github.com/kiali/kiali@v1.84.0/business/checkers/destinationrules/disabled_meshwide_mtls_checker.go

github.com/kiali/kiali@v1.84.0/business/checkers/destinationrules/disabled_meshwide_mtls_checker.go (about)

     1  package destinationrules
     2  
     3  import (
     4  	networking_v1beta1 "istio.io/client-go/pkg/apis/networking/v1beta1"
     5  	security_v1beta "istio.io/client-go/pkg/apis/security/v1beta1"
     6  
     7  	"github.com/kiali/kiali/kubernetes"
     8  	"github.com/kiali/kiali/models"
     9  )
    10  
    11  type DisabledMeshWideMTLSChecker struct {
    12  	DestinationRule *networking_v1beta1.DestinationRule
    13  	MeshPeerAuthns  []*security_v1beta.PeerAuthentication
    14  }
    15  
    16  func (c DisabledMeshWideMTLSChecker) Check() ([]*models.IstioCheck, bool) {
    17  	validations := make([]*models.IstioCheck, 0)
    18  
    19  	if _, mode := kubernetes.DestinationRuleHasMeshWideMTLSEnabled(c.DestinationRule); mode != "DISABLE" {
    20  		return validations, true
    21  	}
    22  
    23  	for _, pa := range c.MeshPeerAuthns {
    24  		if _, mode := kubernetes.PeerAuthnHasMTLSEnabled(pa); mode == "STRICT" {
    25  			check := models.Build("destinationrules.mtls.meshpolicymtlsenabled", "spec/trafficPolicy/tls/mode")
    26  			return append(validations, &check), false
    27  		}
    28  	}
    29  
    30  	return validations, true
    31  }