diff options
Diffstat (limited to 'certServiceK8sExternalProvider')
8 files changed, 142 insertions, 149 deletions
diff --git a/certServiceK8sExternalProvider/main.go b/certServiceK8sExternalProvider/main.go index ed4e5b89..71b6be5d 100644 --- a/certServiceK8sExternalProvider/main.go +++ b/certServiceK8sExternalProvider/main.go @@ -23,7 +23,6 @@ * ============LICENSE_END========================================================= */ - package main import ( @@ -68,7 +67,7 @@ func main() { ctrl.SetLogger(zap.New(zap.UseDevMode(true))) setupLog.Info("Creating k8s Manager...") - mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{ + manager, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{ Scheme: scheme, MetricsBindAddress: metricsAddr, LeaderElection: enableLeaderElection, @@ -80,27 +79,27 @@ func main() { setupLog.Info("Registering CertServiceIssuerReconciler...") if err = (&controllers.CertServiceIssuerReconciler{ - Client: mgr.GetClient(), + Client: manager.GetClient(), Log: ctrl.Log.WithName("controllers").WithName("CertServiceIssuer"), Clock: clock.RealClock{}, - Recorder: mgr.GetEventRecorderFor("certservice-issuer-controller"), - }).SetupWithManager(mgr); err != nil { + Recorder: manager.GetEventRecorderFor("certservice-issuer-controller"), + }).SetupWithManager(manager); err != nil { setupLog.Error(err, "unable to create controller", "controller", "CertServiceIssuer") os.Exit(1) } setupLog.Info("Registering CertificateRequestReconciler...") if err = (&controllers.CertificateRequestReconciler{ - Client: mgr.GetClient(), + Client: manager.GetClient(), Log: ctrl.Log.WithName("controllers").WithName("CertificateRequest"), - Recorder: mgr.GetEventRecorderFor("certificaterequests-controller"), - }).SetupWithManager(mgr); err != nil { + Recorder: manager.GetEventRecorderFor("certificaterequests-controller"), + }).SetupWithManager(manager); err != nil { setupLog.Error(err, "unable to create controller", "controller", "CertificateRequest") os.Exit(1) } setupLog.Info("Starting k8s manager...") - if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil { + if err := manager.Start(ctrl.SetupSignalHandler()); err != nil { setupLog.Error(err, "problem running manager") os.Exit(1) } diff --git a/certServiceK8sExternalProvider/src/api/cerservice_issuer_crd_deepcopy.go b/certServiceK8sExternalProvider/src/api/cerservice_issuer_crd_deepcopy.go index 2b2e455b..b901cc76 100644 --- a/certServiceK8sExternalProvider/src/api/cerservice_issuer_crd_deepcopy.go +++ b/certServiceK8sExternalProvider/src/api/cerservice_issuer_crd_deepcopy.go @@ -23,7 +23,6 @@ * ============LICENSE_END========================================================= */ - package api import ( @@ -31,73 +30,73 @@ import ( ) // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SecretKeySelector) DeepCopyInto(out *SecretKeySelector) { - *out = *in +func (inputSecretKeySelector *SecretKeySelector) DeepCopyInto(outSecretKeySelector *SecretKeySelector) { + *outSecretKeySelector = *inputSecretKeySelector } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretKeySelector. -func (in *SecretKeySelector) DeepCopy() *SecretKeySelector { - if in == nil { +func (inputSecretKeySelector *SecretKeySelector) DeepCopy() *SecretKeySelector { + if inputSecretKeySelector == nil { return nil } out := new(SecretKeySelector) - in.DeepCopyInto(out) + inputSecretKeySelector.