aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--certServiceK8sExternalProvider/main.go17
-rw-r--r--certServiceK8sExternalProvider/src/api/cerservice_issuer_crd_deepcopy.go99
-rw-r--r--certServiceK8sExternalProvider/src/api/certservice_issuer_crd_schema.go2
-rw-r--r--certServiceK8sExternalProvider/src/api/groupversion_info.go1
-rw-r--r--certServiceK8sExternalProvider/src/certservice-controller/certificaterequest_reconciler.go70
-rw-r--r--certServiceK8sExternalProvider/src/certservice-controller/certservice_issuer_reconciler.go39
-rw-r--r--certServiceK8sExternalProvider/src/certservice-controller/certservice_issuer_status_reconciler.go43
-rw-r--r--certServiceK8sExternalProvider/src/certservice-provisioner/certservice-provisioner.go20
8 files changed, 142 insertions, 149 deletions
diff --git a/certServiceK8sExternalProvider/main.go b/certServiceK8sExternalProvider/main.go
index ed4e5b89..71b6be5d 100644
--- a/certServiceK8sExternalProvider/main.go
+++ b/certServiceK8sExternalProvider/main.go
@@ -23,7 +23,6 @@
* ============LICENSE_END=========================================================
*/
-
package main
import (
@@ -68,7 +67,7 @@ func main() {
ctrl.SetLogger(zap.New(zap.UseDevMode(true)))
setupLog.Info("Creating k8s Manager...")
- mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{
+ manager, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{
Scheme: scheme,
MetricsBindAddress: metricsAddr,
LeaderElection: enableLeaderElection,
@@ -80,27 +79,27 @@ func main() {
setupLog.Info("Registering CertServiceIssuerReconciler...")
if err = (&controllers.CertServiceIssuerReconciler{
- Client: mgr.GetClient(),
+ Client: manager.GetClient(),
Log: ctrl.Log.WithName("controllers").WithName("CertServiceIssuer"),
Clock: clock.RealClock{},
- Recorder: mgr.GetEventRecorderFor("certservice-issuer-controller"),
- }).SetupWithManager(mgr); err != nil {
+ Recorder: manager.GetEventRecorderFor("certservice-issuer-controller"),
+ }).SetupWithManager(manager); err != nil {
setupLog.Error(err, "unable to create controller", "controller", "CertServiceIssuer")
os.Exit(1)
}
setupLog.Info("Registering CertificateRequestReconciler...")
if err = (&controllers.CertificateRequestReconciler{
- Client: mgr.GetClient(),
+ Client: manager.GetClient(),
Log: ctrl.Log.WithName("controllers").WithName("CertificateRequest"),
- Recorder: mgr.GetEventRecorderFor("certificaterequests-controller"),
- }).SetupWithManager(mgr); err != nil {
+ Recorder: manager.GetEventRecorderFor("certificaterequests-controller"),
+ }).SetupWithManager(manager); err != nil {
setupLog.Error(err, "unable to create controller", "controller", "CertificateRequest")
os.Exit(1)
}
setupLog.Info("Starting k8s manager...")
- if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil {
+ if err := manager.Start(ctrl.SetupSignalHandler()); err != nil {
setupLog.Error(err, "problem running manager")
os.Exit(1)
}
diff --git a/certServiceK8sExternalProvider/src/api/cerservice_issuer_crd_deepcopy.go b/certServiceK8sExternalProvider/src/api/cerservice_issuer_crd_deepcopy.go
index 2b2e455b..b901cc76 100644
--- a/certServiceK8sExternalProvider/src/api/cerservice_issuer_crd_deepcopy.go
+++ b/certServiceK8sExternalProvider/src/api/cerservice_issuer_crd_deepcopy.go
@@ -23,7 +23,6 @@
* ============LICENSE_END=========================================================
*/
-
package api
import (
@@ -31,73 +30,73 @@ import (
)
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *SecretKeySelector) DeepCopyInto(out *SecretKeySelector) {
- *out = *in
+func (inputSecretKeySelector *SecretKeySelector) DeepCopyInto(outSecretKeySelector *SecretKeySelector) {
+ *outSecretKeySelector = *inputSecretKeySelector
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretKeySelector.
