Merge pull request #99494 from enj/enj/i/not_after_ttl_hint

csr: add expirationSeconds field to control cert lifetime Kubernetes-commit: 659c7e709f3b7f5f2a25e456525cd8747f2e68cc
2021-07-01 23:02:12 -07:00 · 2021-07-01 23:02:12 -07:00 · 920cc30542
parent 08564af8a9 82734c256a
commit 920cc30542
3 changed files with 24 additions and 17 deletions
--- a/go.mod
+++ b/go.mod
@ -31,10 +31,10 @@ require (
 	github.com/stretchr/testify v1.7.0
 	golang.org/x/sys v0.0.0-20210616094352-59db8d763f22
 	gopkg.in/yaml.v2 v2.4.0
-	k8s.io/api v0.0.0-20210701054328-f75dde501d56
+	k8s.io/api v0.0.0-20210702094336-49e8721f8489
 	k8s.io/apimachinery v0.0.0-20210701054147-830375057167
 	k8s.io/cli-runtime v0.0.0-20210701060448-628c6a842d95
-	k8s.io/client-go v0.0.0-20210701054555-843bb800b12a
+	k8s.io/client-go v0.0.0-20210702094607-ca3a47f0b44a
 	k8s.io/component-base v0.0.0-20210702054709-fddd92849e34
 	k8s.io/component-helpers v0.0.0-20210701055214-c69fdc006e3d
 	k8s.io/klog/v2 v2.9.0
@ -47,10 +47,10 @@ require (
 )
 replace (
-	k8s.io/api => k8s.io/api v0.0.0-20210701054328-f75dde501d56
+	k8s.io/api => k8s.io/api v0.0.0-20210702094336-49e8721f8489
 	k8s.io/apimachinery => k8s.io/apimachinery v0.0.0-20210701054147-830375057167
 	k8s.io/cli-runtime => k8s.io/cli-runtime v0.0.0-20210701060448-628c6a842d95
-	k8s.io/client-go => k8s.io/client-go v0.0.0-20210701054555-843bb800b12a
+	k8s.io/client-go => k8s.io/client-go v0.0.0-20210702094607-ca3a47f0b44a
 	k8s.io/code-generator => k8s.io/code-generator v0.0.0-20210701054009-d874928e3dc5
 	k8s.io/component-base => k8s.io/component-base v0.0.0-20210702054709-fddd92849e34
 	k8s.io/component-helpers => k8s.io/component-helpers v0.0.0-20210701055214-c69fdc006e3d
--- a/go.sum
+++ b/go.sum
@ -738,14 +738,14 @@ honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-k8s.io/api v0.0.0-20210701054328-f75dde501d56 h1:D7+RjL9qHD5SvrWwSnT0NugysPfJAopsJphgGxpp+kU=
+k8s.io/api v0.0.0-20210702094336-49e8721f8489 h1:R+giJyPdlHfUvmzHBQ6tm2tlmxcZ2NWgkGSxLbQZ/ZM=
-k8s.io/api v0.0.0-20210701054328-f75dde501d56/go.mod h1:zoURDvOPW5UMFZr2YUU/sStjYnWSPt+x+MM4R94ATgQ=
+k8s.io/api v0.0.0-20210702094336-49e8721f8489/go.mod h1:zoURDvOPW5UMFZr2YUU/sStjYnWSPt+x+MM4R94ATgQ=
 k8s.io/apimachinery v0.0.0-20210701054147-830375057167 h1:fob/j8+uMBIVvyo+9bG7GvjFSj0LX3RNuSXW+RcUrwo=
 k8s.io/apimachinery v0.0.0-20210701054147-830375057167/go.mod h1:O3oNtNadZdeOMxHFVxOreoznohCpy0z6mocxbZr7oJ0=
 k8s.io/cli-runtime v0.0.0-20210701060448-628c6a842d95 h1:U81VKTEJ8/368Y7LPQ/65duv07cyDwc7XrGl5nUz0Dw=
 k8s.io/cli-runtime v0.0.0-20210701060448-628c6a842d95/go.mod h1:YW0KJq8qBiFm5I61gwt6Cs7DD9jHUYr8V40z7Xlm/6o=
-k8s.io/client-go v0.0.0-20210701054555-843bb800b12a h1:0BwocnDPxH8EoEtyZAtTjLY5wwVCdAUaDQzmqJeU/4U=
+k8s.io/client-go v0.0.0-20210702094607-ca3a47f0b44a h1:VFneXCpCgcDAzER+i0riTedinxoT/TK4ZrA/IfyWWwI=
-k8s.io/client-go v0.0.0-20210701054555-843bb800b12a/go.mod h1:16T5YsHbw60Osvo1XWwrY0LRCCT2NVgowSJr6mtlhks=
+k8s.io/client-go v0.0.0-20210702094607-ca3a47f0b44a/go.mod h1:q7LwMTm+ipCQu7UHo7eO1qrjkqaEjj/WmgmKGZGzmcA=
 k8s.io/code-generator v0.0.0-20210701054009-d874928e3dc5/go.mod h1:eV77Y09IopzeXOJzndrDyCI88UBok2h6WxAlBwpxa+o=
 k8s.io/component-base v0.0.0-20210702054709-fddd92849e34 h1:L7kJX0+rX5SJ2ZUaFy8zarcUMW0+2AHkd3gyuIp0ZLM=
 k8s.io/component-base v0.0.0-20210702054709-fddd92849e34/go.mod h1:KuldLgSPMxWtcVmPn3hcUoWNJqm7HEdVcSID+ZdAB24=
--- a/pkg/describe/describe.go
+++ b/pkg/describe/describe.go
@ -33,7 +33,6 @@ import (
 	"unicode"
 	"github.com/fatih/camelcase"
 	"k8s.io/apimachinery/pkg/runtime"
 	appsv1 "k8s.io/api/apps/v1"
 	autoscalingv1 "k8s.io/api/autoscaling/v1"
@ -60,6 +59,7 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/fields"
 	"k8s.io/apimachinery/pkg/labels"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/duration"
@ -72,6 +72,7 @@ import (
 	corev1client "k8s.io/client-go/kubernetes/typed/core/v1"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/reference"
 	utilcsr "k8s.io/client-go/util/certificate/csr"
 	"k8s.io/klog/v2"
 	"k8s.io/kubectl/pkg/scheme"
 	"k8s.io/kubectl/pkg/util/certificate"
@ -3690,12 +3691,13 @@ type CertificateSigningRequestDescriber struct {
 func (p *CertificateSigningRequestDescriber) Describe(namespace, name string, describerSettings DescriberSettings) (string, error) {
 	var (
-		crBytes    []byte
+		crBytes           []byte
-		metadata   metav1.ObjectMeta
+		metadata          metav1.ObjectMeta
-		status     string
+		status            string
-		signerName string
+		signerName        string
-		username   string
+		expirationSeconds *int32
-		events     *corev1.EventList
+		username          string
 		events            *corev1.EventList
 	)
 	if csr, err := p.client.CertificatesV1().CertificateSigningRequests().Get(context.TODO(), name, metav1.GetOptions{}); err == nil {
@ -3707,6 +3709,7 @@ func (p *CertificateSigningRequestDescriber) Describe(namespace, name string, de
 		}
 		status = extractCSRStatus(conditionTypes, csr.Status.Certificate)
 		signerName = csr.Spec.SignerName
 		expirationSeconds = csr.Spec.ExpirationSeconds
 		username = csr.Spec.Username
 		if describerSettings.ShowEvents {
 			events, _ = searchEvents(p.client.CoreV1(), csr, describerSettings.ChunkSize)
@ -3722,6 +3725,7 @@ func (p *CertificateSigningRequestDescriber) Describe(namespace, name string, de
 		if csr.Spec.SignerName != nil {
 			signerName = *csr.Spec.SignerName
 		}
 		expirationSeconds = csr.Spec.ExpirationSeconds
 		username = csr.Spec.Username
 		if describerSettings.ShowEvents {
 			events, _ = searchEvents(p.client.CoreV1(), csr, describerSettings.ChunkSize)
@ -3735,10 +3739,10 @@ func (p *CertificateSigningRequestDescriber) Describe(namespace, name string, de
 		return "", fmt.Errorf("Error parsing CSR: %v", err)
 	}
-	return describeCertificateSigningRequest(metadata, signerName, username, cr, status, events)
+	return describeCertificateSigningRequest(metadata, signerName, expirationSeconds, username, cr, status, events)
 }
-func describeCertificateSigningRequest(csr metav1.ObjectMeta, signerName string, username string, cr *x509.CertificateRequest, status string, events *corev1.EventList) (string, error) {
+func describeCertificateSigningRequest(csr metav1.ObjectMeta, signerName string, expirationSeconds *int32, username string, cr *x509.CertificateRequest, status string, events *corev1.EventList) (string, error) {
 	printListHelper := func(w PrefixWriter, prefix, name string, values []string) {
 		if len(values) == 0 {
 			return
@ -3758,6 +3762,9 @@ func describeCertificateSigningRequest(csr metav1.ObjectMeta, signerName string,
 		if len(signerName) > 0 {
 			w.Write(LEVEL_0, "Signer:\t%s\n", signerName)
 		}
 		if expirationSeconds != nil {
 			w.Write(LEVEL_0, "Requested Duration:\t%s\n", duration.HumanDuration(utilcsr.ExpirationSecondsToDuration(*expirationSeconds)))
 		}
 		w.Write(LEVEL_0, "Status:\t%s\n", status)
 		w.Write(LEVEL_0, "Subject:\n")