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CertServiceIssuer) DeepCopyInto(out *CertServiceIssuer) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) +func (inputCertServiceIssuer *CertServiceIssuer) DeepCopyInto(outCertServiceIssuer *CertServiceIssuer) { + *outCertServiceIssuer = *inputCertServiceIssuer + outCertServiceIssuer.TypeMeta = inputCertServiceIssuer.TypeMeta + inputCertServiceIssuer.ObjectMeta.DeepCopyInto(&outCertServiceIssuer.ObjectMeta) + inputCertServiceIssuer.Spec.DeepCopyInto(&outCertServiceIssuer.Spec) + inputCertServiceIssuer.Status.DeepCopyInto(&outCertServiceIssuer.Status) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertServiceIssuer. -func (in *CertServiceIssuer) DeepCopy() *CertServiceIssuer { - if in == nil { +func (inputCertServiceIssuer *CertServiceIssuer) DeepCopy() *CertServiceIssuer { + if inputCertServiceIssuer == nil { return nil } out := new(CertServiceIssuer) - in.DeepCopyInto(out) + inputCertServiceIssuer.DeepCopyInto(out) return out } // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *CertServiceIssuer) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c +func (inputCertServiceIssuer *CertServiceIssuer) DeepCopyObject() runtime.Object { + if deepCopy := inputCertServiceIssuer.DeepCopy(); deepCopy != nil { + return deepCopy } return nil } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CertServiceIssuerCondition) DeepCopyInto(out *CertServiceIssuerCondition) { - *out = *in - if in.LastTransitionTime != nil { - in, out := &in.LastTransitionTime, &out.LastTransitionTime +func (inputIssuerCondition *CertServiceIssuerCondition) DeepCopyInto(outIssuerCondition *CertServiceIssuerCondition) { + *outIssuerCondition = *inputIssuerCondition + if inputIssuerCondition.LastTransitionTime != nil { + in, out := &inputIssuerCondition.LastTransitionTime, &outIssuerCondition.LastTransitionTime *out = (*in).DeepCopy() } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertServiceIssuerCondition. -func (in *CertServiceIssuerCondition) DeepCopy() *CertServiceIssuerCondition { - if in == nil { +func (inputIssuerCondition *CertServiceIssuerCondition) DeepCopy() *CertServiceIssuerCondition { + if inputIssuerCondition == nil { return nil } out := new(CertServiceIssuerCondition) - in.DeepCopyInto(out) + inputIssuerCondition.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CertServiceIssuerList) DeepCopyInto(out *CertServiceIssuerList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items +func (inputIssuerList *CertServiceIssuerList) DeepCopyInto(outIssuerList *CertServiceIssuerList) { + *outIssuerList = *inputIssuerList + outIssuerList.TypeMeta = inputIssuerList.TypeMeta + inputIssuerList.ListMeta.DeepCopyInto(&outIssuerList.ListMeta) + if inputIssuerList.Items != nil { + in, out := &inputIssuerList.Items, &outIssuerList.Items *out = make([]CertServiceIssuer, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) @@ -106,44 +105,44 @@ func (in *CertServiceIssuerList) DeepCopyInto(out *CertServiceIssuerList) { } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertServiceIssuerList. -func (in *CertServiceIssuerList) DeepCopy() *CertServiceIssuerList { - if in == nil { +func (inputIssuerList *CertServiceIssuerList) DeepCopy() *CertServiceIssuerList { + if inputIssuerList == nil { return nil } out := new(CertServiceIssuerList) - in.DeepCopyInto(out) + inputIssuerList.DeepCopyInto(out) return out } // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *CertServiceIssuerList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c +func (inputIssuerList *CertServiceIssuerList) DeepCopyObject() runtime.Object { + if deepCopy := inputIssuerList.DeepCopy(); deepCopy != nil { + return deepCopy } return nil } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CertServiceIssuerSpec) DeepCopyInto(out *CertServiceIssuerSpec) { - *out = *in - out.KeyRef = in.KeyRef +func (inputIssuerSpec *CertServiceIssuerSpec) DeepCopyInto(outIssuerSpec *CertServiceIssuerSpec) { + *outIssuerSpec = *inputIssuerSpec + outIssuerSpec.KeyRef = inputIssuerSpec.KeyRef } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertServiceIssuerSpec. -func (in *CertServiceIssuerSpec) DeepCopy() *CertServiceIssuerSpec { - if in == nil { +func (inputIssuerSpec *CertServiceIssuerSpec) DeepCopy() *CertServiceIssuerSpec { + if inputIssuerSpec == nil { return nil } out := new(CertServiceIssuerSpec) - in.DeepCopyInto(out) + inputIssuerSpec.