Documentation
¶
Index ¶
- func GetCRL(r *GetCRLRequest) ([]byte, error)
- func IssueClientCertificate(r *IssueCertificateRequest) (string, error)
- func ListUsers(r *ListUsersRequest) (map[string][]Certificate, error)
- func RevokeUser(r *RevokeUserRequest) error
- func RotateCRL(r *RotateCRLRequest) error
- func UpdateCRL(r *UpdateCRLRequest) ([]byte, error)
- type Certificate
- type GetCRLRequest
- type IssueCertificateRequest
- type ListUsersRequest
- type RevokeUserRequest
- type RotateCRLRequest
- type UpdateCRLRequest
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetCRL ¶
func GetCRL(r *GetCRLRequest) ([]byte, error)
GetCRL return the Client Revocation List PEM as a []byte
func IssueClientCertificate ¶
func IssueClientCertificate(r *IssueCertificateRequest) (string, error)
IssueClientCertificate generates a new certificate for a given users, causing the revocation of other certificates emitted for that same user
func ListUsers ¶
func ListUsers(r *ListUsersRequest) (map[string][]Certificate, error)
ListUsers retrieves the list of all Client VPN users and certificates
func RevokeUser ¶
func RevokeUser(r *RevokeUserRequest) error
RevokeUser revokes all the issued certificates for a given user
func RotateCRL ¶
func RotateCRL(r *RotateCRLRequest) error
func UpdateCRL ¶
func UpdateCRL(r *UpdateCRLRequest) ([]byte, error)
UpdateCRL maintains the CRL to keep just one active certificte per VPN user. This will always be the one emitted at a later date. Users can also have all their certificates revoked.
Types ¶
type Certificate ¶
type Certificate struct {
SerialNumber string `json:"serial"`
IssuerCN string `json:"issuer-cn"`
SubjectCN string `json:"subject-cn"`
NotBefore time.Time `json:"notBefore"`
NotAfter time.Time `json:"notAfter"`
Revoked bool `json:"revoked"`
CertificatePEM string `json:"certificate-pem"`
}
Certificate represents a certificate stored in the vault cvpn-pki secret engine
type GetCRLRequest ¶
GetCRLRequest is the structure containing the required data to issue a new certificate
type IssueCertificateRequest ¶
type IssueCertificateRequest struct {
Client *api.Client
VaultPKIPaths []string
Username string
VaultPKIRole string
ClientVPNEndpointID string
VaultKVPath string
CfgTplPath string
Temporary bool
}
IssueCertificateRequest is the structure containing the required data to issue a new certificate
type ListUsersRequest ¶
ListUsersRequest is the structure containing the required data to issue a new certificate
type RevokeUserRequest ¶
type RevokeUserRequest struct {
Client *api.Client
VaultPKIPath string
Username string
ClientVPNEndpointID string
}
RevokeUserRequest is the structure containing the required data to issue a new certificate
type RotateCRLRequest ¶
RotateCRLRequest is the structure containing the required data to rotate the Client Revocation List
Source Files