controller

package
v1.2.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 7, 2024 License: MIT Imports: 23 Imported by: 0

Documentation

Overview

Package controller contains the code of the CSR-approver controller.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetCertApprovalCondition

func GetCertApprovalCondition(status *capiv1.CertificateSigningRequestStatus) (approved, denied bool)

GetCertApprovalCondition returns the current condition of the CSR (approved, denied)

func InitLogger added in v0.2.5

func InitLogger(config *Config) logr.Logger

InitLogger logger initialization

func ParseCSR

func ParseCSR(pemBytes []byte) (*x509.CertificateRequest, error)

ParseCSR extracts the CSR from the bytes and decodes it.

func ProviderChecks

func ProviderChecks(_ *certificatesv1.CertificateSigningRequest, _ *x509.CertificateRequest) (valid bool, reason string)

ProviderChecks is a function in which the Cloud Provider specifies a series of checks to run against the CSRs. The out-of-band identity checks of the CSRs should happen here

Types

type CertificateSigningRequestReconciler

type CertificateSigningRequestReconciler struct {
	ClientSet *clientset.Clientset
	client.Client
	Scheme *runtime.Scheme
	Config
}

CertificateSigningRequestReconciler reconciles a CertificateSigningRequest object

func (*CertificateSigningRequestReconciler) DNSCheck

DNSCheck is a function checking that the DNS name: complies with the provider-specific regex is resolvable (this check can be opted out with a parameter)

func (*CertificateSigningRequestReconciler) Reconcile

func (r *CertificateSigningRequestReconciler) Reconcile(ctx context.Context, req ctrl.Request) (res ctrl.Result, returnErr error)

Reconcile will perform a series of checks before deciding whether the CSR should be approved or denied cyclomatic complexity is high (over 15), but this improves readibility for the programmer, therefore we ignore the linting error

func (*CertificateSigningRequestReconciler) SetupWithManager

func (r *CertificateSigningRequestReconciler) SetupWithManager(mgr ctrl.Manager) error

SetupWithManager sets up the controller with the Manager.

func (*CertificateSigningRequestReconciler) WhitelistedIPCheck added in v0.2.0

WhitelistedIPCheck verifies that the x509cr SAN IP Addresses are contained in the set of ProviderSpecified IP addresses

type Config added in v0.2.4

type Config struct {
	LogLevel               int
	MetricsAddr            string
	ProbeAddr              string
	LeaderElection         bool
	RegexStr               string
	ProviderRegexp         func(string) bool
	IPPrefixesStr          string
	ProviderIPSet          *netipx.IPSet
	MaxExpirationSeconds   int32
	K8sConfig              *rest.Config
	DNSResolver            HostResolver
	BypassDNSResolution    bool
	IgnoreNonSystemNodeCsr bool
	AllowedDNSNames        int
	BypassHostnameCheck    bool
}

Config holds all variables needed to configure the controller

type HostResolver

type HostResolver interface {
	LookupHost(context.Context, string) ([]string, error)
}

HostResolver is used to resolve a Host with the LookupHost function

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL