mirrors/external-secrets
1
0
Fork 0
mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-14 11:57:59 +00:00
Code Activity

implements ValidateStore method

Browse source
This commit is contained in:
Docs 2022-03-25 16:17:47 -03:00
parent d7022b1bef
commit 3a1a302ca9
1 changed files with 23 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
pkg/provider/kubernetes/kubernetes.go
View file

@ -262,5 +262,28 @@ func (k *ProviderKubernetes) Validate() error {
}
func (k *ProviderKubernetes) ValidateStore(store esv1beta1.GenericStore) error {
storeSpec := store.GetSpec()
k8sSpec := storeSpec.Provider.Kubernetes
if k8sSpec.Server.CABundle == nil && k8sSpec.Server.CAProvider == nil {
return fmt.Errorf("a CABundle or CAProvider is required")
}
if k8sSpec.Auth.Cert != nil {
if err := utils.ValidateSecretSelector(store, k8sSpec.Auth.Cert.ClientCert); err != nil {
return fmt.Errorf("invalid Auth.Cert.ClientCert: %w", err)
}
if err := utils.ValidateSecretSelector(store, k8sSpec.Auth.Cert.ClientKey); err != nil {
return fmt.Errorf("invalid Auth.Cert.ClientKey: %w", err)
}
} else if k8sSpec.Auth.Token != nil {
if err := utils.ValidateSecretSelector(store, k8sSpec.Auth.Token.BearerToken); err != nil {
return fmt.Errorf("invalid Auth.Token.BearerToken: %w", err)
}
}
if k8sSpec.Auth.Cert != nil && k8sSpec.Auth.Token != nil {
return fmt.Errorf("Only one authentication method is allowed")
}
return nil
}