certificaterequest

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 24, 2019 License: Apache-2.0 Imports: 38 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Add

func Add(mgr manager.Manager) error

Add creates a new CertificateRequest Controller and adds it to the Manager. The Manager will set fields on the Controller and Start it when the Manager is Started.

func GetCertificate

func GetCertificate(kubeClient client.Client, cr *certmanv1alpha1.CertificateRequest) (*x509.Certificate, error)

GetCertificate returns a certificate to the caller after retrieving the certificates secret.

func GetSecret

func GetSecret(kubeClient client.Client, secretName, namespace string) (*corev1.Secret, error)

GetSecret returns a secret based on a secretName and namespace.

func ParseCertificateData

func ParseCertificateData(data []byte) (*x509.Certificate, error)

ParseCertificateData returns a decoded x509 certificate to the caller.

func SecretExists

func SecretExists(kubeClient client.Client, secretName, namespace string) bool

SecretExists returns a boolean to the caller basd on the secretName and namespace args.

func ValidateResourceRecordUpdatesUsingCloudflareDns

func ValidateResourceRecordUpdatesUsingCloudflareDns(reqLogger logr.Logger, name string, value string) (bool, error)

Contacts cloudflareDnsOverHttpsEndpoint and validates the json response.

func VerifyDnsResourceRecordUpdate

func VerifyDnsResourceRecordUpdate(reqLogger logr.Logger, fqdn string, txtValue string) bool

VerifyDnsResourceRecordUpdate is used to export the verifyDnsResourceRecordUpdate result back to the caller.

Types

type CloudflareAnswer

type CloudflareAnswer struct {
	Name string `json:"name"`
	Type int    `json:"type"`
	TTL  int    `json:"TTL"`
	Data string `json:"data"`
}

type CloudflareQuestion

type CloudflareQuestion struct {
	Name string `json:"name"`
	Type int    `json:"type"`
}

type CloudflareResponse

type CloudflareResponse struct {
	Status    int                  `json:"Status"`
	TC        bool                 `json:"TC"`
	RC        bool                 `json:"RC"`
	RA        bool                 `json:"RA"`
	AD        bool                 `json:"AD"`
	CD        bool                 `json:"CD"`
	Questions []CloudflareQuestion `json:"Question"`
	Answers   []CloudflareAnswer   `json:"Answer"`
}

type ReconcileCertificateRequest

type ReconcileCertificateRequest struct {
	// contains filtered or unexported fields
}

ReconcileCertificateRequest reconciles a CertificateRequest object

func (*ReconcileCertificateRequest) AnswerDnsChallenge

func (r *ReconcileCertificateRequest) AnswerDnsChallenge(reqLogger logr.Logger, acmeChallengeToken string, domain string, cr *certmanv1alpha1.CertificateRequest) (fqdn string, err error)

AnswerDnsChallenge constructs a fqdn from acmeChallengeSubDomain and domain. An route53 AWS client is then spawned to retrieve HostedZones. If zone.HostedZone.Config.PrivateZone is not defined, an attempt to populate this zone will be performed. Only upon success is `fqdn, nil` returned.

func (*ReconcileCertificateRequest) DeleteAcmeChallengeResourceRecords

func (r *ReconcileCertificateRequest) DeleteAcmeChallengeResourceRecords(reqLogger logr.Logger, cr *certmanv1alpha1.CertificateRequest) error

DeleteAcmeChallengeResourceRecords spawns an AWS client, constructs baseDomain to retrieve the HostedZones. The ResourceRecordSets are then requested, if returned and validated, the record is updated to an empty struct to remove the ACME challange.

func (*ReconcileCertificateRequest) DeleteAllAcmeChallengeResourceRecords

func (r *ReconcileCertificateRequest) DeleteAllAcmeChallengeResourceRecords(reqLogger logr.Logger, cr *certmanv1alpha1.CertificateRequest) error

DeleteAllAcmeChallengeResourceRecords to delete all records in a hosted zone that begin with the prefix defined by the const acmeChallengeSubDomain

func (*ReconcileCertificateRequest) IssueCertificate

func (r *ReconcileCertificateRequest) IssueCertificate(reqLogger logr.Logger, cr *certmanv1alpha1.CertificateRequest, certificateSecret *corev1.Secret) error

IssueCertificate validates DNS write access then assess letsencrypt endpoint (prod or stage) based on leclient url. It then iterates through the CertificateRequest.Spec.DnsNames, authorizes to letsencrypt and sets a challenge in the form of resource record. Certificates are then generated and issued to kubernetes via corev1.

func (*ReconcileCertificateRequest) Reconcile

Reconcile reads that state of the cluster for a CertificateRequest object and makes changes based on the state read and what is in the CertificateRequest.Spec

func (*ReconcileCertificateRequest) RevokeCertificate

func (r *ReconcileCertificateRequest) RevokeCertificate(reqLogger logr.Logger, cr *certmanv1alpha1.CertificateRequest) error

RevokeCertificate validates which letsencrypt endpoint is to be used along with corresponding account. Then revokes certificate upon matching the CommonName of LetsEncryptCertIssuingAuthority. Associated ACME challenge resources are also removed.

func (*ReconcileCertificateRequest) ShouldRenewOrReIssue

func (r *ReconcileCertificateRequest) ShouldRenewOrReIssue(reqLogger logr.Logger, cr *certmanv1alpha1.CertificateRequest) (bool, error)

ShouldRenewOrReIssue retrieves a renewCertificateBeforeDays int and returns `true` to the caller if it is <= the expiry of the CertificateRequest.

func (*ReconcileCertificateRequest) ValidateDnsWriteAccess

func (r *ReconcileCertificateRequest) ValidateDnsWriteAccess(reqLogger logr.Logger, cr *certmanv1alpha1.CertificateRequest) (bool, error)

ValidateDnsWriteAccess spawns a route53 client to retrieve the baseDomain's hostedZoneOutput and attempts to write a test TXT ResourceRecord to it. If successful, will return `true, nil`.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL