1 files changed, 23 insertions, 31 deletions
diff --git a/certServiceK8sExternalProvider/src/cmpv2controller/cmpv2_issuer_controller.go b/certServiceK8sExternalProvider/src/cmpv2controller/cmpv2_issuer_controller.go
index f57f5677..1b4e5312 100644
--- a/certServiceK8sExternalProvider/src/cmpv2controller/cmpv2_issuer_controller.go
+++ b/certServiceK8sExternalProvider/src/cmpv2controller/cmpv2_issuer_controller.go
@@ -28,6 +28,7 @@ package cmpv2controller
 import (
 	"context"
 	"fmt"
+
 	"github.com/go-logr/logr"
 	core "k8s.io/api/core/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
@@ -35,10 +36,11 @@ import (
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/client-go/tools/record"
 	"k8s.io/utils/clock"
-	"onap.org/oom-certservice/k8s-external-provider/src/cmpv2api"
-	provisioners "onap.org/oom-certservice/k8s-external-provider/src/cmpv2provisioner"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	"onap.org/oom-certservice/k8s-external-provider/src/cmpv2api"
+	provisioners "onap.org/oom-certservice/k8s-external-provider/src/cmpv2provisioner"
 )
 
 // CMPv2IssuerController reconciles a CMPv2Issuer object
@@ -74,21 +76,18 @@ func (controller *CMPv2IssuerController) Reconcile(req ctrl.Request) (ctrl.Resul
 	var secret core.Secret
 	secretNamespaceName := types.NamespacedName{
 		Namespace: req.Namespace,
-		Name:      issuer.Spec.KeyRef.Name,
+		Name:      issuer.Spec.CertSecretRef.Name,
 	}
 	if err := controller.loadResource(ctx, secretNamespaceName, &secret); err != nil {
 		handleErrorInvalidSecret(ctx, log, err, statusUpdater, secretNamespaceName)
 		return ctrl.Result{}, err
 	}
-	password, ok := secret.Data[issuer.Spec.KeyRef.Key]
-	if !ok {
-		err := handleErrorSecretNotFound(ctx, log, issuer, statusUpdater, secretNamespaceName, secret)
-		return ctrl.Result{}, err
-	}
 
 	// 4. Create CMPv2 provisioner and store the instance for further use
-	provisioner, err := provisioners.New(issuer, password)
+	provisioner, err := provisioners.CreateProvisioner(issuer, secret)
 	if err != nil {
+		log.Error(err, "failed to initialize provisioner")
+		statusUpdater.UpdateNoError(ctx, cmpv2api.ConditionFalse, "Error", "Failed to initialize provisioner: %v", err)
 		handleErrorProvisionerInitialization(ctx, log, err, statusUpdater)
 		return ctrl.Result{}, err
 	}
@@ -103,7 +102,6 @@ func (controller *CMPv2IssuerController) Reconcile(req ctrl.Request) (ctrl.Resul
 	return ctrl.Result{}, nil
 }
 
-
 func (controller *CMPv2IssuerController) SetupWithManager(manager ctrl.Manager) error {
 	return ctrl.NewControllerManagedBy(manager).
 		For(&cmpv2api.CMPv2Issuer{}).
@@ -114,18 +112,22 @@ func (controller *CMPv2IssuerController) loadResource(ctx context.Context, key c
 	return controller.Client.Get(ctx, key, obj)
 }
 
-
 func validateCMPv2IssuerSpec(issuerSpec cmpv2api.CMPv2IssuerSpec, log logr.Logger) error {
 	switch {
-		case issuerSpec.URL == "":
-			return fmt.Errorf("spec.url cannot be empty")
-		case issuerSpec.KeyRef.Name == "":
-			return fmt.Errorf("spec.keyRef.name cannot be empty")
-		case issuerSpec.KeyRef.Key == "":
-			return fmt.Errorf("spec.keyRef.key cannot be empty")
-		default:
-			log.Info("CMPv2Issuer validated. ")
-			return nil
+	case issuerSpec.URL == "":
+		return fmt.Errorf("spec.url cannot be empty")
+	case issuerSpec.CaName == "":
+		return fmt.Errorf("spec.caName cannot be empty")
+	case issuerSpec.CertSecretRef.Name == "":
+		return fmt.Errorf("spec.certSecretRef.name cannot be empty")
+	case issuerSpec.CertSecretRef.KeyRef == "":
+		return fmt.Errorf("spec.certSecretRef.keyRef cannot be empty")
+	case issuerSpec.CertSecretRef.CertRef == "":
+		return fmt.Errorf("spec.certSecretRef.certRef cannot be empty")
+	case issuerSpec.CertSecretRef.CacertRef == "":
+		return fmt.Errorf("spec.certSecretRef.cacertRef cannot be empty")
+	default:
+		return nil
 	}
 }
 
@@ -134,22 +136,19 @@ func updateCMPv2IssuerStatusToVerified(statusUpdater *CMPv2IssuerStatusUpdater,
 	return statusUpdater.Update(ctx, cmpv2api.ConditionTrue, Verified, "CMPv2Issuer verified and ready to sign certificates")
 }
 
-
 // Error handling
 
 func handleErrorUpdatingCMPv2IssuerStatus(log logr.Logger, err error) {
 	log.Error(err, "Failed to update CMPv2Issuer status")
 }
 
-
 func handleErrorLoadingCMPv2Issuer(log logr.Logger, err error) {
 	log.Error(err, "Failed to retrieve CMPv2Issuer resource")
 }
 
-
 func handleErrorProvisionerInitialization(ctx context.Context, log logr.Logger, err error, statusUpdater *CMPv2IssuerStatusUpdater) {
 	log.Error(err, "Failed to initialize provisioner")
-	statusUpdater.UpdateNoError(ctx, cmpv2api.ConditionFalse, Error, "Failed initialize provisioner")
+	statusUpdater.UpdateNoError(ctx, cmpv2api.ConditionFalse, Error, "Failed to initialize provisioner: %v", err)
 }
 
 func handleErrorCMPv2IssuerValidation(ctx context.Context, log logr.Logger, err error, statusUpdater *CMPv2IssuerStatusUpdater) {
@@ -157,13 +156,6 @@ func handleErrorCMPv2IssuerValidation(ctx context.Context, log logr.Logger, err
 	statusUpdater.UpdateNoError(ctx, cmpv2api.ConditionFalse, ValidationFailed, "Failed to validate resource: %v", err)
 }
 
-func handleErrorSecretNotFound(ctx context.Context, log logr.Logger, issuer *cmpv2api.CMPv2Issuer, statusUpdater *CMPv2IssuerStatusUpdater, secretNamespaceName types.NamespacedName, secret core.Secret) error {
-	err := fmt.Errorf("secret %s does not contain key %s", secret.Name, issuer.Spec.KeyRef.Key)
-	log.Error(err, "Failed to retrieve CMPv2Issuer provisioner secret", "namespace", secretNamespaceName.Namespace, "name", secretNamespaceName.Name)
-	statusUpdater.UpdateNoError(ctx, cmpv2api.ConditionFalse, NotFound, "Failed to retrieve provisioner secret: %v", err)
-	return err
-}
-
 func handleErrorInvalidSecret(ctx context.Context, log logr.Logger, err error, statusUpdater *CMPv2IssuerStatusUpdater, secretNamespaceName types.NamespacedName) {
 	log.Error(err, "Failed to retrieve CMPv2Issuer provisioner secret", "namespace", secretNamespaceName.Namespace, "name", secretNamespaceName.Name)
 	if apierrors.IsNotFound(err) {