[master] Add validation to certificate rotation (#4692)

* Add validation to certificate rotation Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * Add validation to certificate rotation Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2024-06-07 19:41:36 +00:00 · 2021-12-09 18:57:13 +02:00 · 2021-12-09 18:57:13 +02:00 · 3985fd0e26
commit 3985fd0e26
parent e8a30a87c8
1 changed files with 36 additions and 0 deletions
--- a/pkg/cli/cert/cert.go
+++ b/pkg/cli/cert/cert.go
@ -34,6 +34,20 @@ const (
 	k3sServerService         = "-server"
 )

+var services = []string{
+	adminService,
+	apiServerService,
+	controllerManagerService,
+	schedulerService,
+	etcdService,
+	version.Program + programControllerService,
+	authProxyService,
+	cloudControllerService,
+	kubeletService,
+	kubeProxyService,
+	version.Program + k3sServerService,
+}
+
 func commandSetup(app *cli.Context, cfg *cmds.Server, sc *server.Config) (string, string, error) {
 	gspt.SetProcTitle(os.Args[0])

@ -65,6 +79,10 @@ func rotate(app *cli.Context, cfg *cmds.Server) error {
 	serverConfig.ControlConfig.Runtime = &config.ControlRuntime{}
 	deps.CreateRuntimeCertFiles(&serverConfig.ControlConfig, serverConfig.ControlConfig.Runtime)

+	if err := validateCertConfig(); err != nil {
+		return err
+	}
+
 	tlsBackupDir, err := backupCertificates(serverDataDir, agentDataDir)
 	if err != nil {
 		return err
@ -219,3 +237,21 @@ func backupCertificates(serverDataDir, agentDataDir string) (string, error) {
 	}
 	return tlsBackupDir, nil
 }
+
+func validService(svc string) bool {
+	for _, service := range services {
+		if svc == service {
+			return true
+		}
+	}
+	return false
+}
+
+func validateCertConfig() error {
+	for _, s := range cmds.ServicesList {
+		if !validService(s) {
+			return errors.New("Service " + s + " is not recognized")
+		}
+	}
+	return nil
+}