tlsconfigutil

package
v0.37.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 15, 2025 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Index

Constants

View Source
const (
	ReasonInvalidTLSConfig = "InvalidTLSConfig"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type CABundle

type CABundle struct {
	// contains filtered or unexported fields
}

CABundle abstracts the internal representation of CA certificate bundles.

func NewCABundle

func NewCABundle(caBundle []byte) (*CABundle, bool)

func ValidateTLSConfig

func ValidateTLSConfig(
	tlsSpec *TLSSpec,
	conditionPrefix string,
	namespace string,
	secretInformer corev1informers.SecretInformer,
	configMapInformer corev1informers.ConfigMapInformer,
) (*metav1.Condition, *CABundle)

ValidateTLSConfig reads ca bundle in the tlsSpec, supplied either inline using the CertificateAuthorityDate or as a reference to a kubernetes secret or configmap using the CertificateAuthorityDataSource, and returns - a condition of type TLSConfigurationValid based on the validity of the ca bundle, - a CABundle - an abstraction of internal representation of CA certificate bundles.

func (*CABundle) CertPool

func (c *CABundle) CertPool() *x509.CertPool

CertPool returns a X509 cert pool with the CA certificate bundle.

func (*CABundle) Hash

func (c *CABundle) Hash() CABundleHash

Hash returns a sha256 sum of the CA bundle bytes.

func (*CABundle) PEMBytes

func (c *CABundle) PEMBytes() []byte

PEMBytes returns the CA certificate bundle PEM bytes.

func (*CABundle) PEMString

func (c *CABundle) PEMString() string

PEMString returns the certificate bundle PEM formatted as a string.

type CABundleHash

type CABundleHash struct {
	// contains filtered or unexported fields
}

func NewCABundleHash

func NewCABundleHash(bundle []byte) CABundleHash

func (CABundleHash) Equal

func (a CABundleHash) Equal(b CABundleHash) bool

type TLSSpec

type TLSSpec struct {
	// X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted.
	CertificateAuthorityData string
	// Reference to a CA bundle in a secret or a configmap.
	CertificateAuthorityDataSource *caBundleSource
}

TLSSpec unifies the TLSSpec type that Supervisor and Concierge both individually define. unifying these two definitions to allow sharing code that will read the spec and translate it into a CA bundle.

func TLSSpecForConcierge

func TLSSpecForConcierge(source *authenticationv1alpha1.TLSSpec) *TLSSpec

TLSSpecForConcierge is a helper function to convert the Concierge's TLSSpec to the unified TLSSpec.

func TLSSpecForSupervisor

func TLSSpecForSupervisor(source *idpv1alpha1.TLSSpec) *TLSSpec

TLSSpecForSupervisor is a helper function to convert the Supervisor's TLSSpec to the unified TLSSpec.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL