truenas/chart
1
0
Fork 0
mirror of https://github.com/truenas/charts.git synced 2026-06-16 23:19:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

fail if cert is revoked or expired

Browse Source
This commit is contained in:
Stavros kois
2022-12-12 15:22:48 +02:00
parent 2b90d98b20
commit 0bf8627cc3
2 changed files with 20 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
library/common/1.0.0/templates/class/_certifcate.tpl
View File

@@ -4,7 +4,7 @@
{{- $certName := "TODO: Get the certName" -}}
{{- if include "ix.v1.common.certificate.exists" (dict "root" $root "certName" $certName) }}
{{- if (include "ix.v1.common.certificate.exists" (dict "root" $root "certName" $certName)) }}
---
apiVersion: {{ include "ix.v1.common.capabilities.secret.apiVersion" . }}
kind: Secret
@@ -22,7 +22,7 @@ metadata:
{{- . | nindent 4 }}
{{- end }}
data:
tls.crt:
tls.key:
tls.crt: {{ include "ix.v1.common.certificate.get" (dict "root" $root "certName" $certName "key" "certificate") }}
tls.key: {{ include "ix.v1.common.certificate.get" (dict "root" $root "certName" $certName "key" "privatekey") }}
{{- end -}}
{{- end -}}

35
library/common/1.0.0/templates/lib/certificate/_cert.tpl
View File

@@ -11,29 +11,28 @@ This checks that the certName exists as a key/dict.
{{- end -}}
{{/*
Returns the certificate
Returns any key (based on the .key value)
Example keys (certificate, privatekey, expired, revoked)
*/}}
{{- define "ix.v1.common.certificate.cert" -}}
{{- define "ix.v1.common.certificate.get" -}}
{{- $certName := .certName -}}
{{- $root := .root -}}
{{- $key := .key -}}
{{- if (include "ix.v1.common.certificate.exists" (dict "root" $root "certName" $certName)) -}}
{{- $certificate := (get $root.Values.ixCertificates (toString $certName)) -}}
{{- $certificate.certificate -}}
{{- if eq (get $certificate "revoked") "true" -}}
{{- fail (printf "Certificate (%s) has been revoked." $certName) -}}
{{- end -}}
{{- if eq (get $certificate "expired") "true" -}}
{{- fail (printf "Certificate (%s) has been expired." $certName) -}}
{{- end -}}
{{- if (hasKey $certificate "key") -}}
{{- get $certificate "key" -}}
{{- else -}}
{{- fail (printf "Key (%s) does not exist in certificate (%s)" $key $certName) -}}
{{- end -}}
{{- else -}}
{{ fail (printf "Certificate (%s) did not found." $certName) }}
{{- end -}}
{{- end -}}
{{/*
Returns the privateKey
*/}}
{{- define "ix.v1.common.certificate.privatekey" -}}
{{- $certName := .certName -}}
{{- $root := .root -}}
{{- if (include "ix.v1.common.certificate.exists" (dict "root" $root "certName" $certName)) -}}
{{- $privateKey := (get $root.Values.ixCertificates (toString $certName)) -}}
{{- $privateKey.privatekey -}}
{{- else -}}
{{ fail (printf "Certificate (%s) did not found." $certName) }}
{{- fail (printf "Certificate (%s) did not found." $certName) -}}
{{- end -}}
{{- end -}}