type Config struct {
TopLevelProjectID string
TopLevelCNRMSA string
TotpSecret string
BannerID string
// DB is used to create a dbinfrastatus.EdgeDB wrapper. Infra status recording is disabled when DB is nil.
DB *sql.DB
// DatabaseName is passed into the cluster-infra shipment.
DatabaseName string
DatabaseUser string
DatabaseConnectionName string
}
func NewConfig(args []string) (*Config, error)
func (c *Config) AfterParse() error
type Issuer struct {
SignerBuilder SignerBuilder
CAPrivateKey []byte
CACert []byte
Expiration time.Time
Config *Config
CACertRef string
SecretManager secretManager
// contains filtered or unexported fields
}
func (o *Issuer) Check(ctx context.Context, _ issuerapi.Issuer) error
Check checks that the CA it is available. Certificate requests will not be processed until this check passes.
func (o Issuer) SetupWithManager(ctx context.Context, mgr ctrl.Manager) error
func (o *Issuer) Sign(ctx context.Context, cr signer.CertificateRequestObject, _ issuerapi.Issuer) (signer.PEMBundle, error)
Sign returns a signed certificate for the supplied CertificateRequestObject (a cert-manager CertificateRequest resource or a kubernetes CertificateSigningRequest resource). The CertificateRequestObject contains a GetRequest method that returns a certificate template that can be used as a starting point for the generated certificate. The Sign method should return a PEMBundle containing the signed certificate and any intermediate certificates (see the PEMBundle docs for more information). If the Sign method returns an error, the issuance will be retried until the MaxRetryDuration is reached. Special errors and cases can be found in the issuer-lib README: https://github.com/cert-manager/issuer-lib/tree/main?tab=readme-ov-file#how-it-works
type Signer interface {
Sign(*x509.Certificate) ([]byte, error)
}
type SignerBuilder func(keyPEM []byte, certPEM []byte, duration time.Duration) (Signer, error)