Merge pull request #55 from genexpr/cherry-pick-filter

Add filter helper method
2025-09-03 14:14:47 +00:00 · 2022-01-07 13:23:23 -05:00 · 2022-01-06 14:23:11 -05:00 · 2022-01-04 12:55:30 -05:00 · 2022-01-04 11:54:07 -05:00 · 2022-01-04 11:53:36 -05:00
4 changed files with 15 additions and 18 deletions
--- a/cert/cert.go
+++ b/cert/cert.go
@@ -45,16 +45,15 @@ const (
 	duration365d = time.Hour * 24 * 365
 )

-var (
-	ErrStaticCert = errors.New("cannot renew static certificate")
-)
+var ErrStaticCert = errors.New("cannot renew static certificate")

-// Config contains the basic fields required for creating a certificate
+// Config contains the basic fields required for creating a certificate.
 type Config struct {
 	CommonName   string
 	Organization []string
 	AltNames     AltNames
 	Usages       []x509.ExtKeyUsage
+	ExpiresAt    time.Duration
 }

 // AltNames contains the domain names and IP addresses that will be added
@@ -97,7 +96,8 @@ func NewSelfSignedCACert(cfg Config, key crypto.Signer) (*x509.Certificate, erro
 	return x509.ParseCertificate(certDERBytes)
 }

-// NewSignedCert creates a signed certificate using the given CA certificate and key
+// NewSignedCert creates a signed certificate using the given CA certificate and key based
+// on the given configuration.
 func NewSignedCert(cfg Config, key crypto.Signer, caCert *x509.Certificate, caKey crypto.Signer) (*x509.Certificate, error) {
 	serial, err := rand.Int(rand.Reader, new(big.Int).SetInt64(math.MaxInt64))
 	if err != nil {
@@ -109,6 +109,12 @@ func NewSignedCert(cfg Config, key crypto.Signer, caCert *x509.Certificate, caKe
 	if len(cfg.Usages) == 0 {
 		return nil, errors.New("must specify at least one ExtKeyUsage")
 	}
+	var expiresAt time.Duration
+	if cfg.ExpiresAt > 0 {
+		expiresAt = time.Duration(cfg.ExpiresAt)
+	} else {
+		expiresAt = duration365d
+	}

 	certTmpl := x509.Certificate{
 		Subject: pkix.Name{
@@ -119,7 +125,7 @@ func NewSignedCert(cfg Config, key crypto.Signer, caCert *x509.Certificate, caKe
 		IPAddresses:  cfg.AltNames.IPs,
 		SerialNumber: serial,
 		NotBefore:    caCert.NotBefore,
-		NotAfter:     time.Now().Add(duration365d).UTC(),
+		NotAfter:     time.Now().Add(expiresAt).UTC(),
 		KeyUsage:     x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
 		ExtKeyUsage:  cfg.Usages,
 	}
--- a/factory/gen.go
+++ b/factory/gen.go
@@ -208,10 +208,7 @@ func populateCN(secret *v1.Secret, cn ...string) *v1.Secret {
 // IsStatic returns true if the Secret has an attribute indicating that it contains
 // a static (aka user-provided) certificate, which should not be modified.
 func IsStatic(secret *v1.Secret) bool {
-	if secret != nil && secret.Annotations != nil {
-		return secret.Annotations[Static] == "true"
-	}
-	return false
+	return secret.Annotations[Static] == "true"
 }

 // NeedsUpdate returns true if any of the CNs are not currently present on the
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module github.com/rancher/dynamiclistener

-go 1.12
+go 1.16

 require (
 	github.com/rancher/wrangler v0.8.9
--- a/server/server.go
+++ b/server/server.go
@@ -64,10 +64,7 @@ func ListenAndServe(ctx context.Context, httpsPort, httpPort int, handler http.H
 		}

 		tlsServer := http.Server{
-			Handler: handler,
-			BaseContext: func(listener net.Listener) context.Context {
-				return ctx
-			},
+			Handler:  handler,
 			ErrorLog: errorLog,
 		}

@@ -89,9 +86,6 @@ func ListenAndServe(ctx context.Context, httpsPort, httpPort int, handler http.H
 			Addr:     fmt.Sprintf("%s:%d", opts.BindHost, httpPort),
 			Handler:  handler,
 			ErrorLog: errorLog,
-			BaseContext: func(listener net.Listener) context.Context {
-				return ctx
-			},
 		}
 		go func() {
 			logrus.Infof("Listening on %s:%d", opts.BindHost, httpPort)
Author	SHA1	Message	Date
Max Sokolovsky	a73b7d7f4c	Merge pull request #55 from genexpr/cherry-pick-filter Add filter helper method	2022-01-07 13:23:23 -05:00
Darren Shepherd	b0dbb8fd60	Add filter helper method (cherry picked from commit `9b1b7d3132`)	2022-01-06 14:23:11 -05:00
Max Sokolovsky	7d99790dba	Merge pull request #54 from genexpr/merge-cert-updates-from-master Cherry-pick commits that allow setting certificate expiration date	2022-01-04 12:55:30 -05:00
Max Sokolovsky	2c1c2032dc	Use Go 1.16	2022-01-04 11:54:07 -05:00
Max Sokolovsky	acdc51060f	update config to allow for specifying experiation in days (#53 ) (cherry picked from commit `148d38076d`)	2022-01-04 11:53:36 -05:00
Max Sokolovsky	3bf34c8ff9	Fix listenAndServe certificate expiration by preloading certs Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit `284cc004e8`)	2022-01-04 11:53:23 -05:00
Max Sokolovsky	097ec29ed8	Add README (cherry picked from commit `bbac29e0fa`)	2022-01-04 11:52:40 -05:00
Max Sokolovsky	500cf6baf3	Fix defaultNewSignedCertExpirationDays const This a quick fix for `2644a6ed16` (cherry picked from commit `f147aa4166`)	2022-01-04 11:47:37 -05:00
Max Sokolovsky	ada93274e5	Allow for default expiration days to be loaded from env (cherry picked from commit `2644a6ed16`)	2022-01-04 11:42:50 -05:00
Brian Downs	2df892b5d7	Add ability to force cert regeneration (#43 ) (#48 ) * add ability to force cert regeneration	2021-11-15 14:05:41 -07:00
Brad Davidson	cec44b5e30	Update wrangler to v0.8.3 Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2021-07-13 15:16:59 -07:00
Sjoerd Simons	8056fb92e8	Accept IPv6 address as CN names Expand the cnRegexp to also accept ipv6 addresses such as: * ::1 * 2a00:1450:400e:80e:: * 2a00:1450:400e:80e::200e Fixes: #37 Signed-off-by: Sjoerd Simons <sjoerd@collabora.com> (cherry picked from commit `dc7452dbb8`)	2021-06-14 14:43:06 -07:00
Dan Ramich	51bda41d9c	Merge pull request #34 from dramich/wrangler Update wrangler and drop wrangler-api	2021-04-23 08:46:33 -06:00
Dan Ramich	624606ae5a	Update wrangler and drop wrangler-api	2021-04-22 15:44:19 -06:00