-func (in *SecretKeySelector) DeepCopy() *SecretKeySelector {
- if in == nil {
+func (inputSecretKeySelector *SecretKeySelector) DeepCopy() *SecretKeySelector {
+ if inputSecretKeySelector == nil {
return nil
}
out := new(SecretKeySelector)
- in.DeepCopyInto(out)
+ inputSecretKeySelector.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *CertServiceIssuer) DeepCopyInto(out *CertServiceIssuer) {
- *out = *in
- out.TypeMeta = in.TypeMeta
- in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
- in.Spec.DeepCopyInto(&out.Spec)
- in.Status.DeepCopyInto(&out.Status)
+func (inputCertServiceIssuer *CertServiceIssuer) DeepCopyInto(outCertServiceIssuer *CertServiceIssuer) {
+ *outCertServiceIssuer = *inputCertServiceIssuer
+ outCertServiceIssuer.TypeMeta = inputCertServiceIssuer.TypeMeta
+ inputCertServiceIssuer.ObjectMeta.DeepCopyInto(&outCertServiceIssuer.ObjectMeta)
+ inputCertServiceIssuer.Spec.DeepCopyInto(&outCertServiceIssuer.Spec)
+ inputCertServiceIssuer.Status.DeepCopyInto(&outCertServiceIssuer.Status)
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertServiceIssuer.
-func (in *CertServiceIssuer) DeepCopy() *CertServiceIssuer {
- if in == nil {
+func (inputCertServiceIssuer *CertServiceIssuer) DeepCopy() *CertServiceIssuer {
+ if inputCertServiceIssuer == nil {
return nil
}
out := new(CertServiceIssuer)
- in.DeepCopyInto(out)
+ inputCertServiceIssuer.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (in *CertServiceIssuer) DeepCopyObject() runtime.Object {
- if c := in.DeepCopy(); c != nil {
- return c
+func (inputCertServiceIssuer *CertServiceIssuer) DeepCopyObject() runtime.Object {
+ if deepCopy := inputCertServiceIssuer.DeepCopy(); deepCopy != nil {
+ return deepCopy
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *CertServiceIssuerCondition) DeepCopyInto(out *CertServiceIssuerCondition) {
- *out = *in
- if in.LastTransitionTime != nil {
- in, out := &in.LastTransitionTime, &out.LastTransitionTime
+func (inputIssuerCondition *CertServiceIssuerCondition) DeepCopyInto(outIssuerCondition *CertServiceIssuerCondition) {
+ *outIssuerCondition = *inputIssuerCondition
+ if inputIssuerCondition.LastTransitionTime != nil {
+ in, out := &inputIssuerCondition.LastTransitionTime, &outIssuerCondition.LastTransitionTime
*out = (*in).DeepCopy()
}
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertServiceIssuerCondition.
-func (in *CertServiceIssuerCondition) DeepCopy() *CertServiceIssuerCondition {
- if in == nil {
+func (inputIssuerCondition *CertServiceIssuerCondition) DeepCopy() *CertServiceIssuerCondition {
+ if inputIssuerCondition == nil {
return nil
}
out := new(CertServiceIssuerCondition)
- in.DeepCopyInto(out)
+ inputIssuerCondition.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *CertServiceIssuerList) DeepCopyInto(out *CertServiceIssuerList) {
- *out = *in
- out.TypeMeta = in.TypeMeta
- in.ListMeta.DeepCopyInto(&out.ListMeta)
- if in.Items != nil {
- in, out := &in.Items, &out.Items
+func (inputIssuerList *CertServiceIssuerList) DeepCopyInto(outIssuerList *CertServiceIssuerList) {
+ *outIssuerList = *inputIssuerList
+ outIssuerList.TypeMeta = inputIssuerList.TypeMeta
+ inputIssuerList.ListMeta.DeepCopyInto(&outIssuerList.ListMeta)
+ if inputIssuerList.Items != nil {
+ in, out := &inputIssuerList.Items, &outIssuerList.Items
*out = make([]CertServiceIssuer, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
@@ -106,44 +105,44 @@ func (in *CertServiceIssuerList) DeepCopyInto(out *CertServiceIssuerList) {
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertServiceIssuerList.
-func (in *CertServiceIssuerList) DeepCopy() *CertServiceIssuerList {
- if in == nil {
+func (inputIssuerList *CertServiceIssuerList) DeepCopy() *CertServiceIssuerList {
+ if inputIssuerList == nil {
return nil
}
out := new(CertServiceIssuerList)
- in.DeepCopyInto(out)
+ inputIssuerList.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (in *CertServiceIssuerList) DeepCopyObject() runtime.Object {
- if c := in.DeepCopy(); c != nil {
- return c
+func (inputIssuerList *CertServiceIssuerList) DeepCopyObject() runtime.Object {
+ if deepCopy := inputIssuerList.DeepCopy(); deepCopy != nil {
+ return deepCopy
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *CertServiceIssuerSpec) DeepCopyInto(out *CertServiceIssuerSpec) {
- *out = *in
- out.KeyRef = in.KeyRef
+func (inputIssuerSpec *CertServiceIssuerSpec) DeepCopyInto(outIssuerSpec *CertServiceIssuerSpec) {
+ *outIssuerSpec = *inputIssuerSpec
+ outIssuerSpec.KeyRef = inputIssuerSpec.KeyRef
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertServiceIssuerSpec.
