Merge pull request #1125 from Nordix/jawad/capm3-tls-configuration-flags

🌱 Fix code quality issues in TLS configuration code
metal3-io · Aug 15, 2023 · 453671e · 453671e
2 parents 3505924 + 30adc0c
commit 453671e
Showing 1 changed file with 9 additions and 12 deletions.
diff --git a/main.go b/main.go
@@ -53,12 +53,10 @@ import (
 	// +kubebuilder:scaffold:imports
 )
 
-type TLSVersion string
-
 // Constants for TLS versions.
 const (
-	TLSVersion12 TLSVersion = "TLS12"
-	TLSVersion13 TLSVersion = "TLS13"
+	TLSVersion12 = "TLS12"
+	TLSVersion13 = "TLS13"
 )
 
 type TLSOptions struct {
@@ -94,7 +92,7 @@ var (
 	logOptions                       = logs.NewOptions()
 	enableBMHNameBasedPreallocation  bool
 	tlsOptions                       = TLSOptions{}
-	tlsSupportedVersions             = []string{"TLS12", "TLS13"}
+	tlsSupportedVersions             = []string{TLSVersion12, TLSVersion13}
 )
 
 func init() {
@@ -292,12 +290,12 @@ func initFlags(fs *pflag.FlagSet) {
 
 	fs.IntVar(&restConfigBurst, "kube-api-burst", 30,
 		"Maximum number of queries that should be allowed in one burst from the controller client to the Kubernetes API server. Default 30")
-	flag.StringVar(&tlsOptions.TLSMinVersion, "tls-min-version", "TLS12",
+	flag.StringVar(&tlsOptions.TLSMinVersion, "tls-min-version", TLSVersion12,
 		"The minimum TLS version in use by the webhook server.\n"+
 			fmt.Sprintf("Possible values are %s.", strings.Join(tlsSupportedVersions, ", ")),
 	)
 
-	fs.StringVar(&tlsOptions.TLSMaxVersion, "tls-max-version", "TLS13",
+	fs.StringVar(&tlsOptions.TLSMaxVersion, "tls-max-version", TLSVersion13,
 		"The maximum TLS version in use by the webhook server.\n"+
 			fmt.Sprintf("Possible values are %s.", strings.Join(tlsSupportedVersions, ", ")),
 	)
@@ -493,8 +491,7 @@ func GetTLSOptionOverrideFuncs(options TLSOptions) ([]func(*tls.Config), error)
 		cfg.MaxVersion = tlsMaxVersion
 	})
 	// Cipher suites should not be set if empty.
-	if options.TLSMinVersion == string(TLSVersion13) &&
-		options.TLSMaxVersion == string(TLSVersion13) &&
+	if tlsMinVersion >= tls.VersionTLS13 &&
 		options.TLSCipherSuites != "" {
 		setupLog.Info("warning: Cipher suites should not be set for TLS version 1.3. Ignoring ciphers")
 		options.TLSCipherSuites = ""
@@ -528,12 +525,12 @@ func GetTLSVersion(version string) (uint16, error) {
 	var v uint16
 
 	switch version {
-	case string(TLSVersion12):
+	case TLSVersion12:
 		v = tls.VersionTLS12
-	case string(TLSVersion13):
+	case TLSVersion13:
 		v = tls.VersionTLS13
 	default:
-		return 0, fmt.Errorf("unexpected TLS version %q (must be one of: TLS12, TLS13)", version)
+		return 0, fmt.Errorf("unexpected TLS version %q (must be one of: %s)", version, strings.Join(tlsSupportedVersions, ", "))
 	}
 	return v, nil
 }