本文整理汇总了Golang中github.com/openshift/origin/pkg/cmd/util.PrivateKeysFromPEM函数的典型用法代码示例。如果您正苦于以下问题:Golang PrivateKeysFromPEM函数的具体用法?Golang PrivateKeysFromPEM怎么用?Golang PrivateKeysFromPEM使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了PrivateKeysFromPEM函数的3个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。
示例1: secretToPem
// secretToPem composes a PEM file at the output directory from an input private key and crt file.
func secretToPem(secPath, outName string) error {
// The secret, when present, is mounted on /etc/pki/tls/private
// The secret has two components crt.tls and key.tls
// When the default cert is provided by the admin it is a pem
// tls.crt is the supplied pem and tls.key is the key
// extracted from the pem
// When the admin does not provide a default cert, the secret
// is created via the service annotation. In this case
// tls.crt is the cert and tls.key is the key
// The crt and key are concatenated to form the needed pem
var fileCrtName = filepath.Join(secPath, "tls.crt")
var fileKeyName = filepath.Join(secPath, "tls.key")
pemBlock, err := ioutil.ReadFile(fileCrtName)
if err != nil {
return err
}
keys, err := cmdutil.PrivateKeysFromPEM(pemBlock)
if err != nil {
return err
}
if len(keys) == 0 {
// Try to get the key from the tls.key file
keyBlock, err := ioutil.ReadFile(fileKeyName)
if err != nil {
return err
}
pemBlock = append(pemBlock, keyBlock...)
}
return ioutil.WriteFile(outName, pemBlock, 0444)
}
示例2: generateSecretsConfig
// generateSecretsConfig generates any Secret and Volume objects, such
// as the TLS serving cert that are necessary for the registry container.
// Runs true if the registry should be served over TLS.
func generateSecretsConfig(
cfg *RegistryConfig, namespace string, defaultCrt, defaultKey []byte,
) ([]*kapi.Secret, []kapi.Volume, []kapi.VolumeMount, app.Environment, bool, error) {
var secrets []*kapi.Secret
var volumes []kapi.Volume
var mounts []kapi.VolumeMount
extraEnv := app.Environment{}
if len(defaultCrt) > 0 && len(defaultKey) == 0 {
keys, err := cmdutil.PrivateKeysFromPEM(defaultCrt)
if err != nil {
return nil, nil, nil, nil, false, err
}
if len(keys) == 0 {
return nil, nil, nil, nil, false, fmt.Errorf("the default cert must contain a private key")
}
defaultKey = keys
}
if len(defaultCrt) > 0 {
secret := &kapi.Secret{
ObjectMeta: kapi.ObjectMeta{
Name: fmt.Sprintf("%s-certs", cfg.Name),
},
Type: kapi.SecretTypeTLS,
Data: map[string][]byte{
kapi.TLSCertKey: defaultCrt,
kapi.TLSPrivateKeyKey: defaultKey,
},
}
secrets = append(secrets, secret)
volume := kapi.Volume{
Name: "server-certificate",
VolumeSource: kapi.VolumeSource{
Secret: &kapi.SecretVolumeSource{
SecretName: secret.Name,
},
},
}
volumes = append(volumes, volume)
mount := kapi.VolumeMount{
Name: volume.Name,
ReadOnly: true,
MountPath: defaultCertificateDir,
}
mounts = append(mounts, mount)
extraEnv.Add(app.Environment{
"REGISTRY_HTTP_TLS_CERTIFICATE": path.Join(defaultCertificateDir, kapi.TLSCertKey),
"REGISTRY_HTTP_TLS_KEY": path.Join(defaultCertificateDir, kapi.TLSPrivateKeyKey),
})
}
secretBytes := make([]byte, randomSecretSize)
if _, err := cryptorand.Read(secretBytes); err != nil {
return nil, nil, nil, nil, false, fmt.Errorf("registry does not exist; could not generate random bytes for HTTP secret: %v", err)
}
httpSecretString := base64.StdEncoding.EncodeToString(secretBytes)
extraEnv["REGISTRY_HTTP_SECRET"] = httpSecretString
return secrets, volumes, mounts, extraEnv, len(defaultCrt) > 0, nil
}
示例3: generateSecretsConfig
// generateSecretsConfig generates any Secret and Volume objects, such
// as SSH private keys, that are necessary for the router container.
func generateSecretsConfig(cfg *RouterConfig, kClient *kclient.Client,
namespace string, defaultCert []byte) ([]*kapi.Secret, []kapi.Volume, []kapi.VolumeMount,
error) {
var secrets []*kapi.Secret
var volumes []kapi.Volume
var mounts []kapi.VolumeMount
if len(cfg.ExternalHostPrivateKey) != 0 {
privkeyData, err := fileutil.LoadData(cfg.ExternalHostPrivateKey)
if err != nil {
return secrets, volumes, mounts, fmt.Errorf("error reading private key for external host: %v", err)
}
secret := &kapi.Secret{
ObjectMeta: kapi.ObjectMeta{
Name: privkeySecretName,
},
Data: map[string][]byte{privkeyName: privkeyData},
}
secrets = append(secrets, secret)
volume := kapi.Volume{
Name: secretsVolumeName,
VolumeSource: kapi.VolumeSource{
Secret: &kapi.SecretVolumeSource{
SecretName: privkeySecretName,
},
},
}
volumes = append(volumes, volume)
mount := kapi.VolumeMount{
Name: secretsVolumeName,
ReadOnly: true,
MountPath: secretsPath,
}
mounts = append(mounts, mount)
}
if len(defaultCert) > 0 {
keys, err := cmdutil.PrivateKeysFromPEM(defaultCert)
if err != nil {
return nil, nil, nil, err
}
if len(keys) == 0 {
return nil, nil, nil, fmt.Errorf("the default cert must contain a private key")
}
secret := &kapi.Secret{
ObjectMeta: kapi.ObjectMeta{
Name: fmt.Sprintf("%s-certs", cfg.Name),
},
Type: kapi.SecretTypeTLS,
Data: map[string][]byte{
kapi.TLSCertKey: defaultCert,
kapi.TLSPrivateKeyKey: keys,
},
}
secrets = append(secrets, secret)
volume := kapi.Volume{
Name: "server-certificate",
VolumeSource: kapi.VolumeSource{
Secret: &kapi.SecretVolumeSource{
SecretName: secret.Name,
},
},
}
volumes = append(volumes, volume)
mount := kapi.VolumeMount{
Name: volume.Name,
ReadOnly: true,
MountPath: defaultCertificateDir,
}
mounts = append(mounts, mount)
}
return secrets, volumes, mounts, nil
}