github.com/verrazzano/verrazzano@v1.7.0/pkg/certs/cabundle.go

github.com/verrazzano/verrazzano@v1.7.0/pkg/certs/cabundle.go (about)

     1  // Copyright (c) 2023, Oracle and/or its affiliates.
     2  // Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
     3  
     4  package certs
     5  
     6  import (
     7  	ctx "context"
     8  
     9  	"github.com/verrazzano/verrazzano/application-operator/constants"
    10  	globalconst "github.com/verrazzano/verrazzano/pkg/constants"
    11  	"github.com/verrazzano/verrazzano/pkg/mcconstants"
    12  	"go.uber.org/zap"
    13  	corev1 "k8s.io/api/core/v1"
    14  	"k8s.io/apimachinery/pkg/types"
    15  	"sigs.k8s.io/controller-runtime/pkg/client"
    16  )
    17  
    18  var secretsList = []struct {
    19  	types.NamespacedName
    20  	caKey string
    21  }{
    22  	{
    23  		NamespacedName: types.NamespacedName{Namespace: globalconst.VerrazzanoSystemNamespace, Name: globalconst.PrivateCABundle},
    24  		caKey:          globalconst.CABundleKey,
    25  	},
    26  	{
    27  		NamespacedName: types.NamespacedName{Namespace: constants.VerrazzanoSystemNamespace, Name: globalconst.VerrazzanoIngressTLSSecret},
    28  		caKey:          mcconstants.CaCrtKey,
    29  	},
    30  }
    31  
    32  // GetLocalClusterCABundleData gets the local cluster CA bundle data from one of the known/expected sources within Verrazzano
    33  //
    34  // Sources, in order of precedence
    35  // - "cacerts.pem" data field in the verrazzano-system/verrazzano-tls-ca secret
    36  // - "ca.crt" data field in the verrazzano-system/verrazzano-tls secret
    37  func GetLocalClusterCABundleData(log *zap.SugaredLogger, cli client.Client, ctx ctx.Context) ([]byte, error) {
    38  	for _, sourceSecretInfo := range secretsList {
    39  		log.Debugf("checking secret %s", sourceSecretInfo.NamespacedName)
    40  		bundleData, found, err := getBundleDataFromSecret(cli, ctx, sourceSecretInfo.NamespacedName, sourceSecretInfo.caKey)
    41  		if err != nil {
    42  			log.Errorf("Failed retrieving bundle data from secret %s", sourceSecretInfo.NamespacedName)
    43  			return nil, err
    44  		}
    45  		if found {
    46  			log.Debugf("Using bundle data from secret %s", sourceSecretInfo.NamespacedName)
    47  			return bundleData, nil
    48  		}
    49  	}
    50  	log.Debugf("No bundle data found")
    51  	return nil, nil
    52  }
    53  
    54  // getBundleDataFromSecret Obtains bundle data from secret using provided key; returns the data and "true" if the data was found, or nil/false otherwise
    55  func getBundleDataFromSecret(cli client.Client, ctx ctx.Context, name types.NamespacedName, caKey string) (bundleData []byte, found bool, err error) {
    56  	sourceSecret := corev1.Secret{}
    57  	err = cli.Get(ctx, client.ObjectKey{
    58  		Namespace: name.Namespace,
    59  		Name:      name.Name,
    60  	}, &sourceSecret)
    61  	if client.IgnoreNotFound(err) != nil {
    62  		return nil, false, err
    63  	}
    64  	if err == nil {
    65  		return sourceSecret.Data[caKey], true, nil
    66  	}
    67  	return nil, false, nil
    68  }