X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=certServiceK8sExternalProvider%2Fsrc%2Fcmpv2controller%2Fcmpv2_issuer_controller.go;h=1b4e531281afa4f03dbfe3200c30f9e78cf0c0fe;hb=f85be7d76bf73d59dd4d70ffd07f1e34dfd1a2ef;hp=f57f5677adf7ea29283e6f4f64de1059534283cd;hpb=311cb14d51f5f9b81c5761d815d5d7a5f9b63817;p=oom%2Fplatform%2Fcert-service.git diff --git a/certServiceK8sExternalProvider/src/cmpv2controller/cmpv2_issuer_controller.go b/certServiceK8sExternalProvider/src/cmpv2controller/cmpv2_issuer_controller.go index f57f5677..1b4e5312 100644 --- a/certServiceK8sExternalProvider/src/cmpv2controller/cmpv2_issuer_controller.go +++ b/certServiceK8sExternalProvider/src/cmpv2controller/cmpv2_issuer_controller.go @@ -28,6 +28,7 @@ package cmpv2controller import ( "context" "fmt" + "github.com/go-logr/logr" core "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" @@ -35,10 +36,11 @@ import ( "k8s.io/apimachinery/pkg/types" "k8s.io/client-go/tools/record" "k8s.io/utils/clock" - "onap.org/oom-certservice/k8s-external-provider/src/cmpv2api" - provisioners "onap.org/oom-certservice/k8s-external-provider/src/cmpv2provisioner" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" + + "onap.org/oom-certservice/k8s-external-provider/src/cmpv2api" + provisioners "onap.org/oom-certservice/k8s-external-provider/src/cmpv2provisioner" ) // CMPv2IssuerController reconciles a CMPv2Issuer object @@ -74,21 +76,18 @@ func (controller *CMPv2IssuerController) Reconcile(req ctrl.Request) (ctrl.Resul var secret core.Secret secretNamespaceName := types.NamespacedName{ Namespace: req.Namespace, - Name: issuer.Spec.KeyRef.Name, + Name: issuer.Spec.CertSecretRef.Name, } if err := controller.loadResource(ctx, secretNamespaceName, &secret); err != nil { handleErrorInvalidSecret(ctx, log, err, statusUpdater, secretNamespaceName) return ctrl.Result{}, err } - password, ok := secret.Data[issuer.Spec.KeyRef.Key] - if !ok { - err := handleErrorSecretNotFound(ctx, log, issuer, statusUpdater, secretNamespaceName, secret) - return ctrl.Result{}, err - } // 4. Create CMPv2 provisioner and store the instance for further use - provisioner, err := provisioners.New(issuer, password) + provisioner, err := provisioners.CreateProvisioner(issuer, secret) if err != nil { + log.Error(err, "failed to initialize provisioner") + statusUpdater.UpdateNoError(ctx, cmpv2api.ConditionFalse, "Error", "Failed to initialize provisioner: %v", err) handleErrorProvisionerInitialization(ctx, log, err, statusUpdater) return ctrl.Result{}, err } @@ -103,7 +102,6 @@ func (controller *CMPv2IssuerController) Reconcile(req ctrl.Request) (ctrl.Resul return ctrl.Result{}, nil } - func (controller *CMPv2IssuerController) SetupWithManager(manager ctrl.Manager) error { return ctrl.NewControllerManagedBy(manager). For(&cmpv2api.CMPv2Issuer{}). @@ -114,18 +112,22 @@ func (controller *CMPv2IssuerController) loadResource(ctx context.Context, key c return controller.Client.Get(ctx, key, obj) } - func validateCMPv2IssuerSpec(issuerSpec cmpv2api.CMPv2IssuerSpec, log logr.Logger) error { switch { - case issuerSpec.URL == "": - return fmt.Errorf("spec.url cannot be empty") - case issuerSpec.KeyRef.Name == "": - return fmt.Errorf("spec.keyRef.name cannot be empty") - case issuerSpec.KeyRef.Key == "": - return fmt.Errorf("spec.keyRef.key cannot be empty") - default: - log.Info("CMPv2Issuer validated. ") - return nil + case issuerSpec.URL == "": + return fmt.Errorf("spec.url cannot be empty") + case issuerSpec.CaName == "": + return fmt.Errorf("spec.caName cannot be empty") + case issuerSpec.CertSecretRef.Name == "": + return fmt.Errorf("spec.certSecretRef.name cannot be empty") + case issuerSpec.CertSecretRef.KeyRef == "": + return fmt.Errorf("spec.certSecretRef.keyRef cannot be empty") + case issuerSpec.CertSecretRef.CertRef == "": + return fmt.Errorf("spec.certSecretRef.certRef cannot be empty") + case issuerSpec.CertSecretRef.CacertRef == "": + return fmt.Errorf("spec.certSecretRef.cacertRef cannot be empty") + default: + return nil } } @@ -134,22 +136,19 @@ func updateCMPv2IssuerStatusToVerified(statusUpdater *CMPv2IssuerStatusUpdater, return statusUpdater.Update(ctx, cmpv2api.ConditionTrue, Verified, "CMPv2Issuer verified and ready to sign certificates") } - // Error handling func handleErrorUpdatingCMPv2IssuerStatus(log logr.Logger, err error) { log.Error(err, "Failed to update CMPv2Issuer status") } - func handleErrorLoadingCMPv2Issuer(log logr.Logger, err error) { log.Error(err, "Failed to retrieve CMPv2Issuer resource") } - func handleErrorProvisionerInitialization(ctx context.Context, log logr.Logger, err error, statusUpdater *CMPv2IssuerStatusUpdater) { log.Error(err, "Failed to initialize provisioner") - statusUpdater.UpdateNoError(ctx, cmpv2api.ConditionFalse, Error, "Failed initialize provisioner") + statusUpdater.UpdateNoError(ctx, cmpv2api.ConditionFalse, Error, "Failed to initialize provisioner: %v", err) } func handleErrorCMPv2IssuerValidation(ctx context.Context, log logr.Logger, err error, statusUpdater *CMPv2IssuerStatusUpdater) { @@ -157,13 +156,6 @@ func handleErrorCMPv2IssuerValidation(ctx context.Context, log logr.Logger, err statusUpdater.UpdateNoError(ctx, cmpv2api.ConditionFalse, ValidationFailed, "Failed to validate resource: %v", err) } -func handleErrorSecretNotFound(ctx context.Context, log logr.Logger, issuer *cmpv2api.CMPv2Issuer, statusUpdater *CMPv2IssuerStatusUpdater, secretNamespaceName types.NamespacedName, secret core.Secret) error { - err := fmt.Errorf("secret %s does not contain key %s", secret.Name, issuer.Spec.KeyRef.Key) - log.Error(err, "Failed to retrieve CMPv2Issuer provisioner secret", "namespace", secretNamespaceName.Namespace, "name", secretNamespaceName.Name) - statusUpdater.UpdateNoError(ctx, cmpv2api.ConditionFalse, NotFound, "Failed to retrieve provisioner secret: %v", err) - return err -} - func handleErrorInvalidSecret(ctx context.Context, log logr.Logger, err error, statusUpdater *CMPv2IssuerStatusUpdater, secretNamespaceName types.NamespacedName) { log.Error(err, "Failed to retrieve CMPv2Issuer provisioner secret", "namespace", secretNamespaceName.Namespace, "name", secretNamespaceName.Name) if apierrors.IsNotFound(err) {