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CertServiceIssuerStatus) DeepCopyInto(out *CertServiceIssuerStatus) { - *out = *in - if in.Conditions != nil { - in, out := &in.Conditions, &out.Conditions +func (inputIssuerStatus *CertServiceIssuerStatus) DeepCopyInto(outIssuerStatus *CertServiceIssuerStatus) { + *outIssuerStatus = *inputIssuerStatus + if inputIssuerStatus.Conditions != nil { + in, out := &inputIssuerStatus.Conditions, &outIssuerStatus.Conditions *out = make([]CertServiceIssuerCondition, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) @@ -152,11 +151,11 @@ func (in *CertServiceIssuerStatus) DeepCopyInto(out *CertServiceIssuerStatus) { } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertServiceIssuerStatus. -func (in *CertServiceIssuerStatus) DeepCopy() *CertServiceIssuerStatus { - if in == nil { +func (inputIssuerStatus *CertServiceIssuerStatus) DeepCopy() *CertServiceIssuerStatus { + if inputIssuerStatus == nil { return nil } out := new(CertServiceIssuerStatus) - in.DeepCopyInto(out) + inputIssuerStatus.DeepCopyInto(out) return out } diff --git a/certServiceK8sExternalProvider/src/api/certservice_issuer_crd_schema.go b/certServiceK8sExternalProvider/src/api/certservice_issuer_crd_schema.go index f829ae54..b09813bb 100644 --- a/certServiceK8sExternalProvider/src/api/certservice_issuer_crd_schema.go +++ b/certServiceK8sExternalProvider/src/api/certservice_issuer_crd_schema.go @@ -23,8 +23,6 @@ * ============LICENSE_END========================================================= */ - - package api import ( diff --git a/certServiceK8sExternalProvider/src/api/groupversion_info.go b/certServiceK8sExternalProvider/src/api/groupversion_info.go index ebb76424..e5cdea12 100644 --- a/certServiceK8sExternalProvider/src/api/groupversion_info.go +++ b/certServiceK8sExternalProvider/src/api/groupversion_info.go @@ -23,7 +23,6 @@ * ============LICENSE_END========================================================= */ - package api import ( diff --git a/certServiceK8sExternalProvider/src/certservice-controller/certificaterequest_reconciler.go b/certServiceK8sExternalProvider/src/certservice-controller/certificaterequest_reconciler.go index 1a917e1b..92e77960 100644 --- a/certServiceK8sExternalProvider/src/certservice-controller/certificaterequest_reconciler.go +++ b/certServiceK8sExternalProvider/src/certservice-controller/certificaterequest_reconciler.go @@ -53,14 +53,14 @@ type CertificateRequestReconciler struct { // Reconcile will read and validate a CertServiceIssuer resource associated to the // CertificateRequest resource, and it will sign the CertificateRequest with the // provisioner in the CertServiceIssuer. -func (r *CertificateRequestReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) { +func (reconciler *CertificateRequestReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) { ctx := context.Background() - log := r.Log.WithValues("certificaterequest", req.NamespacedName) + log := reconciler.Log.WithValues("certificaterequest", req.NamespacedName) // Fetch the CertificateRequest resource being reconciled. // Just ignore the request if the certificate request has been deleted. - cr := new(cmapi.CertificateRequest) - if err := r.Client.Get(ctx, req.NamespacedName, cr); err != nil { + certificateRequest := new(cmapi.CertificateRequest) + if err := reconciler.Client.Get(ctx, req.NamespacedName, certificateRequest); err != nil { if apierrors.IsNotFound(err) { return ctrl.Result{}, nil } @@ -71,65 +71,65 @@ func (r *CertificateRequestReconciler) Reconcile(req ctrl.Request) (ctrl.Result, // Check the CertificateRequest's issuerRef and if it does not match the api // group name, log a message at a debug level and stop processing. - if cr.Spec.IssuerRef.Group != "" && cr.Spec.IssuerRef.Group != api.GroupVersion.Group { - log.V(4).Info("resource does not specify an issuerRef group name that we are responsible for", "group", cr.Spec.IssuerRef.Group) + if certificateRequest.Spec.IssuerRef.Group != "" && certificateRequest.Spec.IssuerRef.Group != api.GroupVersion.Group { + log.V(4).Info("resource does not specify an issuerRef group name that we are responsible for", "group", certificateRequest.Spec.IssuerRef.Group) return ctrl.Result{}, nil } // If the certificate data is already set then we skip this request as it // has already been completed in the past. - if len(cr.Status.Certificate) > 0 { + if len(certificateRequest.Status.Certificate) > 0 { log.V(4).Info("existing certificate data found in status, skipping already completed CertificateRequest") return ctrl.Result{}, nil } // Fetch the CertServiceIssuer resource - iss := api.CertServiceIssuer{} - issNamespaceName := types.NamespacedName{ + issuer := api.CertServiceIssuer{} + issuerNamespaceName := types.NamespacedName{ Namespace: req.Namespace, - Name: cr.Spec.IssuerRef.Name, + Name: certificateRequest.Spec.IssuerRef.Name, } - if err := r.Client.Get(ctx, issNamespaceName, &iss); err != nil { - log.Error(err, "failed to retrieve CertServiceIssuer resource", "namespace", req.Namespace, "name", cr.Spec.IssuerRef.Name) - _ = r.setStatus(ctx, cr, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonPending, "Failed to retrieve CertServiceIssuer resource %s: %v", issNamespaceName, err) + if err := reconciler.Client.Get(ctx, issuerNamespaceName, &issuer); err != nil { + log.Error(err, "failed to retrieve CertServiceIssuer resource", "namespace", req.Namespace, "name", certificateRequest.Spec.IssuerRef.Name) + _ = reconciler.setStatus(ctx, certificateRequest, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonPending, "Failed to retrieve CertServiceIssuer resource %s: %v", issuerNamespaceName, err) return ctrl.Result{}, err } // Check if the CertServiceIssuer resource has been marked Ready - if !certServiceIssuerHasCondition(iss, api.CertServiceIssuerCondition{Type: api.ConditionReady, Status: api.ConditionTrue}) { - err := fmt.Errorf("resource %s is not ready", issNamespaceName) - log.Error(err, "failed to retrieve CertServiceIssuer resource", "namespace", req.Namespace, "name", cr.Spec.IssuerRef.Name) - _ = r.setStatus(ctx, cr, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonPending, "CertServiceIssuer resource %s is not Ready", issNamespaceName) + if !certServiceIssuerHasCondition(issuer, api.CertServiceIssuerCondition{Type: api.ConditionReady, Status: api.ConditionTrue}) { + err := fmt.Errorf("resource %s is not ready", issuerNamespaceName) + log.Error(err, "failed to retrieve CertServiceIssuer resource", "namespace", req.Namespace, "name", certificateRequest.Spec.IssuerRef.Name) + _ = reconciler.setStatus(ctx, certificateRequest, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonPending, "CertServiceIssuer resource %s is not Ready", issuerNamespaceName) return ctrl.Result{}, err } // Load the provisioner that will sign the CertificateRequest - provisioner, ok := provisioners.Load(issNamespaceName) + provisioner, ok := provisioners.Load(issuerNamespaceName) if !ok { - err := fmt.Errorf("provisioner %s not found", issNamespaceName) + err := fmt.Errorf("provisioner %s not found", issuerNamespaceName) log.Error(err, "failed to provisioner for CertServiceIssuer resource") - _ = r.setStatus(ctx, cr, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonPending, "Failed to load provisioner for CertServiceIssuer resource %s", issNamespaceName) + _ = reconciler.setStatus(ctx, certificateRequest, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonPending, "Failed to load provisioner for CertServiceIssuer resource %s", issuerNamespaceName) return ctrl.Result{}, err } // Sign CertificateRequest - signedPEM, trustedCAs, err := provisioner.Sign(ctx, cr) + signedPEM, trustedCAs, err := provisioner.Sign(ctx, certificateRequest) if err != nil { log.Error(err, "failed to sign certificate request") - return ctrl.Result{}, r.setStatus(ctx, cr, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonFailed, "Failed