github/open-cluster-management
1
0
Fork 0
mirror of https://github.com/open-cluster-management-io/ocm.git synced 2026-02-14 18:09:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
d3d648283ef0a50c54d50fd35bfe784acbd1c742
open-cluster-management/pkg/registration/clientcert/certficate_beta.go
Jian Zhu d3d648283e 🌱 Configure the golangci lint (#180) 
* 🌱 Configure the golangci lint

Signed-off-by: zhujian <jiazhu@redhat.com>

* 🌱 Fix lint issues

Signed-off-by: zhujian <jiazhu@redhat.com>

---------

Signed-off-by: zhujian <jiazhu@redhat.com>
2023-06-13 03:51:48 -04:00

97 lines
2.9 KiB
Go
Raw Blame History

package clientcert
import (
"context"
"fmt"
"github.com/openshift/library-go/pkg/operator/events"
certificates "k8s.io/api/certificates/v1beta1"
apierrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
certificatesinformers "k8s.io/client-go/informers/certificates/v1beta1"
csrclient "k8s.io/client-go/kubernetes/typed/certificates/v1beta1"
certificateslisters "k8s.io/client-go/listers/certificates/v1beta1"
"k8s.io/client-go/tools/cache"
)
var _ CSRControl = &v1beta1CSRControl{}
type v1beta1CSRControl struct {
hubCSRInformer certificatesinformers.CertificateSigningRequestInformer
hubCSRLister certificateslisters.CertificateSigningRequestLister
hubCSRClient csrclient.CertificateSigningRequestInterface
}
func (v *v1beta1CSRControl) isApproved(name string) (bool, error) {
csr, err := v.get(name)
if err != nil {
return false, err
}
v1beta1CSR := csr.(*certificates.CertificateSigningRequest)
approved := false
for _, condition := range v1beta1CSR.Status.Conditions {
if condition.Type == certificates.CertificateDenied {
return false, nil
} else if condition.Type == certificates.CertificateApproved {
approved = true
}
}
return approved, nil
}
func (v *v1beta1CSRControl) getIssuedCertificate(name string) ([]byte, error) {
csr, err := v.get(name)
if err != nil {
return nil, err
}
v1beta1CSR := csr.(*certificates.CertificateSigningRequest)
// skip if csr has no certificate in its status yet
if len(v1beta1CSR.Status.Certificate) == 0 {
return nil, nil
}
return v1beta1CSR.Status.Certificate, nil
}
func (v *v1beta1CSRControl) create(ctx context.Context, recorder events.Recorder, objMeta metav1.ObjectMeta,
csrData []byte, signerName string, expirationSeconds *int32) (string, error) {
csr := &certificates.CertificateSigningRequest{
ObjectMeta: objMeta,
Spec: certificates.CertificateSigningRequestSpec{
Request: csrData,
Usages: []certificates.KeyUsage{
certificates.UsageDigitalSignature,
certificates.UsageKeyEncipherment,
certificates.UsageClientAuth,
},
SignerName: &signerName,
ExpirationSeconds: expirationSeconds,
},
}
req, err := v.hubCSRClient.Create(ctx, csr, metav1.CreateOptions{})
if err != nil {
return "", err
}
recorder.Eventf("CSRCreated", "A csr %q is created", req.Name)
return req.Name, nil
}
func (v *v1beta1CSRControl) Informer() cache.SharedIndexInformer {
return v.hubCSRInformer.Informer()
}
func (v *v1beta1CSRControl) get(name string) (metav1.Object, error) {
csr, err := v.hubCSRLister.Get(name)
switch {
case apierrors.IsNotFound(err):
// fallback to fetching csr from hub apiserver in case it is not cached by informer yet
csr, err = v.hubCSRClient.Get(context.Background(), name, metav1.GetOptions{})
if apierrors.IsNotFound(err) {
return nil, fmt.Errorf("unable to get csr %q. It might have already been deleted", name)
}
case err != nil:
return nil, err
}
return csr, nil
}
Reference in New Issue View Git Blame Copy Permalink