github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-10-15 03:29:39 +00:00
Code Issues Projects Releases Wiki Activity

default a CSR's allowed usage to key encipherment and digital signing

Browse Source
This commit is contained in:
Mike Danese
2017-01-10 15:47:17 -08:00
parent dc7fd284f0
commit 06077ac088
7 changed files with 90 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
pkg/apis/certificates/validation/validation.go
View File

@@ -50,8 +50,14 @@ func ValidateCertificateSigningRequest(csr *certificates.CertificateSigningReque
isNamespaced := false
allErrs := apivalidation.ValidateObjectMeta(&csr.ObjectMeta, isNamespaced, ValidateCertificateRequestName, field.NewPath("metadata"))
err := validateCSR(csr)
specPath := field.NewPath("spec")
if err != nil {
allErrs = append(allErrs, field.Invalid(field.NewPath("request"), csr.Spec.Request, fmt.Sprintf("%v", err)))
allErrs = append(allErrs, field.Invalid(specPath.Child("request"), csr.Spec.Request, fmt.Sprintf("%v", err)))
}
if len(csr.Spec.Usages) == 0 {
allErrs = append(allErrs, field.Required(specPath.Child("usages"), "usages must be provided"))
}
return allErrs
}