Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

🌱 Fix code quality issues in TLS configuration code #1125

Merged
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 9 additions & 12 deletions main.go
Original file line number Diff line number Diff line change
Expand Up @@ -53,12 +53,10 @@ import (
// +kubebuilder:scaffold:imports
)

type TLSVersion string

// Constants for TLS versions.
const (
TLSVersion12 TLSVersion = "TLS12"
TLSVersion13 TLSVersion = "TLS13"
TLSVersion12 = "TLS12"
TLSVersion13 = "TLS13"
)

type TLSOptions struct {
Expand Down Expand Up @@ -94,7 +92,7 @@ var (
logOptions = logs.NewOptions()
enableBMHNameBasedPreallocation bool
tlsOptions = TLSOptions{}
tlsSupportedVersions = []string{"TLS12", "TLS13"}
tlsSupportedVersions = []string{TLSVersion12, TLSVersion13}
)

func init() {
Expand Down Expand Up @@ -292,12 +290,12 @@ func initFlags(fs *pflag.FlagSet) {

fs.IntVar(&restConfigBurst, "kube-api-burst", 30,
"Maximum number of queries that should be allowed in one burst from the controller client to the Kubernetes API server. Default 30")
flag.StringVar(&tlsOptions.TLSMinVersion, "tls-min-version", "TLS12",
flag.StringVar(&tlsOptions.TLSMinVersion, "tls-min-version", TLSVersion12,
"The minimum TLS version in use by the webhook server.\n"+
fmt.Sprintf("Possible values are %s.", strings.Join(tlsSupportedVersions, ", ")),
)

fs.StringVar(&tlsOptions.TLSMaxVersion, "tls-max-version", "TLS13",
fs.StringVar(&tlsOptions.TLSMaxVersion, "tls-max-version", TLSVersion13,
"The maximum TLS version in use by the webhook server.\n"+
fmt.Sprintf("Possible values are %s.", strings.Join(tlsSupportedVersions, ", ")),
)
Expand Down Expand Up @@ -493,8 +491,7 @@ func GetTLSOptionOverrideFuncs(options TLSOptions) ([]func(*tls.Config), error)
cfg.MaxVersion = tlsMaxVersion
})
// Cipher suites should not be set if empty.
if options.TLSMinVersion == string(TLSVersion13) &&
options.TLSMaxVersion == string(TLSVersion13) &&
if tlsMinVersion >= tls.VersionTLS13 &&
options.TLSCipherSuites != "" {
setupLog.Info("warning: Cipher suites should not be set for TLS version 1.3. Ignoring ciphers")
options.TLSCipherSuites = ""
Expand Down Expand Up @@ -528,12 +525,12 @@ func GetTLSVersion(version string) (uint16, error) {
var v uint16

switch version {
case string(TLSVersion12):
case TLSVersion12:
v = tls.VersionTLS12
case string(TLSVersion13):
case TLSVersion13:
v = tls.VersionTLS13
default:
return 0, fmt.Errorf("unexpected TLS version %q (must be one of: TLS12, TLS13)", version)
return 0, fmt.Errorf("unexpected TLS version %q (must be one of: %s)", version, strings.Join(tlsSupportedVersions, ", "))
}
return v, nil
}
Loading