Rename pki to pekahi

1698270e · kaiyou · 59255f92 · 1698270e · 1698270e · 1698270e
Commit 1698270e authored 2 years ago by kaiyou
--- a/pkg/cluster/pki.go
+++ b/pkg/cluster/pki.go
@@ -6,42 +6,42 @@ import (
 	"os"
 	"path/filepath"
-	"forge.tedomum.net/acides/hepto/hepto/pkg/pki"
+	"forge.tedomum.net/acides/hepto/hepto/pkg/pekahi"
 	"github.com/sirupsen/logrus"
 )
 // Cluster PKI is made of three different PKIs
 type ClusterPKI struct {
 	// Signs services exposed over the cluster
-	Services *pki.PKI `json:"services"`
+	Services *pekahi.PKI `json:"services"`
 	// Signs kubelet client certificates (master)
-	Kubelet *pki.PKI `json:"kubelet"`
+	Kubelet *pekahi.PKI `json:"kubelet"`
 	// Signs apiserver client certificates (nodes and controller)
-	API *pki.PKI `json:"api"`
+	API *pekahi.PKI `json:"api"`
 }
 // Node certs
 type NodeCerts struct {
 	// Certificate for exposing the kubelet service
-	Service *pki.Certificate `json:"service"`
+	Service *pekahi.Certificate `json:"service"`
 	// Node certificate for accessing the apiserver
-	API *pki.Certificate `json:"api"`
+	API *pekahi.Certificate `json:"api"`
 }
 // Master certs
 type MasterCerts struct {
 	// Certificate for exposing the apiserver
-	Service *pki.Certificate
+	Service *pekahi.Certificate
 	// Certificate for signing tokens
-	Tokens *pki.Certificate
+	Tokens *pekahi.Certificate
 	// Certificate for authenticating against kubelets
-	Kubelet *pki.Certificate
+	Kubelet *pekahi.Certificate
 	// Service certificate for the controller manager
-	Controllers *pki.Certificate
+	Controllers *pekahi.Certificate
 	// API client certificate for the controller manager
-	ControllersClient *pki.Certificate
+	ControllersClient *pekahi.Certificate
 	// API client certificate for the scheduler
-	SchedulerClient *pki.Certificate
+	SchedulerClient *pekahi.Certificate
 }
 // Merge PKI
@@ -63,7 +63,7 @@ func (n *ClusterPKI) Merge(other *ClusterPKI) bool {
 }
 // Merge a single node or master certificate
-func mergeCert(local *pki.Certificate, remote *pki.Certificate) bool {
+func mergeCert(local *pekahi.Certificate, remote *pekahi.Certificate) bool {
 	change := false
 	// Import CSR to master for signing
 	if local.CSR == nil && remote.CSR != nil {
@@ -91,15 +91,15 @@ func NewClusterPKI(path string) (*ClusterPKI, error) {
 	if err != nil {
 		return nil, err
 	}
-	servicesCA, err := pki.GetPKI(filepath.Join(path, "services"))
+	servicesCA, err := pekahi.GetPKI(filepath.Join(path, "services"))
 	if err != nil {
 		return nil, err
 	}
-	kubeletCA, err := pki.GetPKI(filepath.Join(path, "kubelet"))
+	kubeletCA, err := pekahi.GetPKI(filepath.Join(path, "kubelet"))
 	if err != nil {
 		return nil, err
 	}
-	apiserverCA, err := pki.GetPKI(filepath.Join(path, "api"))
+	apiserverCA, err := pekahi.GetPKI(filepath.Join(path, "api"))
 	if err != nil {
 		return nil, err
 	}
@@ -112,20 +112,20 @@ func NewNodeCerts(path string, nodeName string) (*NodeCerts, error) {
 		return nil, err
 	}
 	// Service certificate