-func (in *CertServiceIssuerSpec) DeepCopy() *CertServiceIssuerSpec {
- if in == nil {
+func (inputIssuerSpec *CertServiceIssuerSpec) DeepCopy() *CertServiceIssuerSpec {
+ if inputIssuerSpec == nil {
return nil
}
out := new(CertServiceIssuerSpec)
- in.DeepCopyInto(out)
+ inputIssuerSpec.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *CertServiceIssuerStatus) DeepCopyInto(out *CertServiceIssuerStatus) {
- *out = *in
- if in.Conditions != nil {
- in, out := &in.Conditions, &out.Conditions
+func (inputIssuerStatus *CertServiceIssuerStatus) DeepCopyInto(outIssuerStatus *CertServiceIssuerStatus) {
+ *outIssuerStatus = *inputIssuerStatus
+ if inputIssuerStatus.Conditions != nil {
+ in, out := &inputIssuerStatus.Conditions, &outIssuerStatus.Conditions
*out = make([]CertServiceIssuerCondition, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
@@ -152,11 +151,11 @@ func (in *CertServiceIssuerStatus) DeepCopyInto(out *CertServiceIssuerStatus) {
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertServiceIssuerStatus.
-func (in *CertServiceIssuerStatus) DeepCopy() *CertServiceIssuerStatus {
- if in == nil {
+func (inputIssuerStatus *CertServiceIssuerStatus) DeepCopy() *CertServiceIssuerStatus {
+ if inputIssuerStatus == nil {
return nil
}
out := new(CertServiceIssuerStatus)
- in.DeepCopyInto(out)
+ inputIssuerStatus.DeepCopyInto(out)
return out
}
diff --git a/certServiceK8sExternalProvider/src/api/certservice_issuer_crd_schema.go b/certServiceK8sExternalProvider/src/api/certservice_issuer_crd_schema.go
index f829ae54..b09813bb 100644
--- a/certServiceK8sExternalProvider/src/api/certservice_issuer_crd_schema.go
+++ b/certServiceK8sExternalProvider/src/api/certservice_issuer_crd_schema.go
@@ -23,8 +23,6 @@
* ============LICENSE_END=========================================================
*/
-
-
package api
import (
diff --git a/certServiceK8sExternalProvider/src/api/groupversion_info.go b/certServiceK8sExternalProvider/src/api/groupversion_info.go
index ebb76424..e5cdea12 100644
--- a/certServiceK8sExternalProvider/src/api/groupversion_info.go
+++ b/certServiceK8sExternalProvider/src/api/groupversion_info.go
@@ -23,7 +23,6 @@
* ============LICENSE_END=========================================================
*/
-
package api
import (
diff --git a/certServiceK8sExternalProvider/src/certservice-controller/certificaterequest_reconciler.go b/certServiceK8sExternalProvider/src/certservice-controller/certificaterequest_reconciler.go
index 1a917e1b..92e77960 100644
--- a/certServiceK8sExternalProvider/src/certservice-controller/certificaterequest_reconciler.go
+++ b/certServiceK8sExternalProvider/src/certservice-controller/certificaterequest_reconciler.go
@@ -53,14 +53,14 @@ type CertificateRequestReconciler struct {
// Reconcile will read and validate a CertServiceIssuer resource associated to the
// CertificateRequest resource, and it will sign the CertificateRequest with the
// provisioner in the CertServiceIssuer.
-func (r *CertificateRequestReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
+func (reconciler *CertificateRequestReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
ctx := context.Background()
- log := r.Log.WithValues("certificaterequest", req.NamespacedName)
+ log := reconciler.Log.WithValues("certificaterequest", req.NamespacedName)
// Fetch the CertificateRequest resource being reconciled.
// Just ignore the request if the certificate request has been deleted.
