cleans up dynamiccertificates package
This commit is contained in:
Lukasz Szaszkiewicz
@@ -97,10 +97,7 @@ func NewDynamicCAFromConfigMapController(purpose, namespace, name, key string, k
|
|||||||
queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), fmt.Sprintf("DynamicConfigMapCABundle-%s", purpose)),
|
queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), fmt.Sprintf("DynamicConfigMapCABundle-%s", purpose)),
|
||||||
preRunCaches: []cache.InformerSynced{uncastConfigmapInformer.HasSynced},
|
preRunCaches: []cache.InformerSynced{uncastConfigmapInformer.HasSynced},
|
||||||
}
|
}
|
||||||
if err := c.loadCABundle(); err != nil {
|
|
||||||
// don't fail, but do print out a message
|
|
||||||
klog.Warningf("unable to load initial CA bundle for: %q due to: %s", c.name, err)
|
|
||||||
}
|
|
||||||
uncastConfigmapInformer.AddEventHandler(cache.FilteringResourceEventHandler{
|
uncastConfigmapInformer.AddEventHandler(cache.FilteringResourceEventHandler{
|
||||||
FilterFunc: func(obj interface{}) bool {
|
FilterFunc: func(obj interface{}) bool {
|
||||||
if cast, ok := obj.(*corev1.ConfigMap); ok {
|
if cast, ok := obj.(*corev1.ConfigMap); ok {
|
||||||
|
|||||||
@@ -126,6 +126,7 @@ func (c *DynamicFileCAContent) loadCABundle() error {
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
c.caBundle.Store(caBundleAndVerifier)
|
c.caBundle.Store(caBundleAndVerifier)
|
||||||
|
klog.V(2).Infof("Loaded a new CA Bundle and Verifier for %q", c.Name())
|
||||||
|
|
||||||
for _, listener := range c.listeners {
|
for _, listener := range c.listeners {
|
||||||
listener.Enqueue()
|
listener.Enqueue()
|
||||||
|
|||||||
@@ -108,6 +108,7 @@ func (c *DynamicCertKeyPairContent) loadCertKeyPair() error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
c.certKeyPair.Store(newCertKey)
|
c.certKeyPair.Store(newCertKey)
|
||||||
|
klog.V(2).Infof("Loaded a new cert/key pair for %q", c.Name())
|
||||||
|
|
||||||
for _, listener := range c.listeners {
|
for _, listener := range c.listeners {
|
||||||
listener.Enqueue()
|
listener.Enqueue()
|
||||||
|
|||||||
@@ -19,8 +19,6 @@ package dynamiccertificates
|
|||||||
import (
|
import (
|
||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
"crypto/x509"
|
"crypto/x509"
|
||||||
"fmt"
|
|
||||||
"io/ioutil"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
type staticCAContent struct {
|
type staticCAContent struct {
|
||||||
@@ -30,19 +28,6 @@ type staticCAContent struct {
|
|||||||
|
|
||||||
var _ CAContentProvider = &staticCAContent{}
|
var _ CAContentProvider = &staticCAContent{}
|
||||||
|
|
||||||
// NewStaticCAContentFromFile returns a CAContentProvider based on a filename
|
|
||||||
func NewStaticCAContentFromFile(filename string) (CAContentProvider, error) {
|
|
||||||
if len(filename) == 0 {
|
|
||||||
return nil, fmt.Errorf("missing filename for ca bundle")
|
|
||||||
}
|
|
||||||
|
|
||||||
caBundle, err := ioutil.ReadFile(filename)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
return NewStaticCAContent(filename, caBundle)
|
|
||||||
}
|
|
||||||
|
|
||||||
// NewStaticCAContent returns a CAContentProvider that always returns the same value
|
// NewStaticCAContent returns a CAContentProvider that always returns the same value
|
||||||
func NewStaticCAContent(name string, caBundle []byte) (CAContentProvider, error) {
|
func NewStaticCAContent(name string, caBundle []byte) (CAContentProvider, error) {
|
||||||
caBundleAndVerifier, err := newCABundleAndVerifier(name, caBundle)
|
caBundleAndVerifier, err := newCABundleAndVerifier(name, caBundle)
|
||||||
@@ -81,48 +66,6 @@ type staticSNICertKeyContent struct {
|
|||||||
sniNames []string
|
sniNames []string
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewStaticCertKeyContentFromFiles returns a CertKeyContentProvider based on a filename
|
|
||||||
func NewStaticCertKeyContentFromFiles(certFile, keyFile string) (CertKeyContentProvider, error) {
|
|
||||||
if len(certFile) == 0 {
|
|
||||||
return nil, fmt.Errorf("missing filename for certificate")
|
|
||||||
}
|
|
||||||
if len(keyFile) == 0 {
|
|
||||||
return nil, fmt.Errorf("missing filename for key")
|
|
||||||
}
|
|
||||||
|
|
||||||
certPEMBlock, err := ioutil.ReadFile(certFile)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
keyPEMBlock, err := ioutil.ReadFile(keyFile)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
return NewStaticCertKeyContent(fmt.Sprintf("cert: %s, key: %s", certFile, keyFile), certPEMBlock, keyPEMBlock)
|
|
||||||
}
|
|
||||||
|
|
||||||
// NewStaticSNICertKeyContentFromFiles returns a SNICertKeyContentProvider based on a filename
|
|
||||||
func NewStaticSNICertKeyContentFromFiles(certFile, keyFile string, sniNames ...string) (SNICertKeyContentProvider, error) {
|
|
||||||
if len(certFile) == 0 {
|
|
||||||
return nil, fmt.Errorf("missing filename for certificate")
|
|
||||||
}
|
|
||||||
if len(keyFile) == 0 {
|
|
||||||
return nil, fmt.Errorf("missing filename for key")
|
|
||||||
}
|
|
||||||
|
|
||||||
certPEMBlock, err := ioutil.ReadFile(certFile)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
keyPEMBlock, err := ioutil.ReadFile(keyFile)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
return NewStaticSNICertKeyContent(fmt.Sprintf("cert: %s, key: %s", certFile, keyFile), certPEMBlock, keyPEMBlock, sniNames...)
|
|
||||||
}
|
|
||||||
|
|
||||||
// NewStaticCertKeyContent returns a CertKeyContentProvider that always returns the same value
|
// NewStaticCertKeyContent returns a CertKeyContentProvider that always returns the same value
|
||||||
func NewStaticCertKeyContent(name string, cert, key []byte) (CertKeyContentProvider, error) {
|
func NewStaticCertKeyContent(name string, cert, key []byte) (CertKeyContentProvider, error) {
|
||||||
// Ensure that the key matches the cert and both are valid
|
// Ensure that the key matches the cert and both are valid
|
||||||
|
|||||||
Reference in New Issue
Block a user