github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Verify that the key matches the cert

Browse Source 
Signed-off-by: aimuz <mr.imuz@gmail.com>
This commit is contained in:
aimuz
2022-11-03 16:58:05 +08:00
parent 741bd5c382
commit 4a7ab7fd75
2 changed files with 17 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
pkg/registry/core/secret/strategy.go
View File

@@ -18,6 +18,7 @@ package secret
import (
"context"
"crypto/tls"
"fmt"
"k8s.io/apimachinery/pkg/fields"
@@ -61,7 +62,9 @@ func (strategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorLis
}
// WarningsOnCreate returns warnings for the creation of the given object.
func (strategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { return nil }
func (strategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string {
return warningsForSecret(obj.(*api.Secret))
}
func (strategy) Canonicalize(obj runtime.Object) {
}
@@ -88,7 +91,7 @@ func (strategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) fie
// WarningsOnUpdate returns warnings for the given update.
func (strategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string {
return nil
return warningsForSecret(obj.(*api.Secret))
}
func dropDisabledFields(secret *api.Secret, oldSecret *api.Secret) {
@@ -130,3 +133,15 @@ func SelectableFields(obj *api.Secret) fields.Set {
}
return generic.MergeFieldsSets(objectMetaFieldsSet, secretSpecificFieldsSet)
}
func warningsForSecret(secret *api.Secret) []string {
var warnings []string
if secret.Type == api.SecretTypeTLS {
// Verify that the key matches the cert.
_, err := tls.X509KeyPair(secret.Data[api.TLSCertKey], secret.Data[api.TLSPrivateKeyKey])
if err != nil {
warnings = append(warnings, err.Error())
}
}
return warnings
}