diff options
| author |   Ritu Sood <ritu.sood@intel.com> | 2020-10-01 15:05:42 -0700 |
|---|---|---|
| committer |   Igor D.C <igor.duarte.cardoso@intel.com> | 2020-10-02 22:31:31 +0000 |
| commit | 49f3d84b1dd20e7504018ee952d81885d5f21796 (patch) | |
| tree | 6a7f82c925de26525ba0ba5d440455a74da664a5 /src/rsync/pkg | |
| parent | 44c33f538cf03455c3fd32f837f56f31957bb4a0 (diff) | |
Adding CSR Approval functionality
Update rsync to be able to approve CSR
Issue-ID: MULTICLOUD-1143
Signed-off-by: Ritu Sood <ritu.sood@intel.com>
Change-Id: I0b2bec3475a3453a2d8fc9c2e87cfc4531b0e2f3
Diffstat (limited to 'src/rsync/pkg')
| -rw-r--r-- | src/rsync/pkg/client/approve.go | 56 | ||||
| -rw-r--r-- | src/rsync/pkg/context/context.go | 38 |
2 files changed, 94 insertions, 0 deletions
diff --git a/src/rsync/pkg/client/approve.go b/src/rsync/pkg/client/approve.go new file mode 100644 index 00000000..ee157713 --- /dev/null +++ b/src/rsync/pkg/client/approve.go @@ -0,0 +1,56 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +package client + +import ( + "encoding/json" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + certificatesv1beta1 "k8s.io/api/certificates/v1beta1" + "github.com/onap/multicloud-k8s/src/orchestrator/pkg/appcontext/subresources" + pkgerrors "github.com/pkg/errors" + "github.com/onap/multicloud-k8s/src/orchestrator/pkg/infra/logutils" +) + +func (c *Client) Approve(name string, sa []byte) error { + + var a subresources.ApprovalSubresource + err := json.Unmarshal(sa, &a) + if err != nil { + return pkgerrors.Wrap(err, "An error occurred while parsing the approval Subresource.") + } + csr, err := c.Clientset.CertificatesV1beta1().CertificateSigningRequests().Get(name, metav1.GetOptions{}) + if err != nil { + return err + } + var timePtr metav1.Time + str := []string{a.LastUpdateTime} + if err = metav1.Convert_Slice_string_To_v1_Time(&str, &timePtr, nil); err != nil { + return pkgerrors.Wrap(err, "An error occurred while converting time from string.") + } + // Update CSR with Conditions + csr.Status.Conditions = append(csr.Status.Conditions, certificatesv1beta1.CertificateSigningRequestCondition{ + Type: certificatesv1beta1.RequestConditionType(a.Type), + Reason: a.Reason, + Message: a.Message, + LastUpdateTime: timePtr, + }) + // CSR Approval + _, err = c.Clientset.CertificatesV1beta1().CertificateSigningRequests().UpdateApproval(csr) + if err != nil { + logutils.Error("Failed to UpdateApproval", logutils.Fields{ + "error": err, + "resource": name, + }) + return err + } + return nil +} diff --git a/src/rsync/pkg/context/context.go b/src/rsync/pkg/context/context.go index a2771379..841dfcda 100644 --- a/src/rsync/pkg/context/context.go +++ b/src/rsync/pkg/context/context.go @@ -68,6 +68,28 @@ func getRes(ac appcontext.AppContext, name string, app string, cluster string) ( return byteRes, sh, nil } +func getSubResApprove(ac appcontext.AppContext, name string, app string, cluster string) ([]byte, interface{}, error) { + var byteRes []byte + rh, err := ac.GetResourceHandle(app, cluster, name) + if err != nil { + return nil, nil, err + } + sh, err := ac.GetLevelHandle(rh, "subresource/approval") + if err != nil { + return nil, nil, err + } + resval, err := ac.GetValue(sh) + if err != nil { + return nil, sh, err + } + if resval != "" { + byteRes = []byte(fmt.Sprintf("%v", resval.(interface{}))) + } else { + return nil, sh, pkgerrors.Errorf("SubResource value is nil %s", name) + } + return byteRes, sh, nil +} + func terminateResource(ac appcontext.AppContext, c *kubeclient.Client, name string, app string, cluster string, label string) error { res, sh, err := getRes(ac, name, app, cluster) if err != nil { @@ -144,6 +166,22 @@ func instantiateResource(ac appcontext.AppContext, c *kubeclient.Client, name st "cluster": cluster, "resource": name, }) + + // Currently only subresource supported is approval + subres, _, err := getSubResApprove(ac, name, app, cluster) + if err == nil { + result := strings.Split(name, "+") + if result[0] == "" { + return pkgerrors.Errorf("Resource name is nil %s:", name) + } + logutils.Info("Approval Subresource::", logutils.Fields{ + "cluster": cluster, + "resource": result[0], + "approval": string(subres), + }) + err = c.Approve(result[0], subres) + return err + } return nil } |