2021-03-16 11:31:04 -07:00
|
|
|
package tls
|
|
|
|
|
|
|
|
|
|
import (
|
2023-02-01 14:38:04 +08:00
|
|
|
"fmt"
|
|
|
|
|
|
2022-05-17 16:14:31 +02:00
|
|
|
corev1 "k8s.io/api/core/v1"
|
2022-12-07 07:08:37 +01:00
|
|
|
corev1listers "k8s.io/client-go/listers/core/v1"
|
2021-03-16 11:31:04 -07:00
|
|
|
)
|
|
|
|
|
|
2023-08-25 13:24:52 +02:00
|
|
|
var errorsNotFound = "root CA certificate not found"
|
2021-05-04 22:10:01 -07:00
|
|
|
|
2021-03-16 11:31:04 -07:00
|
|
|
// ReadRootCASecret returns the RootCA from the pre-defined secret
|
2023-08-25 13:24:52 +02:00
|
|
|
func ReadRootCASecret(name, namespace string, client corev1listers.SecretNamespaceLister) ([]byte, error) {
|
|
|
|
|
stlsca, err := client.Get(name)
|
2021-03-16 11:31:04 -07:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2022-05-11 09:11:50 +02:00
|
|
|
// try "tls.crt"
|
2022-05-17 16:14:31 +02:00
|
|
|
result := stlsca.Data[corev1.TLSCertKey]
|
2022-05-11 09:11:50 +02:00
|
|
|
// if not there, try old "rootCA.crt"
|
|
|
|
|
if len(result) == 0 {
|
2022-10-13 11:46:05 +02:00
|
|
|
result = stlsca.Data[rootCAKey]
|
2022-05-11 09:11:50 +02:00
|
|
|
}
|
2021-03-16 11:31:04 -07:00
|
|
|
if len(result) == 0 {
|
2023-08-25 13:24:52 +02:00
|
|
|
return nil, fmt.Errorf("%s in secret %s/%s", errorsNotFound, namespace, stlsca.Name)
|
2021-03-16 11:31:04 -07:00
|
|
|
}
|
|
|
|
|
return result, nil
|
|
|
|
|
}
|
