mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-23 03:41:45 +00:00
Merge pull request #66120 from CaoShuFeng/csr_deny
Automatic merge from submit-queue (batch tested with PRs 66136, 64999, 65425, 66120, 66074). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. optimize certificate cleaner No need to parse certificates for every conditions **What this PR does / why we need it**: **Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*: Fixes # **Special notes for your reviewer**: **Release note**: ```release-note NONE ```
This commit is contained in:
commit
eb5fbfd40c
@ -118,11 +118,11 @@ func (ccc *CSRCleanerController) handle(csr *capi.CertificateSigningRequest) err
|
|||||||
// isIssuedExpired checks if the CSR has been issued a certificate and if the
|
// isIssuedExpired checks if the CSR has been issued a certificate and if the
|
||||||
// expiration of the certificate (the NotAfter value) has passed.
|
// expiration of the certificate (the NotAfter value) has passed.
|
||||||
func isIssuedExpired(csr *capi.CertificateSigningRequest) (bool, error) {
|
func isIssuedExpired(csr *capi.CertificateSigningRequest) (bool, error) {
|
||||||
|
isExpired, err := isExpired(csr)
|
||||||
|
if err != nil {
|
||||||
|
return false, err
|
||||||
|
}
|
||||||
for _, c := range csr.Status.Conditions {
|
for _, c := range csr.Status.Conditions {
|
||||||
isExpired, err := isExpired(csr)
|
|
||||||
if err != nil {
|
|
||||||
return false, err
|
|
||||||
}
|
|
||||||
if c.Type == capi.CertificateApproved && isIssued(csr) && isExpired {
|
if c.Type == capi.CertificateApproved && isIssued(csr) && isExpired {
|
||||||
glog.Infof("Cleaning CSR %q as the associated certificate is expired.", csr.Name)
|
glog.Infof("Cleaning CSR %q as the associated certificate is expired.", csr.Name)
|
||||||
return true, nil
|
return true, nil
|
||||||
|
Loading…
Reference in New Issue
Block a user