- cr := new(cmapi.CertificateRequest)
- if err := r.Client.Get(ctx, req.NamespacedName, cr); err != nil {
+ certificateRequest := new(cmapi.CertificateRequest)
+ if err := reconciler.Client.Get(ctx, req.NamespacedName, certificateRequest); err != nil {
if apierrors.IsNotFound(err) {
return ctrl.Result{}, nil
}
@@ -71,65 +71,65 @@ func (r *CertificateRequestReconciler) Reconcile(req ctrl.Request) (ctrl.Result,
// Check the CertificateRequest's issuerRef and if it does not match the api
// group name, log a message at a debug level and stop processing.
- if cr.Spec.IssuerRef.Group != "" && cr.Spec.IssuerRef.Group != api.GroupVersion.Group {
- log.V(4).Info("resource does not specify an issuerRef group name that we are responsible for", "group", cr.Spec.IssuerRef.Group)
+ if certificateRequest.Spec.IssuerRef.Group != "" && certificateRequest.Spec.IssuerRef.Group != api.GroupVersion.Group {
+ log.V(4).Info("resource does not specify an issuerRef group name that we are responsible for", "group", certificateRequest.Spec.IssuerRef.Group)
return ctrl.Result{}, nil
}
// If the certificate data is already set then we skip this request as it
// has already been completed in the past.
- if len(cr.Status.Certificate) > 0 {
+ if len(certificateRequest.Status.Certificate) > 0 {
log.V(4).Info("existing certificate data found in status, skipping already completed CertificateRequest")
return ctrl.Result{}, nil
}
// Fetch the CertServiceIssuer resource
- iss := api.CertServiceIssuer{}
- issNamespaceName := types.NamespacedName{
+ issuer := api.CertServiceIssuer{}
+ issuerNamespaceName := types.NamespacedName{
Namespace: req.Namespace,
- Name: cr.Spec.IssuerRef.Name,
+ Name: certificateRequest.Spec.IssuerRef.Name,
}
- if err := r.Client.Get(ctx, issNamespaceName, &iss); err != nil {
- log.Error(err, "failed to retrieve CertServiceIssuer resource", "namespace", req.Namespace, "name", cr.Spec.IssuerRef.Name)
- _ = r.setStatus(ctx, cr, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonPending, "Failed to retrieve CertServiceIssuer resource %s: %v", issNamespaceName, err)
+ if err := reconciler.Client.Get(ctx, issuerNamespaceName, &issuer); err != nil {
+ log.Error(err, "failed to retrieve CertServiceIssuer resource", "namespace", req.Namespace, "name", certificateRequest.Spec.IssuerRef.Name)
+ _ = reconciler.setStatus(ctx, certificateRequest, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonPending, "Failed to retrieve CertServiceIssuer resource %s: %v", issuerNamespaceName, err)
return ctrl.Result{}, err
}
// Check if the CertServiceIssuer resource has been marked Ready
- if !certServiceIssuerHasCondition(iss, api.CertServiceIssuerCondition{Type: api.ConditionReady, Status: api.ConditionTrue}) {
- err := fmt.Errorf("resource %s is not ready", issNamespaceName)
- log.Error(err, "failed to retrieve CertServiceIssuer resource", "namespace", req.Namespace, "name", cr.Spec.IssuerRef.Name)
- _ = r.setStatus(ctx, cr, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonPending, "CertServiceIssuer resource %s is not Ready", issNamespaceName)
+ if !certServiceIssuerHasCondition(issuer, api.CertServiceIssuerCondition{Type: api.ConditionReady, Status: api.ConditionTrue}) {
+ err := fmt.Errorf("resource %s is not ready", issuerNamespaceName)
+ log.Error(err, "failed to retrieve CertServiceIssuer resource", "namespace", req.Namespace, "name", certificateRequest.Spec.IssuerRef.Name)
+ _ = reconciler.setStatus(ctx, certificateRequest, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonPending, "CertServiceIssuer resource %s is not Ready", issuerNamespaceName)
return ctrl.Result{}, err
}
// Load the provisioner that will sign the CertificateRequest
- provisioner, ok := provisioners.Load(issNamespaceName)
+ provisioner, ok := provisioners.Load(issuerNamespaceName)
if !ok {
- err := fmt.Errorf("provisioner %s not found", issNamespaceName)
+ err := fmt.Errorf("provisioner %s not found", issuerNamespaceName)
log.Error(err, "failed to provisioner for CertServiceIssuer resource")
- _ = r.setStatus(ctx, cr, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonPending, "Failed to load provisioner for CertServiceIssuer resource %s", issNamespaceName)
+ _ = reconciler.setStatus(ctx, certificateRequest, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonPending, "Failed to load provisioner for CertServiceIssuer resource %s", issuerNamespaceName)
return ctrl.Result{}, err
}
// Sign CertificateRequest
- signedPEM, trustedCAs, err := provisioner.Sign(ctx, cr)
+ signedPEM, trustedCAs, err := provisioner.Sign(ctx, certificateRequest)
if err != nil {
log.Error(err, "failed to sign certificate request")
- return ctrl.Result{}, r.setStatus(ctx, cr, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonFailed, "Failed to sign certificate request: %v", err)
+ return ctrl.Result{}, reconciler.setStatus(ctx, certificateRequest, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonFailed, "Failed to sign certificate request: %v", err)
}
- cr.Status.Certificate = signedPEM
- cr.Status.CA = trustedCAs
+ certificateRequest.Status.Certificate = signedPEM
+ certificateRequest.Status.CA = trustedCAs
- return ctrl.Result{}, r.setStatus(ctx, cr, cmmeta.ConditionTrue, cmapi.CertificateRequestReasonIssued, "Certificate issued")
+ return ctrl.Result{}, reconciler.setStatus(ctx, certificateRequest, cmmeta.ConditionTrue, cmapi.CertificateRequestReasonIssued, "Certificate issued")
}
// SetupWithManager initializes the CertificateRequest controller into the
// controller runtime.
