Skip to content

Commit 3c3aacc

Browse files
ValyaBValyaB
committed
clean original csrName
1 parent c2c61de commit 3c3aacc

File tree

3 files changed

+40
-27
lines changed

3 files changed

+40
-27
lines changed

internal/actions/csr/csr.go

Lines changed: 33 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -36,13 +36,12 @@ var ErrNodeCertificateNotFound = errors.New("node certificate not found")
3636

3737
// Certificate wraps v1 and v1beta1 csr.
3838
type Certificate struct {
39-
v1 *certv1.CertificateSigningRequest
40-
v1Beta1 *certv1beta1.CertificateSigningRequest
41-
Name string
42-
OriginalCSRName string
43-
RequestingUser string
44-
SignerName string
45-
Usages []string
39+
v1 *certv1.CertificateSigningRequest
40+
v1Beta1 *certv1beta1.CertificateSigningRequest
41+
Name string
42+
RequestingUser string
43+
SignerName string
44+
Usages []string
4645
}
4746

4847
var (
@@ -314,24 +313,25 @@ func processCSREvent(ctx context.Context, c chan<- *Certificate, csrObj interfac
314313

315314
func toCertificate(obj interface{}) (cert *Certificate, err error) {
316315
var request []byte
316+
originalCSRName := ""
317317

318318
switch e := obj.(type) {
319319
case *certv1.CertificateSigningRequest:
320320
request = e.Spec.Request
321+
originalCSRName = e.Name
321322
cert = &Certificate{
322-
OriginalCSRName: e.Name,
323-
SignerName: e.Spec.SignerName,
324-
v1: e,
325-
RequestingUser: e.Spec.Username,
326-
Usages: toKeyUsage(e.Spec.Usages),
323+
SignerName: e.Spec.SignerName,
324+
v1: e,
325+
RequestingUser: e.Spec.Username,
326+
Usages: toKeyUsage(e.Spec.Usages),
327327
}
328328
case *certv1beta1.CertificateSigningRequest:
329329
request = e.Spec.Request
330+
originalCSRName = e.Name
330331
cert = &Certificate{
331-
OriginalCSRName: e.Name,
332-
v1Beta1: e,
333-
RequestingUser: e.Spec.Username,
334-
Usages: toKeyUsage(e.Spec.Usages),
332+
v1Beta1: e,
333+
RequestingUser: e.Spec.Username,
334+
Usages: toKeyUsage(e.Spec.Usages),
335335
}
336336
if e.Spec.SignerName != nil {
337337
cert.SignerName = *e.Spec.SignerName
@@ -342,7 +342,7 @@ func toCertificate(obj interface{}) (cert *Certificate, err error) {
342342

343343
cn, err := cert.getSubjectCommonName(request)
344344
if err != nil {
345-
return nil, fmt.Errorf("getSubjectCommonName: Name: %v RequestingUser: %v request: %v %w", cert.OriginalCSRName, cert.RequestingUser, string(request), err)
345+
return nil, fmt.Errorf("getSubjectCommonName: Name: %v RequestingUser: %v request: %v %w", originalCSRName, cert.RequestingUser, string(request), err)
346346
}
347347

348348
cert.Name = cn
@@ -358,11 +358,25 @@ func sendCertificate(ctx context.Context, c chan<- *Certificate, cert *Certifica
358358
}
359359
}
360360

361+
func (c *Certificate) GetOriginalCSRName() string {
362+
// node-csr prefix for bootstrap kubelet csr.
363+
// csr- prefix for kubelet csr.
364+
if c.v1 != nil {
365+
return c.v1.Name
366+
}
367+
if c.v1Beta1 != nil {
368+
return c.v1Beta1.Name
369+
}
370+
371+
return ""
372+
}
373+
361374
func (c *Certificate) getSubjectCommonName(csrRequest []byte) (string, error) {
362375
// node-csr prefix for bootstrap kubelet csr.
363376
// csr- prefix for kubelet csr.
364-
if !strings.HasPrefix(c.OriginalCSRName, "node-csr") && !strings.HasPrefix(c.OriginalCSRName, "csr-") {
365-
return "", fmt.Errorf("invalid CSR name: %s %w", c.OriginalCSRName, errInvalidCSR)
377+
originalCSRName := c.GetOriginalCSRName()
378+
if !strings.HasPrefix(originalCSRName, "node-csr") && !strings.HasPrefix(originalCSRName, "csr-") {
379+
return "", fmt.Errorf("invalid CSR name: %s %w", originalCSRName, errInvalidCSR)
366380
}
367381

368382
certReq, err := c.parseCSR(csrRequest)

internal/actions/csr/csr_test.go

Lines changed: 6 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -402,13 +402,12 @@ func TestCertificate_validateCSR(t *testing.T) {
402402
for _, tt := range tests {
403403
t.Run(tt.name, func(t *testing.T) {
404404
c := &Certificate{
405-
v1: tt.fields.v1,
406-
v1Beta1: tt.fields.v1Beta1,
407-
Name: tt.fields.Name,
408-
OriginalCSRName: tt.fields.OriginalCSRName,
409-
RequestingUser: tt.fields.RequestingUser,
410-
SignerName: tt.fields.SignerName,
411-
Usages: tt.fields.Usages,
405+
v1: tt.fields.v1,
406+
v1Beta1: tt.fields.v1Beta1,
407+
Name: tt.fields.Name,
408+
RequestingUser: tt.fields.RequestingUser,
409+
SignerName: tt.fields.SignerName,
410+
Usages: tt.fields.Usages,
412411
}
413412
if err := c.validateCSR(tt.args.csr); (err != nil) != tt.wantErr {
414413
t.Errorf("validateCSR() error = %v, wantErr %v", err, tt.wantErr)

internal/actions/csr/svc.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -170,7 +170,7 @@ func (h *ApprovalManager) runAutoApproveForCastAINodes(ctx context.Context, c <-
170170
log := log.WithFields(logrus.Fields{
171171
"csr_name": cert.Name,
172172
"signer": cert.SignerName,
173-
"original_csr_name": cert.OriginalCSRName,
173+
"original_csr_name": cert.GetOriginalCSRName(),
174174
})
175175
log.Info("auto approving csr")
176176
err := h.handleWithRetry(ctx, log, cert)

0 commit comments

Comments
 (0)