github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-09-20 09:33:52 +00:00
Code Issues Projects Releases Wiki Activity

Switch issued check to inspect certificate length

Browse Source
This commit is contained in:
Jordan Liggitt
2020-05-28 10:48:49 -04:00
parent 184b3f81ad
commit 94fd1d76ca
4 changed files with 12 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
pkg/controller/certificates/cleaner/cleaner.go
View File

@@ -194,13 +194,13 @@ func isOlderThan(t metav1.Time, d time.Duration) bool {
// 'Issued' status. Implicitly, if there is a certificate associated with the
// CSR, the CSR statuses that are visible via `kubectl` will include 'Issued'.
func isIssued(csr *capi.CertificateSigningRequest) bool {
return csr.Status.Certificate != nil
return len(csr.Status.Certificate) > 0
}
// isExpired checks if the CSR has a certificate and the date in the `NotAfter`
// field has gone by.
func isExpired(csr *capi.CertificateSigningRequest) (bool, error) {
if csr.Status.Certificate == nil {
if len(csr.Status.Certificate) == 0 {
return false, nil
}
block, _ := pem.Decode(csr.Status.Certificate)
@@ -211,5 +211,8 @@ func isExpired(csr *capi.CertificateSigningRequest) (bool, error) {
if err != nil {
return false, fmt.Errorf("unable to parse certificate data: %v", err)
}
if len(certs) == 0 {
return false, fmt.Errorf("no certificates found")
}
return time.Now().After(certs[0].NotAfter), nil
}