config

package

v1.0.4 Latest Latest Go to latest Published: Dec 13, 2022 License: Apache-2.0 Imports: 12 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/IBM-Blockchain/fabric-operator

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func AddDaemonContainer(config *HSMConfig, resource Resource, contResource corev1.ResourceRequirements, ...)
func NodeOUConfigToBytes(config *NodeOUConfig) ([]byte, error)
type Auth
- func (a *Auth) BuildPullSecret() corev1.LocalObjectReference
type Client
type Crypto
type CryptoResponse
- func (c *CryptoResponse) VerifyCertOU(crType string) error
type Cryptos
- func (c *Cryptos) GenerateCryptoResponse() (*CryptoResponse, error)
type Daemon
- func (d *Daemon) BuildPullSecret() corev1.LocalObjectReference
- func (d *Daemon) GetEnvs() []corev1.EnvVar
type HSMConfig
- func ReadHSMConfig(client Client, instance metav1.Object) (*HSMConfig, error)
- func (h *HSMConfig) BuildPullSecret() corev1.LocalObjectReference
- func (h *HSMConfig) GetEnvs() []corev1.EnvVar
- func (h *HSMConfig) GetVolumeMounts() []corev1.VolumeMount
- func (h *HSMConfig) GetVolumes() []corev1.Volume
type Identifier
type Library
type MountPath
- func (m *MountPath) BuildVolume() corev1.Volume
- func (m *MountPath) BuildVolumeMount() corev1.VolumeMount
type NodeOUConfig
- func NodeOUConfigFromBytes(nodeOU []byte) (*NodeOUConfig, error)
type NodeOUs
type Path
type Resource
type Response
- func GenerateCrypto(generator Crypto) (*Response, error)
- func (r *Response) VerifyCertOU(crType string) error

Constants ¶

View Source

const DAEMON_CHECK_CMD = "while true; do if [ -f /shared/daemon-launched ]; then break; fi; done"

Variables ¶

This section is empty.

Functions ¶

func AddDaemonContainer ¶

func AddDaemonContainer(config *HSMConfig, resource Resource, contResource corev1.ResourceRequirements, pvcMount *corev1.VolumeMount)

AddDaemonContainer appends an init container responsible for launching HSM daemon as a background process within the processNamespace of the pod

func NodeOUConfigToBytes ¶

func NodeOUConfigToBytes(config *NodeOUConfig) ([]byte, error)

Types ¶

type Auth ¶

type Auth struct {
	ImagePullSecret string `json:"imagePullSecret,omitempty"`
}

Auth represents the authentication methods that are supported

func (*Auth) BuildPullSecret ¶

func (a *Auth) BuildPullSecret() corev1.LocalObjectReference

BuildPullSecret builds the pull secret string into the type expected by kubernetes

type Client ¶

type Client interface {
	Get(ctx context.Context, key client.ObjectKey, obj client.Object) error
}

Client defines the contract to get resources from clusters

type Crypto ¶

type Crypto interface {
	GetCrypto() (*Response, error)
	PingCA() error
	Validate() error
}

type CryptoResponse ¶

type CryptoResponse struct {
	Enrollment *Response
	TLS        *Response
	ClientAuth *Response
}

func (*CryptoResponse) VerifyCertOU ¶

func (c *CryptoResponse) VerifyCertOU(crType string) error

type Cryptos ¶

type Cryptos struct {
	Enrollment Crypto
	TLS        Crypto
	ClientAuth Crypto
}

func (*Cryptos) GenerateCryptoResponse ¶

func (c *Cryptos) GenerateCryptoResponse() (*CryptoResponse, error)

type Daemon ¶

type Daemon struct {
	Image           string                       `json:"image"`
	Envs            []corev1.EnvVar              `json:"envs,omitempty"`
	Auth            *Auth                        `json:"auth,omitempty"`
	SecurityContext *container.SecurityContext   `json:"securityContext,omitempty"`
	Resources       *corev1.ResourceRequirements `json:"daemon,omitempty"`
}

