diff options
Diffstat (limited to 'certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner.go')
-rw-r--r-- | certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner.go | 48 |
1 files changed, 22 insertions, 26 deletions
diff --git a/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner.go b/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner.go index dc2824ce..db171e33 100644 --- a/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner.go +++ b/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner.go @@ -26,14 +26,12 @@ package cmpv2provisioner import ( - "context" "sync" "k8s.io/apimachinery/pkg/types" "onap.org/oom-certservice/k8s-external-provider/src/certserviceclient" "onap.org/oom-certservice/k8s-external-provider/src/cmpv2api" - "onap.org/oom-certservice/k8s-external-provider/src/cmpv2provisioner/csr" "onap.org/oom-certservice/k8s-external-provider/src/leveledlogger" "onap.org/oom-certservice/k8s-external-provider/src/model" ) @@ -45,6 +43,7 @@ type CertServiceCA struct { url string healthEndpoint string certEndpoint string + updateEndpoint string caName string certServiceClient certserviceclient.CertServiceClient } @@ -57,10 +56,11 @@ func New(cmpv2Issuer *cmpv2api.CMPv2Issuer, certServiceClient certserviceclient. ca.caName = cmpv2Issuer.Spec.CaName ca.healthEndpoint = cmpv2Issuer.Spec.HealthEndpoint ca.certEndpoint = cmpv2Issuer.Spec.CertEndpoint + ca.updateEndpoint = cmpv2Issuer.Spec.UpdateEndpoint ca.certServiceClient = certServiceClient log := leveledlogger.GetLoggerWithName("cmpv2-provisioner") - log.Info("Configuring CA: ", "name", ca.name, "url", ca.url, "caName", ca.caName, "healthEndpoint", ca.healthEndpoint, "certEndpoint", ca.certEndpoint) + log.Info("Configuring CA: ", "name", ca.name, "url", ca.url, "caName", ca.caName, "healthEndpoint", ca.healthEndpoint, "certEndpoint", ca.certEndpoint, "updateEndpoint", ca.updateEndpoint) return &ca, nil } @@ -85,40 +85,23 @@ func Store(namespacedName types.NamespacedName, provisioner *CertServiceCA) { } func (ca *CertServiceCA) Sign( - ctx context.Context, signCertificateModel model.SignCertificateModel, ) (signedCertificateChain []byte, trustedCertificates []byte, err error) { log := leveledlogger.GetLoggerWithName("certservice-provisioner") - if signCertificateModel.IsUpdateRevision { - log.Debug("Certificate will be updated.", "old-certificate", signCertificateModel.OldCertificate, - "old-private-key", signCertificateModel.OldPrivateKey) - } - certificateRequest := signCertificateModel.CertificateRequest - privateKeyBytes := signCertificateModel.PrivateKeyBytes log.Info("Signing certificate: ", "cert-name", certificateRequest.Name) - log.Info("CA: ", "name", ca.name, "url", ca.url) - csrBytes := certificateRequest.Spec.Request - log.Debug("Original CSR PEM: ", "bytes", csrBytes) - - filteredCsrBytes, err := csr.FilterFieldsFromCSR(csrBytes, privateKeyBytes) - if err != nil { - return nil, nil, err - } - log.Debug("Filtered out CSR PEM: ", "bytes", filteredCsrBytes) - var response *certserviceclient.CertificatesResponse var errAPI error - - if signCertificateModel.IsUpdateRevision { + if ca.isCertificateUpdate(signCertificateModel) { + log.Debug("Certificate will be updated.", "old-certificate", signCertificateModel.OldCertificateBytes) log.Info("Attempt to send certificate update request") - response, errAPI = ca.certServiceClient.UpdateCertificate(filteredCsrBytes, privateKeyBytes, signCertificateModel) + response, errAPI = ca.certServiceClient.UpdateCertificate(signCertificateModel) } else { log.Info("Attempt to send certificate request") - response, errAPI = ca.certServiceClient.GetCertificates(filteredCsrBytes, privateKeyBytes) + response, errAPI = ca.certServiceClient.GetCertificates(signCertificateModel) } if errAPI != nil { @@ -135,11 +118,24 @@ func (ca *CertServiceCA) Sign( log.Error(signErr, "Cannot parse response from CertService API") return nil, nil, signErr } - log.Info("Successfully signed: ", "cert-name", certificateRequest.Name) - log.Debug("Signed cert PEM: ", "bytes", signedCertificateChain) log.Debug("Trusted CA PEM: ", "bytes", trustedCertificates) return signedCertificateChain, trustedCertificates, nil } + +func (ca *CertServiceCA) updateEndpointIsConfigured() bool { + log := leveledlogger.GetLoggerWithName("certservice-provisioner") + isConfigured := ca.updateEndpoint != "" + if !isConfigured { + log.Info("Missing 'update endpoint' configuration. Certificates will received by certificate request instead of certificate update request") + } + return isConfigured +} + +func (ca *CertServiceCA) isCertificateUpdate(signCertificateModel model.SignCertificateModel) bool { + return len(signCertificateModel.OldCertificateBytes) > 0 && + len(signCertificateModel.OldPrivateKeyBytes) > 0 && + ca.updateEndpointIsConfigured() +} |