Skip to content

Commit

Permalink
feat: add secret validation to ingress analyzer (#141)
Browse files Browse the repository at this point in the history 
This commit adds a check to the ingress analyzer that verifies whether the secret declared in the ingress exists on the cluster. This helps to ensure that only valid secrets are used in the ingress configuration.

Signed-off-by: Matthis Holleville <matthish29@gmail.com>
  • Loading branch information
@matthisholleville
matthisholleville authored Mar 29, 2023
1 parent cdc7bb1 commit 86c7e81
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions pkg/analyzer/ingressAnalyzer.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,12 @@ func AnalyzeIngress(ctx context.Context, config *AnalysisConfiguration, client *
}
}

for _, tls := range ing.Spec.TLS {
_, err := client.GetClient().CoreV1().Secrets(ing.Namespace).Get(ctx, tls.SecretName, metav1.GetOptions{})
if err != nil {
failures = append(failures, fmt.Sprintf("Ingress uses the secret %s/%s as a TLS certificate which does not exist.", ing.Namespace, tls.SecretName))
}
}
if len(failures) > 0 {
preAnalysis[fmt.Sprintf("%s/%s", ing.Namespace, ing.Name)] = PreAnalysis{
Ingress: ing,
Expand Down

0 comments on commit 86c7e81

Please sign in to comment.