|
8 | 8 | "path/filepath" |
9 | 9 | "strings" |
10 | 10 |
|
| 11 | + "github.com/openshift/origin/pkg/cmd/update-tls-artifacts/generate-owners/tlsmetadatadefaults" |
| 12 | + "github.com/openshift/origin/pkg/cmd/update-tls-artifacts/generate-owners/tlsmetadatainterfaces" |
| 13 | + |
11 | 14 | ensure_no_violation_regression "github.com/openshift/origin/pkg/cmd/update-tls-artifacts/ensure-no-violation-regression" |
12 | 15 | "k8s.io/cli-runtime/pkg/genericclioptions" |
13 | 16 |
|
@@ -55,16 +58,20 @@ var _ = g.Describe("[sig-arch][Late]", func() { |
55 | 58 | masters = append(masters, &nodeList.Items[i]) |
56 | 59 | } |
57 | 60 |
|
| 61 | + annotationsToCollect := []string{annotations.OpenShiftComponent} |
| 62 | + for _, currRequirement := range tlsmetadatadefaults.GetDefaultTLSRequirements() { |
| 63 | + annotationRequirement, ok := currRequirement.(tlsmetadatainterfaces.AnnotationRequirement) |
| 64 | + if ok { |
| 65 | + annotationsToCollect = append(annotationsToCollect, annotationRequirement.GetAnnotationName()) |
| 66 | + } |
| 67 | + } |
| 68 | + |
58 | 69 | currentPKIContent, err := certgraphanalysis.GatherCertsFromPlatformNamespaces(ctx, kubeClient, |
59 | 70 | certgraphanalysis.SkipRevisioned, |
60 | 71 | certgraphanalysis.SkipHashed, |
61 | 72 | certgraphanalysis.ElideProxyCADetails, |
62 | 73 | certgraphanalysis.RewriteNodeIPs(masters), |
63 | | - certgraphanalysis.CollectAnnotations( |
64 | | - annotations.OpenShiftComponent, |
65 | | - annotations.OpenShiftDescription, |
66 | | - AutoRegenerateAfterExpiryAnnotation, |
67 | | - ), |
| 74 | + certgraphanalysis.CollectAnnotations(annotationsToCollect...), |
68 | 75 | ) |
69 | 76 | o.Expect(err).NotTo(o.HaveOccurred()) |
70 | 77 |
|
@@ -172,28 +179,3 @@ var _ = g.Describe("[sig-arch][Late]", func() { |
172 | 179 | }) |
173 | 180 |
|
174 | 181 | }) |
175 | | - |
176 | | -// pruneSystemTrust removes certificate metadata for proxy-ca for easier visualization |
177 | | -func pruneSystemTrust(pkiList *certgraphapi.PKIList) { |
178 | | - for i := range pkiList.CertificateAuthorityBundles.Items { |
179 | | - curr := pkiList.CertificateAuthorityBundles.Items[i] |
180 | | - if curr.LogicalName != "proxy-ca" { |
181 | | - continue |
182 | | - } |
183 | | - |
184 | | - if len(curr.Spec.CertificateMetadata) > 10 { |
185 | | - pkiList.CertificateAuthorityBundles.Items[i].Name = "proxy-ca" |
186 | | - pkiList.CertificateAuthorityBundles.Items[i].Spec.CertificateMetadata = []certgraphapi.CertKeyMetadata{ |
187 | | - { |
188 | | - CertIdentifier: certgraphapi.CertIdentifier{ |
189 | | - CommonName: "synthetic-proxy-ca", |
190 | | - SerialNumber: "0", |
191 | | - Issuer: nil, |
192 | | - }, |
193 | | - }, |
194 | | - } |
195 | | - return |
196 | | - } |
197 | | - } |
198 | | - |
199 | | -} |
0 commit comments