add an option to controller-manager to auto approve all CSRs

pkg/controller/certificates/controller_utils.go

@@ -21,9 +21,18 @@ import "k8s.io/kubernetes/pkg/apis/certificates"
 // IsCertificateRequestApproved returns true if a certificate request has the
 // "Approved" condition and no "Denied" conditions; false otherwise.
 func IsCertificateRequestApproved(csr *certificates.CertificateSigningRequest) bool {
-	status := csr.Status
-	var approved, denied bool
-	// TODO: incorporate timestamps
+	approved, denied := getCertApprovalCondition(&csr.Status)
+	return approved && !denied
+}
+
+// IsCertificateRequestDenied returns true if a certificate request has the
+// "Denied" conditions; false otherwise.
+func IsCertificateRequestDenied(csr *certificates.CertificateSigningRequest) bool {
+	_, denied := getCertApprovalCondition(&csr.Status)
+	return denied
+}
+
+func getCertApprovalCondition(status *certificates.CertificateSigningRequestStatus) (approved bool, denied bool) {
 	for _, c := range status.Conditions {
 		if c.Type == certificates.CertificateApproved {
 			approved = true
@@ -32,5 +41,5 @@ func IsCertificateRequestApproved(csr *certificates.CertificateSigningRequest) b
 			denied = true
 		}
 	}
-	return approved && !denied
+	return
 }