-func (r *CertificateRequestReconciler) SetupWithManager(mgr ctrl.Manager) error {
- return ctrl.NewControllerManagedBy(mgr).
+func (reconciler *CertificateRequestReconciler) SetupWithManager(manager ctrl.Manager) error {
+ return ctrl.NewControllerManagedBy(manager).
For(&cmapi.CertificateRequest{}).
- Complete(r)
+ Complete(reconciler)
}
// certServiceIssuerHasCondition will return true if the given CertServiceIssuer resource has
@@ -137,26 +137,26 @@ func (r *CertificateRequestReconciler) SetupWithManager(mgr ctrl.Manager) error
// Status field will be used in the comparison, meaning that this function will
// return 'true' even if the Reason, Message and LastTransitionTime fields do
// not match.
-func certServiceIssuerHasCondition(iss api.CertServiceIssuer, c api.CertServiceIssuerCondition) bool {
- existingConditions := iss.Status.Conditions
+func certServiceIssuerHasCondition(issuer api.CertServiceIssuer, condition api.CertServiceIssuerCondition) bool {
+ existingConditions := issuer.Status.Conditions
for _, cond := range existingConditions {
- if c.Type == cond.Type && c.Status == cond.Status {
+ if condition.Type == cond.Type && condition.Status == cond.Status {
return true
}
}
return false
}
-func (r *CertificateRequestReconciler) setStatus(ctx context.Context, cr *cmapi.CertificateRequest, status cmmeta.ConditionStatus, reason, message string, args ...interface{}) error {
+func (reconciler *CertificateRequestReconciler) setStatus(ctx context.Context, certificateRequest *cmapi.CertificateRequest, status cmmeta.ConditionStatus, reason, message string, args ...interface{}) error {
completeMessage := fmt.Sprintf(message, args...)
- apiutil.SetCertificateRequestCondition(cr, cmapi.CertificateRequestConditionReady, status, reason, completeMessage)
+ apiutil.SetCertificateRequestCondition(certificateRequest, cmapi.CertificateRequestConditionReady, status, reason, completeMessage)
// Fire an Event to additionally inform users of the change
eventType := core.EventTypeNormal
if status == cmmeta.ConditionFalse {
eventType = core.EventTypeWarning
}
- r.Recorder.Event(cr, eventType, reason, completeMessage)
+ reconciler.Recorder.Event(certificateRequest, eventType, reason, completeMessage)
- return r.Client.Status().Update(ctx, cr)
+ return reconciler.Client.Status().Update(ctx, certificateRequest)
}
diff --git a/certServiceK8sExternalProvider/src/certservice-controller/certservice_issuer_reconciler.go b/certServiceK8sExternalProvider/src/certservice-controller/certservice_issuer_reconciler.go
index d5be11e8..b22abcd4 100644
--- a/certServiceK8sExternalProvider/src/certservice-controller/certservice_issuer_reconciler.go
+++ b/certServiceK8sExternalProvider/src/certservice-controller/certservice_issuer_reconciler.go
@@ -23,7 +23,6 @@
* ============LICENSE_END=========================================================
*/
-
package certservice_controller
import (
@@ -51,18 +50,18 @@ type CertServiceIssuerReconciler struct {
// Reconcile will read and validate the CertServiceIssuer resources, it will set the
// status condition ready to true if everything is right.
