github.com/kiali/kiali@v1.84.0/business/checkers/destinationrules/disabled_meshwide_mtls_checker.go (about) 1 package destinationrules 2 3 import ( 4 networking_v1beta1 "istio.io/client-go/pkg/apis/networking/v1beta1" 5 security_v1beta "istio.io/client-go/pkg/apis/security/v1beta1" 6 7 "github.com/kiali/kiali/kubernetes" 8 "github.com/kiali/kiali/models" 9 ) 10 11 type DisabledMeshWideMTLSChecker struct { 12 DestinationRule *networking_v1beta1.DestinationRule 13 MeshPeerAuthns []*security_v1beta.PeerAuthentication 14 } 15 16 func (c DisabledMeshWideMTLSChecker) Check() ([]*models.IstioCheck, bool) { 17 validations := make([]*models.IstioCheck, 0) 18 19 if _, mode := kubernetes.DestinationRuleHasMeshWideMTLSEnabled(c.DestinationRule); mode != "DISABLE" { 20 return validations, true 21 } 22 23 for _, pa := range c.MeshPeerAuthns { 24 if _, mode := kubernetes.PeerAuthnHasMTLSEnabled(pa); mode == "STRICT" { 25 check := models.Build("destinationrules.mtls.meshpolicymtlsenabled", "spec/trafficPolicy/tls/mode") 26 return append(validations, &check), false 27 } 28 } 29 30 return validations, true 31 }