From 681fdbb2afdc59dc419cb7649bbe20a3710ad9a1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Wilson=20J=C3=BAnior?= Date: Thu, 31 Oct 2024 10:23:59 -0300 Subject: [PATCH] certificate list: detect status of certificate not issued yet --- tsuru/client/certificate.go | 41 ++++++++++++++++++++++---------- tsuru/client/certificate_test.go | 38 ++++++++++++++++------------- 2 files changed, 50 insertions(+), 29 deletions(-) diff --git a/tsuru/client/certificate.go b/tsuru/client/certificate.go index 532f0345..6fdc73ee 100644 --- a/tsuru/client/certificate.go +++ b/tsuru/client/certificate.go @@ -234,16 +234,27 @@ func (c *CertificateList) Run(context *cmd.Context) error { for router, routerCerts := range appCerts.RouterCertificates { for cname, cnameCert := range routerCerts.CNameCertificates { - cert, err := parseCert([]byte(cnameCert.Certificate)) - if err != nil { - rows = append(rows, tablecli.Row{router, cname, err.Error(), "-"}) - continue + var publicKeyInfo string + var certificateValidity string + var ready bool + + if cnameCert.Certificate != "" { + cert, err := parseCert([]byte(cnameCert.Certificate)) + if err != nil { + rows = append(rows, tablecli.Row{router, cname, err.Error(), "-"}) + continue + } + + ready = true + publicKeyInfo = formatPublicKeyInfo(*cert) + certificateValidity = formatCertificateValidity(*cert) } + rows = append(rows, tablecli.Row{ router, - formatCName(cname, cnameCert.Issuer), - formatPublicKeyInfo(*cert), - formatCertificateValidity(*cert), + formatCName(cname, cnameCert.Issuer, ready), + publicKeyInfo, + certificateValidity, }) } } @@ -274,15 +285,21 @@ func publicKeySize(publicKey interface{}) int { return 0 } -func formatCName(cname string, issuer string) (cnameStr string) { - cnameStr += fmt.Sprintf("%s\n", cname) +func formatCName(cname string, issuer string, ready bool) string { + lines := []string{ + cname, + } if issuer != "" { - cnameStr += fmt.Sprintln(" managed by: cert-manager") - cnameStr += fmt.Sprintf(" issuer: %s\n", issuer) + lines = append(lines, " managed by: cert-manager", fmt.Sprintf(" issuer: %s", issuer)) + + if !ready { + lines = append(lines, " status: not ready") + } + } - return + return strings.Join(lines, "\n") } func formatPublicKeyInfo(cert x509.Certificate) (pkInfo string) { diff --git a/tsuru/client/certificate_test.go b/tsuru/client/certificate_test.go index c8bb01be..c48a4781 100644 --- a/tsuru/client/certificate_test.go +++ b/tsuru/client/certificate_test.go @@ -134,6 +134,7 @@ func (s *S) TestCertificateListRunSuccessfully(c *check.C) { }, "myapp.other.io": { Certificate: "", + Issuer: "pki", }, }, }, @@ -153,23 +154,26 @@ func (s *S) TestCertificateListRunSuccessfully(c *check.C) { c.Assert(err, check.IsNil) notBeforeStr := expectedNotBefore.UTC().Format(time.RFC3339) notAfterStr := expectedNotAfter.UTC().Format(time.RFC3339) - expected := `+----------------+----------------------------+-----------------------+----------------------+ -| Router | CName | Public Key Info | Certificate Validity | -+----------------+----------------------------+-----------------------+----------------------+ -| a-new-router | myapp.io | Algorithm | Not before | -| | | RSA | ` + notBeforeStr + ` | -| | | | | -| | | Key size (in bits) | Not after | -| | | 2048 | ` + notAfterStr + ` | -+----------------+----------------------------+-----------------------+----------------------+ -| ingress-router | myapp.io | Algorithm | Not before | -| | managed by: cert-manager | RSA | ` + notBeforeStr + ` | -| | issuer: lets-encrypt | | | -| | | Key size (in bits) | Not after | -| | | 2048 | ` + notAfterStr + ` | -+----------------+----------------------------+-----------------------+----------------------+ -| ingress-router | myapp.other.io | failed to decode data | - | -+----------------+----------------------------+-----------------------+----------------------+ + expected := `+----------------+----------------------------+--------------------+----------------------+ +| Router | CName | Public Key Info | Certificate Validity | ++----------------+----------------------------+--------------------+----------------------+ +| a-new-router | myapp.io | Algorithm | Not before | +| | | RSA | ` + notBeforeStr + ` | +| | | | | +| | | Key size (in bits) | Not after | +| | | 2048 | ` + notAfterStr + ` | ++----------------+----------------------------+--------------------+----------------------+ +| ingress-router | myapp.io | Algorithm | Not before | +| | managed by: cert-manager | RSA | ` + notBeforeStr + ` | +| | issuer: lets-encrypt | | | +| | | Key size (in bits) | Not after | +| | | 2048 | ` + notAfterStr + ` | ++----------------+----------------------------+--------------------+----------------------+ +| ingress-router | myapp.other.io | | | +| | managed by: cert-manager | | | +| | issuer: pki | | | +| | status: not ready | | | ++----------------+----------------------------+--------------------+----------------------+ ` trans := &cmdtest.ConditionalTransport{ Transport: cmdtest.Transport{