github.com/kiali/kiali@v1.84.0/business/checkers/destinationrules/meshwide_mtls_checker.go (about) 1 package destinationrules 2 3 import ( 4 networking_v1beta1 "istio.io/client-go/pkg/apis/networking/v1beta1" 5 6 "github.com/kiali/kiali/kubernetes" 7 "github.com/kiali/kiali/models" 8 ) 9 10 type MeshWideMTLSChecker struct { 11 DestinationRule *networking_v1beta1.DestinationRule 12 MTLSDetails kubernetes.MTLSDetails 13 } 14 15 func (m MeshWideMTLSChecker) Check() ([]*models.IstioCheck, bool) { 16 validations := make([]*models.IstioCheck, 0) 17 18 // if DestinationRule doesn't enable mTLS, stop validation with any check 19 if enabled, _ := kubernetes.DestinationRuleHasMeshWideMTLSEnabled(m.DestinationRule); !enabled { 20 return validations, true 21 } 22 23 // otherwise, check among MeshPeerAuthentications for a rule enabling mesh-wide mTLS 24 for _, mp := range m.MTLSDetails.MeshPeerAuthentications { 25 if enabled, _ := kubernetes.PeerAuthnHasMTLSEnabled(mp); enabled { 26 return validations, true 27 } 28 } 29 30 check := models.Build("destinationrules.mtls.meshpolicymissing", "spec/trafficPolicy/tls/mode") 31 validations = append(validations, &check) 32 33 return validations, false 34 }