Merge pull request #99494 from enj/enj/i/not_after_ttl_hint
csr: add expirationSeconds field to control cert lifetime Kubernetes-commit: 659c7e709f3b7f5f2a25e456525cd8747f2e68cc
This commit is contained in:
Kubernetes Publisher
commit
920cc30542
8
go.mod
8
go.mod
|
|
@ -31,10 +31,10 @@ require (
|
|||
github.com/stretchr/testify v1.7.0
|
||||
golang.org/x/sys v0.0.0-20210616094352-59db8d763f22
|
||||
gopkg.in/yaml.v2 v2.4.0
|
||||
k8s.io/api v0.0.0-20210701054328-f75dde501d56
|
||||
k8s.io/api v0.0.0-20210702094336-49e8721f8489
|
||||
k8s.io/apimachinery v0.0.0-20210701054147-830375057167
|
||||
k8s.io/cli-runtime v0.0.0-20210701060448-628c6a842d95
|
||||
k8s.io/client-go v0.0.0-20210701054555-843bb800b12a
|
||||
k8s.io/client-go v0.0.0-20210702094607-ca3a47f0b44a
|
||||
k8s.io/component-base v0.0.0-20210702054709-fddd92849e34
|
||||
k8s.io/component-helpers v0.0.0-20210701055214-c69fdc006e3d
|
||||
k8s.io/klog/v2 v2.9.0
|
||||
|
|
@ -47,10 +47,10 @@ require (
|
|||
)
|
||||
|
||||
replace (
|
||||
k8s.io/api => k8s.io/api v0.0.0-20210701054328-f75dde501d56
|
||||
k8s.io/api => k8s.io/api v0.0.0-20210702094336-49e8721f8489
|
||||
k8s.io/apimachinery => k8s.io/apimachinery v0.0.0-20210701054147-830375057167
|
||||
k8s.io/cli-runtime => k8s.io/cli-runtime v0.0.0-20210701060448-628c6a842d95
|
||||
k8s.io/client-go => k8s.io/client-go v0.0.0-20210701054555-843bb800b12a
|
||||
k8s.io/client-go => k8s.io/client-go v0.0.0-20210702094607-ca3a47f0b44a
|
||||
k8s.io/code-generator => k8s.io/code-generator v0.0.0-20210701054009-d874928e3dc5
|
||||
k8s.io/component-base => k8s.io/component-base v0.0.0-20210702054709-fddd92849e34
|
||||
k8s.io/component-helpers => k8s.io/component-helpers v0.0.0-20210701055214-c69fdc006e3d
|
||||
|
|
|
|||
8
go.sum
8
go.sum
|
|
@ -738,14 +738,14 @@ honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWh
|
|||
honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
|
||||
honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
|
||||
honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
|
||||
k8s.io/api v0.0.0-20210701054328-f75dde501d56 h1:D7+RjL9qHD5SvrWwSnT0NugysPfJAopsJphgGxpp+kU=
|
||||
k8s.io/api v0.0.0-20210701054328-f75dde501d56/go.mod h1:zoURDvOPW5UMFZr2YUU/sStjYnWSPt+x+MM4R94ATgQ=
|
||||
k8s.io/api v0.0.0-20210702094336-49e8721f8489 h1:R+giJyPdlHfUvmzHBQ6tm2tlmxcZ2NWgkGSxLbQZ/ZM=
|
||||
k8s.io/api v0.0.0-20210702094336-49e8721f8489/go.mod h1:zoURDvOPW5UMFZr2YUU/sStjYnWSPt+x+MM4R94ATgQ=
|
||||
k8s.io/apimachinery v0.0.0-20210701054147-830375057167 h1:fob/j8+uMBIVvyo+9bG7GvjFSj0LX3RNuSXW+RcUrwo=
|
||||
k8s.io/apimachinery v0.0.0-20210701054147-830375057167/go.mod h1:O3oNtNadZdeOMxHFVxOreoznohCpy0z6mocxbZr7oJ0=
|
||||
k8s.io/cli-runtime v0.0.0-20210701060448-628c6a842d95 h1:U81VKTEJ8/368Y7LPQ/65duv07cyDwc7XrGl5nUz0Dw=
|
||||
k8s.io/cli-runtime v0.0.0-20210701060448-628c6a842d95/go.mod h1:YW0KJq8qBiFm5I61gwt6Cs7DD9jHUYr8V40z7Xlm/6o=
|
||||
k8s.io/client-go v0.0.0-20210701054555-843bb800b12a h1:0BwocnDPxH8EoEtyZAtTjLY5wwVCdAUaDQzmqJeU/4U=
|
||||
k8s.io/client-go v0.0.0-20210701054555-843bb800b12a/go.mod h1:16T5YsHbw60Osvo1XWwrY0LRCCT2NVgowSJr6mtlhks=
|
||||
k8s.io/client-go v0.0.0-20210702094607-ca3a47f0b44a h1:VFneXCpCgcDAzER+i0riTedinxoT/TK4ZrA/IfyWWwI=
|
||||
k8s.io/client-go v0.0.0-20210702094607-ca3a47f0b44a/go.mod h1:q7LwMTm+ipCQu7UHo7eO1qrjkqaEjj/WmgmKGZGzmcA=
|
||||
k8s.io/code-generator v0.0.0-20210701054009-d874928e3dc5/go.mod h1:eV77Y09IopzeXOJzndrDyCI88UBok2h6WxAlBwpxa+o=
|
||||
k8s.io/component-base v0.0.0-20210702054709-fddd92849e34 h1:L7kJX0+rX5SJ2ZUaFy8zarcUMW0+2AHkd3gyuIp0ZLM=
|
||||
k8s.io/component-base v0.0.0-20210702054709-fddd92849e34/go.mod h1:KuldLgSPMxWtcVmPn3hcUoWNJqm7HEdVcSID+ZdAB24=
|
||||
|
|
|
|||
|
|
@ -33,7 +33,6 @@ import (
|
|||
"unicode"
|
||||
|
||||
"github.com/fatih/camelcase"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
