-
Notifications
You must be signed in to change notification settings - Fork 2k
/
featureset.go
133 lines (106 loc) · 4.31 KB
/
featureset.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
/*
Copyright 2020 The cert-manager Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package featureset
import "strings"
// NewFeatureSet constructs a new feature set with the given features.
func NewFeatureSet(feats ...Feature) FeatureSet {
fs := make(FeatureSet)
for _, f := range feats {
fs.Add(f)
}
return fs
}
// FeatureSet represents a set of features.
// This type does not indicate whether or not features are enabled, rather it
// just defines a grouping of features (i.e. a 'set').
type FeatureSet map[Feature]struct{}
// Add adds a feature to the set
func (fs FeatureSet) Add(f Feature) {
fs[f] = struct{}{}
}
// Delete removes a feature from the set
func (fs FeatureSet) Delete(f Feature) {
_, ok := fs[f]
if ok {
delete(fs, f)
}
}
// Contains returns true if the FeatureSet contains the given feature
func (fs FeatureSet) Contains(f Feature) bool {
_, ok := fs[f]
return ok
}
// String returns this FeatureSet as a comma separated string
func (fs FeatureSet) String() string {
featsSlice := make([]string, len(fs))
i := 0
for f := range fs {
featsSlice[i] = string(f)
i++
}
return strings.Join(featsSlice, ", ")
}
type Feature string
// String returns the Feature name as a string
func (f Feature) String() string {
return string(f)
}
const (
// IPAddressFeature denotes tests that set the IPAddresses field.
// Some issuer's are never going to allow issuing certificates with IP SANs
// set as they are considered bad-practice.
IPAddressFeature Feature = "IPAddresses"
// DurationFeature denotes tests that set the 'duration' field to some
// custom value.
// Some issuers enforce a particular certificate duration, meaning they
// will never pass tests that validate the duration is as expected.
DurationFeature Feature = "Duration"
// UsagesFeature denotes tests that set the 'usages' field to some
// custom value.
// Some issuers enforce key usages, meaning they
// will never pass tests that validate the duration is as expected.
UsagesFeature Feature = "Usages"
// WildcardsFeature denotes tests that request certificates for wildcard
// domains. Some issuer's disable wildcard certificate issuance, so this
// feature allows runs of the suite to exclude those tests that utilise
// wildcards.
WildcardsFeature Feature = "Wildcards"
// ECDSAFeature denotes whether the target issuer is able to sign
// certificates with an elliptic curve private key. This is useful for some
// issuers that have trouble being configured to support this feature.
ECDSAFeature Feature = "ECDSA"
// ReusePrivateKey denotes whether the target issuer is able to sign multiple
// certificates for the same private key. This is useful for some issuers
// that have trouble being configured to support this feature.
ReusePrivateKeyFeature Feature = "ReusePrivateKey"
// URISANs denotes whether to the target issuer is able to sign a certificate
// that includes a URISANs. ACME providers do not support this.
URISANsFeature Feature = "URISANs"
// EmailSANs denotes whether to the target issuer is able to sign a certificate
// that includes a EmailSANs.
EmailSANsFeature Feature = "EmailSANs"
// CommonName denotes whether the target issuer is able to sign certificates
// with a distinct CommonName. This is useful for issuers such as ACME
// providers that ignore, or otherwise have special requirements for the
// CommonName such as needing to be present in the DNS Name list.
CommonNameFeature = "CommonName"
// KeyUsages denotes whether the target issuer is able to sign certificates
// with arbitrary key usages.
KeyUsagesFeature = "KeyUsages"
// OnlySAN denotes whether the target issuer is able to sign certificates
// with only SANs set
OnlySAN = "OnlySAN"
// SaveCAToSecret denotes whether the target issuer returns a CA
// certificate which can be stored in the CA.crt field of the Secret.
SaveCAToSecret = "SaveCAToSecret"
)