diff options
| author |   Jan Malkiewicz <jan.malkiewicz@nokia.com> | 2020-10-28 08:19:08 +0100 |
|---|---|---|
| committer | Jan Malkiewicz <jan.malkiewicz@nokia.com> | 2020-10-29 11:14:03 +0100 |
| commit | 8795295e7783695618ebaa25951b8eb2e35f4333 (patch) | |
| tree | aeecdefc6f9495d1c195e56844edbdc32b0f3e47 /certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller.go | |
| parent | 1b1eddbac8e25d90c4ff2dd08445606abab2670d (diff) | |
[OOM-K8S-CERT-EXTERNAL-PROVIDER] Add logging of supported CSR properties
Issue-ID: OOM-2559
Signed-off-by: Jan Malkiewicz <jan.malkiewicz@nokia.com>
Change-Id: I8e6a55eea3d87b6bb5f3a26ca9a11d618bb61a77
Diffstat (limited to 'certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller.go')
| -rw-r--r-- | certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller.go | 23 |
1 files changed, 19 insertions, 4 deletions
diff --git a/certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller.go b/certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller.go index f77642cd..03eef35c 100644 --- a/certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller.go +++ b/certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller.go @@ -43,6 +43,7 @@ import ( "onap.org/oom-certservice/k8s-external-provider/src/cmpv2api" "onap.org/oom-certservice/k8s-external-provider/src/cmpv2controller/logger" provisioners "onap.org/oom-certservice/k8s-external-provider/src/cmpv2provisioner" + x509utils "onap.org/oom-certservice/k8s-external-provider/src/x509" ) const ( @@ -124,17 +125,25 @@ func (controller *CertificateRequestController) Reconcile(k8sRequest ctrl.Reques } privateKeyBytes := privateKeySecret.Data[privateKeySecretKey] - // 8. Log Certificate Request properties not supported or overridden by CertService API - logger.LogCertRequestProperties(ctrl.Log.WithName("CSR details"), certificateRequest) + // 8. Decode CSR + log.Info("Decoding CSR...") + csr, err := x509utils.DecodeCSR(certificateRequest.Spec.Request) + if err != nil { + controller.handleErrorFailedToDecodeCSR(ctx, log, err, certificateRequest) + return ctrl.Result{}, err + } + + // 9. Log Certificate Request properties not supported or overridden by CertService API + logger.LogCertRequestProperties(ctrl.Log.WithName("CSR details"), certificateRequest, csr) - // 9. Sign CertificateRequest + // 10. Sign CertificateRequest signedPEM, trustedCAs, err := provisioner.Sign(ctx, certificateRequest, privateKeyBytes) if err != nil { controller.handleErrorFailedToSignCertificate(ctx, log, err, certificateRequest) return ctrl.Result{}, err } - // 10. Store signed certificates in CertificateRequest + // 11. Store signed certificates in CertificateRequest certificateRequest.Status.Certificate = signedPEM certificateRequest.Status.CA = trustedCAs if err := controller.updateCertificateRequestWithSignedCerficates(ctx, certificateRequest); err != nil { @@ -221,6 +230,12 @@ func (controller *CertificateRequestController) handleErrorFailedToSignCertifica _ = controller.setStatus(ctx, certificateRequest, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonFailed, "Failed to sign certificate request: %v", err) } +func (controller *CertificateRequestController) handleErrorFailedToDecodeCSR(ctx context.Context, log logr.Logger, err error, certificateRequest *cmapi.CertificateRequest) { + log.Error(err, "Failed to decode certificate sign request") + _ = controller.setStatus(ctx, certificateRequest, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonFailed, "Failed to decode CSR: %v", err) +} + + func handleErrorResourceNotFound(log logr.Logger, err error) error { if apierrors.IsNotFound(err) { log.Error(err, "CertificateRequest resource not found") |