From f5fb53b031c2f1c4bc4872de59b9774a559d786f Mon Sep 17 00:00:00 2001 From: Jan Malkiewicz Date: Thu, 15 Oct 2020 09:04:18 +0200 Subject: [PATCH] [OOM-K8S-CERT-EXTERNAL-PROVIDER] Mock implementaion enhanced (part II) Rename CertServiceIssuer -> CMPv2Issuer Checking for Issuer.Kind (has to be CMPv2Issuer) Introduced exit codes Refactoring file names and packages Moved tests to main package (according to GOlang convention) Issue-ID: OOM-2559 Signed-off-by: Jan Malkiewicz Change-Id: I710d9f6c9bd22318e5152e5215b78d5a9e7b4540 --- ...te_example_.yaml => _certificate_example_.yaml} | 6 +- .../deploy/configuration.yaml | 4 +- certServiceK8sExternalProvider/deploy/crd.yaml | 24 +++---- certServiceK8sExternalProvider/deploy/roles.yaml | 22 +++---- certServiceK8sExternalProvider/main.go | 38 ++++++----- .../cmpv2_groupversion_info.go} | 5 +- .../cmpv2_issuer_crd_deepcopy.go} | 66 +++++++++---------- .../cmpv2_issuer_crd_schema.go} | 40 +++++------ .../certificate_request_controller.go} | 77 ++++++++++++---------- .../certificate_request_controller_test.go | 35 ++++++++++ .../cmpv2_issuer_controller.go} | 58 ++++++++-------- .../cmpv2_issuer_status_updater.go} | 62 ++++++++--------- .../cmpv2_provisioner.go} | 12 ++-- .../cmpv2provisioner/cmpv2_provisioner_test.go} | 2 +- certServiceK8sExternalProvider/src/exit_code.go | 20 ++++++ 15 files changed, 266 insertions(+), 205 deletions(-) rename certServiceK8sExternalProvider/deploy/{_certificte_example_.yaml => _certificate_example_.yaml} (95%) rename certServiceK8sExternalProvider/src/{api/groupversion_info.go => cmpv2api/cmpv2_groupversion_info.go} (96%) rename certServiceK8sExternalProvider/src/{api/cerservice_issuer_crd_deepcopy.go => cmpv2api/cmpv2_issuer_crd_deepcopy.go} (67%) rename certServiceK8sExternalProvider/src/{api/certservice_issuer_crd_schema.go => cmpv2api/cmpv2_issuer_crd_schema.go} (76%) rename certServiceK8sExternalProvider/src/{certservice-controller/certificaterequest_reconciler.go => cmpv2controller/certificate_request_controller.go} (64%) create mode 100644 certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller_test.go rename certServiceK8sExternalProvider/src/{certservice-controller/certservice_issuer_reconciler.go => cmpv2controller/cmpv2_issuer_controller.go} (57%) rename certServiceK8sExternalProvider/src/{certservice-controller/certservice_issuer_status_reconciler.go => cmpv2controller/cmpv2_issuer_status_updater.go} (53%) rename certServiceK8sExternalProvider/src/{certservice-provisioner/certservice-provisioner.go => cmpv2provisioner/cmpv2_provisioner.go} (94%) rename certServiceK8sExternalProvider/{test/certservice-provisioner/certservice-provisioner_test.go => src/cmpv2provisioner/cmpv2_provisioner_test.go} (97%) create mode 100644 certServiceK8sExternalProvider/src/exit_code.go diff --git a/certServiceK8sExternalProvider/deploy/_certificte_example_.yaml b/certServiceK8sExternalProvider/deploy/_certificate_example_.yaml similarity index 95% rename from certServiceK8sExternalProvider/deploy/_certificte_example_.yaml rename to certServiceK8sExternalProvider/deploy/_certificate_example_.yaml index 70708036..60665d7f 100644 --- a/certServiceK8sExternalProvider/deploy/_certificte_example_.yaml +++ b/certServiceK8sExternalProvider/deploy/_certificate_example_.yaml @@ -43,8 +43,8 @@ spec: duration: 24h # Renew 8 hours before the certificate expiration renewBefore: 8h - # The reference to the step issuer + # The reference to the CMPv2 issuer issuerRef: group: certmanager.onap.org - kind: CertificateRequest - name: certservice-issuer + kind: CMPv2Issuer + name: cmpv2-issuer diff --git a/certServiceK8sExternalProvider/deploy/configuration.yaml b/certServiceK8sExternalProvider/deploy/configuration.yaml index 08e26fce..95c38d75 100644 --- a/certServiceK8sExternalProvider/deploy/configuration.yaml +++ b/certServiceK8sExternalProvider/deploy/configuration.yaml @@ -23,9 +23,9 @@ # apiVersion: certmanager.onap.org/v1 -kind: CertServiceIssuer +kind: CMPv2Issuer metadata: - name: certservice-issuer + name: cmpv2-issuer namespace: onap spec: url: https://certservice.default.svc.cluster.local diff --git a/certServiceK8sExternalProvider/deploy/crd.yaml b/certServiceK8sExternalProvider/deploy/crd.yaml index 9bdbf350..1d45b0c9 100644 --- a/certServiceK8sExternalProvider/deploy/crd.yaml +++ b/certServiceK8sExternalProvider/deploy/crd.yaml @@ -25,14 +25,14 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: certserviceissuers.certmanager.onap.org + name: cmpv2issuers.certmanager.onap.org spec: group: certmanager.onap.org names: - kind: CertServiceIssuer - listKind: CertServiceIssuerList - plural: certserviceissuers - singular: certserviceissuer + kind: CMPv2Issuer + listKind: CMPv2IssuerList + plural: cmpv2issuers + singular: cmpv2issuer scope: Namespaced versions: - name: v1 @@ -40,29 +40,29 @@ spec: storage: true schema: openAPIV3Schema: - description: CertServiceIssuer is the Schema for the certserviceissuers API + description: CMPv2Issuer is the Schema for the cmpv2issuers API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/cmpv2api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/cmpv2api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: CertServiceIssuerSpec defines the desired state of CertServiceIssuer + description: CMPv2IssuerSpec defines the desired state of CMPv2Issuer properties: url: description: URL is the base URL for the certservice certificates instance. type: string keyRef: description: keyRef is a reference to a Secret containing the - provisioner password used to decrypt the provisioner private key. + cmpv2provisioner password used to decrypt the cmpv2provisioner private key. properties: key: description: The key of the secret to select from. Must be a @@ -81,11 +81,11 @@ spec: - keyRef type: object status: - description: CertServiceIssuerStatus defines the observed state of CertServiceIssuer + description: CMPv2IssuerStatus defines the observed state of CMPv2Issuer properties: conditions: items: - description: CertServiceIssuerCondition contains condition information for + description: CMPv2IssuerCondition contains condition information for the certservice issuer. properties: lastTransitionTime: diff --git a/certServiceK8sExternalProvider/deploy/roles.yaml b/certServiceK8sExternalProvider/deploy/roles.yaml index 8b47c886..61691f4f 100644 --- a/certServiceK8sExternalProvider/deploy/roles.yaml +++ b/certServiceK8sExternalProvider/deploy/roles.yaml @@ -25,7 +25,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: certservice-issuer-leader-election-role + name: cmpv2-issuer-leader-election-role namespace: onap rules: - apiGroups: @@ -58,7 +58,7 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: certservice-issuer-manager-role + name: cmpv2-issuer-manager-role rules: - apiGroups: - "" @@ -95,7 +95,7 @@ rules: - apiGroups: - certmanager.onap.org resources: - - certserviceissuers + - cmpv2issuers verbs: - create - delete @@ -107,7 +107,7 @@ rules: - apiGroups: - certmanager.onap.org resources: - - certserviceissuers/status + - cmpv2issuers/status verbs: - get - patch @@ -116,7 +116,7 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: certservice-issuer-proxy-role + name: cmpv2-issuer-proxy-role rules: - apiGroups: - authentication.k8s.io @@ -134,12 +134,12 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: certservice-issuer-leader-election-rolebinding + name: cmpv2-issuer-leader-election-rolebinding namespace: onap roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: certservice-issuer-leader-election-role + name: cmpv2-issuer-leader-election-role subjects: - kind: ServiceAccount name: default @@ -148,11 +148,11 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: certservice-issuer-manager-rolebinding + name: cmpv2-issuer-manager-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: certservice-issuer-manager-role + name: cmpv2-issuer-manager-role subjects: - kind: ServiceAccount name: default @@ -161,11 +161,11 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: certservice-issuer-proxy-rolebinding + name: cmpv2-issuer-proxy-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: certservice-issuer-proxy-role + name: cmpv2-issuer-proxy-role subjects: - kind: ServiceAccount name: default diff --git a/certServiceK8sExternalProvider/main.go b/certServiceK8sExternalProvider/main.go index 52c8280c..2fcbfaaf 100644 --- a/certServiceK8sExternalProvider/main.go +++ b/certServiceK8sExternalProvider/main.go @@ -33,8 +33,9 @@ import ( clientgoscheme "k8s.io/client-go/kubernetes/scheme" _ "k8s.io/client-go/plugin/pkg/client/auth/gcp" "k8s.io/utils/clock" - certserviceapi "onap.org/oom-certservice/k8s-external-provider/src/api" - controllers "onap.org/oom-certservice/k8s-external-provider/src/certservice-controller" + app "onap.org/oom-certservice/k8s-external-provider/src" + certserviceapi "onap.org/oom-certservice/k8s-external-provider/src/cmpv2api" + controllers "onap.org/oom-certservice/k8s-external-provider/src/cmpv2controller" "os" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/log/zap" @@ -53,7 +54,7 @@ func init() { func main() { fmt.Println() - fmt.Println(" *** Cert Service Provider v1.0.1 ***") + fmt.Println(" *** Cert Service Provider v1.0.2 ***") fmt.Println() setupLog.Info("Parsing arguments...") @@ -73,36 +74,37 @@ func main() { LeaderElection: enableLeaderElection, }) if err != nil { - setupLog.Error(err, "unable to start manager") - os.Exit(1) + exit(app.FAILED_TO_CREATE_CONTROLLER_MANAGER, err) } - setupLog.Info("Registering CertServiceIssuerReconciler...") - if err = (&controllers.CertServiceIssuerReconciler{ + setupLog.Info("Registering CMPv2IssuerController...") + if err = (&controllers.CMPv2IssuerController{ Client: manager.GetClient(), - Log: ctrl.Log.WithName("controllers").WithName("CertServiceIssuer"), + Log: ctrl.Log.WithName("controllers").WithName("CMPv2Issuer"), Clock: clock.RealClock{}, - Recorder: manager.GetEventRecorderFor("certservice-issuer-controller"), + Recorder: manager.GetEventRecorderFor("cmpv2-issuer-controller"), }).SetupWithManager(manager); err != nil { - setupLog.Error(err, "unable to create controller", "controller", "CertServiceIssuer") - os.Exit(1) + exit(app.FAILED_TO_REGISTER_CMPv2_ISSUER_CONTROLLER, err) } - setupLog.Info("Registering CertificateRequestReconciler...") - if err = (&controllers.CertificateRequestReconciler{ + setupLog.Info("Registering CertificateRequestController...") + if err = (&controllers.CertificateRequestController{ Client: manager.GetClient(), Log: ctrl.Log.WithName("controllers").WithName("CertificateRequest"), - Recorder: manager.GetEventRecorderFor("certificaterequests-controller"), + Recorder: manager.GetEventRecorderFor("certificate-requests-controller"), }).SetupWithManager(manager); err != nil { - setupLog.Error(err, "unable to create controller", "controller", "CertificateRequest") - os.Exit(1) + exit(app.FAILED_TO_REGISTER_CERT_REQUEST_CONTROLLER, err) } setupLog.Info("Starting k8s manager...") if err := manager.Start(ctrl.SetupSignalHandler()); err != nil { - setupLog.Error(err, "problem running manager") - os.Exit(1) + exit(app.EXCEPTION_WHILE_RUNNING_CONTROLLER_MANAGER, err) } setupLog.Info("Application is up and running.") } + +func exit(exitCode app.ExitCode, err error) { + setupLog.Error(err, exitCode.Message) + os.Exit(exitCode.Code) +} diff --git a/certServiceK8sExternalProvider/src/api/groupversion_info.go b/certServiceK8sExternalProvider/src/cmpv2api/cmpv2_groupversion_info.go similarity index 96% rename from certServiceK8sExternalProvider/src/api/groupversion_info.go rename to certServiceK8sExternalProvider/src/cmpv2api/cmpv2_groupversion_info.go index 