pki

package
v2.0.0-beta.3+incompat... Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 26, 2018 License: Apache-2.0 Imports: 20 Imported by: 1

Documentation

Index

Constants

View Source
const (
	MastersGroup = "system:masters"
)

Variables

View Source
var (
	ErrInvalidCA          = errors.New("certificate is not a certificate authority")
	ErrEmptyPair          = errors.New("pair or cert/key is empty")
	ErrUploadCertificates = errors.New("failed to upload certificates")
)

Functions

func NewCertAndKey

func NewCertAndKey(caCert *x509.Certificate, caKey *rsa.PrivateKey, config *certutil.Config) (*x509.Certificate, *rsa.PrivateKey, error)

NewCertAndKey creates signed certificate and key for the provided CA.

Types

type CARequest

type CARequest struct {
	DNSDomain string   `json:"dnsDomain" valid:"required"`
	IPs       []string `json:"ips" valid:"required"`
	CA        []byte   `json:"ca" valid:"optional"`
}

CARequest defines a request to generate or use CA if provided to setup PKI for k8s cluster

type Handler

type Handler struct {
	// contains filtered or unexported fields
}

func NewHandler

func NewHandler(svc *Service) *Handler

func (*Handler) Delete

func (h *Handler) Delete(w http.ResponseWriter, r *http.Request)

func (*Handler) Generate

func (h *Handler) Generate(w http.ResponseWriter, r *http.Request)

func (*Handler) Get

func (h *Handler) Get(w http.ResponseWriter, r *http.Request)

func (*Handler) GetAll

func (h *Handler) GetAll(w http.ResponseWriter, r *http.Request)

func (*Handler) Register

func (h *Handler) Register(r mux.Router)

type PKI

type PKI struct {
	ID string   `json:"id"`
	CA *PairPEM `json:"ca"`
	//KubeName is a sg specific name of a k8s cluster
	KubeName string `json:"kubeName"`
}

PKI defines a set of certificates/keys for a kubernetes cluster.

type Pair

type Pair struct {
	Cert *x509.Certificate
	Key  *rsa.PrivateKey
}

Pair defines a certificate and a private key.

func Decode

func Decode(p *PairPEM) (*Pair, error)

Decode parses a pem encoded cert/key and returns them as a Pair.

type PairPEM

type PairPEM struct {
	Cert []byte `json:"cert"`
	Key  []byte `json:"key"`
}

PairPEM defines PEM encoded certificate and private key. TODO: user cert pair in the kube model or get rid of it.

func Encode

func Encode(p *Pair) (*PairPEM, error)

Encode encodes cert/key with PEM and returns them as a PairPEM.

func NewAdminPair

func NewAdminPair(ca *PairPEM) (*PairPEM, error)

NewAdminPair creates certificates for the kubernetes admin user.

func NewCAPair

func NewCAPair(parentBytes []byte) (*PairPEM, error)

NewCAPair creates certificates and key for a kubernetes cluster. If no CA cert/key is provided, it creates self-signed ones.

func NewUserPair

func NewUserPair(userName string, userGroups []string, caEncoded *PairPEM) (*PairPEM, error)

NewUserPair creates certificates for a kubernetes user.

type Service

type Service struct {
	// contains filtered or unexported fields
}

func NewService

func NewService(storagePrefix string, repository storage.Interface) *Service

func (*Service) Delete

func (s *Service) Delete(ctx context.Context, ID string) error

func (*Service) GenerateFromCA

func (s *Service) GenerateFromCA(ctx context.Context, parentBytes []byte) (*PKI, error)

func (*Service) GenerateSelfSigned

func (s *Service) GenerateSelfSigned(ctx context.Context) (*PKI, error)

func (*Service) Get

func (s *Service) Get(ctx context.Context, ID string) (*PKI, error)

func (*Service) GetAll

func (s *Service) GetAll(ctx context.Context) ([]*PKI, error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL