Fork: 0
yangyangxie / AnthosCertManager
Transfer to URL with SHA Find file
Newer
Older
AnthosCertManager / pkg / controller / certificates / policies / policies.go
@Yangyang Xie Yangyang Xie on 13 Nov 2022 2 KB add cert generation logic
Raw Blame History 
package policies

import (
	corev1 "k8s.io/api/core/v1"

	acmapi "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/apis/anthoscertmanager/v1"
)

type Input struct {
	Certificate *acmapi.Certificate
	Secret      *corev1.Secret

	// // The "current" certificate request designates the certificate request that
	// // led to the current revision of the certificate. The "current" certificate
	// // request is by definition in a ready state, and can be seen as the source
	// // of information of the current certificate. Take a look at the gatherer
	// // package's documentation to see more about why we care about the "current"
	// // certificate request.
	// CurrentRevisionRequest *cmapi.CertificateRequest

	// // The "next" certificate request is the one that is currently being issued.
	// // Take a look at the gatherer package's documentation to see more about why
	// // we care about the "next" certificate request.
	// NextRevisionRequest *cmapi.CertificateRequest
}

// A Func evaluates the given input data and decides whether a check has passed or not.
// It returns additional human readable information in the `reason` and `message` return parameters if so.
type Func func(Input) (reason, message string, failed bool)

// A chain of policy functions to be evaluated in order
type Chain []Func

// Evaluate will evaluate the entire policy chain using the provided input.
// As soon as it is discovered that the input violates one policy,
// Evaluate will return and not evaluate the rest of the chain.
func (c Chain) Evaluate(input Input) (string, string, bool) {
	for _, policyFunc := range c {
		reason, message, volidationFound := policyFunc(input)
		if volidationFound {
			return reason, message, volidationFound
		}
	}
	return "", "", false
}

// NewSecretPostIssuancePolicyChain includes policy checks that are to be
// performed _after_ issuance has been successful, testing for the presence and
// correctness of metadata and output formats of Certificate's Secrets.
func NewSecretPostIssuancePolicyChain(ownerRefEnabled bool, fieldManager string) Chain {
	// TODO: Check the owner referience value mismatch
	return Chain{SecretOwnerReferenceManagedFieldMismatch(ownerRefEnabled, fieldManager)}
}