0a64b25e..996cf21a 100644 --- a/certServiceK8sExternalProvider/src/api/groupversion_info.go +++ b/certServiceK8sExternalProvider/src/cmpv2api/cmpv2_groupversion_info.go @@ -23,7 +23,7 @@ * ============LICENSE_END========================================================= */ -package api +package cmpv2api import ( "k8s.io/apimachinery/pkg/runtime/schema" @@ -40,3 +40,6 @@ var ( // AddToScheme adds the types in this group-version to the given scheme. AddToScheme = SchemeBuilder.AddToScheme ) + +const CMPv2IssuerKind = "CMPv2Issuer" + diff --git a/certServiceK8sExternalProvider/src/api/cerservice_issuer_crd_deepcopy.go b/certServiceK8sExternalProvider/src/cmpv2api/cmpv2_issuer_crd_deepcopy.go similarity index 67% rename from certServiceK8sExternalProvider/src/api/cerservice_issuer_crd_deepcopy.go rename to certServiceK8sExternalProvider/src/cmpv2api/cmpv2_issuer_crd_deepcopy.go index b901cc76..68e79ce1 100644 --- a/certServiceK8sExternalProvider/src/api/cerservice_issuer_crd_deepcopy.go +++ b/certServiceK8sExternalProvider/src/cmpv2api/cmpv2_issuer_crd_deepcopy.go @@ -23,7 +23,7 @@ * ============LICENSE_END========================================================= */ -package api +package cmpv2api import ( runtime "k8s.io/apimachinery/pkg/runtime" @@ -45,34 +45,34 @@ func (inputSecretKeySelector *SecretKeySelector) DeepCopy() *SecretKeySelector { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (inputCertServiceIssuer *CertServiceIssuer) DeepCopyInto(outCertServiceIssuer *CertServiceIssuer) { - *outCertServiceIssuer = *inputCertServiceIssuer - outCertServiceIssuer.TypeMeta = inputCertServiceIssuer.TypeMeta - inputCertServiceIssuer.ObjectMeta.DeepCopyInto(&outCertServiceIssuer.ObjectMeta) - inputCertServiceIssuer.Spec.DeepCopyInto(&outCertServiceIssuer.Spec) - inputCertServiceIssuer.Status.DeepCopyInto(&outCertServiceIssuer.Status) +func (inputCMPv2Issuer *CMPv2Issuer) DeepCopyInto(outCMPv2Issuer *CMPv2Issuer) { + *outCMPv2Issuer = *inputCMPv2Issuer + outCMPv2Issuer.TypeMeta = inputCMPv2Issuer.TypeMeta + inputCMPv2Issuer.ObjectMeta.DeepCopyInto(&outCMPv2Issuer.ObjectMeta) + inputCMPv2Issuer.Spec.DeepCopyInto(&outCMPv2Issuer.Spec) + inputCMPv2Issuer.Status.DeepCopyInto(&outCMPv2Issuer.Status) } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertServiceIssuer. -func (inputCertServiceIssuer *CertServiceIssuer) DeepCopy() *CertServiceIssuer { - if inputCertServiceIssuer == nil { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CMPv2Issuer. +func (inputCMPv2Issuer *CMPv2Issuer) DeepCopy() *CMPv2Issuer { + if inputCMPv2Issuer == nil { return nil } - out := new(CertServiceIssuer) - inputCertServiceIssuer.DeepCopyInto(out) + out := new(CMPv2Issuer) + inputCMPv2Issuer.DeepCopyInto(out) return out } // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (inputCertServiceIssuer *CertServiceIssuer) DeepCopyObject() runtime.Object { - if deepCopy := inputCertServiceIssuer.DeepCopy(); deepCopy != nil { +func (inputCMPv2Issuer *CMPv2Issuer) DeepCopyObject() runtime.Object { + if deepCopy := inputCMPv2Issuer.DeepCopy(); deepCopy != nil { return deepCopy } return nil } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (inputIssuerCondition *CertServiceIssuerCondition) DeepCopyInto(outIssuerCondition *CertServiceIssuerCondition) { +func (inputIssuerCondition *CMPv2IssuerCondition) DeepCopyInto(outIssuerCondition *CMPv2IssuerCondition) { *outIssuerCondition = *inputIssuerCondition if inputIssuerCondition.LastTransitionTime != nil { in, out := &inputIssuerCondition.LastTransitionTime, &outIssuerCondition.LastTransitionTime @@ -80,42 +80,42 @@ func (inputIssuerCondition *CertServiceIssuerCondition) DeepCopyInto(outIssuerCo } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertServiceIssuerCondition. -func (inputIssuerCondition *CertServiceIssuerCondition) DeepCopy() *CertServiceIssuerCondition { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CMPv2IssuerCondition. +func (inputIssuerCondition *CMPv2IssuerCondition) DeepCopy() *CMPv2IssuerCondition { if inputIssuerCondition == nil { return nil } - out := new(CertServiceIssuerCondition) + out := new(CMPv2IssuerCondition) inputIssuerCondition.