gsadmin/certctl
1
0
Fork 0
mirror of https://github.com/shankar0123/certctl.git synced 2026-06-12 07:38:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(M47): add Kubernetes Secrets target + AWS ACM PCA issuer connectors

Browse Source 
Implement both M47 connectors with full cross-layer wiring:

Kubernetes Secrets target: DNS-1123 validation, kubernetes.io/tls Secret
create-or-update, chain concatenation, serial number validation, Helm
RBAC gating. 18 tests.

AWS ACM Private CA issuer: synchronous issuance (like Vault), ARN regex
validation, RFC 5280 revocation reason mapping, CA cert retrieval,
factory + env var seeding. 23 tests.

Cross-cutting: domain types, service validation, config, factory, agent
dispatch, frontend (TargetsPage, issuerTypes), OpenAPI, seed data, Helm
chart, connectors docs, README. Testing docs (testing-guide, qa-test-guide,
qa_test.go) with Parts thematically integrated near related connectors.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Shankar
2026-04-07 20:21:09 -04:00
parent f17027c62b
commit e72f06f35b
22 changed files with 2620 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/service/issuer.go
+21
View File
@@ -90,6 +90,7 @@ var validIssuerTypes = map[domain.IssuerType]bool{
domain.IssuerTypeDigiCert: true,
domain.IssuerTypeSectigo: true,
domain.IssuerTypeGoogleCAS: true,
domain.IssuerTypeAWSACMPCA: true,
}
// isValidIssuerType checks if a type string is a known issuer type.
@@ -482,6 +483,26 @@ func (s *IssuerService) buildEnvVarSeeds(cfg *config.Config) []*domain.Issuer {
})
}
// Conditional: AWS ACM PCA
if cfg.AWSACMPCA.CAArn != "" {
seeds = append(seeds, &domain.Issuer{
ID: "iss-awsacmpca",
Name: "AWS ACM Private CA",
Type: domain.IssuerTypeAWSACMPCA,
Config: mustJSON(map[string]interface{}{
"region": cfg.AWSACMPCA.Region,
"ca_arn": cfg.AWSACMPCA.CAArn,
"signing_algorithm": cfg.AWSACMPCA.SigningAlgorithm,
"validity_days": cfg.AWSACMPCA.ValidityDays,
"template_arn": cfg.AWSACMPCA.TemplateArn,
}),
Enabled: true,
Source: "env",
CreatedAt: now,
UpdatedAt: now,
})
}
return seeds
}
internal/service/target.go
+4 -3
View File
@@ -24,9 +24,10 @@ var validTargetTypes = map[domain.TargetType]bool{
domain.TargetTypeEnvoy: true,
domain.TargetTypePostfix: true,
domain.TargetTypeDovecot: true,
domain.TargetTypeSSH: true,
domain.TargetTypeWinCertStore: true,
domain.TargetTypeJavaKeystore: true,
domain.TargetTypeSSH: true,
domain.TargetTypeWinCertStore: true,
domain.TargetTypeJavaKeystore: true,
domain.TargetTypeKubernetesSecrets: true,
}
// isValidTargetType checks if a type string is a known target type.