github.com/operator-framework/operator-lifecycle-manager@v0.30.0/pkg/lib/filemonitor/cabundle_updater.go

github.com/operator-framework/operator-lifecycle-manager@v0.30.0/pkg/lib/filemonitor/cabundle_updater.go (about)

     1  package filemonitor
     2  
     3  import (
     4  	"crypto/x509"
     5  	"os"
     6  	"sync"
     7  
     8  	"github.com/fsnotify/fsnotify"
     9  	"github.com/sirupsen/logrus"
    10  )
    11  
    12  type certPoolStore struct {
    13  	mutex        sync.RWMutex
    14  	certpool     *x509.CertPool
    15  	clientCAPath string
    16  }
    17  
    18  func NewCertPoolStore(clientCAPath string) (*certPoolStore, error) {
    19  	pem, err := os.ReadFile(clientCAPath)
    20  	if err != nil {
    21  		return nil, err
    22  	}
    23  	pool := x509.NewCertPool()
    24  	pool.AppendCertsFromPEM(pem)
    25  
    26  	return &certPoolStore{
    27  		mutex:        sync.RWMutex{},
    28  		certpool:     pool,
    29  		clientCAPath: clientCAPath,
    30  	}, nil
    31  }
    32  
    33  func (c *certPoolStore) storeCABundle(clientCAPath string) error {
    34  	pem, err := os.ReadFile(clientCAPath)
    35  	if err == nil {
    36  		c.mutex.Lock()
    37  		defer c.mutex.Unlock()
    38  		pool := x509.NewCertPool()
    39  		pool.AppendCertsFromPEM(pem)
    40  		c.certpool = pool
    41  	}
    42  	return err
    43  }
    44  
    45  func (c *certPoolStore) HandleCABundleUpdate(logger logrus.FieldLogger, event fsnotify.Event) {
    46  	switch op := event.Op; op {
    47  	case fsnotify.Create:
    48  		logger.Debugf("got fs event for %v", event.Name)
    49  
    50  		if err := c.storeCABundle(c.clientCAPath); err != nil {
    51  			logger.Debugf("unable to reload ca bundle: %v", err)
    52  		} else {
    53  			logger.Debugf("successfully reload ca bundle: %v", err)
    54  		}
    55  	}
    56  }
    57  
    58  func (c *certPoolStore) GetCertPool() *x509.CertPool {
    59  	return c.certpool
    60  }