airship/airshipctl
Code Issues Proposed changes
debd301319
airshipctl/cmd/cluster/checkexpiration/checkexpiration.go
guhaneswaran20 dd03db0916 Adds command objects for cluster check-certificate-expiration 
Reference:- https://hackmd.io/aGaz7YXSSHybGcyol8vYEw
Previous work:- https://review.opendev.org/#/c/755291/

Below is the complete ordered flow of PS for the feature:
https://review.opendev.org/#/c/760498/ - Cobra command
https://review.opendev.org/#/c/760501/ - Command Objects
https://review.opendev.org/#/c/760504/ - TLS check
https://review.opendev.org/#/c/760517/ - Kubeconf check
https://review.opendev.org/#/c/760532/ - Node check
https://review.opendev.org/#/c/760537/ - Combined Unit tests

Change-Id: Ie0fac7799724b7fb2255e387b7e90b26159bda5c
Relates-To: #391
2020-11-06 13:14:21 +00:00

90 lines
3.2 KiB
Go
Raw Blame History

/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package checkexpiration
import (
"github.com/spf13/cobra"
"opendev.org/airship/airshipctl/pkg/cluster/checkexpiration"
"opendev.org/airship/airshipctl/pkg/config"
"opendev.org/airship/airshipctl/pkg/k8s/client"
"opendev.org/airship/airshipctl/pkg/log"
)
const (
checkLong = `
Displays a list of certificate expirations from both the management and
workload clusters, or in a self-managed cluster. Checks for TLS Secrets,
kubeconf secrets (which gets created while creating the workload cluster) and
also the node certificates present inside /etc/kubernetes/pki directory for
each node`
checkExample = `
# To display all the expiring entities in the cluster
airshipctl cluster check-certificate-expiration --kubeconfig testconfig
# To display the entities whose expiration is within threshold of 30 days
airshipctl cluster check-certificate-expiration -t 30 --kubeconfig testconfig
# To output the contents to json (default operation)
airshipctl cluster check-certificate-expiration -o json --kubeconfig testconfig
or
airshipctl cluster check-certificate-expiration --kubeconfig testconfig
# To output the contents to yaml
airshipctl cluster check-certificate-expiration -o yaml --kubeconfig testconfig
# To output the contents whose expiration is within 30 days to yaml
airshipctl cluster check-certificate-expiration -t 30 -o yaml --kubeconfig testconfig
`
kubeconfigFlag = "kubeconfig"
)
// NewCheckCommand creates a new command for generating secret information
func NewCheckCommand(cfgFactory config.Factory) *cobra.Command {
c := &checkexpiration.CheckCommand{
Options: checkexpiration.CheckFlags{},
CfgFactory: cfgFactory,
ClientFactory: client.DefaultClient,
}
checkCmd := &cobra.Command{
Use: "check-certificate-expiration",
Short: "Check for expiring TLS certificates, secrets and kubeconfigs in the kubernetes cluster",
Long: checkLong[1:],
Example: checkExample,
RunE: func(cmd *cobra.Command, args []string) error {
return c.RunE(cmd.OutOrStdout())
},
}
checkCmd.Flags().IntVarP(&c.Options.Threshold, "threshold", "t", -1,
"The max expiration threshold in days before a certificate is"+
" expiring. Displays all the certificates by default")
checkCmd.Flags().StringVarP(&c.Options.FormatType, "output", "o", "json", "Convert "+
"output to yaml or json")
checkCmd.Flags().StringVar(&c.Options.Kubeconfig, kubeconfigFlag, "",
"Path to kubeconfig associated with cluster being managed")
checkCmd.Flags().StringVar(&c.Options.KubeContext, "kubecontext", "",
"Kubeconfig context to be used")
err := checkCmd.MarkFlagRequired(kubeconfigFlag)
if err != nil {
log.Fatalf("marking kubeconfig flag required failed: %v", err)
}
return checkCmd
}
View Git Blame Copy Permalink