-	serviceCert, err := pki.GetCertificate(filepath.Join(path, "service"))
+	serviceCert, err := pekahi.GetCertificate(filepath.Join(path, "service"))
 	if err != nil {
 		return nil, err
 	}
-	err = serviceCert.MakeCSR(pki.NewServerTemplate([]string{nodeName}, []net.IP{}))
+	err = serviceCert.MakeCSR(pekahi.NewServerTemplate([]string{nodeName}, []net.IP{}))
 	if err != nil {
 		return nil, err
 	}
 	// API certificate
-	apiClientCert, err := pki.GetCertificate(filepath.Join(path, "api"))
+	apiClientCert, err := pekahi.GetCertificate(filepath.Join(path, "api"))
 	if err != nil {
 		return nil, err
 	}
-	err = apiClientCert.MakeCSR(pki.NewClientTemplate("system:nodes:"+nodeName, "system:nodes"))
+	err = apiClientCert.MakeCSR(pekahi.NewClientTemplate("system:nodes:"+nodeName, "system:nodes"))
 	if err != nil {
 		return nil, err
 	}
@@ -141,52 +141,52 @@ func NewMasterCerts(path string, ip net.IP) (*MasterCerts, error) {
 		return nil, err
 	}
 	// Service certificate
-	serviceCert, err := pki.GetCertificate(filepath.Join(path, "service"))
+	serviceCert, err := pekahi.GetCertificate(filepath.Join(path, "service"))
 	if err != nil {
 		return nil, err
 	}
-	err = serviceCert.MakeCSR(pki.NewServerTemplate([]string{"apiserver"}, []net.IP{ip}))
+	err = serviceCert.MakeCSR(pekahi.NewServerTemplate([]string{"apiserver"}, []net.IP{ip}))
 	if err != nil {
 		return nil, err
 	}
 	// Tokens key
-	tokenKey, err := pki.GetCertificate(filepath.Join(path, "tokens"))
+	tokenKey, err := pekahi.GetCertificate(filepath.Join(path, "tokens"))
 	if err != nil {
 		return nil, err
 	}
 	// Kubelet certificate
-	kubeletClientCert, err := pki.GetCertificate(filepath.Join(path, "kubelet"))
+	kubeletClientCert, err := pekahi.GetCertificate(filepath.Join(path, "kubelet"))
 	if err != nil {
 		return nil, err
 	}
-	err = kubeletClientCert.MakeCSR(pki.NewClientTemplate("apiserver", ""))
+	err = kubeletClientCert.MakeCSR(pekahi.NewClientTemplate("apiserver", ""))
 	if err != nil {
 		return nil, err
 	}
 	// Controller manager certificate
-	controllersCert, err := pki.GetCertificate(filepath.Join(path, "kubelet"))
+	controllersCert, err := pekahi.GetCertificate(filepath.Join(path, "kubelet"))
 	if err != nil {
 		return nil, err
 	}
-	err = controllersCert.MakeCSR(pki.NewServerTemplate([]string{"controllers"}, []net.IP{ip}))
+	err = controllersCert.MakeCSR(pekahi.NewServerTemplate([]string{"controllers"}, []net.IP{ip}))
 	if err != nil {
 		return nil, err
 	}
 	// Controller manager API client certificate
-	controllersClientCert, err := pki.GetCertificate(filepath.Join(path, "controllers-client"))
+	controllersClientCert, err := pekahi.GetCertificate(filepath.Join(path, "controllers-client"))
 	if err != nil {
 		return nil, err
 	}
-	err = controllersClientCert.MakeCSR(pki.NewClientTemplate("system:kube-controller-manager", ""))
+	err = controllersClientCert.MakeCSR(pekahi.NewClientTemplate("system:kube-controller-manager", ""))
 	if err != nil {
 		return nil, err
 	}
 	// Scheduler API client certificate
