github.com/kiali/kiali@v1.84.0/business/checkers/destinationrules/meshwide_mtls_checker.go

github.com/kiali/kiali@v1.84.0/business/checkers/destinationrules/meshwide_mtls_checker.go (about)

     1  package destinationrules
     2  
     3  import (
     4  	networking_v1beta1 "istio.io/client-go/pkg/apis/networking/v1beta1"
     5  
     6  	"github.com/kiali/kiali/kubernetes"
     7  	"github.com/kiali/kiali/models"
     8  )
     9  
    10  type MeshWideMTLSChecker struct {
    11  	DestinationRule *networking_v1beta1.DestinationRule
    12  	MTLSDetails     kubernetes.MTLSDetails
    13  }
    14  
    15  func (m MeshWideMTLSChecker) Check() ([]*models.IstioCheck, bool) {
    16  	validations := make([]*models.IstioCheck, 0)
    17  
    18  	// if DestinationRule doesn't enable mTLS, stop validation with any check
    19  	if enabled, _ := kubernetes.DestinationRuleHasMeshWideMTLSEnabled(m.DestinationRule); !enabled {
    20  		return validations, true
    21  	}
    22  
    23  	// otherwise, check among MeshPeerAuthentications for a rule enabling mesh-wide mTLS
    24  	for _, mp := range m.MTLSDetails.MeshPeerAuthentications {
    25  		if enabled, _ := kubernetes.PeerAuthnHasMTLSEnabled(mp); enabled {
    26  			return validations, true
    27  		}
    28  	}
    29  
    30  	check := models.Build("destinationrules.mtls.meshpolicymissing", "spec/trafficPolicy/tls/mode")
    31  	validations = append(validations, &check)
    32  
    33  	return validations, false
    34  }