-func (r *CertServiceIssuerReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
+func (reconciler *CertServiceIssuerReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
ctx := context.Background()
- log := r.Log.WithValues("certservice-issuer-controller", req.NamespacedName)
+ log := reconciler.Log.WithValues("certservice-issuer-controller", req.NamespacedName)
- iss := new(api.CertServiceIssuer)
- if err := r.Client.Get(ctx, req.NamespacedName, iss); err != nil {
+ issuer := new(api.CertServiceIssuer)
+ if err := reconciler.Client.Get(ctx, req.NamespacedName, issuer); err != nil {
log.Error(err, "failed to retrieve CertServiceIssuer resource")
return ctrl.Result{}, client.IgnoreNotFound(err)
}
- statusReconciler := newStatusReconciler(r, iss, log)
- if err := validateCertServiceIssuerSpec(iss.Spec); err != nil {
+ statusReconciler := newStatusReconciler(reconciler, issuer, log)
+ if err := validateCertServiceIssuerSpec(issuer.Spec); err != nil {
log.Error(err, "failed to validate CertServiceIssuer resource")
statusReconciler.UpdateNoError(ctx, api.ConditionFalse, "Validation", "Failed to validate resource: %v", err)
return ctrl.Result{}, err
@@ -72,9 +71,9 @@ func (r *CertServiceIssuerReconciler) Reconcile(req ctrl.Request) (ctrl.Result,
var secret core.Secret
secretNamespaceName := types.NamespacedName{
Namespace: req.Namespace,
- Name: iss.Spec.KeyRef.Name,
+ Name: issuer.Spec.KeyRef.Name,
}
- if err := r.Client.Get(ctx, secretNamespaceName, &secret); err != nil {
+ if err := reconciler.Client.Get(ctx, secretNamespaceName, &secret); err != nil {
log.Error(err, "failed to retrieve CertServiceIssuer provisioner secret", "namespace", secretNamespaceName.Namespace, "name", secretNamespaceName.Name)
if apierrors.IsNotFound(err) {
statusReconciler.UpdateNoError(ctx, api.ConditionFalse, "NotFound", "Failed to retrieve provisioner secret: %v", err)
@@ -83,41 +82,41 @@ func (r *CertServiceIssuerReconciler) Reconcile(req ctrl.Request) (ctrl.Result,
}
return ctrl.Result{}, err
}
- password, ok := secret.Data[iss.Spec.KeyRef.Key]
+ password, ok := secret.Data[issuer.Spec.KeyRef.Key]
if !ok {
- err := fmt.Errorf("secret %s does not contain key %s", secret.Name, iss.Spec.KeyRef.Key)
+ err := fmt.Errorf("secret %s does not contain key %s", secret.Name, issuer.Spec.KeyRef.Key)
log.Error(err, "failed to retrieve CertServiceIssuer provisioner secret", "namespace", secretNamespaceName.Namespace, "name", secretNamespaceName.Name)
statusReconciler.UpdateNoError(ctx, api.ConditionFalse, "NotFound", "Failed to retrieve provisioner secret: %v", err)
return ctrl.Result{}, err
}
// Initialize and store the provisioner
- p, err := provisioners.New(iss, password)
+ provisioner, err := provisioners.New(issuer, password)
if err != nil {
log.Error(err, "failed to initialize provisioner")
statusReconciler.UpdateNoError(ctx, api.ConditionFalse, "Error", "failed initialize provisioner")
return ctrl.Result{}, err
}
- provisioners.Store(req.NamespacedName, p)
+ provisioners.Store(req.NamespacedName, provisioner)
return ctrl.Result{}, statusReconciler.Update(ctx, api.ConditionTrue, "Verified", "CertServiceIssuer verified and ready to sign certificates")
}
// SetupWithManager initializes the CertServiceIssuer controller into the controller
// runtime.
-func (r *CertServiceIssuerReconciler) SetupWithManager(mgr ctrl.Manager) error {
- return ctrl.NewControllerManagedBy(mgr).
+func (reconciler *CertServiceIssuerReconciler) SetupWithManager(manager ctrl.Manager) error {
+ return ctrl.NewControllerManagedBy(manager).
For(&api.CertServiceIssuer{}).
