* oom-certservice-k8s-external-provider
* ================================================================================
* Copyright 2019 The cert-manager authors.
- * Modifications copyright (C) 2020 Nokia. All rights reserved.
+ * Copyright (C) 2020-2021 Nokia. All rights reserved.
* ================================================================================
* This source code was copied from the following git repository:
* https://github.com/smallstep/step-issuer
"onap.org/oom-certservice/k8s-external-provider/src/cmpv2controller/updater"
provisioners "onap.org/oom-certservice/k8s-external-provider/src/cmpv2provisioner"
"onap.org/oom-certservice/k8s-external-provider/src/leveledlogger"
+ "onap.org/oom-certservice/k8s-external-provider/src/model"
x509utils "onap.org/oom-certservice/k8s-external-provider/src/x509"
)
// 9. Log Certificate Request properties not supported or overridden by CertService API
logger.LogCertRequestProperties(leveledlogger.GetLoggerWithName("CSR details:"), certificateRequest, csr)
- // 10. Sign CertificateRequest
- signedPEM, trustedCAs, err := provisioner.Sign(ctx, certificateRequest, privateKeyBytes)
+ //10. Create sign certificate object with filtered CSR
+ signCertificateModel, err := model.CreateSignCertificateModel(controller.Client, certificateRequest, ctx, privateKeyBytes)
+ if err != nil {
+ controller.handleErrorFailedToFilterCSR(certUpdater, log, err)
+ return ctrl.Result{}, err
+ }
+
+ // 11. Sign CertificateRequest
+ signedPEM, trustedCAs, err := provisioner.Sign(signCertificateModel)
if err != nil {
controller.handleErrorFailedToSignCertificate(certUpdater, log, err)
- return ctrl.Result{}, nil
+ return ctrl.Result{}, err
}
- // 11. Store signed certificates in CertificateRequest
+ // 12. Store signed certificates in CertificateRequest
certificateRequest.Status.Certificate = signedPEM
certificateRequest.Status.CA = trustedCAs
if err := certUpdater.UpdateCertificateRequestWithSignedCertificates(); err != nil {
_ = updater.UpdateStatusWithEventTypeWarning(cmapi.CertificateRequestReasonFailed, "Failed to decode CSR: %v", err)
}
+func (controller *CertificateRequestController) handleErrorFailedToFilterCSR(updater *updater.CertificateRequestStatusUpdater, log leveledlogger.Logger, err error) {
+ log.Error(err, "Failed to filter certificate sign request fields")
+ _ = updater.UpdateStatusWithEventTypeWarning(cmapi.CertificateRequestReasonFailed, "Failed to filter CSR: %v", err)
+}
+
func handleErrorResourceNotFound(log leveledlogger.Logger, err error) error {
if apierrors.IsNotFound(err) {
log.Error(err, "CertificateRequest resource not found")