istio.io/istio@v0.0.0-20240520182934-d79c90f27776/pkg/test/csrctrl/controllers/start_csrctrl.go

istio.io/istio@v0.0.0-20240520182934-d79c90f27776/pkg/test/csrctrl/controllers/start_csrctrl.go (about)

     1  // Copyright Istio Authors
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package csrctrl
    16  
    17  import (
    18  	"fmt"
    19  	"os"
    20  	"strings"
    21  	"time"
    22  
    23  	"istio.io/istio/pkg/kube"
    24  	// +kubebuilder:scaffold:imports
    25  	"istio.io/istio/pkg/test/csrctrl/signer"
    26  )
    27  
    28  const (
    29  	// Define the root path for signer to store CA and private key files.
    30  	signerRoot = "/tmp/pki/signer/"
    31  
    32  	// The duration of the signed certificates
    33  	certificateDuration = 1 * time.Hour
    34  )
    35  
    36  type SignerRootCert struct {
    37  	Signer   string
    38  	Rootcert string
    39  }
    40  
    41  func RunCSRController(signerNames string, stop <-chan struct{}, clients []kube.Client) ([]SignerRootCert, error) {
    42  	arrSigners := strings.Split(signerNames, ",")
    43  	signersMap := make(map[string]*signer.Signer, len(arrSigners))
    44  	var rootCertSignerArr []SignerRootCert
    45  	for _, signerName := range arrSigners {
    46  		signer, err := signer.NewSigner(signerRoot, signerName, certificateDuration)
    47  		if err != nil {
    48  			return nil, fmt.Errorf("unable to start signer for %q: %v", signerName, err)
    49  		}
    50  		signersMap[signerName] = signer
    51  		rootCert, rErr := os.ReadFile(signer.GetRootCerts())
    52  		if rErr != nil {
    53  			return nil, fmt.Errorf("unable to read root cert for signer %q: %v", signerName, err)
    54  		}
    55  		rootCertsForSigner := SignerRootCert{
    56  			Signer:   signerName,
    57  			Rootcert: string(rootCert),
    58  		}
    59  		rootCertSignerArr = append(rootCertSignerArr, rootCertsForSigner)
    60  	}
    61  
    62  	for _, cl := range clients {
    63  		signer := NewSigner(cl, signersMap)
    64  		go signer.Run(stop)
    65  		cl.RunAndWait(stop)
    66  		kube.WaitForCacheSync("csr", stop, signer.HasSynced)
    67  	}
    68  
    69  	return rootCertSignerArr, nil
    70  }