Skip to content

Commit 51c65e2

Browse files
sbueringersbueringer
committed
added vaildate certificates
1 parent ee1e643 commit 51c65e2

File tree

1 file changed

+28
-0
lines changed

1 file changed

+28
-0
lines changed

pkg/cloud/openstack/services/userdata/machinescript.go

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,7 @@ import (
2525
"k8s.io/client-go/tools/clientcmd"
2626
"k8s.io/klog"
2727
"path"
28+
"sigs.k8s.io/cluster-api-provider-openstack/pkg/apis/openstackproviderconfig/v1alpha1"
2829
"sigs.k8s.io/cluster-api-provider-openstack/pkg/cloud/openstack/options"
2930
"sigs.k8s.io/cluster-api-provider-openstack/pkg/deployer"
3031
"sigs.k8s.io/cluster-api/pkg/util"
@@ -262,6 +263,10 @@ func masterStartupScript(cluster *clusterv1.Cluster, machine *clusterv1.Machine,
262263
return "", err
263264
}
264265

266+
if err := validateCertificates(clusterProviderSpec); err != nil {
267+
return "", err
268+
}
269+
265270
machineProviderSpec, err := openstackconfigv1.MachineSpecFromProviderSpec(machine.Spec.ProviderSpec)
266271
if err != nil {
267272
return "", err
@@ -328,6 +333,29 @@ func nodeStartupScript(cluster *clusterv1.Cluster, machine *clusterv1.Machine, t
328333
return buf.String(), nil
329334
}
330335

336+
func validateCertificates(clusterProviderSpec *v1alpha1.OpenstackClusterProviderSpec) error {
337+
if !isKeyPairValid(clusterProviderSpec.CAKeyPair.Cert, clusterProviderSpec.CAKeyPair.Key) {
338+
return errors.New("CA cert material in the ClusterProviderSpec is missing cert/key")
339+
}
340+
341+
if !isKeyPairValid(clusterProviderSpec.EtcdCAKeyPair.Cert, clusterProviderSpec.EtcdCAKeyPair.Key) {
342+
return errors.New("ETCD CA cert material in the ClusterProviderSpec is missing cert/key")
343+
}
344+
345+
if !isKeyPairValid(clusterProviderSpec.FrontProxyCAKeyPair.Cert, clusterProviderSpec.FrontProxyCAKeyPair.Key) {
346+
return errors.New("FrontProxy CA cert material in ClusterProviderSpec is missing cert/key")
347+
}
348+
349+
if !isKeyPairValid(clusterProviderSpec.SAKeyPair.Cert, clusterProviderSpec.SAKeyPair.Key) {
350+
return errors.New("ServiceAccount cert material in ClusterProviderSpec is missing cert/key")
351+
}
352+
return nil
353+
}
354+
355+
func isKeyPairValid(cert, key []byte) bool {
356+
return len(cert) > 0 && len(key) > 0
357+
}
358+
331359
func getEndpoint(apiEndpoint clusterv1.APIEndpoint) string {
332360
return fmt.Sprintf("%s:%d", apiEndpoint.Host, apiEndpoint.Port)
333361
}

0 commit comments

Comments
 (0)