operations

package
v0.5.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 9, 2025 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetCRL 

func GetCRL(r *GetCRLRequest, logger logr.Logger) ([]byte, error)

GetCRL return the Client Revocation List PEM as a []byte

func IssueClientCertificate 

func IssueClientCertificate(r *IssueCertificateRequest, logger logr.Logger) (string, error)

IssueClientCertificate generates a new certificate for a given users, causing the revocation of other certificates emitted for that same user

func ListUsers 

func ListUsers(r *ListUsersRequest, logger logr.Logger) (map[string][]Certificate, error)

ListUsers retrieves the list of all Client VPN users and certificates

func RevokeUser 

func RevokeUser(r *RevokeUserRequest, logger logr.Logger) error

RevokeUser revokes all the issued certificates for a given user

func RotateCRL 

func RotateCRL(r *RotateCRLRequest, logger logr.Logger) ([]byte, error)

func UpdateCRL 

func UpdateCRL(r *UpdateCRLRequest, logger logr.Logger) ([]byte, error)

UpdateCRL maintains the CRL to keep just one active certificte per VPN user. This will always be the one emitted at a later date. Users can also have all their certificates revoked.

Types

type Certificate 

type Certificate struct {
	SerialNumber   string    `json:"serial"`
	IssuerCN       string    `json:"issuerCN"`
	SubjectCN      string    `json:"subjectCN"`
	NotBefore      time.Time `json:"notBefore"`
	NotAfter       time.Time `json:"notAfter"`
	Revoked        bool      `json:"revoked"`
	CertificatePEM string    `json:"certificate-pem"`
}

Certificate represents a certificate stored in the vault cvpn-pki secret engine

type GetCRLRequest 

type GetCRLRequest struct {
	Client       *api.Client
	VaultPKIPath string
}

GetCRLRequest is the structure containing the required data to issue a new certificate

type IssueCertificateRequest 

type IssueCertificateRequest struct {
	Client              *api.Client
	VaultPKIPaths       []string
	Username            string
	VaultPKIRole        string
	ClientVPNEndpointID string
	VaultKVPath         string
	VaultKVConfigKey    string
	CfgTplPath          string
}

IssueCertificateRequest is the structure containing the required data to issue a new certificate

type ListUsersRequest 

type ListUsersRequest struct {
	Client              *api.Client
	VaultPKIPath        string
	ClientVPNEndpointID string
}

ListUsersRequest is the structure containing the required data to issue a new certificate

type RevokeUserRequest 

type RevokeUserRequest struct {
	Client              *api.Client
	VaultPKIPath        string
	Username            string
	ClientVPNEndpointID string
}

RevokeUserRequest is the structure containing the required data to issue a new certificate

type RotateCRLRequest 

type RotateCRLRequest struct {
	Client              *api.Client
	VaultPKIPath        string
	ClientVPNEndpointID string
}

RotateCRLRequest is the structure containing the required data to rotate the Client Revocation List

type UpdateCRLRequest 

type UpdateCRLRequest struct {
	Client              *api.Client
	VaultPKIPath        string
	ClientVPNEndpointID string
}

UpdateCRLRequest is the structure containing the required data to issue a new certificate

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.