|
1 | 1 | package ownership |
2 | 2 |
|
3 | 3 | import ( |
| 4 | + "encoding/json" |
4 | 5 | "fmt" |
5 | 6 |
|
6 | | - "github.com/openshift/api/annotations" |
7 | 7 | "github.com/openshift/origin/pkg/cmd/update-tls-artifacts/generate-owners/tlsmetadatainterfaces" |
8 | 8 |
|
9 | 9 | "github.com/openshift/library-go/pkg/certs/cert-inspection/certgraphapi" |
10 | 10 | "k8s.io/apimachinery/pkg/util/sets" |
11 | 11 | ) |
12 | 12 |
|
13 | | -const annotationName string = annotations.OpenShiftComponent |
| 13 | +type OwnerRequirement struct { |
| 14 | + name string |
| 15 | +} |
| 16 | + |
| 17 | +func NewOwnerRequirement() tlsmetadatainterfaces.Requirement { |
| 18 | + return OwnerRequirement{ |
| 19 | + name: "ownership", |
| 20 | + } |
| 21 | +} |
14 | 22 |
|
15 | | -type OwnerRequirement struct{} |
| 23 | +func (o OwnerRequirement) InspectRequirement(rawData []*certgraphapi.PKIList) (tlsmetadatainterfaces.RequirementResult, error) { |
| 24 | + pkiInfo, err := tlsmetadatainterfaces.ProcessByLocation(rawData) |
| 25 | + if err != nil { |
| 26 | + return nil, fmt.Errorf("transforming raw data %v: %w", o.GetName(), err) |
| 27 | + } |
| 28 | + |
| 29 | + ownershipJSONBytes, err := json.MarshalIndent(pkiInfo, "", " ") |
| 30 | + if err != nil { |
| 31 | + return nil, fmt.Errorf("failure marshalling %v.json: %w", o.GetName(), err) |
| 32 | + } |
| 33 | + markdown, err := generateOwnershipMarkdown(pkiInfo) |
| 34 | + if err != nil { |
| 35 | + return nil, fmt.Errorf("failure marshalling %v.md: %w", o.GetName(), err) |
| 36 | + } |
| 37 | + violations := generateViolationJSON(pkiInfo) |
| 38 | + violationJSONBytes, err := json.MarshalIndent(violations, "", " ") |
| 39 | + if err != nil { |
| 40 | + return nil, fmt.Errorf("failure marshalling %v-violations.json: %w", o.GetName(), err) |
| 41 | + } |
16 | 42 |
|
17 | | -func NewOwnerRequirement() tlsmetadatainterfaces.AnnotationRequirement { |
18 | | - return tlsmetadatainterfaces.NewAnnotationRequirement( |
19 | | - "ownership", |
20 | | - annotationName, |
21 | | - generateOwnerMarkdownFn, |
22 | | - ) |
| 43 | + return tlsmetadatainterfaces.NewRequirementResult( |
| 44 | + o.GetName(), |
| 45 | + ownershipJSONBytes, |
| 46 | + markdown, |
| 47 | + violationJSONBytes) |
23 | 48 | } |
24 | 49 |
|
25 | | -func generateOwnerMarkdownFn(pkiInfo *certgraphapi.PKIRegistryInfo) ([]byte, error) { |
| 50 | +func generateViolationJSON(pkiInfo *certgraphapi.PKIRegistryInfo) *certgraphapi.PKIRegistryInfo { |
| 51 | + ret := &certgraphapi.PKIRegistryInfo{} |
| 52 | + |
| 53 | + for i := range pkiInfo.CertKeyPairs { |
| 54 | + curr := pkiInfo.CertKeyPairs[i] |
| 55 | + owner := curr.CertKeyInfo.OwningJiraComponent |
| 56 | + if len(owner) == 0 || owner == tlsmetadatainterfaces.UnknownOwner { |
| 57 | + ret.CertKeyPairs = append(ret.CertKeyPairs, curr) |
| 58 | + } |
| 59 | + } |
| 60 | + for i := range pkiInfo.CertificateAuthorityBundles { |
| 61 | + curr := pkiInfo.CertificateAuthorityBundles[i] |
| 62 | + owner := curr.CABundleInfo.OwningJiraComponent |
| 63 | + if len(owner) == 0 || owner == tlsmetadatainterfaces.UnknownOwner { |
| 64 | + ret.CertificateAuthorityBundles = append(ret.CertificateAuthorityBundles, curr) |
| 65 | + } |
| 66 | + } |
| 67 | + |
| 68 | + return ret |
| 69 | +} |
| 70 | + |
| 71 | +func generateOwnershipMarkdown(pkiInfo *certgraphapi.PKIRegistryInfo) ([]byte, error) { |
26 | 72 | certsByOwner := map[string][]certgraphapi.PKIRegistryInClusterCertKeyPair{} |
27 | 73 | certsWithoutOwners := []certgraphapi.PKIRegistryInClusterCertKeyPair{} |
28 | 74 | caBundlesByOwner := map[string][]certgraphapi.PKIRegistryInClusterCABundle{} |
@@ -112,3 +158,7 @@ func generateOwnerMarkdownFn(pkiInfo *certgraphapi.PKIRegistryInfo) ([]byte, err |
112 | 158 |
|
113 | 159 | return md.Bytes(), nil |
114 | 160 | } |
| 161 | + |
| 162 | +func (o OwnerRequirement) GetName() string { |
| 163 | + return o.name |
| 164 | +} |
0 commit comments