GO-2023-1925: Weave GitOps Terraform Controller Information Disclosure Vulnerability in github.com/weaveworks/tf-controller

mtls

package

v0.9.5-rc.3 Latest Latest Go to latest Published: May 22, 2022 License: MPL-2.0 Imports: 30 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/weaveworks/tf-controller

Documentation ¶

Index ¶

func AddRotator(ctx context.Context, mgr manager.Manager, cr *CertRotator) error
func GetGRPCClientCredentials(secret *corev1.Secret) (credentials.TransportCredentials, error)
func GetGRPCServerCredentials(secret *corev1.Secret) (credentials.TransportCredentials, error)
func RunnerServe(namespace, addr string, sigterm chan os.Signal) error
func StartGRPCServerForTesting(ctx context.Context, server *runner.TerraformRunnerServer, namespace string, ...) error
func ValidCert(caCert, cert, key []byte, dnsName string, at time.Time) (bool, error)
type CertRotator
type KeyPairArtifacts

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func AddRotator ¶

func AddRotator(ctx context.Context, mgr manager.Manager, cr *CertRotator) error

AddRotator adds the CertRotator to the manager

func GetGRPCClientCredentials ¶

func GetGRPCClientCredentials(secret *corev1.Secret) (credentials.TransportCredentials, error)

GetGRPCClientCredentials returns transport credentials for a client connection

func GetGRPCServerCredentials ¶

func GetGRPCServerCredentials(secret *corev1.Secret) (credentials.TransportCredentials, error)

GetGRPCServerCredentials returns transport credentials for a server

func RunnerServe ¶

func RunnerServe(namespace, addr string, sigterm chan os.Signal) error

func StartGRPCServerForTesting ¶

func StartGRPCServerForTesting(ctx context.Context, server *runner.TerraformRunnerServer, namespace string, addr string, mgr controllerruntime.Manager, rotator *CertRotator) error

StartGRPCServerForTesting should be used only for testing

func ValidCert ¶

func ValidCert(caCert, cert, key []byte, dnsName string, at time.Time) (bool, error)

ValidCert verifies if the cert is valid for the given hostname and time

Types ¶

type CertRotator ¶

type CertRotator struct {
	SecretKey      types.NamespacedName
	CAName         string
	CAOrganization string
	DNSName        string

	Ready                  chan struct{}
	CAValidityDuration     time.Duration
	CertValidityDuration   time.Duration
	RotationCheckFrequency time.Duration
	LookaheadInterval      time.Duration
	// contains filtered or unexported fields
}

CertRotator contains cert artifacts and a channel to close when the certs are ready.

func (*CertRotator) IsCertReady ¶

func (cr *CertRotator) IsCertReady(ctx context.Context) bool

func (*CertRotator) RefreshRunnerCertIfNeeded ¶

func (cr *CertRotator) RefreshRunnerCertIfNeeded(ctx context.Context, hostname string, tlsCertSecret *corev1.Secret) error

func (*CertRotator) Start ¶

func (cr *CertRotator) Start(ctx context.Context) error

Start starts the CertRotator runnable to rotate certs and ensure the certs are ready.

type KeyPairArtifacts ¶

type KeyPairArtifacts struct {
	Cert    *x509.Certificate
	Key     *rsa.PrivateKey
	CertPEM []byte
	KeyPEM  []byte
}

KeyPairArtifacts stores cert artifacts.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL