github.com/openshift/installer@v1.4.17/pkg/asset/tls/mcscertkey.go

github.com/openshift/installer@v1.4.17/pkg/asset/tls/mcscertkey.go (about)

     1  package tls
     2  
     3  import (
     4  	"context"
     5  	"crypto/x509"
     6  	"crypto/x509/pkix"
     7  	"net"
     8  
     9  	"github.com/openshift/installer/pkg/asset"
    10  	"github.com/openshift/installer/pkg/asset/installconfig"
    11  	baremetaltypes "github.com/openshift/installer/pkg/types/baremetal"
    12  	nutanixtypes "github.com/openshift/installer/pkg/types/nutanix"
    13  	openstacktypes "github.com/openshift/installer/pkg/types/openstack"
    14  	ovirttypes "github.com/openshift/installer/pkg/types/ovirt"
    15  	vspheretypes "github.com/openshift/installer/pkg/types/vsphere"
    16  )
    17  
    18  // MCSCertKey is the asset that generates the MCS key/cert pair.
    19  type MCSCertKey struct {
    20  	SignedCertKey
    21  }
    22  
    23  var _ asset.Asset = (*MCSCertKey)(nil)
    24  
    25  // Dependencies returns the dependency of the the cert/key pair, which includes
    26  // the parent CA, and install config if it depends on the install config for
    27  // DNS names, etc.
    28  func (a *MCSCertKey) Dependencies() []asset.Asset {
    29  	return []asset.Asset{
    30  		&RootCA{},
    31  		&installconfig.InstallConfig{},
    32  	}
    33  }
    34  
    35  // Generate generates the cert/key pair based on its dependencies.
    36  func (a *MCSCertKey) Generate(ctx context.Context, dependencies asset.Parents) error {
    37  	ca := &RootCA{}
    38  	installConfig := &installconfig.InstallConfig{}
    39  	dependencies.Get(ca, installConfig)
    40  
    41  	hostname := internalAPIAddress(installConfig.Config)
    42  
    43  	cfg := &CertCfg{
    44  		Subject:      pkix.Name{CommonName: "system:machine-config-server"},
    45  		ExtKeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
    46  		Validity:     ValidityTenYears,
    47  	}
    48  
    49  	var vips []string
    50  	switch installConfig.Config.Platform.Name() {
    51  	case baremetaltypes.Name:
    52  		vips = installConfig.Config.BareMetal.APIVIPs
    53  	case nutanixtypes.Name:
    54  		vips = installConfig.Config.Nutanix.APIVIPs
    55  	case openstacktypes.Name:
    56  		vips = installConfig.Config.OpenStack.APIVIPs
    57  	case ovirttypes.Name:
    58  		vips = installConfig.Config.Ovirt.APIVIPs
    59  	case vspheretypes.Name:
    60  		vips = installConfig.Config.VSphere.APIVIPs
    61  	}
    62  
    63  	cfg.IPAddresses = []net.IP{}
    64  	cfg.DNSNames = []string{hostname}
    65  	for _, vip := range vips {
    66  		cfg.IPAddresses = append(cfg.IPAddresses, net.ParseIP(vip))
    67  		cfg.DNSNames = append(cfg.DNSNames, vip)
    68  	}
    69  
    70  	return a.SignedCertKey.Generate(ctx, cfg, ca, "machine-config-server", DoNotAppendParent)
    71  }
    72  
    73  // Name returns the human-friendly name of the asset.
    74  func (a *MCSCertKey) Name() string {
    75  	return "Certificate (mcs)"
    76  }