Skip to content

Commit

Permalink
Relax constraint on CA mandatory presence to comply with expected beh…
Browse files Browse the repository at this point in the history 
…avior in K8s (#256)

resolves #255
  • Loading branch information
@kikokikok
kikokikok committed Aug 14, 2023
1 parent 9e669f2 commit fdda349
Show file tree
Hide file tree
Showing 4 changed files with 23 additions and 25 deletions.
2 changes: 1 addition & 1 deletion src/k8-client/Cargo.toml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
[package]
edition = "2021"
name = "k8-client"
version = "10.0.1"
version = "10.0.2"
authors = ["Fluvio Contributors <team@fluvio.io>"]
description = "Core Kubernetes metadata traits"
repository = "https://github.com/infinyon/k8-api"
Expand Down
22 changes: 8 additions & 14 deletions src/k8-client/src/cert.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -163,20 +163,14 @@ where
builder.load_ca_cert_with_data(pem_bytes)?
} else {
// let not inline, then must must ref to file
let ca_certificate_path = current_cluster
.cluster
.certificate_authority
.as_ref()
.ok_or_else(|| {
IoError::new(
ErrorKind::InvalidInput,
"current cluster must have CA crt path".to_owned(),
)
})?;

debug!("loading cluster CA from: {:#?}", ca_certificate_path);

builder.load_ca_certificate(ca_certificate_path)?
if let Some(ca_certificate_path) =
current_cluster.cluster.certificate_authority.as_ref()
{
debug!("loading cluster CA from: {:#?}", ca_certificate_path);
builder.load_ca_certificate(ca_certificate_path)?
} else {
return Ok((builder, None));
}
};

// load client certs
Expand Down
15 changes: 8 additions & 7 deletions src/k8-client/src/client/config_native.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -154,16 +154,17 @@ impl ConfigBuilder for HyperClientBuilder {
}

fn build(self) -> Result<Self::Client, ClientError> {
let ca_cert = match self.ca_cert {
Some(cert) => cert,
None => return Err(ClientError::Other("no ca cert".to_string())),
};
let ca_cert = self.ca_cert;

let connector_builder = match self.client_identity {
Some(builder) => ConnectorBuilder::identity(builder)?.add_root_certificate(ca_cert)?,
None => ConnectorBuilder::anonymous().add_root_certificate(ca_cert)?,
let mut connector_builder = match self.client_identity {
Some(builder) => ConnectorBuilder::identity(builder)?,
None => ConnectorBuilder::anonymous(),
};

if let Some(ca_cert) = ca_cert {
connector_builder = connector_builder.add_root_certificate(ca_cert)?
}

let connector = connector_builder.build();
Ok(Client::builder()
.executor(FluvioHyperExecutor)
Expand Down
9 changes: 6 additions & 3 deletions src/k8-client/src/client/config_openssl.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -158,15 +158,18 @@ impl ConfigBuilder for HyperClientBuilder {

fn build(self) -> Result<Self::Client, ClientError> {
let ca_cert = match self.ca_cert {
Some(cert) => cert.build()?,
None => return Err(ClientError::Other("no ca cert".to_string())),
Some(cert) => cert.build().ok(),
None => None,
};
let mut connector_builder = TlsConnector::builder()?;

if let Some(builder) = self.client_identity {
connector_builder = connector_builder.with_identity(builder)?;
}
let connector_builder = connector_builder.add_root_certificate(ca_cert)?;

if let Some(ca_cert) = ca_cert {
connector_builder = connector_builder.add_root_certificate(ca_cert)?;
}

let connector = connector_builder.build();
Ok(Client::builder()
Expand Down

0 comments on commit fdda349

Please sign in to comment.