This repository has been archived by the owner on Jul 11, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 279
/
types.go
93 lines (75 loc) · 3.1 KB
/
types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
// Package providers implements generic certificate provider related functionality
package providers
import (
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/rest"
"github.com/openservicemesh/osm/pkg/apis/config/v1alpha2"
"github.com/openservicemesh/osm/pkg/certificate"
"github.com/openservicemesh/osm/pkg/certificate/pem"
"github.com/openservicemesh/osm/pkg/logger"
)
var log = logger.New("certificate/provider")
// Kind specifies the certificate provider kind
type Kind string
// String returns the Kind as a string
func (p Kind) String() string {
return string(p)
}
const (
// TresorKind represents Tresor, an internal package which leverages Kubernetes secrets and signs certs on the OSM pod
TresorKind Kind = "tresor"
// VaultKind represents Hashi Vault; OSM is pointed to an external Vault; signing of certs happens on Vault
VaultKind Kind = "vault"
// CertManagerKind represents cert-manager.io; certificates are requested using cert-manager
CertManagerKind Kind = "cert-manager"
)
var (
// ValidCertificateProviders is the list of supported certificate providers
ValidCertificateProviders = []Kind{TresorKind, VaultKind, CertManagerKind}
)
// Options is an interface that contains required fields to convert the old style options to the new style MRC for
// each provider type.
// TODO(#4502): Remove this interface, and all of the options below.
type Options interface {
Validate() error
AsProviderSpec() v1alpha2.ProviderSpec
}
// TresorOptions is a type that specifies 'Tresor' certificate provider options
type TresorOptions struct {
// No options at the moment
SecretName string
}
// VaultOptions is a type that specifies 'Hashicorp Vault' certificate provider options
type VaultOptions struct {
VaultProtocol string
VaultHost string
VaultToken string // TODO(#4745): Remove after deprecating the osm.vault.token option. Replace with VaultTokenSecretName
VaultRole string
VaultPort int
VaultTokenSecretNamespace string
VaultTokenSecretName string
VaultTokenSecretKey string
}
// CertManagerOptions is a type that specifies 'cert-manager.io' certificate provider options
type CertManagerOptions struct {
IssuerName string
IssuerKind string
IssuerGroup string
}
// MRCCompatClient is a backwards compatible client to convert old certificate options into an MRC.
// It's intent is to match the custom interface that will wrap the MRC k8s informer.
// TODO(#4502): Remove this entirely once we are fully onboarded to MRC informers.
type MRCCompatClient struct {
MRCProviderGenerator
mrc *v1alpha2.MeshRootCertificate
}
// MRCProviderGenerator knows how to convert a given MRC to its appropriate provider.
type MRCProviderGenerator struct {
kubeClient kubernetes.Interface
kubeConfig *rest.Config // used to generate a CertificateManager client.
// TODO(#4711): move these to the compat client once we have added these fields to the MRC.
KeyBitSize int
// TODO(#4745): Remove after deprecating the osm.vault.token option.
DefaultVaultToken string
caExtractorFunc func(certificate.Issuer) (pem.RootCertificate, error)
}