- Complete(r)
+ Complete(reconciler)
}
-func validateCertServiceIssuerSpec(s api.CertServiceIssuerSpec) error {
+func validateCertServiceIssuerSpec(issuerSpec api.CertServiceIssuerSpec) error {
switch {
- case s.URL == "":
+ case issuerSpec.URL == "":
return fmt.Errorf("spec.url cannot be empty")
- case s.KeyRef.Name == "":
+ case issuerSpec.KeyRef.Name == "":
return fmt.Errorf("spec.keyRef.name cannot be empty")
- case s.KeyRef.Key == "":
+ case issuerSpec.KeyRef.Key == "":
return fmt.Errorf("spec.keyRef.key cannot be empty")
default:
return nil
diff --git a/certServiceK8sExternalProvider/src/certservice-controller/certservice_issuer_status_reconciler.go b/certServiceK8sExternalProvider/src/certservice-controller/certservice_issuer_status_reconciler.go
index c01ae85c..6dd8baea 100644
--- a/certServiceK8sExternalProvider/src/certservice-controller/certservice_issuer_status_reconciler.go
+++ b/certServiceK8sExternalProvider/src/certservice-controller/certservice_issuer_status_reconciler.go
@@ -23,7 +23,6 @@
* ============LICENSE_END=========================================================
*/
-
package certservice_controller
import (
@@ -41,31 +40,31 @@ type certServiceIssuerStatusReconciler struct {
logger logr.Logger
}
-func newStatusReconciler(r *CertServiceIssuerReconciler, iss *api.CertServiceIssuer, log logr.Logger) *certServiceIssuerStatusReconciler {
+func newStatusReconciler(reconciler *CertServiceIssuerReconciler, issuer *api.CertServiceIssuer, log logr.Logger) *certServiceIssuerStatusReconciler {
return &certServiceIssuerStatusReconciler{
- CertServiceIssuerReconciler: r,
- issuer: iss,
+ CertServiceIssuerReconciler: reconciler,
+ issuer: issuer,
logger: log,
}
}
-func (r *certServiceIssuerStatusReconciler) Update(ctx context.Context, status api.ConditionStatus, reason, message string, args ...interface{}) error {
+func (reconciler *certServiceIssuerStatusReconciler) Update(ctx context.Context, status api.ConditionStatus, reason, message string, args ...interface{}) error {
completeMessage := fmt.Sprintf(message, args...)
- r.setCondition(status, reason, completeMessage)
+ reconciler.setCondition(status, reason, completeMessage)
// Fire an Event to additionally inform users of the change
eventType := core.EventTypeNormal
if status == api.ConditionFalse {
eventType = core.EventTypeWarning
}
- r.Recorder.Event(r.issuer, eventType, reason, completeMessage)
+ reconciler.Recorder.Event(reconciler.issuer, eventType, reason, completeMessage)
- return r.Client.Status().Update(ctx, r.issuer)
+ return reconciler.Client.Status().Update(ctx, reconciler.issuer)
}
-func (r *certServiceIssuerStatusReconciler) UpdateNoError(ctx context.Context, status api.ConditionStatus, reason, message string, args ...interface{}) {
- if err := r.Update(ctx, status, reason, message, args...); err != nil {
- r.logger.Error(err, "failed to update", "status", status, "reason", reason)
+func (reconciler *certServiceIssuerStatusReconciler) UpdateNoError(ctx context.Context, status api.ConditionStatus, reason, message string, args ...interface{}) {
+ if err := reconciler.Update(ctx, status, reason, message, args...); err != nil {
+ reconciler.logger.Error(err, "failed to update", "status", status, "reason", reason)
}
}
@@ -78,9 +77,9 @@ func (r *certServiceIssuerStatusReconciler) UpdateNoError(ctx context.Context, s
// - If a condition of the same type and different state already exists, the
// condition will be updated and the LastTransitionTime set to the current
// time.