to sign certificate request: %v", err) + return ctrl.Result{}, reconciler.setStatus(ctx, certificateRequest, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonFailed, "Failed to sign certificate request: %v", err) } - cr.Status.Certificate = signedPEM - cr.Status.CA = trustedCAs + certificateRequest.Status.Certificate = signedPEM + certificateRequest.Status.CA = trustedCAs - return ctrl.Result{}, r.setStatus(ctx, cr, cmmeta.ConditionTrue, cmapi.CertificateRequestReasonIssued, "Certificate issued") + return ctrl.Result{}, reconciler.setStatus(ctx, certificateRequest, cmmeta.ConditionTrue, cmapi.CertificateRequestReasonIssued, "Certificate issued") } // SetupWithManager initializes the CertificateRequest controller into the // controller runtime. -func (r *CertificateRequestReconciler) SetupWithManager(mgr ctrl.Manager) error { - return ctrl.NewControllerManagedBy(mgr). +func (reconciler *CertificateRequestReconciler) SetupWithManager(manager ctrl.Manager) error { + return ctrl.NewControllerManagedBy(manager). For(&cmapi.CertificateRequest{}). - Complete(r) + Complete(reconciler) } // certServiceIssuerHasCondition will return true if the given CertServiceIssuer resource has @@ -137,26 +137,26 @@ func (r *CertificateRequestReconciler) SetupWithManager(mgr ctrl.Manager) error // Status field will be used in the comparison, meaning that this function will // return 'true' even if the Reason, Message and LastTransitionTime fields do // not match. -func certServiceIssuerHasCondition(iss api.CertServiceIssuer, c api.CertServiceIssuerCondition) bool { - existingConditions := iss.Status.Conditions +func certServiceIssuerHasCondition(issuer api.CertServiceIssuer, condition api.CertServiceIssuerCondition) bool { + existingConditions := issuer.Status.Conditions for _, cond := range existingConditions { - if c.Type == cond.Type && c.Status == cond.Status { + if condition.Type == cond.Type && condition.Status == cond.Status { return true } } return false } -func (r *CertificateRequestReconciler) setStatus(ctx context.Context, cr *cmapi.CertificateRequest, status cmmeta.ConditionStatus, reason, message string, args ...interface{}) error { +func (reconciler *CertificateRequestReconciler) setStatus(ctx context.Context, certificateRequest *cmapi.CertificateRequest, status cmmeta.ConditionStatus, reason, message string, args ...interface{}) error { completeMessage := fmt.Sprintf(message, args...) - apiutil.SetCertificateRequestCondition(cr, cmapi.CertificateRequestConditionReady, status, reason, completeMessage) + apiutil.SetCertificateRequestCondition(certificateRequest, cmapi.CertificateRequestConditionReady, status, reason, completeMessage) // Fire an Event to additionally inform users of the change eventType := core.EventTypeNormal if status == cmmeta.ConditionFalse { eventType = core.EventTypeWarning } - r.Recorder.Event(cr, eventType, reason, completeMessage) + reconciler.Recorder.Event(certificateRequest, eventType, reason, completeMessage) - return r.Client.Status().Update(ctx, cr) + return reconciler.Client.Status().Update(ctx, certificateRequest) } diff --git a/certServiceK8sExternalProvider/src/certservice-controller/certservice_issuer_reconciler.go b/certServiceK8sExternalProvider/src/certservice-controller/certservice_issuer_reconciler.go index d5be11e8..b22abcd4 100644 --- a/certServiceK8sExternalProvider/src/certservice-controller/certservice_issuer_reconciler.go +++ b/certServiceK8sExternalProvider/src/certservice-controller/certservice_issuer_reconciler.go @@ -23,7 +23,6 @@ * ============LICENSE_END========================================================= */ - package certservice_controller import ( @@ -51,18 +50,18 @@ type CertServiceIssuerReconciler struct { // Reconcile will read and validate the CertServiceIssuer resources, it will set the // status condition ready to true if everything is right. -func (r *CertServiceIssuerReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) { +func (reconciler *CertServiceIssuerReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) { ctx := context.Background() - log := r.Log.WithValues("certservice-issuer-controller", req.NamespacedName) + log := reconciler.Log.WithValues("certservice-issuer-controller", req.NamespacedName) - iss := new(api.CertServiceIssuer) - if err := r.Client.Get(ctx, req.NamespacedName, iss); err != nil { + issuer := new(api.CertServiceIssuer) + if err := reconciler.Client.Get(ctx, req.NamespacedName, issuer); err != nil { log.Error(err, "failed to retrieve CertServiceIssuer resource") return ctrl.Result{}, client.IgnoreNotFound(err) } - statusReconciler := newStatusReconciler(r, iss, log) - if err := validateCertServiceIssuerSpec(iss.Spec); err != nil { + statusReconciler := newStatusReconciler(reconciler, issuer, log) + if err := validateCertServiceIssuerSpec(issuer.Spec); err != nil { log.Error(err, "failed to validate CertServiceIssuer resource") statusReconciler.UpdateNoError(ctx, api.ConditionFalse, "Validation", "Failed to validate resource: %v", err) return ctrl.Result{}, err @@ -72,9 +71,9 @@ func (r *CertServiceIssuerReconciler) Reconcile(req ctrl.Request) (ctrl.Result, var secret core.Secret secretNamespaceName := types.NamespacedName{ Namespace: req.Namespace, - Name: iss.Spec.KeyRef.Name, + Name: issuer.Spec.KeyRef.Name, } - if err := r.Client.Get(ctx, secretNamespaceName, &secret); err != nil { + if err := reconciler.Client.Get(ctx, secretNamespaceName, &secret); err != nil { log.Error(err, "failed to retrieve CertServiceIssuer provisioner secret", "namespace", secretNamespaceName.Namespace, "name", secretNamespaceName.Name) if apierrors.IsNotFound(err) { statusReconciler.UpdateNoError(ctx, api.ConditionFalse, "NotFound", "Failed to retrieve provisioner secret: %v", err) @@ -83,41 +82,41 @@ func (r *CertServiceIssuerReconciler) Reconcile(req ctrl.Request) (ctrl.Result, } return ctrl.Result{}, err } - password, ok := secret.Data[iss.Spec.KeyRef.Key] + password, ok := secret.Data[issuer.Spec.KeyRef.Key] if !ok { - err := fmt.Errorf("secret %s does not contain key %s", secret.Name, iss.Spec.KeyRef.Key) + err := fmt.Errorf("secret %s does not contain key %s", secret.Name, issuer.Spec.KeyRef.Key) log.Error(err, "failed to retrieve CertServiceIssuer provisioner secret", "namespace", secretNamespaceName.Namespace, "name", secretNamespaceName.Name) statusReconciler.UpdateNoError(ctx, api.ConditionFalse, "NotFound", "Failed to retrieve provisioner secret: %v", err) return ctrl.Result{}, err } // Initialize and store the provisioner - p, err := provisioners.New(iss, password) + provisioner, err := provisioners.New(issuer, password) if err != nil { log.Error(err, "failed to initialize provisioner") statusReconciler.UpdateNoError(ctx, api.ConditionFalse, "Error", "failed initialize provisioner") return ctrl.Result{}, err } - provisioners.Store(req.NamespacedName, p) + provisioners.Store(req.NamespacedName, provisioner) return ctrl.Result{}, statusReconciler.Update(ctx, api.ConditionTrue, "Verified", "CertServiceIssuer verified and ready to sign certificates") } // SetupWithManager initializes the CertServiceIssuer controller into the controller // runtime. -func (r *CertServiceIssuerReconciler) SetupWithManager(mgr ctrl.Manager) error { - return ctrl.NewControllerManagedBy(mgr). +func (reconciler *CertServiceIssuerReconciler) SetupWithManager(manager ctrl.Manager) error { + return ctrl.NewControllerManagedBy(manager). For(&api.CertServiceIssuer{}). - Complete(r) + Complete(reconciler) } -func validateCertServiceIssuerSpec(s api.CertServiceIssuerSpec) error { +func validateCertServiceIssuerSpec(issuerSpec api.CertServiceIssuerSpec) error { switch { - case s.URL == "": + case issuerSpec.URL == "": return fmt.Errorf("spec.url cannot be empty") - case s.KeyRef.Name == "": + case issuerSpec.KeyRef.Name == "": return fmt.Errorf("spec.keyRef.name cannot be empty") - case s.KeyRef.Key == "": + case issuerSpec.KeyRef.Key == "": return fmt.Errorf("spec.keyRef.key cannot be empty") default: return nil diff --git a/certServiceK8sExternalProvider/src/certservice-controller/certservice_issuer_status_reconciler.go b/certServiceK8sExternalProvider/src/certservice-controller/certservice_issuer_status_reconciler.go index c01ae85c..6dd8baea 100644 --- a/certServiceK8sExternalProvider/src/certservice-controller/certservice_issuer_status_reconciler.go +++ b/certServiceK8sExternalProvider/src/certservice-controller/certservice_issuer_status_reconciler.go @@ -23,7 +23,6 @@ * ============LICENSE_END========================================================= */ - package certservice_controller import ( @@ -41,31 +40,31 @@ type certServiceIssuerStatusReconciler struct { logger logr.Logger } -func newStatusReconciler(r *CertServiceIssuerReconciler, iss *api.CertServiceIssuer, log logr.Logger) *certServiceIssuerStatusReconciler { +func newStatusReconciler(reconciler *CertServiceIssuerReconciler, issuer *api.CertServiceIssuer, log logr.Logger) *certServiceIssuerStatusReconciler { return &certServiceIssuerStatusReconciler{ - CertServiceIssuerReconciler: r, - issuer: iss, + CertServiceIssuerReconciler: reconciler, + issuer: issuer, logger: log, } } -func (r *certServiceIssuerStatusReconciler) Update(ctx context.Context, status api.ConditionStatus, reason, message string, args ...interface{}) error { +func (reconciler *certServiceIssuerStatusReconciler) Update(ctx context.Context, status api.ConditionStatus, reason, message string, args ...interface{}) error { completeMessage := fmt.Sprintf(message, args...) - r.setCondition(status, reason, completeMessage) + reconciler.setCondition(status, reason, completeMessage) // Fire an Event to additionally inform users of the change eventType := core.EventTypeNormal if status == api.ConditionFalse { eventType = core.EventTypeWarning } - r.Recorder.Event(r.issuer, eventType, reason, completeMessage) + reconciler.Recorder.Event(reconciler.issuer, eventType, reason, completeMessage) - return r.Client.Status().Update(ctx, r.issuer) + return reconciler.Client.Status().Update(ctx, reconciler.issuer) } -func (r *certServiceIssuerStatusReconciler) UpdateNoError(ctx context.Context, status api.ConditionStatus, reason, message string, args ...interface{}) { - if err := r.Update(ctx, status, reason, message, args...); err != nil { - r.logger.Error(err, "failed to update", "status", status, "reason", reason) +func (reconciler *certServiceIssuerStatusReconciler) UpdateNoError(ctx context.Context, status api.ConditionStatus, reason, message string, args ...interface{}) { + if err := reconciler.Update(ctx, status, reason, message, args...); err != nil { + reconciler.logger.Error(err, "failed to update", "status", status, "reason", reason) } } @@ -78,9 +77,9 @@ func (r *certServiceIssuerStatusReconciler) UpdateNoError(ctx context.Context, s // - If a condition of the same type and different state already exists, the // condition will be updated and the LastTransitionTime set to the current // time. -func (r *certServiceIssuerStatusReconciler) setCondition(status api.ConditionStatus, reason, message string) { - now := meta.NewTime(r.Clock.Now()) - c := api.CertServiceIssuerCondition{ +func (reconciler *certServiceIssuerStatusReconciler) setCondition(status api.ConditionStatus, reason, message string) { + now := meta.NewTime(reconciler.Clock.Now()) + issuerCondition := api.CertServiceIssuerCondition{ Type: api.ConditionReady, Status: status, Reason: reason, @@ -89,27 +88,27 @@ func (r *certServiceIssuerStatusReconciler) setCondition(status api.ConditionSta } // Search through existing conditions - for idx, cond := range r.issuer.Status.Conditions { + for i, condition := range reconciler.issuer.Status.Conditions { // Skip unrelated conditions - if cond.Type != api.ConditionReady { + if condition.Type != api.ConditionReady { continue } // If this update doesn't contain a state transition, we don't update // the conditions LastTransitionTime to Now() - if cond.Status == status { - c.LastTransitionTime = cond.LastTransitionTime + if condition.Status == status { + issuerCondition.LastTransitionTime = condition.LastTransitionTime } else { - r.logger.Info("found status change for CertServiceIssuer condition; setting lastTransitionTime", "condition", cond.Type, "old_status", cond.Status, "new_status", status, "time", now.Time) + reconciler.logger.Info("found status change for CertServiceIssuer condition; setting lastTransitionTime", "condition", condition.Type, "old_status", condition.Status, "new_status", status, "time", now.Time) } // Overwrite the existing condition - r.issuer.Status.Conditions[idx] = c + reconciler.issuer.Status.Conditions[i] = issuerCondition return } // If we've not found an existing condition of this type, we simply insert // the new condition into the slice. - r.issuer.Status.Conditions = append(r.issuer.Status.Conditions, c) - r.logger.Info("setting lastTransitionTime for CertServiceIssuer condition", "condition", api.ConditionReady, "time", now.Time) + reconciler.issuer.Status.Conditions = append(reconciler.issuer.Status.Conditions, issuerCondition) + reconciler.logger.Info("setting lastTransitionTime for CertServiceIssuer condition", "condition", api.ConditionReady, "time", now.Time) } diff --git a/certServiceK8sExternalProvider/src/certservice-provisioner/certservice-provisioner.go b/certServiceK8sExternalProvider/src/certservice-provisioner/certservice-provisioner.go index 627c2d42..b20e0395 100644 --- a/certServiceK8sExternalProvider/src/certservice-provisioner/certservice-provisioner.go +++ b/certServiceK8sExternalProvider/src/certservice-provisioner/certservice-provisioner.go @@ -47,11 +47,11 @@ type CertServiceCA struct { key []byte } -func New(iss *api.CertServiceIssuer, key []byte) (*CertServiceCA, error) { +func New(certServiceIssuer *api.CertServiceIssuer, key []byte) (*CertServiceCA, error) { ca := CertServiceCA{} - ca.name = iss.Name - ca.url = iss.Spec.URL + ca.name = certServiceIssuer.Name + ca.url = certServiceIssuer.Spec.URL ca.key = key log := ctrl.Log.WithName("certservice-provisioner") @@ -61,26 +61,26 @@ func New(iss *api.CertServiceIssuer, key []byte) (*CertServiceCA, error) { } func Load(namespacedName types.NamespacedName) (*CertServiceCA, bool) { - v, ok := collection.Load(namespacedName) + provisioner, ok := collection.Load(namespacedName) if !ok { return nil, ok } - p, ok := v.(*CertServiceCA) - return p, ok + certServiceCAprovisioner, ok := provisioner.(*CertServiceCA) + return certServiceCAprovisioner, ok } func Store(namespacedName types.NamespacedName, provisioner *CertServiceCA) { collection.Store(namespacedName, provisioner) } -func (ca *CertServiceCA) Sign(ctx context.Context, cr *certmanager.CertificateRequest) ([]byte, []byte, error) { +func (ca *CertServiceCA) Sign(ctx context.Context, certificateRequest *certmanager.CertificateRequest) ([]byte, []byte, error) { log := ctrl.Log.WithName("certservice-provisioner") - log.Info("Signing certificate: ", "cert-name", cr.Name) + log.Info("Signing certificate: ", "cert-name", certificateRequest.Name) key, _ := base64.RawStdEncoding.DecodeString(string(ca.key)) log.Info("CA: ", "name", ca.name, "url", ca.url, "key", key) - crPEM := cr.Spec.CSRPEM + crPEM := certificateRequest.Spec.CSRPEM csrBase64 := crPEM log.Info("Csr PEM: ", "bytes", csrBase64) @@ -104,7 +104,7 @@ func (ca *CertServiceCA) Sign(ctx context.Context, cr *certmanager.CertificateRe signedPEM := encodedPEM trustedCA := encodedPEM - log.Info("Successfully signed: ", "cert-name", cr.Name) + log.Info("Successfully signed: ", "cert-name", certificateRequest.Name) log.Info("Signed cert PEM: ", "bytes", signedPEM) log.Info("Trusted CA PEM: ", "bytes", trustedCA) |