-
Notifications
You must be signed in to change notification settings - Fork 297
/
ca.go
51 lines (41 loc) · 1.65 KB
/
ca.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
package pki
import (
"bytes"
"fmt"
corev1 "k8s.io/api/core/v1"
"github.com/openshift/hypershift/support/certs"
"github.com/openshift/hypershift/support/config"
)
func reconcileSelfSignedCA(secret *corev1.Secret, ownerRef config.OwnerRef, cn, ou string) error {
ownerRef.ApplyTo(secret)
secret.Type = corev1.SecretTypeOpaque
return certs.ReconcileSelfSignedCA(secret, cn, ou)
}
func reconcileAggregateCA(configMap *corev1.ConfigMap, ownerRef config.OwnerRef, sources ...*corev1.Secret) error {
ownerRef.ApplyTo(configMap)
combined := &bytes.Buffer{}
for _, src := range sources {
ca_bytes := src.Data[certs.CASignerCertMapKey]
fmt.Fprintf(combined, "%s", string(ca_bytes))
}
if configMap.Data == nil {
configMap.Data = map[string]string{}
}
configMap.Data[certs.CASignerCertMapKey] = combined.String()
return nil
}
func ReconcileAggregateClientSigner(secret *corev1.Secret, ownerRef config.OwnerRef) error {
return reconcileSelfSignedCA(secret, ownerRef, "kas-aggregator-signer", "openshift")
}
func ReconcileAggregateClientCA(cm *corev1.ConfigMap, ownerRef config.OwnerRef, signer *corev1.Secret) error {
return reconcileAggregateCA(cm, ownerRef, signer)
}
func ReconcileRootCA(secret *corev1.Secret, ownerRef config.OwnerRef) error {
return reconcileSelfSignedCA(secret, ownerRef, "root-ca", "openshift")
}
func ReconcileClusterSignerCA(secret *corev1.Secret, ownerRef config.OwnerRef) error {
return reconcileSelfSignedCA(secret, ownerRef, "cluster-signer", "openshift")
}
func ReconcileCombinedCA(cm *corev1.ConfigMap, ownerRef config.OwnerRef, rootCA, signerCA *corev1.Secret) error {
return reconcileAggregateCA(cm, ownerRef, rootCA, signerCA)
}