provisioner

package

v0.0.0-...-2583119 Latest Latest Go to latest Published: Mar 1, 2024 License: Apache-2.0 Imports: 11 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/nokia/ncm-issuer

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
type ExternalProvisioner
type PendingCSR
type PendingCSRsMap
type Provisioner
- func NewProvisioner(ncmCfg *cfg.NCMConfig, log logr.Logger) (*Provisioner, error)
type ProvisionersMap
- func NewProvisionersMap() *ProvisionersMap

Constants ¶

View Source

const (
	// SingleCSRCheckLimit defines limit for checking single CSR status returned by NCM.
	// In case of need for manual approval ncm-issuer gives operator around 24h (1440m) to
	// accept CSR manually in NCM before rejecting that request.
	SingleCSRCheckLimit = 1440

	CSRStatusAccepted  = "accepted"
	CSRStatusApproved  = "approved"
	CSRStatusPending   = "pending"
	CSRStatusPostponed = "postponed"
	CSRStatusRejected  = "rejected"
)

Variables ¶

View Source

var (
	ErrCSRNotAccepted        = errors.New("CSR has not been accepted yet")
	ErrCSRRejected           = errors.New("CSR has been rejected")
	ErrCSRCheckLimitExceeded = errors.New("CSR has not been accepted for too long")
)

Functions ¶

This section is empty.

Types ¶

type ExternalProvisioner ¶

type ExternalProvisioner interface {
	Sign(cr *cmapi.CertificateRequest) ([]byte, []byte, string, error)
	Renew(cr *cmapi.CertificateRequest, certID string) ([]byte, []byte, string, error)
	PreventRenewal() bool
	Retire()
}

type PendingCSR ¶

type PendingCSR struct {
	// contains filtered or unexported fields
}

PendingCSR stores pending CSR href and "checked" which means how many times CSRStatusPending was encountered when checking CSR status in NCM.

type PendingCSRsMap ¶

type PendingCSRsMap struct {
	// contains filtered or unexported fields
}

PendingCSRsMap stores pending CSRs which have not yet been accepted by NCM as key-value pair where key is composed of namespace + certificate name (e.g. ncm-issuer-ns.example-certificate) and value is PendingCSR.

func (*PendingCSRsMap) Add ¶

func (cm *PendingCSRsMap) Add(namespace, certName, href string)

func (*PendingCSRsMap) Delete ¶

func (cm *PendingCSRsMap) Delete(namespace, certName string)

func (*PendingCSRsMap) Get ¶

func (cm *PendingCSRsMap) Get(namespace, certName string) *PendingCSR

func (*PendingCSRsMap) Has ¶

func (cm *PendingCSRsMap) Has(namespace, certName string) bool

func (*PendingCSRsMap) Increment ¶

func (cm *PendingCSRsMap) Increment(namespace, certName string)

func (*PendingCSRsMap) ResetCheckCounter ¶

func (cm *PendingCSRsMap) ResetCheckCounter(namespace, certName string)

type Provisioner ¶

type Provisioner struct {
	NCMConfig *cfg.NCMConfig
	NCMClient ncmapi.ExternalClient
	// contains filtered or unexported fields
}

Provisioner allows Sign or Renew certificate using NCMClient.

func NewProvisioner ¶

func NewProvisioner(ncmCfg *cfg.NCMConfig, log logr.Logger) (*Provisioner, error)

func (*Provisioner) PreventRenewal ¶

func (p *Provisioner) PreventRenewal() bool

func (*Provisioner) Renew ¶

func (p *Provisioner) Renew(cr *cmapi.CertificateRequest, certID string) ([]byte, []byte, string, error)

Renew uses NCMClient to communicate with NCM API to renew existing certificate.

func (*Provisioner) Retire ¶

func (p *Provisioner) Retire()

func (*Provisioner) Sign ¶

func (p *Provisioner) Sign(cr *cmapi.CertificateRequest) ([]byte, []byte, string, error)

Sign uses NCMClient to communicate with NCM API to sign CertificateRequest. NCM policy defines few statuses for CSR, which must be correctly handled by ncm-issuer. Thus, CSR status in NCM is checked every time to deduce current state - Provisioner stores in pendingCSRs href to pending CSR if request has not been accepted during first CertificateRequest.

type ProvisionersMap ¶

type ProvisionersMap struct {
	Provisioners map[types.NamespacedName]ExternalProvisioner
	// contains filtered or unexported fields
}

ProvisionersMap stores prepared (NCM API Client is configured) and ready to use provisioner.

func NewProvisionersMap ¶

func NewProvisionersMap() *ProvisionersMap

func (*ProvisionersMap) AddOrReplace ¶

func (pm *ProvisionersMap) AddOrReplace(namespacedName types.NamespacedName, provisioner ExternalProvisioner)

func (*ProvisionersMap) Delete ¶

func (pm *ProvisionersMap) Delete(namespacedName types.NamespacedName)

func (*ProvisionersMap) Get ¶

func (pm *ProvisionersMap) Get(namespacedName types.NamespacedName) (ExternalProvisioner, bool)

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
metrics

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL