be signed by the CA - node.key -- the private key of this node If the path is prefixed with "embedded=", load the embedded certs.
func ResetReadFileFn ¶
func ResetReadFileFn()
ResetReadFileFn is the counterpart to SetReadFileFn, restoring the original behaviour for loading certificate related data from disk.
func RunCreateCACert ¶
RunCreateCACert is the entry-point from the command-line interface to generate CA cert and key.
func RunCreateNodeCert ¶
RunCreateNodeCert is the entry-point from the command-line interface to generate node cert and key.
func SetReadFileFn ¶
SetReadFileFn allows to switch out ioutil.ReadFile by a mock for testing purposes.
Types ¶
This section is empty.
Directories ¶
Path | Synopsis |
---|---|
Package securitytest embeds the TLS test certificates.
|
Package securitytest embeds the TLS test certificates. |