Code Review / oom / platform / cert-service.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
[OOM-K8S-CERT-EXTERNAL-PROVIDER] Refactor provider code
[oom/platform/cert-service.git] / certServiceK8sExternalProvider / src / cmpv2controller / certificate_request_controller.go
diff --git a/certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller.go b/certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller.go
index 51d1359..5f8b196 100644 (file)
--- a/certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller.go
+++ b/certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller.go
@@ -3,7 +3,7 @@
  * oom-certservice-k8s-external-provider
  * ================================================================================
  * Copyright 2019 The cert-manager authors.
- * Modifications copyright (C) 2020 Nokia. All rights reserved.
+ * Copyright (C) 2020-2021 Nokia. All rights reserved.
  * ================================================================================
  * This source code was copied from the following git repository:
  * https://github.com/smallstep/step-issuer
@@ -42,6 +42,7 @@ import (
        "onap.org/oom-certservice/k8s-external-provider/src/cmpv2controller/updater"
        provisioners "onap.org/oom-certservice/k8s-external-provider/src/cmpv2provisioner"
        "onap.org/oom-certservice/k8s-external-provider/src/leveledlogger"
+       "onap.org/oom-certservice/k8s-external-provider/src/model"
        x509utils "onap.org/oom-certservice/k8s-external-provider/src/x509"
 )
 
@@ -137,14 +138,21 @@ func (controller *CertificateRequestController) Reconcile(k8sRequest ctrl.Reques
        // 9. Log Certificate Request properties not supported or overridden by CertService API
        logger.LogCertRequestProperties(leveledlogger.GetLoggerWithName("CSR details:"), certificateRequest, csr)
 
-       // 10. Sign CertificateRequest
-       signedPEM, trustedCAs, err := provisioner.Sign(ctx, certificateRequest, privateKeyBytes)
+       //10. Create sign certificate object with filtered CSR
+       signCertificateModel, err := model.CreateSignCertificateModel(controller.Client, certificateRequest, ctx, privateKeyBytes)
+       if err != nil {
+               controller.handleErrorFailedToFilterCSR(certUpdater, log, err)
+               return ctrl.Result{}, err
+       }
+
+       // 11. Sign CertificateRequest
+       signedPEM, trustedCAs, err := provisioner.Sign(signCertificateModel)
        if err != nil {
                controller.handleErrorFailedToSignCertificate(certUpdater, log, err)
-               return ctrl.Result{}, nil
+               return ctrl.Result{}, err
        }
 
-       // 11. Store signed certificates in CertificateRequest
+       // 12. Store signed certificates in CertificateRequest
        certificateRequest.Status.Certificate = signedPEM
        certificateRequest.Status.CA = trustedCAs
        if err := certUpdater.UpdateCertificateRequestWithSignedCertificates(); err != nil {
@@ -218,6 +226,11 @@ func (controller *CertificateRequestController) handleErrorFailedToDecodeCSR(upd
        _ = updater.UpdateStatusWithEventTypeWarning(cmapi.CertificateRequestReasonFailed, "Failed to decode CSR: %v", err)
 }
 
+func (controller *CertificateRequestController) handleErrorFailedToFilterCSR(updater *updater.CertificateRequestStatusUpdater, log leveledlogger.Logger, err error) {
+       log.Error(err, "Failed to filter certificate sign request fields")
+       _ = updater.UpdateStatusWithEventTypeWarning(cmapi.CertificateRequestReasonFailed, "Failed to filter CSR: %v", err)
+}
+
 func handleErrorResourceNotFound(log leveledlogger.Logger, err error) error {
        if apierrors.IsNotFound(err) {
                log.Error(err, "CertificateRequest resource not found")
"oom/platform/cert-service"