-func (r *certServiceIssuerStatusReconciler) setCondition(status api.ConditionStatus, reason, message string) {
- now := meta.NewTime(r.Clock.Now())
- c := api.CertServiceIssuerCondition{
+func (reconciler *certServiceIssuerStatusReconciler) setCondition(status api.ConditionStatus, reason, message string) {
+ now := meta.NewTime(reconciler.Clock.Now())
+ issuerCondition := api.CertServiceIssuerCondition{
Type: api.ConditionReady,
Status: status,
Reason: reason,
@@ -89,27 +88,27 @@ func (r *certServiceIssuerStatusReconciler) setCondition(status api.ConditionSta
}
// Search through existing conditions
- for idx, cond := range r.issuer.Status.Conditions {
+ for i, condition := range reconciler.issuer.Status.Conditions {
// Skip unrelated conditions
- if cond.Type != api.ConditionReady {
+ if condition.Type != api.ConditionReady {
continue
}
// If this update doesn't contain a state transition, we don't update
// the conditions LastTransitionTime to Now()
- if cond.Status == status {
- c.LastTransitionTime = cond.LastTransitionTime
+ if condition.Status == status {
+ issuerCondition.LastTransitionTime = condition.LastTransitionTime
} else {
- r.logger.Info("found status change for CertServiceIssuer condition; setting lastTransitionTime", "condition", cond.Type, "old_status", cond.Status, "new_status", status, "time", now.Time)
+ reconciler.logger.Info("found status change for CertServiceIssuer condition; setting lastTransitionTime", "condition", condition.Type, "old_status", condition.Status, "new_status", status, "time", now.Time)
}
// Overwrite the existing condition
- r.issuer.Status.Conditions[idx] = c
+ reconciler.issuer.Status.Conditions[i] = issuerCondition
return
}
// If we've not found an existing condition of this type, we simply insert
// the new condition into the slice.
- r.issuer.Status.Conditions = append(r.issuer.Status.Conditions, c)
- r.logger.Info("setting lastTransitionTime for CertServiceIssuer condition", "condition", api.ConditionReady, "time", now.Time)
+ reconciler.issuer.Status.Conditions = append(reconciler.issuer.Status.Conditions, issuerCondition)
+ reconciler.logger.Info("setting lastTransitionTime for CertServiceIssuer condition", "condition", api.ConditionReady, "time", now.Time)
}
diff --git a/certServiceK8sExternalProvider/src/certservice-provisioner/certservice-provisioner.go b/certServiceK8sExternalProvider/src/certservice-provisioner/certservice-provisioner.go
index 627c2d42..b20e0395 100644
--- a/certServiceK8sExternalProvider/src/certservice-provisioner/certservice-provisioner.go
+++ b/certServiceK8sExternalProvider/src/certservice-provisioner/certservice-provisioner.go
@@ -47,11 +47,11 @@ type CertServiceCA struct {
key []byte
}
-func New(iss *api.CertServiceIssuer, key []byte) (*CertServiceCA, error) {
+func New(certServiceIssuer *api.CertServiceIssuer, key []byte) (*CertServiceCA, error) {
ca := CertServiceCA{}
- ca.name = iss.Name
- ca.url = iss.Spec.URL
+ ca.name = certServiceIssuer.Name
+ ca.url = certServiceIssuer.Spec.URL
ca.key = key
log := ctrl.Log.WithName("certservice-provisioner")
@@ -61,26 +61,26 @@ func New(iss *api.CertServiceIssuer, key []byte) (*CertServiceCA, error) {
}
func Load(namespacedName types.NamespacedName) (*CertServiceCA, bool) {
- v, ok := collection.Load(namespacedName)
+ provisioner, ok := collection.Load(namespacedName)
if !ok {
return nil, ok
}
- p, ok := v.(*CertServiceCA)
- return p, ok
+ certServiceCAprovisioner, ok := provisioner.(*CertServiceCA)
+ return certServiceCAprovisioner, ok
}
func Store(namespacedName types.NamespacedName, provisioner *CertServiceCA) {
collection.Store(namespacedName, provisioner)
}
-func (ca *CertServiceCA) Sign(ctx context.Context, cr *certmanager.CertificateRequest) ([]byte, []byte, error) {
+func (ca *CertServiceCA) Sign(ctx context.Context, certificateRequest *certmanager.CertificateRequest) ([]byte, []byte, error) {
log := ctrl.Log.WithName("certservice-provisioner")
- log.Info("Signing certificate: ", "cert-name", cr.Name)
+ log.Info("Signing certificate: ", "cert-name", certificateRequest.Name)
key, _ := base64.RawStdEncoding.DecodeString(string(ca.key))
log.Info("CA: ", "name", ca.name, "url", ca.url, "key", key)
- crPEM := cr.Spec.CSRPEM
+ crPEM := certificateRequest.Spec.CSRPEM
csrBase64 := crPEM
log.Info("Csr PEM: ", "bytes", csrBase64)
@@ -104,7 +104,7 @@ func (ca *CertServiceCA) Sign(ctx context.Context, cr *certmanager.CertificateRe
signedPEM := encodedPEM
trustedCA := encodedPEM
- log.Info("Successfully signed: ", "cert-name", cr.Name)
+ log.Info("Successfully signed: ", "cert-name", certificateRequest.Name)
log.Info("Signed cert PEM: ", "bytes", signedPEM)
log.Info("Trusted CA PEM: ", "bytes", trustedCA)