mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-26 05:03:09 +00:00
Merge pull request #91779 from liggitt/csr-v1-describe
CSR v1 - add support to kubectl describe
This commit is contained in:
commit
3b1432972c
@ -3252,26 +3252,57 @@ type CertificateSigningRequestDescriber struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (p *CertificateSigningRequestDescriber) Describe(namespace, name string, describerSettings DescriberSettings) (string, error) {
|
func (p *CertificateSigningRequestDescriber) Describe(namespace, name string, describerSettings DescriberSettings) (string, error) {
|
||||||
csr, err := p.client.CertificatesV1beta1().CertificateSigningRequests().Get(context.TODO(), name, metav1.GetOptions{})
|
|
||||||
if err != nil {
|
var (
|
||||||
|
crBytes []byte
|
||||||
|
metadata metav1.ObjectMeta
|
||||||
|
status string
|
||||||
|
signerName string
|
||||||
|
username string
|
||||||
|
events *corev1.EventList
|
||||||
|
)
|
||||||
|
|
||||||
|
if csr, err := p.client.CertificatesV1().CertificateSigningRequests().Get(context.TODO(), name, metav1.GetOptions{}); err == nil {
|
||||||
|
crBytes = csr.Spec.Request
|
||||||
|
metadata = csr.ObjectMeta
|
||||||
|
conditionTypes := []string{}
|
||||||
|
for _, c := range csr.Status.Conditions {
|
||||||
|
conditionTypes = append(conditionTypes, string(c.Type))
|
||||||
|
}
|
||||||
|
status = extractCSRStatus(conditionTypes, csr.Status.Certificate)
|
||||||
|
signerName = csr.Spec.SignerName
|
||||||
|
username = csr.Spec.Username
|
||||||
|
if describerSettings.ShowEvents {
|
||||||
|
events, _ = p.client.CoreV1().Events(namespace).Search(scheme.Scheme, csr)
|
||||||
|
}
|
||||||
|
} else if csr, err := p.client.CertificatesV1beta1().CertificateSigningRequests().Get(context.TODO(), name, metav1.GetOptions{}); err == nil {
|
||||||
|
crBytes = csr.Spec.Request
|
||||||
|
metadata = csr.ObjectMeta
|
||||||
|
conditionTypes := []string{}
|
||||||
|
for _, c := range csr.Status.Conditions {
|
||||||
|
conditionTypes = append(conditionTypes, string(c.Type))
|
||||||
|
}
|
||||||
|
status = extractCSRStatus(conditionTypes, csr.Status.Certificate)
|
||||||
|
if csr.Spec.SignerName != nil {
|
||||||
|
signerName = *csr.Spec.SignerName
|
||||||
|
}
|
||||||
|
username = csr.Spec.Username
|
||||||
|
if describerSettings.ShowEvents {
|
||||||
|
events, _ = p.client.CoreV1().Events(namespace).Search(scheme.Scheme, csr)
|
||||||
|
}
|
||||||
|
} else {
|
||||||
return "", err
|
return "", err
|
||||||
}
|
}
|
||||||
|
|
||||||
cr, err := certificate.ParseCSR(csr)
|
cr, err := certificate.ParseCSR(crBytes)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", fmt.Errorf("Error parsing CSR: %v", err)
|
return "", fmt.Errorf("Error parsing CSR: %v", err)
|
||||||
}
|
}
|
||||||
status := extractCSRStatus(csr)
|
|
||||||
|
|
||||||
var events *corev1.EventList
|
return describeCertificateSigningRequest(metadata, signerName, username, cr, status, events)
|
||||||
if describerSettings.ShowEvents {
|
|
||||||
events, _ = p.client.CoreV1().Events(namespace).Search(scheme.Scheme, csr)
|
|
||||||
}
|
|
||||||
|
|
||||||
return describeCertificateSigningRequest(csr, cr, status, events)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func describeCertificateSigningRequest(csr *certificatesv1beta1.CertificateSigningRequest, cr *x509.CertificateRequest, status string, events *corev1.EventList) (string, error) {
|
func describeCertificateSigningRequest(csr metav1.ObjectMeta, signerName string, username string, cr *x509.CertificateRequest, status string, events *corev1.EventList) (string, error) {
|
||||||
printListHelper := func(w PrefixWriter, prefix, name string, values []string) {
|
printListHelper := func(w PrefixWriter, prefix, name string, values []string) {
|
||||||
if len(values) == 0 {
|
if len(values) == 0 {
|
||||||
return
|
return
|
||||||
@ -3287,9 +3318,9 @@ func describeCertificateSigningRequest(csr *certificatesv1beta1.CertificateSigni
|
|||||||
w.Write(LEVEL_0, "Labels:\t%s\n", labels.FormatLabels(csr.Labels))
|
w.Write(LEVEL_0, "Labels:\t%s\n", labels.FormatLabels(csr.Labels))
|
||||||
w.Write(LEVEL_0, "Annotations:\t%s\n", labels.FormatLabels(csr.Annotations))
