Skip to content

Commit

Permalink
chore: fix critical conditional handling for whitelistedIPCheck
Browse files Browse the repository at this point in the history
  • Loading branch information
clementnuss committed Apr 1, 2022
1 parent accb23e commit 1c3aaef
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 1 deletion.
1 change: 1 addition & 0 deletions internal/controller/csr_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -127,6 +127,7 @@ func (r *CertificateSigningRequestReconciler) Reconcile(ctx context.Context, req
return res, err // returning a non-nil error to make this request be processed again in the reconcile function
}
l.V(0).Info("Denying kubelet-serving CSR. IP whitelist check failed. Reason:" + reason)
appendCondition(&csr, false, reason)
} else if csr.Spec.ExpirationSeconds != nil && *csr.Spec.ExpirationSeconds > r.MaxExpirationSeconds {
reason := "CSR spec.expirationSeconds is longer than the maximum allowed expiration second"
l.V(0).Info("Denying kubelet-serving CSR. Reason:" + reason)
Expand Down
2 changes: 1 addition & 1 deletion internal/controller/regex_ip_checks.go
Original file line number Diff line number Diff line change
Expand Up @@ -103,5 +103,5 @@ func (r *CertificateSigningRequestReconciler) WhitelistedIPCheck(csr *certificat
}
}

return valid, reason, nil
return true, reason, nil
}

0 comments on commit 1c3aaef

Please sign in to comment.