|
||||
appsv1 "k8s.io/api/apps/v1"
|
||||
autoscalingv1 "k8s.io/api/autoscaling/v1"
|
||||
|
|
@ -60,6 +59,7 @@ import (
|
|||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/fields"
|
||||
"k8s.io/apimachinery/pkg/labels"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
||||
"k8s.io/apimachinery/pkg/types"
|
||||
"k8s.io/apimachinery/pkg/util/duration"
|
||||
|
|
@ -72,6 +72,7 @@ import (
|
|||
corev1client "k8s.io/client-go/kubernetes/typed/core/v1"
|
||||
"k8s.io/client-go/rest"
|
||||
"k8s.io/client-go/tools/reference"
|
||||
utilcsr "k8s.io/client-go/util/certificate/csr"
|
||||
"k8s.io/klog/v2"
|
||||
"k8s.io/kubectl/pkg/scheme"
|
||||
"k8s.io/kubectl/pkg/util/certificate"
|
||||
|
|
@ -3690,12 +3691,13 @@ type CertificateSigningRequestDescriber struct {
|
|||
func (p *CertificateSigningRequestDescriber) Describe(namespace, name string, describerSettings DescriberSettings) (string, error) {
|
||||
|
||||
var (
|
||||
crBytes []byte
|
||||
metadata metav1.ObjectMeta
|
||||
status string
|
||||
signerName string
|
||||
username string
|
||||
events *corev1.EventList
|
||||
crBytes []byte
|
||||
metadata metav1.ObjectMeta
|
||||
status string
|
||||
signerName string
|
||||
expirationSeconds *int32
|
||||
username string
|
||||
events *corev1.EventList
|
||||
)
|
||||
|
||||
if csr, err := p.client.CertificatesV1().CertificateSigningRequests().Get(context.TODO(), name, metav1.GetOptions{}); err == nil {
|
||||
|
|
@ -3707,6 +3709,7 @@ func (p *CertificateSigningRequestDescriber) Describe(namespace, name string, de
|
|||
}
|
||||
status = extractCSRStatus(conditionTypes, csr.Status.Certificate)
|
||||
signerName = csr.Spec.SignerName
|
||||
expirationSeconds = csr.Spec.ExpirationSeconds
|
||||
username = csr.Spec.Username
|
||||
if describerSettings.ShowEvents {
|
||||
events, _ = searchEvents(p.client.CoreV1(), csr, describerSettings.ChunkSize)
|
||||
|
|
@ -3722,6 +3725,7 @@ func (p *CertificateSigningRequestDescriber) Describe(namespace, name string, de
|
|||
if csr.Spec.SignerName != nil {
|
||||
signerName = *csr.Spec.SignerName
|
||||
}
|
||||
expirationSeconds = csr.Spec.ExpirationSeconds
|
||||
username = csr.Spec.Username
|
||||
if describerSettings.ShowEvents {
|
||||
events, _ = searchEvents(p.client.CoreV1(), csr, describerSettings.ChunkSize)
|
||||
|
|
@ -3735,10 +3739,10 @@ func (p *CertificateSigningRequestDescriber) Describe(namespace, name string, de
|
|||
return "", fmt.Errorf("Error parsing CSR: %v", err)
|
||||
}
|
||||
|
||||
return describeCertificateSigningRequest(metadata, signerName, username, cr, status, events)
|
||||
return describeCertificateSigningRequest(metadata, signerName, expirationSeconds, username, cr, status, events)
|
||||
}
|
||||
|
||||
func describeCertificateSigningRequest(csr metav1.ObjectMeta, signerName string, username string, cr *x509.CertificateRequest, status string, events *corev1.EventList) (string, error) {
|
||||
func describeCertificateSigningRequest(csr metav1.ObjectMeta, signerName string, expirationSeconds *int32, username string, cr *x509.CertificateRequest, status string, events *corev1.EventList) (string, error) {
|
||||
printListHelper := func(w PrefixWriter, prefix, name string, values []string) {
|
||||
if len(values) == 0 {
|
||||
return
|
||||
|
|
@ -3758,6 +3762,9 @@ func describeCertificateSigningRequest(csr metav1.ObjectMeta, signerName string,
|
|||
if len(signerName) > 0 {
|
||||
w.Write(LEVEL_0, "Signer:\t%s\n", signerName)
|
||||
}
|
||||
if expirationSeconds != nil {
|
||||
w.Write(LEVEL_0, "Requested Duration:\t%s\n", duration.HumanDuration(utilcsr.ExpirationSecondsToDuration(*expirationSeconds)))
|
||||
}
|
||||
w.Write(LEVEL_0, "Status:\t%s\n", status)
|
||||
|
||||
w.Write(LEVEL_0, "Subject:\n")
|
||||
|
|
|
|||
Loading…
Reference in New Issue