MCPcopy
hub / github.com/kubernetes/client-go / RequestCertificate

Function RequestCertificate

util/certificate/csr/csr.go:49–82  ·  view source on GitHub ↗

RequestCertificate will either use an existing (if this process has run before but not to completion) or create a certificate signing request using the PEM encoded CSR and send it to API server, then it will watch the object's status, once approved by API server, it will return the API server's issu

(client certificatesclient.CertificateSigningRequestInterface, csrData []byte, name string, usages []certificates.KeyUsage, privateKey interface{})

Source from the content-addressed store, hash-verified

47// certificate (pem-encoded). If there is any errors, or the watch timeouts, it
48// will return an error.
49func RequestCertificate(client certificatesclient.CertificateSigningRequestInterface, csrData []byte, name string, usages []certificates.KeyUsage, privateKey interface{}) (req *certificates.CertificateSigningRequest, err error) {
50 csr := &certificates.CertificateSigningRequest{
51 // Username, UID, Groups will be injected by API server.
52 TypeMeta: metav1.TypeMeta{Kind: "CertificateSigningRequest"},
53 ObjectMeta: metav1.ObjectMeta{
54 Name: name,
55 },
56 Spec: certificates.CertificateSigningRequestSpec{
57 Request: csrData,
58 Usages: usages,
59 },
60 }
61 if len(csr.Name) == 0 {
62 csr.GenerateName = "csr-"
63 }
64
65 req, err = client.Create(csr)
66 switch {
67 case err == nil:
68 case errors.IsAlreadyExists(err) && len(name) > 0:
69 klog.Infof("csr for this node already exists, reusing")
70 req, err = client.Get(name, metav1.GetOptions{})
71 if err != nil {
72 return nil, formatError("cannot retrieve certificate signing request: %v", err)
73 }
74 if err := ensureCompatible(req, csr, privateKey); err != nil {
75 return nil, fmt.Errorf("retrieved csr is not compatible: %v", err)
76 }
77 klog.Infof("csr for this node is still valid")
78 default:
79 return nil, formatError("cannot create certificate signing request: %v", err)
80 }
81 return req, nil
82}
83
84// WaitForCertificate waits for a certificate to be issued until timeout, or returns an error.
85func WaitForCertificate(ctx context.Context, client certificatesclient.CertificateSigningRequestInterface, req *certificates.CertificateSigningRequest) (certData []byte, err error) {

Callers 1

rotateCertsMethod · 0.92

Calls 5

formatErrorFunction · 0.85
ensureCompatibleFunction · 0.85
CreateMethod · 0.65
GetMethod · 0.65
ErrorfMethod · 0.65

Tested by

no test coverage detected