package certs
import (
"fmt"
"path"
"time"
"github.com/GoogleCloudPlatform/kubernetes/pkg/util"
configapi "github.com/openshift/origin/pkg/cmd/server/api"
)
const (
DefaultCADir = "ca"
)
type ClientCertInfo struct {
CertLocation configapi.CertInfo
SubDir string
User string
Groups util.StringSet
}
func DefaultSignerName() string {
return fmt.Sprintf("%s@%d", "openshift-signer", time.Now().Unix())
}
func DefaultRootCAFile(certDir string) string {
return DefaultCertFilename(certDir, DefaultCADir)
}
func DefaultClientCerts(certDir string) []ClientCertInfo {
return []ClientCertInfo{
DefaultDeployerClientCertInfo(certDir),
DefaultOpenshiftLoopbackClientCertInfo(certDir),
DefaultKubeClientClientCertInfo(certDir),
DefaultClusterAdminClientCertInfo(certDir),
}
}
func DefaultDeployerClientCertInfo(certDir string) ClientCertInfo {
return ClientCertInfo{
CertLocation: configapi.CertInfo{
CertFile: DefaultCertFilename(certDir, "openshift-deployer"),
KeyFile: DefaultKeyFilename(certDir, "openshift-deployer"),
},
SubDir: "openshift-deployer",
User: "system:openshift-deployer",
Groups: util.NewStringSet("system:deployers"),
}
}
func DefaultOpenshiftLoopbackClientCertInfo(certDir string) ClientCertInfo {
return ClientCertInfo{
CertLocation: configapi.CertInfo{
CertFile: DefaultCertFilename(certDir, "openshift-client"),
KeyFile: DefaultKeyFilename(certDir, "openshift-client"),
},
SubDir: "openshift-client",
User: "system:openshift-client",
}
}
func DefaultKubeClientClientCertInfo(certDir string) ClientCertInfo {
return ClientCertInfo{
CertLocation: configapi.CertInfo{
CertFile: DefaultCertFilename(certDir, "kube-client"),
KeyFile: DefaultKeyFilename(certDir, "kube-client"),
},
SubDir: "kube-client",
User: "system:kube-client",
}
}
func DefaultClusterAdminClientCertInfo(certDir string) ClientCertInfo {
return ClientCertInfo{
CertLocation: configapi.CertInfo{
CertFile: DefaultCertFilename(certDir, "admin"),
KeyFile: DefaultKeyFilename(certDir, "admin"),
},
SubDir: "admin",
User: "system:admin",
Groups: util.NewStringSet("system:cluster-admins"),
}
}
func DefaultServerCerts(certDir string) []configapi.CertInfo {
return []configapi.CertInfo{
DefaultMasterServingCertInfo(certDir),
DefaultAssetServingCertInfo(certDir),
}
}
func DefaultMasterServingCertInfo(certDir string) configapi.CertInfo {
return configapi.CertInfo{
CertFile: DefaultCertFilename(certDir, "master"),
KeyFile: DefaultKeyFilename(certDir, "master"),
}
}
func DefaultNodeServingCertInfo(certDir, nodeName string) configapi.CertInfo {
return configapi.CertInfo{
CertFile: DefaultCertFilename(certDir, "node_serving-"+nodeName),
KeyFile: DefaultKeyFilename(certDir, "node_serving-"+nodeName),
}
}
func DefaultAssetServingCertInfo(certDir string) configapi.CertInfo {
return configapi.CertInfo{
CertFile: DefaultCertFilename(certDir, "master"),
KeyFile: DefaultKeyFilename(certDir, "master"),
}
}
func DefaultCertDir(certDir, username string) string {
return path.Join(certDir, username)
}
func DefaultCertFilename(certDir, username string) string {
return path.Join(DefaultCertDir(certDir, username), "cert.crt")
}
func DefaultKeyFilename(certDir, username string) string {
return path.Join(DefaultCertDir(certDir, username), "key.key")
}
func DefaultSerialFilename(certDir, username string) string {
return path.Join(DefaultCertDir(certDir, username), "serial.txt")
}
func DefaultKubeConfigFilename(certDir, username string) string {
return path.Join(DefaultCertDir(certDir, username), ".kubeconfig")
}