This repository has been archived by the owner on Feb 15, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 4
/
reconciler.go
55 lines (47 loc) · 1.52 KB
/
reconciler.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
package autoapprover
import (
"github.com/go-logr/logr"
certsv1beta1 "k8s.io/api/certificates/v1beta1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
kubeclient "k8s.io/client-go/kubernetes"
certslister "k8s.io/client-go/listers/certificates/v1beta1"
ctrl "sigs.k8s.io/controller-runtime"
)
type AutoApprover struct {
Lister certslister.CertificateSigningRequestLister
KubeClient kubeclient.Interface
Log logr.Logger
}
func (a *AutoApprover) Reconcile(req ctrl.Request) (ctrl.Result, error) {
logger := a.Log.WithValues("csr", req.NamespacedName.String())
logger.Info("Start reconcile")
csr, err := a.Lister.Get(req.Name)
if err != nil {
return ctrl.Result{}, err
}
if isApproved(csr) {
logger.Info("CSR is already approved")
return ctrl.Result{}, nil
}
logger.Info("Approving CSR")
err = a.approveCSR(csr)
return ctrl.Result{}, err
}
func (a *AutoApprover) approveCSR(csr *certsv1beta1.CertificateSigningRequest) error {
csr.Status.Conditions = append(csr.Status.Conditions, certsv1beta1.CertificateSigningRequestCondition{
Type: certsv1beta1.CertificateApproved,
Reason: "KubectlApprove",
Message: "This CSR was automatically approved.",
LastUpdateTime: metav1.Now(),
})
_, err := a.KubeClient.CertificatesV1beta1().CertificateSigningRequests().UpdateApproval(csr)
return err
}
func isApproved(csr *certsv1beta1.CertificateSigningRequest) bool {
for _, c := range csr.Status.Conditions {
if c.Type == certsv1beta1.CertificateApproved {
return true
}
}
return false
}