config

package
v1.0.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 13, 2022 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Index

Constants

View Source 
const DAEMON_CHECK_CMD = "while true; do if [ -f /shared/daemon-launched ]; then break; fi; done"

Variables

This section is empty.

Functions

func AddDaemonContainer 

func AddDaemonContainer(config *HSMConfig, resource Resource, contResource corev1.ResourceRequirements, pvcMount *corev1.VolumeMount)

AddDaemonContainer appends an init container responsible for launching HSM daemon as a background process within the processNamespace of the pod

func NodeOUConfigToBytes 

func NodeOUConfigToBytes(config *NodeOUConfig) ([]byte, error)

Types

type Auth 

type Auth struct {
	ImagePullSecret string `json:"imagePullSecret,omitempty"`
}

Auth represents the authentication methods that are supported

func (*Auth) BuildPullSecret 

func (a *Auth) BuildPullSecret() corev1.LocalObjectReference

BuildPullSecret builds the pull secret string into the type expected by kubernetes

type Client 

type Client interface {
	Get(ctx context.Context, key client.ObjectKey, obj client.Object) error
}

Client defines the contract to get resources from clusters

type Crypto 

type Crypto interface {
	GetCrypto() (*Response, error)
	PingCA() error
	Validate() error
}

type CryptoResponse 

type CryptoResponse struct {
	Enrollment *Response
	TLS        *Response
	ClientAuth *Response
}

func (*CryptoResponse) VerifyCertOU 

func (c *CryptoResponse) VerifyCertOU(crType string) error

type Cryptos 

type Cryptos struct {
	Enrollment Crypto
	TLS        Crypto
	ClientAuth Crypto
}

func (*Cryptos) GenerateCryptoResponse 

func (c *Cryptos) GenerateCryptoResponse() (*CryptoResponse, error)

type Daemon 

type Daemon struct {
	Image           string                       `json:"image"`
	Envs            []corev1.EnvVar              `json:"envs,omitempty"`
	Auth            *Auth                        `json:"auth,omitempty"`
	SecurityContext *container.SecurityContext   `json:"securityContext,omitempty"`
	Resources       *corev1.ResourceRequirements `json:"daemon,omitempty"`
}

Daemon represents that configuration for the HSM Daemon

func (*Daemon) BuildPullSecret 

func (d *Daemon) BuildPullSecret() corev1.LocalObjectReference

BuildPullSecret builds the string secret into the type expected by kubernetes

func (*Daemon) GetEnvs 

func (d *Daemon) GetEnvs() []corev1.EnvVar

GetEnvs returns environment variables

type HSMConfig 

type HSMConfig struct {
	Type       string          `json:"type,omitempty"`
	Version    string          `json:"version,omitempty"`
	Library    Library         `json:"library"`
	MountPaths []MountPath     `json:"mountpaths"`
	Envs       []corev1.EnvVar `json:"envs,omitempty"`
	Daemon     *Daemon         `json:"daemon,omitempty"`
}

HSMConfig defines the configuration parameters for HSMs

func ReadHSMConfig 

func ReadHSMConfig(client Client, instance metav1.Object) (*HSMConfig, error)

ReadHSMConfig reads hsm configuration from 'ibp-hsm-config', and key 'ibp-hsm-config.yaml' from data

func (*HSMConfig) BuildPullSecret 

func (h *HSMConfig) BuildPullSecret() corev1.LocalObjectReference

BuildPullSecret builds the string secret into the type expected by kubernetes

func (*HSMConfig) GetEnvs 

func (h *HSMConfig) GetEnvs() []corev1.EnvVar

GetEnvs builds the env var spec into the type expected by kubernetes

func (*HSMConfig) GetVolumeMounts 

func (h *HSMConfig) GetVolumeMounts() []corev1.VolumeMount

GetVolumeMounts builds the volume mount spec into the type expected by kubernetes

func (*HSMConfig) GetVolumes 

func (h *HSMConfig) GetVolumes() []corev1.Volume

GetVolumes builds the volume spec into the type expected by kubernetes, by default the volume source is empty dir with memory as the storage medium

type Identifier 

type Identifier struct {
	Certificate                  string
	OrganizationalUnitIdentifier string
}

type Library 

type Library struct {
	FilePath           string `json:"filepath"`
	Image              string `json:"image"`
	AutoUpdateDisabled bool   `json:"autoUpdateDisabled,omitempty"`
	Auth               *Auth  `json:"auth,omitempty"`
}

Library represents the configuration for an HSM library

type MountPath 

type MountPath struct {
	Name         string               `json:"name"`
	Secret       string               `json:"secret"`
	MountPath    string               `json:"mountpath"`
	UsePVC       bool                 `json:"usePVC"`
	SubPath      string               `json:"subpath,omitempty"`
	Paths        []Path               `json:"paths,omitempty"`
	VolumeSource *corev1.VolumeSource `json:"volumeSource,omitempty"`
}

MountPath represent the configuration of volume mounts on a container

func (*MountPath) BuildVolume 

func (m *MountPath) BuildVolume() corev1.Volume

BuildVolume builds the volume spec into the type expected by kubernetes

func (*MountPath) BuildVolumeMount 

func (m *MountPath) BuildVolumeMount() corev1.VolumeMount

BuildVolumeMount builds the volume mount spec into the type expected by kubernetes

type NodeOUConfig 

type NodeOUConfig struct {
	NodeOUs NodeOUs
}

func NodeOUConfigFromBytes 

func NodeOUConfigFromBytes(nodeOU []byte) (*NodeOUConfig, error)

type NodeOUs 

type NodeOUs struct {
	Enable              bool
	ClientOUIdentifier  Identifier
	PeerOUIdentifier    Identifier
	AdminOUIdentifier   Identifier
	OrdererOUIdentifier Identifier
}

type Path 

type Path struct {
	Key  string `json:"key"`
	Path string `json:"path"`
}

type Resource 

type Resource interface {
	AddContainer(add container.Container)
	AppendVolumeIfMissing(volume corev1.Volume)
	AppendPullSecret(imagePullSecret corev1.LocalObjectReference)
}

Resource defines the contract required for adding a daemon init containter on to a kubernetes resource

type Response 

type Response struct {
	CACerts           [][]byte
	IntermediateCerts [][]byte
	AdminCerts        [][]byte
	SignCert          []byte
	Keystore          []byte
}

func GenerateCrypto 

func GenerateCrypto(generator Crypto) (*Response, error)

TODO: Next refactor should move this outside of config package into cryptogen package along with the Response struct, which is required to avoid cyclical dependencies

func (*Response) VerifyCertOU 

func (r *Response) VerifyCertOU(crType string) error

Source Files

View all Source files

Directories

Path Synopsis
Code generated by counterfeiter.
 Code generated by counterfeiter.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.