mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2025-12-23 06:15:47 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Address PR feedback, especially to check that the CA bundle is some kind of valid cert

Browse Source
This commit is contained in:
Joshua Casey
2023-08-01 13:29:43 -05:00
parent 959f18b67b
commit dc61d132cf
39 changed files with 397 additions and 94 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
apis/concierge/config/v1alpha1/types_credentialissuer.go.tmpl
View File

@@ -82,6 +82,12 @@ const (
// ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should
// serve TLS.
//
// If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check the secret
// for a field called "ca.crt", which will be used as the CertificateAuthorityData.
//
// If neither CertificateAuthorityData nor ca.crt is provided, no CA bundle will be advertised for
// the impersonation proxy endpoint.
type ImpersonationProxyTLSSpec struct {
// X.509 Certificate Authority (base64-encoded PEM bundle).
// Used to advertise the CA bundle for the impersonation proxy endpoint.
@@ -119,6 +125,8 @@ type ImpersonationProxySpec struct {
// TLS contains information about how the Concierge impersonation proxy should serve TLS.
//
// If this field is empty, the impersonation proxy will generate its own TLS certificate.
//
// +optional
TLS *ImpersonationProxyTLSSpec `json:"tls,omitempty"`
}