|
w.Write(LEVEL_0, "Annotations:\t%s\n", labels.FormatLabels(csr.Annotations))
|
||||||
w.Write(LEVEL_0, "CreationTimestamp:\t%s\n", csr.CreationTimestamp.Time.Format(time.RFC1123Z))
|
w.Write(LEVEL_0, "CreationTimestamp:\t%s\n", csr.CreationTimestamp.Time.Format(time.RFC1123Z))
|
||||||
w.Write(LEVEL_0, "Requesting User:\t%s\n", csr.Spec.Username)
|
w.Write(LEVEL_0, "Requesting User:\t%s\n", username)
|
||||||
if csr.Spec.SignerName != nil {
|
if len(signerName) > 0 {
|
||||||
w.Write(LEVEL_0, "Signer:\t%s\n", *csr.Spec.SignerName)
|
w.Write(LEVEL_0, "Signer:\t%s\n", signerName)
|
||||||
}
|
}
|
||||||
w.Write(LEVEL_0, "Status:\t%s\n", status)
|
w.Write(LEVEL_0, "Status:\t%s\n", status)
|
||||||
|
|
||||||
@ -4835,20 +4866,20 @@ func formatEndpoints(endpoints *corev1.Endpoints, ports sets.String) string {
|
|||||||
return ret
|
return ret
|
||||||
}
|
}
|
||||||
|
|
||||||
func extractCSRStatus(csr *certificatesv1beta1.CertificateSigningRequest) string {
|
func extractCSRStatus(conditions []string, certificateBytes []byte) string {
|
||||||
var approved, denied, failed bool
|
var approved, denied, failed bool
|
||||||
for _, c := range csr.Status.Conditions {
|
for _, c := range conditions {
|
||||||
switch c.Type {
|
switch c {
|
||||||
case certificatesv1beta1.CertificateApproved:
|
case string(certificatesv1beta1.CertificateApproved):
|
||||||
approved = true
|
approved = true
|
||||||
case certificatesv1beta1.CertificateDenied:
|
case string(certificatesv1beta1.CertificateDenied):
|
||||||
denied = true
|
denied = true
|
||||||
case certificatesv1beta1.CertificateFailed:
|
case string(certificatesv1beta1.CertificateFailed):
|
||||||
failed = true
|
failed = true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
var status string
|
var status string
|
||||||
// must be in order of presidence
|
// must be in order of precedence
|
||||||
if denied {
|
if denied {
|
||||||
status += "Denied"
|
status += "Denied"
|
||||||
} else if approved {
|
} else if approved {
|
||||||
@ -4859,7 +4890,7 @@ func extractCSRStatus(csr *certificatesv1beta1.CertificateSigningRequest) string
|
|||||||
if failed {
|
if failed {
|
||||||
status += ",Failed"
|
status += ",Failed"
|
||||||
}
|
}
|
||||||
if len(csr.Status.Certificate) > 0 {
|
if len(certificateBytes) > 0 {
|
||||||
status += ",Issued"
|
status += ",Issued"
|
||||||
}
|
}
|
||||||
return status
|
return status
|
||||||
|
@ -6,7 +6,6 @@ go_library(
|
|||||||
importmap = "k8s.io/kubernetes/vendor/k8s.io/kubectl/pkg/util/certificate",
|
importmap = "k8s.io/kubernetes/vendor/k8s.io/kubectl/pkg/util/certificate",
|
||||||
importpath = "k8s.io/kubectl/pkg/util/certificate",
|
importpath = "k8s.io/kubectl/pkg/util/certificate",
|
||||||
visibility = ["//visibility:public"],
|
visibility = ["//visibility:public"],
|
||||||
deps = ["//staging/src/k8s.io/api/certificates/v1beta1:go_default_library"],
|
|
||||||
)
|
)
|
||||||
|
|
||||||
filegroup(
|
filegroup(
|
||||||
|
@ -20,16 +20,12 @@ import (
|
|||||||
"crypto/x509"
|
"crypto/x509"
|
||||||
"encoding/pem"
|
"encoding/pem"
|
||||||
"errors"
|
"errors"
|
||||||
|
|
||||||
certificatesv1beta1 "k8s.io/api/certificates/v1beta1"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// TODO(yue9944882): Remove this helper package once it's copied to k/api
|
// TODO(yue9944882): Remove this helper package once it's copied to k/api
|
||||||
|
|
||||||
// ParseCSR extracts the CSR from the API object and decodes it.
|
// ParseCSR extracts the CSR from the API object and decodes it.
|
||||||
func ParseCSR(obj *certificatesv1beta1.CertificateSigningRequest) (*x509.CertificateRequest, error) {
|
func ParseCSR(pemBytes []byte) (*x509.CertificateRequest, error) {
|
||||||
// extract PEM from request object
|
|
||||||
pemBytes := obj.Spec.Request
|
|
||||||
block, _ := pem.Decode(pemBytes)
|
block, _ := pem.Decode(pemBytes)
|
||||||
if block == nil || block.Type != "CERTIFICATE REQUEST" {
|
if block == nil || block.Type != "CERTIFICATE REQUEST" {
|
||||||
return nil, errors.New("PEM block type must be CERTIFICATE REQUEST")
|
return nil, errors.New("PEM block type must be CERTIFICATE REQUEST")
|
||||||
|
Loading…
Reference in New Issue
Block a user