-	schedulerClientCert, err := pki.GetCertificate(filepath.Join(path, "scheduler-client"))
+	schedulerClientCert, err := pekahi.GetCertificate(filepath.Join(path, "scheduler-client"))
 	if err != nil {
 		return nil, err
 	}
-	err = schedulerClientCert.MakeCSR(pki.NewClientTemplate("system:kube-scheduler", ""))
+	err = schedulerClientCert.MakeCSR(pekahi.NewClientTemplate("system:kube-scheduler", ""))
 	if err != nil {
 		return nil, err
 	}
@@ -200,7 +200,7 @@ func NewMasterCerts(path string, ip net.IP) (*MasterCerts, error) {
 	}, nil
 }
-func signCert(p *pki.PKI, c *pki.Certificate, template *x509.Certificate) {
+func signCert(p *pekahi.PKI, c *pekahi.Certificate, template *x509.Certificate) {
 	if c.CSR != nil && c.Cert == nil {
 		logrus.Info("signing certificate ", c.CSR.Subject.String())
 		err := p.Sign(c, template)
@@ -211,14 +211,14 @@ func signCert(p *pki.PKI, c *pki.Certificate, template *x509.Certificate) {
 }
 func (p *ClusterPKI) SignNodeCerts(name string, n *NodeCerts) {
-	signCert(p.Services, n.Service, pki.NewServerTemplate([]string{name}, []net.IP{}))
+	signCert(p.Services, n.Service, pekahi.NewServerTemplate([]string{name}, []net.IP{}))
-	signCert(p.API, n.API, pki.NewClientTemplate("system:node:"+name, "system:nodes"))
+	signCert(p.API, n.API, pekahi.NewClientTemplate("system:node:"+name, "system:nodes"))
 }
 func (p *ClusterPKI) SignMasterCerts(m *MasterCerts) {
-	signCert(p.Services, m.Service, pki.NewServerTemplate(m.Service.CSR.DNSNames, m.Service.CSR.IPAddresses))
+	signCert(p.Services, m.Service, pekahi.NewServerTemplate(m.Service.CSR.DNSNames, m.Service.CSR.IPAddresses))
-	signCert(p.Kubelet, m.Kubelet, pki.NewClientTemplate(m.Kubelet.CSR.Subject.CommonName, ""))
+	signCert(p.Kubelet, m.Kubelet, pekahi.NewClientTemplate(m.Kubelet.CSR.Subject.CommonName, ""))
-	signCert(p.Services, m.Controllers, pki.NewServerTemplate(m.Controllers.CSR.DNSNames, m.Controllers.CSR.IPAddresses))
+	signCert(p.Services, m.Controllers, pekahi.NewServerTemplate(m.Controllers.CSR.DNSNames, m.Controllers.CSR.IPAddresses))
-	signCert(p.API, m.ControllersClient, pki.NewClientTemplate(m.ControllersClient.CSR.Subject.CommonName, ""))
+	signCert(p.API, m.ControllersClient, pekahi.NewClientTemplate(m.ControllersClient.CSR.Subject.CommonName, ""))
-	signCert(p.API, m.SchedulerClient, pki.NewClientTemplate(m.SchedulerClient.CSR.Subject.CommonName, ""))
+	signCert(p.API, m.SchedulerClient, pekahi.NewClientTemplate(m.SchedulerClient.CSR.Subject.CommonName, ""))
 }
--- a/pkg/pki/cert.go
+++ b/pkg/pki/cert.go
-package pki
+package pekahi
 import (
 	"crypto"

--- a/pkg/pki/io.go
+++ b/pkg/pki/io.go
-package pki
+package pekahi
 import (
 	"encoding/pem"

--- a/pkg/pki/json.go
+++ b/pkg/pki/json.go
-package pki
+package pekahi
 import (
 	"crypto/x509"

--- a/pkg/pki/pki.go
+++ b/pkg/pki/pki.go
-package pki
+package pekahi
 import (
 	"path/filepath"

--- a/pkg/pki/templates.go
+++ b/pkg/pki/templates.go
-package pki
+package pekahi
 import (
 	"crypto/rand"