certsigner

package

v0.0.0-...-edd4e59 Latest Latest Go to latest Published: Aug 25, 2020 License: Apache-2.0 Imports: 24 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/coreos/kubecsr

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func HandleHealthCheck(w http.ResponseWriter, r *http.Request)
func StartSignerServer(c Config) error
type CertKey
type CertServer
- func NewServer(c Config) (*CertServer, error)
type CertSigner
- func NewSigner(s *SignerCA, policy *config.Signing) (*CertSigner, error)
- func (s *CertSigner) Sign(csr *capi.CertificateSigningRequest) (*capi.CertificateSigningRequest, error)
type Config
type SignerCA
type SignerCAFiles

Constants ¶

This section is empty.

Variables ¶

View Source

var (

	// ErrInvalidOrg defines a global error for invalid organization
	ErrInvalidOrg = errors.New("invalid organization")
	// ErrInvalidCN defines a global error for invalid subject common name
	ErrInvalidCN = errors.New("invalid subject Common Name")
	// ErrProfileSupport defines a global error for a profile which was not backed by a CA signer cert..
	ErrProfileSupport = errors.New("csr profile is not currently supported")
)

Functions ¶

func StartSignerServer ¶

func StartSignerServer(c Config) error

StartSignerServer initializes a new signer instance.

Types ¶

type CertKey ¶

type CertKey struct {
	CertFile, KeyFile string
}

CertKey stores files for the cert and key pair.

type CertServer ¶

type CertServer struct {
	// contains filtered or unexported fields
}

CertServer is the object that handles the HTTP requests and responses. It recieves CSR approval requests from the client agent which the `signer` then attempts to sign. If successful, the approved CSR is returned to the agent which contains the signed certificate.

func NewServer ¶

func NewServer(c Config) (*CertServer, error)

NewServer returns a CertServer object that has a CertSigner object as a part of it

func (*CertServer) HandleGetCSR ¶

func (s *CertServer) HandleGetCSR(w http.ResponseWriter, r *http.Request)

HandleGetCSR retrieves a CSR from a directory location (`csrDir`) and returns it to an agent.

func (*CertServer) HandlePostCSR ¶

func (s *CertServer) HandlePostCSR(w http.ResponseWriter, r *http.Request)

HandlePostCSR takes in a CSR, attempts to approve it and writes the CSR to a file in the `csrDir`. It returns a `http.StatusOK` to the client if the recieved CSR can be sucessfully decoded.

func (*CertServer) ServeHTTP ¶

func (s *CertServer) ServeHTTP(w http.ResponseWriter, r *http.Request)

type CertSigner ¶

type CertSigner struct {
	// contains filtered or unexported fields
}

CertSigner signs a certiifcate using a `cfssl` Signer.

NOTE: the CertSigner only signs certificates for `etcd` nodes, any other certificate request from other nodes will be declined.

func NewSigner ¶

func NewSigner(s *SignerCA, policy *config.Signing) (*CertSigner, error)

NewSigner returns a CertSigner object after filling in its attibutes from the `Config` provided.

func (*CertSigner) Sign ¶

func (s *CertSigner) Sign(csr *capi.CertificateSigningRequest) (*capi.CertificateSigningRequest, error)

Sign sends a signature request to the local signer, receiving a signed certificate or an error in response. If successful, It then returns the CSR which contains the newly signed certificate.

Note: A signed certificate is issued only for etcd profiles.

type Config ¶

type Config struct {
	// SignerCAFiles
	SignerCAFiles
	// ServerCertKeys is a list of server certificates for serving on TLS based on SNI
	ServerCertKeys []CertKey
	// ListenAddress is the address at which the server listens for requests
	ListenAddress string
	// InsecureHealthCheckAddress is the address at which the server listens for insecure health checks
	InsecureHealthCheckAddress string
	// EtcdMetricCertDuration
	EtcdMetricCertDuration time.Duration
	// EtcdPeerCertDuration is the cert duration for the `EtcdPeer` profile
	EtcdPeerCertDuration time.Duration
	// EtcdServerCertDuration is the cert duration for the `EtcdServer` profile
	EtcdServerCertDuration time.Duration
	// CSRDir is the directory location where the signer stores CSRs and serves them
	CSRDir string
}

Config holds the configuration values required to start a new signer

type SignerCA ¶

type SignerCA struct {
	// contains filtered or unexported fields
}

SignerCA stores the PEM encoded cert and key blocks.

type SignerCAFiles ¶

type SignerCAFiles struct {
	// CACert is the file location of the Certificate Authority certificate
	CACert string
	// CAKey is the file location of the Certificate Authority private key
	CAKey string
	// MetricCACert is the file location of the metrics Certificate Authority certificate
	MetricCACert string
	// MetricCAKey is the file location of the metrics Certificate Authority private key
	MetricCAKey string
}

SignerCAFiles holds the file paths to the signer CA assets

Source Files ¶

View all Source files

signer.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL