Code Review / oom / platform / cert-service.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
[OOM-K8S-CERT-EXTERNAL-PROVIDER] Add logging of supported CSR properties
[oom/platform/cert-service.git] / certServiceK8sExternalProvider / src / cmpv2controller / certificate_request_controller.go
diff --git a/certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller.go b/certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller.go
index f77642c..03eef35 100644 (file)
--- a/certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller.go
+++ b/certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller.go
@@ -43,6 +43,7 @@ import (
        "onap.org/oom-certservice/k8s-external-provider/src/cmpv2api"
        "onap.org/oom-certservice/k8s-external-provider/src/cmpv2controller/logger"
        provisioners "onap.org/oom-certservice/k8s-external-provider/src/cmpv2provisioner"
+       x509utils "onap.org/oom-certservice/k8s-external-provider/src/x509"
 )
 
 const (
@@ -124,17 +125,25 @@ func (controller *CertificateRequestController) Reconcile(k8sRequest ctrl.Reques
        }
        privateKeyBytes := privateKeySecret.Data[privateKeySecretKey]
 
-       // 8. Log Certificate Request properties not supported or overridden by CertService API
-       logger.LogCertRequestProperties(ctrl.Log.WithName("CSR details"), certificateRequest)
+       // 8. Decode CSR
+       log.Info("Decoding CSR...")
+       csr, err := x509utils.DecodeCSR(certificateRequest.Spec.Request)
+       if err != nil {
+               controller.handleErrorFailedToDecodeCSR(ctx, log, err, certificateRequest)
+               return ctrl.Result{}, err
+       }
+
+       // 9. Log Certificate Request properties not supported or overridden by CertService API
+       logger.LogCertRequestProperties(ctrl.Log.WithName("CSR details"), certificateRequest, csr)
 
-       // 9. Sign CertificateRequest
+       // 10. Sign CertificateRequest
        signedPEM, trustedCAs, err := provisioner.Sign(ctx, certificateRequest, privateKeyBytes)
        if err != nil {
                controller.handleErrorFailedToSignCertificate(ctx, log, err, certificateRequest)
                return ctrl.Result{}, err
        }
 
-       // 10. Store signed certificates in CertificateRequest
+       // 11. Store signed certificates in CertificateRequest
        certificateRequest.Status.Certificate = signedPEM
        certificateRequest.Status.CA = trustedCAs
        if err := controller.updateCertificateRequestWithSignedCerficates(ctx, certificateRequest); err != nil {
@@ -221,6 +230,12 @@ func (controller *CertificateRequestController) handleErrorFailedToSignCertifica
        _ = controller.setStatus(ctx, certificateRequest, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonFailed, "Failed to sign certificate request: %v", err)
 }
 
+func (controller *CertificateRequestController) handleErrorFailedToDecodeCSR(ctx context.Context, log logr.Logger, err error, certificateRequest *cmapi.CertificateRequest) {
+       log.Error(err, "Failed to decode certificate sign request")
+       _ = controller.setStatus(ctx, certificateRequest, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonFailed, "Failed to decode CSR: %v", err)
+}
+
+
 func handleErrorResourceNotFound(log logr.Logger, err error) error {
        if apierrors.IsNotFound(err) {
                log.Error(err, "CertificateRequest resource not found")
"oom/platform/cert-service"