Daemon represents that configuration for the HSM Daemon

func (*Daemon) BuildPullSecret ¶

func (d *Daemon) BuildPullSecret() corev1.LocalObjectReference

BuildPullSecret builds the string secret into the type expected by kubernetes

func (*Daemon) GetEnvs ¶

func (d *Daemon) GetEnvs() []corev1.EnvVar

GetEnvs returns environment variables

type HSMConfig ¶

type HSMConfig struct {
	Type       string          `json:"type,omitempty"`
	Version    string          `json:"version,omitempty"`
	Library    Library         `json:"library"`
	MountPaths []MountPath     `json:"mountpaths"`
	Envs       []corev1.EnvVar `json:"envs,omitempty"`
	Daemon     *Daemon         `json:"daemon,omitempty"`
}

HSMConfig defines the configuration parameters for HSMs

func ReadHSMConfig ¶

func ReadHSMConfig(client Client, instance metav1.Object) (*HSMConfig, error)

ReadHSMConfig reads hsm configuration from 'ibp-hsm-config', and key 'ibp-hsm-config.yaml' from data

func (*HSMConfig) BuildPullSecret ¶

func (h *HSMConfig) BuildPullSecret() corev1.LocalObjectReference

BuildPullSecret builds the string secret into the type expected by kubernetes

func (*HSMConfig) GetEnvs ¶

func (h *HSMConfig) GetEnvs() []corev1.EnvVar

GetEnvs builds the env var spec into the type expected by kubernetes

func (*HSMConfig) GetVolumeMounts ¶

func (h *HSMConfig) GetVolumeMounts() []corev1.VolumeMount

GetVolumeMounts builds the volume mount spec into the type expected by kubernetes

func (*HSMConfig) GetVolumes ¶

func (h *HSMConfig) GetVolumes() []corev1.Volume

GetVolumes builds the volume spec into the type expected by kubernetes, by default the volume source is empty dir with memory as the storage medium

type Identifier ¶

type Identifier struct {
	Certificate                  string
	OrganizationalUnitIdentifier string
}

type Library ¶

type Library struct {
	FilePath           string `json:"filepath"`
	Image              string `json:"image"`
	AutoUpdateDisabled bool   `json:"autoUpdateDisabled,omitempty"`
	Auth               *Auth  `json:"auth,omitempty"`
}

Library represents the configuration for an HSM library

type MountPath ¶

type MountPath struct {
	Name         string               `json:"name"`
	Secret       string               `json:"secret"`
	MountPath    string               `json:"mountpath"`
	UsePVC       bool                 `json:"usePVC"`
	SubPath      string               `json:"subpath,omitempty"`
	Paths        []Path               `json:"paths,omitempty"`
	VolumeSource *corev1.VolumeSource `json:"volumeSource,omitempty"`
}

MountPath represent the configuration of volume mounts on a container

func (*MountPath) BuildVolume ¶

func (m *MountPath) BuildVolume() corev1.Volume

BuildVolume builds the volume spec into the type expected by kubernetes

func (*MountPath) BuildVolumeMount ¶

func (m *MountPath) BuildVolumeMount() corev1.VolumeMount

BuildVolumeMount builds the volume mount spec into the type expected by kubernetes

type NodeOUConfig ¶

type NodeOUConfig struct {
	NodeOUs NodeOUs
}

func NodeOUConfigFromBytes ¶

func NodeOUConfigFromBytes(nodeOU []byte) (*NodeOUConfig, error)

type NodeOUs ¶

type NodeOUs struct {
	Enable              bool
	ClientOUIdentifier  Identifier
	PeerOUIdentifier    Identifier
	AdminOUIdentifier   Identifier
	OrdererOUIdentifier Identifier
}

type Path ¶

type Path struct {
	Key  string `json:"key"`
	Path string `json:"path"`
}

type Resource ¶

type Resource interface {
	AddContainer(add container.Container)
	AppendVolumeIfMissing(volume corev1.Volume)
	AppendPullSecret(imagePullSecret corev1.LocalObjectReference)
}

Resource defines the contract required for adding a daemon init containter on to a kubernetes resource

type Response ¶

type Response struct {
	CACerts           [][]byte
	IntermediateCerts [][]byte
	AdminCerts        [][]byte
	SignCert          []byte
	Keystore          []byte
}

func GenerateCrypto ¶

func GenerateCrypto(generator Crypto) (*Response, error)

TODO: Next refactor should move this outside of config package into cryptogen package along with the Response struct, which is required to avoid cyclical dependencies

func (*Response) VerifyCertOU ¶

func (r *Response) VerifyCertOU(crType string) error

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
mocks Code generated by counterfeiter.	Code generated by counterfeiter.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL