(ctx context.Context)
| 56 | } |
| 57 | |
| 58 | func createCAToSecret(ctx context.Context) error { |
| 59 | var caDER, keyDER []byte |
| 60 | // Check whether the ca exists in the local directory |
| 61 | if hubconfig.Config.Ca == nil && hubconfig.Config.CaKey == nil { |
| 62 | klog.Info("Ca and CaKey don't exist in local directory, and will read from the secret") |
| 63 | |
| 64 | // Check whether the ca exists in the secret |
| 65 | caSecret, err := client.GetSecret(ctx, CaSecretName, constants.SystemNamespace) |
| 66 | if err != nil { |
| 67 | if !apierror.IsNotFound(err) { |
| 68 | return fmt.Errorf("get secret: %s error: %v", CaSecretName, err) |
| 69 | } |
| 70 | |
| 71 | klog.Info("Ca and CaKey don't exist in the secret, and will be created by CloudCore") |
| 72 | h := certs.GetCAHandler(certs.CAHandlerTypeX509) |
| 73 | pk, err := h.GenPrivateKey() |
| 74 | if err != nil { |
| 75 | return err |
| 76 | } |
| 77 | |
| 78 | caPem, err := h.NewSelfSigned(pk) |
| 79 | if err != nil { |
| 80 | return fmt.Errorf("failed to create Certificate Authority, error: %v", err) |
| 81 | } |
| 82 | caDER = caPem.Bytes |
| 83 | keyDER = pk.DER() |
| 84 | } else { |
| 85 | caDER = caSecret.Data[CaDataName] |
| 86 | keyDER = caSecret.Data[CaKeyDataName] |
| 87 | } |
| 88 | |
| 89 | hubconfig.Config.UpdateCA(caDER, keyDER) |
| 90 | } else { |
| 91 | // HubConfig has been initialized |
| 92 | caDER = hubconfig.Config.Ca |
| 93 | keyDER = hubconfig.Config.CaKey |
| 94 | } |
| 95 | |
| 96 | if err := client.SaveSecret(ctx, createCaSecret(caDER, keyDER), constants.SystemNamespace); err != nil { |
| 97 | return fmt.Errorf("failed to create ca to secrets, error: %v", err) |
| 98 | } |
| 99 | |
| 100 | return nil |
| 101 | } |
| 102 | |
| 103 | func createCertsToSecret(ctx context.Context) error { |
| 104 | const year100 = time.Hour * 24 * 364 * 100 |
no test coverage detected