cert-manager: github.com/jetstack/cert-manager/pkg/controller/certificates Index | Files | Directories

package certificates

import "github.com/jetstack/cert-manager/pkg/controller/certificates"


Package Files

informers.go listers.go util.go

func EnqueueCertificatesForResourceUsingPredicates Uses

func EnqueueCertificatesForResourceUsingPredicates(log logr.Logger, queue workqueue.Interface, lister cmlisters.CertificateLister, selector labels.Selector, predicateBuilders ...predicate.ExtractorFunc) func(obj interface{})

EnqueueCertificatesForResourceUsingPredicates will return a function that can be used as an OnAdd handler for a SharedIndexInformer. It should be used as a handler for resources that are referenced in some way by Certificates. The namespace of the object being processed will be used in the List call when enqueuing Certificate resources. If no predicate constructors are given, all Certificate resources will be enqueued on every invocation.

func GenerateLocallySignedTemporaryCertificate Uses

func GenerateLocallySignedTemporaryCertificate(crt *cmapi.Certificate, pkData []byte) ([]byte, error)

GenerateLocallySignedTemporaryCertificate signs a temporary certificate for the given certificate resource using a one-use temporary CA that is then discarded afterwards. This is to mitigate a potential attack against x509 certificates that use a predictable serial number and weak MD5 hashing algorithms. In practice, this shouldn't really be a concern anyway.

func ListCertificateRequestsMatchingPredicates Uses

func ListCertificateRequestsMatchingPredicates(lister cmlisters.CertificateRequestNamespaceLister, selector labels.Selector, predicates ...predicate.Func) ([]*cmapi.CertificateRequest, error)

ListCertificateRequestsMatchingPredicates will list CertificateRequest resources using the provided lister, optionally applying the given predicate functions to filter the CertificateRequest resources returned.

func ListCertificatesMatchingPredicates Uses

func ListCertificatesMatchingPredicates(lister cmlisters.CertificateNamespaceLister, selector labels.Selector, predicates ...predicate.Func) ([]*cmapi.Certificate, error)

ListCertificatesMatchingPredicates will list Certificate resources using the provided lister, optionally applying the given predicate functions to filter the Certificate resources returned.

func ListSecretsMatchingPredicates Uses

func ListSecretsMatchingPredicates(lister corelisters.SecretNamespaceLister, selector labels.Selector, predicates ...predicate.Func) ([]*corev1.Secret, error)

ListSecretsMatchingPredicates will list Secret resources using the provided lister, optionally applying the given predicate functions to filter the Secret resources returned.

func PrivateKeyMatchesSpec Uses

func PrivateKeyMatchesSpec(pk crypto.PrivateKey, spec cmapi.CertificateSpec) ([]string, error)

func RenewBeforeExpiryDuration Uses

func RenewBeforeExpiryDuration(notBefore, notAfter time.Time, specRenewBefore *metav1.Duration) time.Duration

RenewBeforeExpiryDuration will return the amount of time before the given NotAfter time that the certificate should be renewed.

func RequestMatchesSpec Uses

func RequestMatchesSpec(req *cmapi.CertificateRequest, spec cmapi.CertificateSpec) ([]string, error)

RequestMatchesSpec compares a CertificateRequest with a CertificateSpec and returns a list of field names on the Certificate that do not match their counterpart fields on the CertificateRequest. If decoding the x509 certificate request fails, an error will be returned.

func SecretDataAltNamesMatchSpec Uses

func SecretDataAltNamesMatchSpec(secret *corev1.Secret, spec cmapi.CertificateSpec) ([]string, error)

SecretDataAltNamesMatchSpec will compare a Secret resource containing certificate data to a CertificateSpec and return a list of 'violations' for any fields that do not match their counterparts. This is a purposely less comprehensive check than RequestMatchesSpec as some issuers override/force certain fields.



Package certificates imports 20 packages (graph) and is imported by 9 packages. Updated 2020-08-05. Refresh now. Tools for package owners.