certificates

package

v1.7.3 Latest Latest Go to latest Published: Jun 23, 2022 License: Apache-2.0 Imports: 22 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/jetstack/cert-manager

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func EnqueueCertificatesForResourceUsingPredicates(log logr.Logger, queue workqueue.Interface, lister cmlisters.CertificateLister, ...) func(obj interface{})
func GenerateLocallySignedTemporaryCertificate(crt *cmapi.Certificate, pkData []byte) ([]byte, error)
func ListCertificateRequestsMatchingPredicates(lister cmlisters.CertificateRequestNamespaceLister, selector labels.Selector, ...) ([]*cmapi.CertificateRequest, error)
func ListCertificatesMatchingPredicates(lister cmlisters.CertificateNamespaceLister, selector labels.Selector, ...) ([]*cmapi.Certificate, error)
func ListSecretsMatchingPredicates(lister corelisters.SecretNamespaceLister, selector labels.Selector, ...) ([]*corev1.Secret, error)
func PrivateKeyMatchesSpec(pk crypto.PrivateKey, spec cmapi.CertificateSpec) ([]string, error)
func RenewalTime(notBefore, notAfter time.Time, renewBeforeOverride *metav1.Duration) *metav1.Time
func RequestMatchesSpec(req *cmapi.CertificateRequest, spec cmapi.CertificateSpec) ([]string, error)
func SecretDataAltNamesMatchSpec(secret *corev1.Secret, spec cmapi.CertificateSpec) ([]string, error)
type RenewalTimeFunc

Constants ¶

View Source

const RetryAfterLastFailure = time.Hour

The amount of time after the LastFailureTime of a Certificate before the request should be retried. In future this should be replaced with a more dynamic exponential back-off algorithm.

Variables ¶

This section is empty.

Functions ¶

func EnqueueCertificatesForResourceUsingPredicates ¶ added in v0.16.0

func EnqueueCertificatesForResourceUsingPredicates(log logr.Logger, queue workqueue.Interface, lister cmlisters.CertificateLister, selector labels.Selector, predicateBuilders ...predicate.ExtractorFunc) func(obj interface{})

EnqueueCertificatesForResourceUsingPredicates will return a function that can be used as an OnAdd handler for a SharedIndexInformer. It should be used as a handler for resources that are referenced in some way by Certificates. The namespace of the object being processed will be used in the List call when enqueuing Certificate resources. If no predicate constructors are given, all Certificate resources will be enqueued on every invocation.

func GenerateLocallySignedTemporaryCertificate ¶ added in v0.16.0

func GenerateLocallySignedTemporaryCertificate(crt *cmapi.Certificate, pkData []byte) ([]byte, error)

GenerateLocallySignedTemporaryCertificate signs a temporary certificate for the given certificate resource using a one-use temporary CA that is then discarded afterwards. This is to mitigate a potential attack against x509 certificates that use a predictable serial number and weak MD5 hashing algorithms. In practice, this shouldn't really be a concern anyway.

func ListCertificateRequestsMatchingPredicates ¶ added in v0.16.0

func ListCertificateRequestsMatchingPredicates(lister cmlisters.CertificateRequestNamespaceLister, selector labels.Selector, predicates ...predicate.Func) ([]*cmapi.CertificateRequest, error)

ListCertificateRequestsMatchingPredicates will list CertificateRequest resources using the provided lister, optionally applying the given predicate functions to filter the CertificateRequest resources returned.

func ListCertificatesMatchingPredicates ¶ added in v0.16.0

func ListCertificatesMatchingPredicates(lister cmlisters.CertificateNamespaceLister, selector labels.Selector, predicates ...predicate.Func) ([]*cmapi.Certificate, error)

ListCertificatesMatchingPredicates will list Certificate resources using the provided lister, optionally applying the given predicate functions to filter the Certificate resources returned.

func ListSecretsMatchingPredicates ¶ added in v0.16.0

func ListSecretsMatchingPredicates(lister corelisters.SecretNamespaceLister, selector labels.Selector, predicates ...predicate.Func) ([]*corev1.Secret, error)

ListSecretsMatchingPredicates will list Secret resources using the provided lister, optionally applying the given predicate functions to filter the Secret resources returned.

func PrivateKeyMatchesSpec ¶ added in v0.16.0

func PrivateKeyMatchesSpec(pk crypto.PrivateKey, spec cmapi.CertificateSpec) ([]string, error)

PrivateKeyMatchesSpec returns an error if the private key bit size doesn't match the provided spec. RSA, Ed25519 and ECDSA are supported. If any error is returned, a list of violations will also be returned.

func RenewalTime ¶ added in v1.4.0

func RenewalTime(notBefore, notAfter time.Time, renewBeforeOverride *metav1.Duration) *metav1.Time

RenewalTime calculates renewal time for a certificate. Default renewal time is 2/3 through certificate's lifetime. If user has configured spec.renewBefore, renewal time will be renewBefore period before expiry (unless that is after the expiry).

func RequestMatchesSpec ¶ added in v0.16.0

func RequestMatchesSpec(req *cmapi.CertificateRequest, spec cmapi.CertificateSpec) ([]string, error)

RequestMatchesSpec compares a CertificateRequest with a CertificateSpec and returns a list of field names on the Certificate that do not match their counterpart fields on the CertificateRequest. If decoding the x509 certificate request fails, an error will be returned.

func SecretDataAltNamesMatchSpec ¶ added in v0.16.0

func SecretDataAltNamesMatchSpec(secret *corev1.Secret, spec cmapi.CertificateSpec) ([]string, error)

SecretDataAltNamesMatchSpec will compare a Secret resource containing certificate data to a CertificateSpec and return a list of 'violations' for any fields that do not match their counterparts. This is a purposely less comprehensive check than RequestMatchesSpec as some issuers override/force certain fields.

Types ¶

type RenewalTimeFunc ¶ added in v1.3.0

type RenewalTimeFunc func(time.Time, time.Time, *metav1.Duration) *metav1.Time

RenewalTimeFunc is a custom function type for calculating renewal time of a certificate.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
internal
secretsmanager
test
issuing
keymanager
metrics
readiness
requestmanager
revisionmanager
trigger
policies Package policies provides functionality to evaluate Certificate's state	Package policies provides functionality to evaluate Certificate's state

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL