Skip to content

Commit

Permalink
feat: add secret validation to ingress analyzer (k8sgpt-ai#141)
Browse files Browse the repository at this point in the history 
This commit adds a check to the ingress analyzer that verifies whether the secret declared in the ingress exists on the cluster. This helps to ensure that only valid secrets are used in the ingress configuration.

Signed-off-by: Matthis Holleville <matthish29@gmail.com>
Signed-off-by: Chadiii <blackbeard@DESKTOP-P8DU4CN.localdomain>
  • Loading branch information
@matthisholleville
matthisholleville authored and Chadiii committed Mar 30, 2023
1 parent cdc7bb1 commit c0d9258
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions pkg/analyzer/ingressAnalyzer.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,12 @@ func AnalyzeIngress(ctx context.Context, config *AnalysisConfiguration, client *
}
}

for _, tls := range ing.Spec.TLS {
_, err := client.GetClient().CoreV1().Secrets(ing.Namespace).Get(ctx, tls.SecretName, metav1.GetOptions{})
if err != nil {
failures = append(failures, fmt.Sprintf("Ingress uses the secret %s/%s as a TLS certificate which does not exist.", ing.Namespace, tls.SecretName))
}
}
if len(failures) > 0 {
preAnalysis[fmt.Sprintf("%s/%s", ing.Namespace, ing.Name)] = PreAnalysis{
Ingress: ing,
Expand Down

0 comments on commit c0d9258

Please sign in to comment.