tlsconfigutil

package

v0.35.0 Latest Latest Go to latest Published: Nov 5, 2024 License: Apache-2.0 Imports: 12 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/vmware-tanzu/pinniped

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type CABundle
- func NewCABundle(caBundle []byte) (*CABundle, bool)
- func ValidateTLSConfig(tlsSpec *TLSSpec, conditionPrefix string, namespace string, ...) (*metav1.Condition, *CABundle)
type CABundleHash
- func NewCABundleHash(bundle []byte) CABundleHash
- func (a CABundleHash) Equal(b CABundleHash) bool
type TLSSpec
- func TLSSpecForConcierge(source *authenticationv1alpha1.TLSSpec) *TLSSpec
- func TLSSpecForSupervisor(source *idpv1alpha1.TLSSpec) *TLSSpec

Constants ¶

View Source

const (
	ReasonInvalidTLSConfig = "InvalidTLSConfig"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type CABundle ¶

type CABundle struct {
	// contains filtered or unexported fields
}

CABundle abstracts the internal representation of CA certificate bundles.

func NewCABundle ¶

func NewCABundle(caBundle []byte) (*CABundle, bool)

func ValidateTLSConfig ¶

func ValidateTLSConfig(
	tlsSpec *TLSSpec,
	conditionPrefix string,
	namespace string,
	secretInformer corev1informers.SecretInformer,
	configMapInformer corev1informers.ConfigMapInformer,
) (*metav1.Condition, *CABundle)

ValidateTLSConfig reads ca bundle in the tlsSpec, supplied either inline using the CertificateAuthorityDate or as a reference to a kubernetes secret or configmap using the CertificateAuthorityDataSource, and returns - a condition of type TLSConfigurationValid based on the validity of the ca bundle, - a CABundle - an abstraction of internal representation of CA certificate bundles.

func (*CABundle) CertPool ¶

func (c *CABundle) CertPool() *x509.CertPool

CertPool returns a X509 cert pool with the CA certificate bundle.

func (*CABundle) Hash ¶

func (c *CABundle) Hash() CABundleHash

Hash returns a sha256 sum of the CA bundle bytes.

func (*CABundle) PEMBytes ¶

func (c *CABundle) PEMBytes() []byte

PEMBytes returns the CA certificate bundle PEM bytes.

func (*CABundle) PEMString ¶

func (c *CABundle) PEMString() string

PEMString returns the certificate bundle PEM formatted as a string.

type CABundleHash ¶

type CABundleHash struct {
	// contains filtered or unexported fields
}

func NewCABundleHash ¶

func NewCABundleHash(bundle []byte) CABundleHash

func (CABundleHash) Equal ¶

func (a CABundleHash) Equal(b CABundleHash) bool

type TLSSpec ¶

type TLSSpec struct {
	// X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted.
	CertificateAuthorityData string
	// Reference to a CA bundle in a secret or a configmap.
	CertificateAuthorityDataSource *caBundleSource
}

TLSSpec unifies the TLSSpec type that Supervisor and Concierge both individually define. unifying these two definitions to allow sharing code that will read the spec and translate it into a CA bundle.

func TLSSpecForConcierge ¶

func TLSSpecForConcierge(source *authenticationv1alpha1.TLSSpec) *TLSSpec

TLSSpecForConcierge is a helper function to convert the Concierge's TLSSpec to the unified TLSSpec.

func TLSSpecForSupervisor ¶

func TLSSpecForSupervisor(source *idpv1alpha1.TLSSpec) *TLSSpec

TLSSpecForSupervisor is a helper function to convert the Supervisor's TLSSpec to the unified TLSSpec.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL