github.com/openshift/installer@v1.4.17/pkg/asset/agent/mirror/cabundle.go (about) 1 package mirror 2 3 import ( 4 "context" 5 "fmt" 6 "os" 7 "path/filepath" 8 9 "github.com/pkg/errors" 10 11 "github.com/openshift/installer/pkg/asset" 12 "github.com/openshift/installer/pkg/asset/agent" 13 "github.com/openshift/installer/pkg/asset/agent/joiner" 14 "github.com/openshift/installer/pkg/asset/agent/workflow" 15 "github.com/openshift/installer/pkg/asset/manifests" 16 ) 17 18 var ( 19 // CaBundleFilename defines the name of the file on disk 20 CaBundleFilename = filepath.Join(mirrorConfigDir, "ca-bundle.crt") 21 ) 22 23 // CaBundle generates the cetificate file for disconnected mirrors. 24 type CaBundle struct { 25 File *asset.File 26 } 27 28 var _ asset.WritableAsset = (*CaBundle)(nil) 29 30 // Name returns a human friendly name for the asset. 31 func (*CaBundle) Name() string { 32 return "Mirror Registries Certificate File" 33 } 34 35 // Dependencies returns all of the dependencies directly needed to generate 36 // the asset. 37 func (*CaBundle) Dependencies() []asset.Asset { 38 return []asset.Asset{ 39 &workflow.AgentWorkflow{}, 40 &joiner.ClusterInfo{}, 41 &agent.OptionalInstallConfig{}, 42 } 43 } 44 45 // Generate generates the Mirror Registries certificate file from install-config. 46 func (i *CaBundle) Generate(_ context.Context, dependencies asset.Parents) error { 47 agentWorkflow := &workflow.AgentWorkflow{} 48 clusterInfo := &joiner.ClusterInfo{} 49 installConfig := &agent.OptionalInstallConfig{} 50 dependencies.Get(installConfig, agentWorkflow, clusterInfo) 51 52 var additionalTrustBundle string 53 54 switch agentWorkflow.Workflow { 55 case workflow.AgentWorkflowTypeInstall: 56 if !installConfig.Supplied { 57 return nil 58 } 59 additionalTrustBundle = installConfig.Config.AdditionalTrustBundle 60 61 case workflow.AgentWorkflowTypeAddNodes: 62 additionalTrustBundle = clusterInfo.UserCaBundle 63 64 default: 65 return fmt.Errorf("AgentWorkflowType value not supported: %s", agentWorkflow.Workflow) 66 } 67 68 if additionalTrustBundle == "" { 69 i.File = &asset.File{ 70 Filename: CaBundleFilename, 71 Data: []byte{}, 72 } 73 return nil 74 } 75 76 return i.parseCertificates(additionalTrustBundle) 77 } 78 79 func (i *CaBundle) parseCertificates(certs string) error { 80 if len(certs) == 0 { 81 return nil 82 } 83 84 data, err := manifests.ParseCertificates(certs) 85 if err != nil { 86 return err 87 } 88 89 for filename, content := range data { 90 if filepath.Base(CaBundleFilename) == filename { 91 i.File = &asset.File{ 92 Filename: CaBundleFilename, 93 Data: []byte(content), 94 } 95 } else { 96 return fmt.Errorf("unexpected CA Bundle filename %s", filename) 97 } 98 } 99 100 return nil 101 } 102 103 // Files returns the files generated by the asset. 104 func (i *CaBundle) Files() []*asset.File { 105 if i.File != nil { 106 return []*asset.File{i.File} 107 } 108 return []*asset.File{} 109 } 110 111 // Load returns the Mirror Registries certificate file from the disk. 112 func (i *CaBundle) Load(f asset.FileFetcher) (bool, error) { 113 114 file, err := f.FetchByName(CaBundleFilename) 115 if err != nil { 116 if os.IsNotExist(err) { 117 return false, nil 118 } 119 return false, errors.Wrap(err, fmt.Sprintf("failed to load %s file", CaBundleFilename)) 120 } 121 122 return true, i.parseCertificates(string(file.Data)) 123 }