certgraphanalysis

package
v0.0.0-...-5152f1c Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 16, 2024 License: Apache-2.0 Imports: 28 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	SkipRevisioned = &resourceFilteringOptions{
		rejectConfigMapFn: func(configMap *corev1.ConfigMap) bool {
			return isRevisioned(configMap.OwnerReferences)
		},
		rejectSecretFn: func(secret *corev1.Secret) bool {
			return isRevisioned(secret.OwnerReferences)
		},
	}
	SkipHashed = &resourceFilteringOptions{
		rejectConfigMapFn: func(configMap *corev1.ConfigMap) bool {
			return hasMonitoringHashLabel(configMap.Labels)
		},
		rejectSecretFn: func(secret *corev1.Secret) bool {
			return hasMonitoringHashLabel(secret.Labels)
		},
	}
)
View Source
var (
	ElideProxyCADetails = &metadataOptions{
		rewriteCABundleFn: func(metadata metav1.ObjectMeta, caBundle *certgraphapi.CertificateAuthorityBundle) {
			if !isProxyCA(metadata, caBundle) || len(caBundle.Spec.CertificateMetadata) < 10 {
				return
			}
			caBundle.Name = "proxy-ca"
			caBundle.LogicalName = "proxy-ca"
			caBundle.Spec.CertificateMetadata = []certgraphapi.CertKeyMetadata{
				{
					CertIdentifier: certgraphapi.CertIdentifier{
						CommonName:   "synthetic-proxy-ca",
						SerialNumber: "0",
						Issuer:       nil,
					},
				},
			}
		},
	}
	SkipRevisionedLocations = &metadataOptions{
		rewriteCABundleFn: func(metadata metav1.ObjectMeta, caBundle *certgraphapi.CertificateAuthorityBundle) {
			locations := []certgraphapi.OnDiskLocation{}
			for _, loc := range caBundle.Spec.OnDiskLocations {
				if skipRevisionedInOnDiskLocation(loc) {
					continue
				}
				locations = append(locations, loc)
			}
			caBundle.Spec.OnDiskLocations = locations
		},
		rewriteCertKeyPairFn: func(metadata metav1.ObjectMeta, certKeyPair *certgraphapi.CertKeyPair) {
			locations := []certgraphapi.OnDiskCertKeyPairLocation{}
			for _, loc := range certKeyPair.Spec.OnDiskLocations {

				if len(loc.Cert.Path) != 0 && skipRevisionedInOnDiskLocation(loc.Cert) {
					continue
				}
				if len(loc.Key.Path) != 0 && skipRevisionedInOnDiskLocation(loc.Key) {
					continue
				}
				locations = append(locations, loc)
			}
			certKeyPair.Spec.OnDiskLocations = locations
		},
	}
	StripTimestamps = &metadataOptions{
		rewritePathFn: func(path string) string {
			return timestampReg.ReplaceAllString(path, "<timestamp>.pem")
		},
	}
)

Functions

func CollectAnnotations

func CollectAnnotations(annotationKeys ...string) *annotationOptions

CollectAnnotations creates an option that specifies the list of annotation to collect.

func CombineCABundleOnDiskLocations

CombineCABundleOnDiskLocations returns a CertificateAuthorityBundle with all on-disk locations from in and rhs de-duplicated into a single list

func CombineCertOnDiskLocations

CombineCertOnDiskLocations returns a CertKeyPair with all on-disk locations from in and rhs de-duplicated into a single list

func CombineConfigMapLocations

CombineConfigMapLocations returns a CertificateAuthorityBundle with all in-cluster locations from in and rhs de-duplicated into a single list

func CombineSecretLocations

CombineSecretLocations returns a CertKeyPair with all in-cluster locations from in and rhs de-duplicated into a single list

func GatherCertsFromAllNamespaces

func GatherCertsFromAllNamespaces(ctx context.Context, kubeClient kubernetes.Interface, options ...certGenerationOptions) (*certgraphapi.PKIList, error)

func GatherCertsFromDisk

func GatherCertsFromDisk(ctx context.Context, kubeClient kubernetes.Interface, dir string, options ...certGenerationOptions) (*certgraphapi.PKIList, error)

func GatherCertsFromPlatformNamespaces

func GatherCertsFromPlatformNamespaces(ctx context.Context, kubeClient kubernetes.Interface, options ...certGenerationOptions) (*certgraphapi.PKIList, error)

func GetBootstrapIPAndHostname

func GetBootstrapIPAndHostname(ctx context.Context, kubeClient kubernetes.Interface) (string, string, error)

GetBootstrapIPAndHostname finds bootstrap IP and hostname in openshift-etcd namespace configmaps and secrets Either IP or hostname may be empty

func GetCAFromKubeConfig

func GetCAFromKubeConfig(kubeConfig *rest.Config, namespace, name string) (*certgraphapi.CertificateAuthorityBundle, error)

func GetCertKeyPairsFromKubeConfig

func GetCertKeyPairsFromKubeConfig(authInfo *clientcmdapi.AuthInfo, obj *metav1.ObjectMeta) ([]*certgraphapi.CertKeyPair, error)

func InspectSecret

func InspectSecret(obj *corev1.Secret) ([]*certgraphapi.CertKeyPair, error)

func InspectSecretAsKubeConfig

func InspectSecretAsKubeConfig(obj *corev1.Secret) ([]*certgraphapi.CertKeyPair, error)

func MergePKILists

func MergePKILists(ctx context.Context, first, second *certgraphapi.PKIList) *certgraphapi.PKIList

func RewriteNodeNames

func RewriteNodeNames(nodeList []*corev1.Node, bootstrapHostname string) *metadataOptions

func StripRootFSMountPoint

func StripRootFSMountPoint(rootfsMount string) *metadataOptions

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL