kubernetes
/
kubectl
mirror of https://github.com/kubernetes/kubectl.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #99494 from enj/enj/i/not_after_ttl_hint 

csr: add expirationSeconds field to control cert lifetime

Kubernetes-commit: 659c7e709f3b7f5f2a25e456525cd8747f2e68cc
This commit is contained in:
Kubernetes Publisher 2021-07-01 23:02:12 -07:00
parent 08564af8a9 82734c256a
commit 920cc30542
3 changed files with 24 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
go.mod
View File

@ -31,10 +31,10 @@ require (
github.com/stretchr/testify v1.7.0 github.com/stretchr/testify v1.7.0
golang.org/x/sys v0.0.0-20210616094352-59db8d763f22 golang.org/x/sys v0.0.0-20210616094352-59db8d763f22
gopkg.in/yaml.v2 v2.4.0 gopkg.in/yaml.v2 v2.4.0
k8s.io/api v0.0.0-20210701054328-f75dde501d56 k8s.io/api v0.0.0-20210702094336-49e8721f8489
k8s.io/apimachinery v0.0.0-20210701054147-830375057167 k8s.io/apimachinery v0.0.0-20210701054147-830375057167
k8s.io/cli-runtime v0.0.0-20210701060448-628c6a842d95 k8s.io/cli-runtime v0.0.0-20210701060448-628c6a842d95
k8s.io/client-go v0.0.0-20210701054555-843bb800b12a k8s.io/client-go v0.0.0-20210702094607-ca3a47f0b44a
k8s.io/component-base v0.0.0-20210702054709-fddd92849e34 k8s.io/component-base v0.0.0-20210702054709-fddd92849e34
k8s.io/component-helpers v0.0.0-20210701055214-c69fdc006e3d k8s.io/component-helpers v0.0.0-20210701055214-c69fdc006e3d
k8s.io/klog/v2 v2.9.0 k8s.io/klog/v2 v2.9.0
@ -47,10 +47,10 @@ require (
) )
replace ( replace (
k8s.io/api => k8s.io/api v0.0.0-20210701054328-f75dde501d56 k8s.io/api => k8s.io/api v0.0.0-20210702094336-49e8721f8489
k8s.io/apimachinery => k8s.io/apimachinery v0.0.0-20210701054147-830375057167 k8s.io/apimachinery => k8s.io/apimachinery v0.0.0-20210701054147-830375057167
k8s.io/cli-runtime => k8s.io/cli-runtime v0.0.0-20210701060448-628c6a842d95 k8s.io/cli-runtime => k8s.io/cli-runtime v0.0.0-20210701060448-628c6a842d95
k8s.io/client-go => k8s.io/client-go v0.0.0-20210701054555-843bb800b12a k8s.io/client-go => k8s.io/client-go v0.0.0-20210702094607-ca3a47f0b44a
k8s.io/code-generator => k8s.io/code-generator v0.0.0-20210701054009-d874928e3dc5 k8s.io/code-generator => k8s.io/code-generator v0.0.0-20210701054009-d874928e3dc5
k8s.io/component-base => k8s.io/component-base v0.0.0-20210702054709-fddd92849e34 k8s.io/component-base => k8s.io/component-base v0.0.0-20210702054709-fddd92849e34
k8s.io/component-helpers => k8s.io/component-helpers v0.0.0-20210701055214-c69fdc006e3d k8s.io/component-helpers => k8s.io/component-helpers v0.0.0-20210701055214-c69fdc006e3d

8
go.sum
View File

@ -738,14 +738,14 @@ honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWh
honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
k8s.io/api v0.0.0-20210701054328-f75dde501d56 h1:D7+RjL9qHD5SvrWwSnT0NugysPfJAopsJphgGxpp+kU= k8s.io/api v0.0.0-20210702094336-49e8721f8489 h1:R+giJyPdlHfUvmzHBQ6tm2tlmxcZ2NWgkGSxLbQZ/ZM=
k8s.io/api v0.0.0-20210701054328-f75dde501d56/go.mod h1:zoURDvOPW5UMFZr2YUU/sStjYnWSPt+x+MM4R94ATgQ= k8s.io/api v0.0.0-20210702094336-49e8721f8489/go.mod h1:zoURDvOPW5UMFZr2YUU/sStjYnWSPt+x+MM4R94ATgQ=
k8s.io/apimachinery v0.0.0-20210701054147-830375057167 h1:fob/j8+uMBIVvyo+9bG7GvjFSj0LX3RNuSXW+RcUrwo= k8s.io/apimachinery v0.0.0-20210701054147-830375057167 h1:fob/j8+uMBIVvyo+9bG7GvjFSj0LX3RNuSXW+RcUrwo=
k8s.io/apimachinery v0.0.0-20210701054147-830375057167/go.mod h1:O3oNtNadZdeOMxHFVxOreoznohCpy0z6mocxbZr7oJ0= k8s.io/apimachinery v0.0.0-20210701054147-830375057167/go.mod h1:O3oNtNadZdeOMxHFVxOreoznohCpy0z6mocxbZr7oJ0=
k8s.io/cli-runtime v0.0.0-20210701060448-628c6a842d95 h1:U81VKTEJ8/368Y7LPQ/65duv07cyDwc7XrGl5nUz0Dw= k8s.io/cli-runtime v0.0.0-20210701060448-628c6a842d95 h1:U81VKTEJ8/368Y7LPQ/65duv07cyDwc7XrGl5nUz0Dw=
k8s.io/cli-runtime v0.0.0-20210701060448-628c6a842d95/go.mod h1:YW0KJq8qBiFm5I61gwt6Cs7DD9jHUYr8V40z7Xlm/6o= k8s.io/cli-runtime v0.0.0-20210701060448-628c6a842d95/go.mod h1:YW0KJq8qBiFm5I61gwt6Cs7DD9jHUYr8V40z7Xlm/6o=
k8s.io/client-go v0.0.0-20210701054555-843bb800b12a h1:0BwocnDPxH8EoEtyZAtTjLY5wwVCdAUaDQzmqJeU/4U= k8s.io/client-go v0.0.0-20210702094607-ca3a47f0b44a h1:VFneXCpCgcDAzER+i0riTedinxoT/TK4ZrA/IfyWWwI=
k8s.io/client-go v0.0.0-20210701054555-843bb800b12a/go.mod h1:16T5YsHbw60Osvo1XWwrY0LRCCT2NVgowSJr6mtlhks= k8s.io/client-go v0.0.0-20210702094607-ca3a47f0b44a/go.mod h1:q7LwMTm+ipCQu7UHo7eO1qrjkqaEjj/WmgmKGZGzmcA=
k8s.io/code-generator v0.0.0-20210701054009-d874928e3dc5/go.mod h1:eV77Y09IopzeXOJzndrDyCI88UBok2h6WxAlBwpxa+o= k8s.io/code-generator v0.0.0-20210701054009-d874928e3dc5/go.mod h1:eV77Y09IopzeXOJzndrDyCI88UBok2h6WxAlBwpxa+o=
k8s.io/component-base v0.0.0-20210702054709-fddd92849e34 h1:L7kJX0+rX5SJ2ZUaFy8zarcUMW0+2AHkd3gyuIp0ZLM= k8s.io/component-base v0.0.0-20210702054709-fddd92849e34 h1:L7kJX0+rX5SJ2ZUaFy8zarcUMW0+2AHkd3gyuIp0ZLM=
k8s.io/component-base v0.0.0-20210702054709-fddd92849e34/go.mod h1:KuldLgSPMxWtcVmPn3hcUoWNJqm7HEdVcSID+ZdAB24= k8s.io/component-base v0.0.0-20210702054709-fddd92849e34/go.mod h1:KuldLgSPMxWtcVmPn3hcUoWNJqm7HEdVcSID+ZdAB24=

13
pkg/describe/describe.go
View File

@ -33,7 +33,6 @@ import (
"unicode" "unicode"
"github.com/fatih/camelcase" "github.com/fatih/camelcase"
"k8s.io/apimachinery/pkg/runtime"
appsv1 "k8s.io/api/apps/v1" appsv1 "k8s.io/api/apps/v1"
autoscalingv1 "k8s.io/api/autoscaling/v1" autoscalingv1 "k8s.io/api/autoscaling/v1"
@ -60,6 +59,7 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/fields" "k8s.io/apimachinery/pkg/fields"
"k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/labels"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/types"
"k8s.io/apimachinery/pkg/util/duration" "k8s.io/apimachinery/pkg/util/duration"
@ -72,6 +72,7 @@ import (
corev1client "k8s.io/client-go/kubernetes/typed/core/v1" corev1client "k8s.io/client-go/kubernetes/typed/core/v1"
"k8s.io/client-go/rest" "k8s.io/client-go/rest"
"k8s.io/client-go/tools/reference" "k8s.io/client-go/tools/reference"
utilcsr "k8s.io/client-go/util/certificate/csr"
"k8s.io/klog/v2" "k8s.io/klog/v2"
"k8s.io/kubectl/pkg/scheme" "k8s.io/kubectl/pkg/scheme"
"k8s.io/kubectl/pkg/util/certificate" "k8s.io/kubectl/pkg/util/certificate"
@ -3694,6 +3695,7 @@ func (p *CertificateSigningRequestDescriber) Describe(namespace, name string, de
metadata metav1.ObjectMeta metadata metav1.ObjectMeta
status string status string
signerName string signerName string
expirationSeconds *int32
username string username string
events *corev1.EventList events *corev1.EventList
) )
@ -3707,6 +3709,7 @@ func (p *CertificateSigningRequestDescriber) Describe(namespace, name string, de
} }
status = extractCSRStatus(conditionTypes, csr.Status.Certificate) status = extractCSRStatus(conditionTypes, csr.Status.Certificate)
signerName = csr.Spec.SignerName signerName = csr.Spec.SignerName
expirationSeconds = csr.Spec.ExpirationSeconds
username = csr.Spec.Username username = csr.Spec.Username
if describerSettings.ShowEvents { if describerSettings.ShowEvents {
events, _ = searchEvents(p.client.CoreV1(), csr, describerSettings.ChunkSize) events, _ = searchEvents(p.client.CoreV1(), csr, describerSettings.ChunkSize)
@ -3722,6 +3725,7 @@ func (p *CertificateSigningRequestDescriber) Describe(namespace, name string, de
if csr.Spec.SignerName != nil { if csr.Spec.SignerName != nil {
signerName = *csr.Spec.SignerName signerName = *csr.Spec.SignerName
} }
expirationSeconds = csr.Spec.ExpirationSeconds
username = csr.Spec.Username username = csr.Spec.Username
if describerSettings.ShowEvents { if describerSettings.ShowEvents {
events, _ = searchEvents(p.client.CoreV1(), csr, describerSettings.ChunkSize) events, _ = searchEvents(p.client.CoreV1(), csr, describerSettings.ChunkSize)
@ -3735,10 +3739,10 @@ func (p *CertificateSigningRequestDescriber) Describe(namespace, name string, de
return "", fmt.Errorf("Error parsing CSR: %v", err) return "", fmt.Errorf("Error parsing CSR: %v", err)
} }
return describeCertificateSigningRequest(metadata, signerName, username, cr, status, events) return describeCertificateSigningRequest(metadata, signerName, expirationSeconds, username, cr, status, events)
} }
func describeCertificateSigningRequest(csr metav1.ObjectMeta, signerName string, username string, cr *x509.CertificateRequest, status string, events *corev1.EventList) (string, error) { func describeCertificateSigningRequest(csr metav1.ObjectMeta, signerName string, expirationSeconds *int32, username string, cr *x509.CertificateRequest, status string, events *corev1.EventList) (string, error) {
printListHelper := func(w PrefixWriter, prefix, name string, values []string) { printListHelper := func(w PrefixWriter, prefix, name string, values []string) {
if len(values) == 0 { if len(values) == 0 {
return return
@ -3758,6 +3762,9 @@ func describeCertificateSigningRequest(csr metav1.ObjectMeta, signerName string,
if len(signerName) > 0 { if len(signerName) > 0 {
w.Write(LEVEL_0, "Signer:\t%s\n", signerName) w.Write(LEVEL_0, "Signer:\t%s\n", signerName)
} }
if expirationSeconds != nil {
w.Write(LEVEL_0, "Requested Duration:\t%s\n", duration.HumanDuration(utilcsr.ExpirationSecondsToDuration(*expirationSeconds)))
}
w.Write(LEVEL_0, "Status:\t%s\n", status) w.Write(LEVEL_0, "Status:\t%s\n", status)
w.Write(LEVEL_0, "Subject:\n") w.Write(LEVEL_0, "Subject:\n")