"sigs.k8s.io/controller-runtime/pkg/client"
"onap.org/oom-certservice/k8s-external-provider/src/cmpv2api"
+ "onap.org/oom-certservice/k8s-external-provider/src/cmpv2controller/logger"
provisioners "onap.org/oom-certservice/k8s-external-provider/src/cmpv2provisioner"
)
// 1. Fetch the CertificateRequest resource being reconciled.
certificateRequest := new(cmapi.CertificateRequest)
+ log.Info("Registered new certificate sign request: ", "cert-name", certificateRequest.Name)
if err := controller.Client.Get(ctx, k8sRequest.NamespacedName, certificateRequest); err != nil {
err = handleErrorResourceNotFound(log, err)
return ctrl.Result{}, err
// 2. Check if CertificateRequest is meant for CMPv2Issuer (if not ignore)
if !isCMPv2CertificateRequest(certificateRequest) {
- log.V(4).Info("Certificate request is not meant for CMPv2Issuer (ignoring)",
+ log.Info("Certificate request is not meant for CMPv2Issuer (ignoring)",
"group", certificateRequest.Spec.IssuerRef.Group,
"kind", certificateRequest.Spec.IssuerRef.Kind)
return ctrl.Result{}, nil
// 3. If the certificate data is already set then we skip this request as it
// has already been completed in the past.
if len(certificateRequest.Status.Certificate) > 0 {
- log.V(4).Info("Existing certificate data found in status, skipping already completed CertificateRequest")
+ log.Info("Existing certificate data found in status, skipping already completed CertificateRequest")
return ctrl.Result{}, nil
}
}
privateKeyBytes := privateKeySecret.Data[privateKeySecretKey]
- // 8. Sign CertificateRequest
+ // 8. Log Certificate Request properties not supported or overridden by CertService API
+ logger.LogCertRequestProperties(ctrl.Log.WithName("CSR details"), certificateRequest)
+
+ // 9. Sign CertificateRequest
signedPEM, trustedCAs, err := provisioner.Sign(ctx, certificateRequest, privateKeyBytes)
if err != nil {
controller.handleErrorFailedToSignCertificate(ctx, log, err, certificateRequest)
return ctrl.Result{}, err
}
- // 9. Store signed certificates in CertificateRequest
+ // 10. Store signed certificates in CertificateRequest
certificateRequest.Status.Certificate = signedPEM
certificateRequest.Status.CA = trustedCAs
if err := controller.updateCertificateRequestWithSignedCerficates(ctx, certificateRequest); err != nil {