-
Notifications
You must be signed in to change notification settings - Fork 191
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug 1797123: pkg/cvo: Fetch proxy CA certs from openshift-config-managed/trusted-ca-bundle #311
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -11,39 +11,38 @@ import ( | |
|
||
// getHTTPSProxyURL returns a url.URL object for the configured | ||
// https proxy only. It can be nil if does not exist or there is an error. | ||
func (optr *Operator) getHTTPSProxyURL() (*url.URL, string, error) { | ||
func (optr *Operator) getHTTPSProxyURL() (*url.URL, error) { | ||
proxy, err := optr.proxyLister.Get("cluster") | ||
|
||
if errors.IsNotFound(err) { | ||
return nil, "", nil | ||
return nil, nil | ||
} | ||
if err != nil { | ||
return nil, "", err | ||
return nil, err | ||
} | ||
|
||
if &proxy.Spec != nil { | ||
if proxy.Spec.HTTPSProxy != "" { | ||
proxyURL, err := url.Parse(proxy.Spec.HTTPSProxy) | ||
if err != nil { | ||
return nil, "", err | ||
return nil, err | ||
} | ||
return proxyURL, proxy.Spec.TrustedCA.Name, nil | ||
return proxyURL, nil | ||
} | ||
} | ||
return nil, "", nil | ||
return nil, nil | ||
} | ||
|
||
func (optr *Operator) getTLSConfig(cmNameRef string) (*tls.Config, error) { | ||
cm, err := optr.cmConfigLister.Get(cmNameRef) | ||
|
||
func (optr *Operator) getTLSConfig() (*tls.Config, error) { | ||
cm, err := optr.cmConfigManagedLister.Get("trusted-ca-bundle") | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. We are hard coding the name here i.e. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. It is part of the adopted enhancement. I only use it in this one place, so it doesn't seem useful to create a local |
||
if errors.IsNotFound(err) { | ||
return nil, nil | ||
} | ||
if err != nil { | ||
return nil, err | ||
} | ||
|
||
certPool, _ := x509.SystemCertPool() | ||
if certPool == nil { | ||
certPool = x509.NewCertPool() | ||
} | ||
certPool := x509.NewCertPool() | ||
|
||
if cm.Data["ca-bundle.crt"] != "" { | ||
if ok := certPool.AppendCertsFromPEM([]byte(cm.Data["ca-bundle.crt"])); !ok { | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,8 @@ | ||
package internal | ||
|
||
const ( | ||
ConfigNamespace = "openshift-config" | ||
InstallerConfigMap = "openshift-install" | ||
ManifestsConfigMap = "openshift-install-manifests" | ||
ConfigNamespace = "openshift-config" | ||
ConfigManagedNamespace = "openshift-config-managed" | ||
InstallerConfigMap = "openshift-install" | ||
ManifestsConfigMap = "openshift-install-manifests" | ||
) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