internal/provider -> internal/dynamiccert

3 main reasons: - The cert and key that we store in this object are not always used for TLS. - The package name "provider" was a little too generic. - dynamiccert.Provider reads more go-ish than provider.DynamicCertProvider. Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2026-01-03 11:45:45 +00:00 · 2020-09-23 08:26:59 -04:00
parent f8e872d1af
commit 6c555f94e3
11 changed files with 80 additions and 72 deletions
--- a/internal/dynamiccert/doc.go
+++ b/internal/dynamiccert/doc.go
@@ -0,0 +1,6 @@
+// Copyright 2020 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+// Package dynamiccert provides a simple way of communicating a dynamically updating PEM-encoded
+// certificate and key.
+package dynamiccert
--- a/internal/dynamiccert/provider.go
+++ b/internal/dynamiccert/provider.go
@@ -0,0 +1,45 @@
+// Copyright 2020 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package dynamiccert
+
+import (
+	"sync"
+
+	"k8s.io/apiserver/pkg/server/dynamiccertificates"
+)
+
+// Provider provides a getter, CurrentCertKeyContent(), and a setter, Set(), for a PEM-formatted
+// certificate and matching key.
+type Provider interface {
+	dynamiccertificates.CertKeyContentProvider
+	Set(certPEM, keyPEM []byte)
+}
+
+type provider struct {
+	certPEM []byte
+	keyPEM  []byte
+	mutex   sync.RWMutex
+}
+
+// New returns an empty Provider. The returned Provider is thread-safe.
+func New() Provider {
+	return &provider{}
+}
+
+func (p *provider) Set(certPEM, keyPEM []byte) {
+	p.mutex.Lock() // acquire a write lock
+	defer p.mutex.Unlock()
+	p.certPEM = certPEM
+	p.keyPEM = keyPEM
+}
+
+func (p *provider) Name() string {
+	return "DynamicCertProvider"
+}
+
+func (p *provider) CurrentCertKeyContent() (cert []byte, key []byte) {
+	p.mutex.RLock() // acquire a read lock
+	defer p.mutex.RUnlock()
+	return p.certPEM, p.keyPEM
+}