KIALI-2148 Add Status telling about mTLS globally enabling

kiali · Jan 28, 2019 · ae2c1f1 · ae2c1f1
1 parent f16acdf
commit ae2c1f1
Show file tree

Hide file tree

Showing 4 changed files with 155 additions and 0 deletions.
diff --git a/business/istio_config.go b/business/istio_config.go
@@ -473,3 +473,43 @@ func getUpdateDeletePermissions(k8s kubernetes.IstioClientInterface, namespace,
 	}
 	return canUpdate || canPatch, canDelete
 }
+
+func (in *IstioConfigService) IsMTLSGloballyEnabled() (bool, error) {
+	mps, err := in.k8s.GetMeshPolicies()
+	if err != nil {
+		return false, err
+	}
+
+	mtlsEnabled := false
+
+	for _, mp := range mps {
+
+		// It is mandatory to have default as a name
+		if meshMeta := mp.GetObjectMeta(); meshMeta.Name != "default" {
+			continue
+		}
+
+		// It is no globally enabled when has targets
+		targets, targetPresent := mp.GetSpec()["targets"]
+		specificTarget := targetPresent && len(targets.([]interface{})) > 0
+		if specificTarget {
+			continue
+		}
+
+		// It is globally enabled when a peer has mtls enabled
+		peers, peersPresent := mp.GetSpec()["peers"]
+		if !peersPresent {
+			continue
+		}
+
+		for _, peer := range peers.([]interface{}) {
+			peerMap := peer.(map[string]interface{})
+			if _, present := peerMap["mtls"]; present {
+				mtlsEnabled = true
+				break
+			}
+		}
+	}
+
+	return mtlsEnabled, nil
+}
diff --git a/business/istio_config_test.go b/business/istio_config_test.go
@@ -804,3 +804,86 @@ func TestCreateIstioConfigDetails(t *testing.T) {
 	assert.Equal("listchecker-to-update", createTemplate.Template.Metadata.Name)
 	assert.Nil(err)
 }
+
+func TestGloballyEnabledWithOneMeshPolicy(t *testing.T) {
+	assert := assert.New(t)
+
+	k8s := new(kubetest.K8SClientMock)
+	k8s.On("GetMeshPolicies").Return(fakeMeshPolicyEnablingMTLS("default"), nil)
+
+	istioConfigService := IstioConfigService{k8s: k8s}
+	isGloballyEnabled, err := (istioConfigService).IsMTLSGloballyEnabled()
+
+	assert.NoError(err)
+	assert.Equal(true, isGloballyEnabled)
+}
+
+func TestGloballyEnabledWithOneMeshPolicyWithWrongName(t *testing.T) {
+	assert := assert.New(t)
+
+	k8s := new(kubetest.K8SClientMock)
+	k8s.On("GetMeshPolicies").Return(fakeMeshPolicyEnablingMTLS("wrong-name"), nil)
+
+	istioConfigService := IstioConfigService{k8s: k8s}
+	isGloballyEnabled, err := (istioConfigService).IsMTLSGloballyEnabled()
+
+	assert.NoError(err)
+	assert.Equal(false, isGloballyEnabled)
+}
+
+func fakeMeshPolicyEnablingMTLS(name string) []kubernetes.IstioObject {
+	policy := kubernetes.GenericIstioObject{}
+	policy.Name = name
+	policy.Spec = map[string]interface{}{
+		"peers": []interface{}{
+			map[string]interface{}{
+				"mtls": "",
+			},
+		},
+	}
+	return []kubernetes.IstioObject{&policy}
+}
+
+func TestNotGloballyEnabledWithoutMeshPolicy(t *testing.T) {
+	assert := assert.New(t)
+
+	k8s := new(kubetest.K8SClientMock)
+	k8s.On("GetMeshPolicies").Return([]kubernetes.IstioObject{}, nil)
+
+	istioConfigService := IstioConfigService{k8s: k8s}
+	isGloballyEnabled, err := (istioConfigService).IsMTLSGloballyEnabled()
+
+	assert.NoError(err)
+	assert.Equal(false, isGloballyEnabled)
+}
+
+func TestNotGloballyEnabledWithAMeshPolicy(t *testing.T) {
+	assert := assert.New(t)
+
+	k8s := new(kubetest.K8SClientMock)
+	k8s.On("GetMeshPolicies").Return(fakeMeshPolicyEnablingMTLSSpecificTarget(), nil)
+
+	istioConfigService := IstioConfigService{k8s: k8s}
+	isGloballyEnabled, err := (istioConfigService).IsMTLSGloballyEnabled()
+
+	assert.NoError(err)
+	assert.Equal(false, isGloballyEnabled)
+}
+
+func fakeMeshPolicyEnablingMTLSSpecificTarget() []kubernetes.IstioObject {
+	policy := kubernetes.GenericIstioObject{}
+	policy.Name = "non-global-tls-enabler"
+	policy.Spec = map[string]interface{}{
+		"peers": []interface{}{
+			map[string]interface{}{
+				"mtls": "",
+			},
+		},
+		"targets": []interface{}{
+			map[string]interface{}{
+				"name": "productpage",
+			},
+		},
+	}
+	return []kubernetes.IstioObject{&policy}
+}
diff --git a/status/mtls_status.go b/status/mtls_status.go
@@ -0,0 +1,26 @@
+package status
+
+import (
+	"github.com/kiali/kiali/business"
+)
+
+func (si *StatusInfo) getmTLSStatus() {
+	// Get business layer
+	business, err := business.Get()
+	if err != nil {
+		Put(ClusterMTLS, "error")
+		return
+	}
+
+	isGlobalmTLSEnabled, err := business.IstioConfig.IsMTLSGloballyEnabled()
+	if err != nil {
+		Put(ClusterMTLS, "error")
+	}
+
+	status := "Not globally enabled"
+	if isGlobalmTLSEnabled {
+		status = "Globally enabled"
+	}
+
+	Put(ClusterMTLS, status)
+}
diff --git a/status/status.go b/status/status.go
@@ -7,6 +7,7 @@ const (
 	CoreVersion    = name + " core version"
 	CoreCommitHash = name + " core commit hash"
 	State          = name + " state"
+	ClusterMTLS    = "Istio mTLS"
 	StateRunning   = "running"
 )
 
@@ -75,6 +76,11 @@ func Put(name, value string) (previous string, hasPrevious bool) {
 func Get() (status StatusInfo) {
 	info.ExternalServices = []ExternalServiceInfo{}
 	info.WarningMessages = []string{}
+	info.getmTLSStatus()
 	getVersions()
 	return info
 }
+
+func getMTLSStatus() {
+
+}