github.com/openshift/installer@v1.4.17/pkg/asset/imagebased/configimage/ingressoperatorsigner.go

github.com/openshift/installer@v1.4.17/pkg/asset/imagebased/configimage/ingressoperatorsigner.go (about)

     1  package configimage
     2  
     3  import (
     4  	"context"
     5  	"crypto/x509"
     6  	"crypto/x509/pkix"
     7  	"fmt"
     8  	"time"
     9  
    10  	"github.com/openshift/installer/pkg/asset"
    11  	"github.com/openshift/installer/pkg/asset/tls"
    12  )
    13  
    14  // Name returns the human-friendly name of the asset.
    15  func (a *IngressOperatorSignerCertKey) Name() string {
    16  	return "Certificate (ingress-operator-signer)"
    17  }
    18  
    19  // IngressOperatorSignerCertKey is the asset that generates the ingress operator
    20  // key/cert pair.
    21  type IngressOperatorSignerCertKey struct {
    22  	tls.SelfSignedCertKey
    23  }
    24  
    25  var _ asset.Asset = (*IngressOperatorSignerCertKey)(nil)
    26  
    27  // Dependencies returns the dependency of the the cert/key pair.
    28  func (a *IngressOperatorSignerCertKey) Dependencies() []asset.Asset {
    29  	return []asset.Asset{}
    30  }
    31  
    32  // Generate generates the cert/key pair based on its dependencies.
    33  func (a *IngressOperatorSignerCertKey) Generate(ctx context.Context, dependencies asset.Parents) error {
    34  	signerName := fmt.Sprintf("%s@%d", "ingress-operator", time.Now().Unix())
    35  
    36  	cfg := &tls.CertCfg{
    37  		Subject:   pkix.Name{CommonName: signerName, OrganizationalUnit: []string{"openshift"}},
    38  		KeyUsages: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
    39  		Validity:  tls.ValidityOneYear * 2,
    40  		IsCA:      true,
    41  	}
    42  
    43  	return a.SelfSignedCertKey.Generate(ctx, cfg, "ingress-operator-signer")
    44  }
    45  
    46  // IngressOperatorCABundle is the asset the generates the ingress-operator-signer-ca-bundle,
    47  // which contains all the ingrees operator signer CA.
    48  type IngressOperatorCABundle struct {
    49  	tls.CertBundle
    50  }
    51  
    52  var _ asset.Asset = (*IngressOperatorCABundle)(nil)
    53  
    54  // Dependencies returns the dependency of the cert bundle.
    55  func (a *IngressOperatorCABundle) Dependencies() []asset.Asset {
    56  	return []asset.Asset{
    57  		&IngressOperatorSignerCertKey{},
    58  	}
    59  }
    60  
    61  // Generate generates the cert bundle based on its dependencies.
    62  func (a *IngressOperatorCABundle) Generate(ctx context.Context, deps asset.Parents) error {
    63  	certs := []tls.CertInterface{}
    64  	for _, asset := range a.Dependencies() {
    65  		deps.Get(asset)
    66  		certs = append(certs, asset.(tls.CertInterface))
    67  	}
    68  	return a.CertBundle.Generate(ctx, "ingress-operator-ca-bundle", certs...)
    69  }
    70  
    71  // Name returns the human-friendly name of the asset.
    72  func (a *IngressOperatorCABundle) Name() string {
    73  	return "Certificate (ingress-operator-ca-bundle)"
    74  }