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (inputIssuerList *CertServiceIssuerList) DeepCopyInto(outIssuerList *CertServiceIssuerList) { +func (inputIssuerList *CMPv2IssuerList) DeepCopyInto(outIssuerList *CMPv2IssuerList) { *outIssuerList = *inputIssuerList outIssuerList.TypeMeta = inputIssuerList.TypeMeta inputIssuerList.ListMeta.DeepCopyInto(&outIssuerList.ListMeta) if inputIssuerList.Items != nil { in, out := &inputIssuerList.Items, &outIssuerList.Items - *out = make([]CertServiceIssuer, len(*in)) + *out = make([]CMPv2Issuer, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertServiceIssuerList. -func (inputIssuerList *CertServiceIssuerList) DeepCopy() *CertServiceIssuerList { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CMPv2IssuerList. +func (inputIssuerList *CMPv2IssuerList) DeepCopy() *CMPv2IssuerList { if inputIssuerList == nil { return nil } - out := new(CertServiceIssuerList) + out := new(CMPv2IssuerList) inputIssuerList.DeepCopyInto(out) return out } // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (inputIssuerList *CertServiceIssuerList) DeepCopyObject() runtime.Object { +func (inputIssuerList *CMPv2IssuerList) DeepCopyObject() runtime.Object { if deepCopy := inputIssuerList.DeepCopy(); deepCopy != nil { return deepCopy } @@ -123,39 +123,39 @@ func (inputIssuerList *CertServiceIssuerList) DeepCopyObject() runtime.Object { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (inputIssuerSpec *CertServiceIssuerSpec) DeepCopyInto(outIssuerSpec *CertServiceIssuerSpec) { +func (inputIssuerSpec *CMPv2IssuerSpec) DeepCopyInto(outIssuerSpec *CMPv2IssuerSpec) { *outIssuerSpec = *inputIssuerSpec outIssuerSpec.KeyRef = inputIssuerSpec.KeyRef } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertServiceIssuerSpec. -func (inputIssuerSpec *CertServiceIssuerSpec) DeepCopy() *CertServiceIssuerSpec { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CMPv2IssuerSpec. +func (inputIssuerSpec *CMPv2IssuerSpec) DeepCopy() *CMPv2IssuerSpec { if inputIssuerSpec == nil { return nil } - out := new(CertServiceIssuerSpec) + out := new(CMPv2IssuerSpec) inputIssuerSpec.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (inputIssuerStatus *CertServiceIssuerStatus) DeepCopyInto(outIssuerStatus *CertServiceIssuerStatus) { +func (inputIssuerStatus *CMPv2IssuerStatus) DeepCopyInto(outIssuerStatus *CMPv2IssuerStatus) { *outIssuerStatus = *inputIssuerStatus if inputIssuerStatus.Conditions != nil { in, out := &inputIssuerStatus.Conditions, &outIssuerStatus.Conditions - *out = make([]CertServiceIssuerCondition, len(*in)) + *out = make([]CMPv2IssuerCondition, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertServiceIssuerStatus. -func (inputIssuerStatus *CertServiceIssuerStatus) DeepCopy() *CertServiceIssuerStatus { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CMPv2IssuerStatus. +func (inputIssuerStatus *CMPv2IssuerStatus) DeepCopy() *CMPv2IssuerStatus { if inputIssuerStatus == nil { return nil } - out := new(CertServiceIssuerStatus) + out := new(CMPv2IssuerStatus) inputIssuerStatus.DeepCopyInto(out) return out } diff --git a/certServiceK8sExternalProvider/src/api/certservice_issuer_crd_schema.go b/certServiceK8sExternalProvider/src/cmpv2api/cmpv2_issuer_crd_schema.go similarity index 76% rename from certServiceK8sExternalProvider/src/api/certservice_issuer_crd_schema.go rename to certServiceK8sExternalProvider/src/cmpv2api/cmpv2_issuer_crd_schema.go index b09813bb..f2482657 100644 --- a/certServiceK8sExternalProvider/src/api/certservice_issuer_crd_schema.go +++ b/certServiceK8sExternalProvider/src/cmpv2api/cmpv2_issuer_crd_schema.go @@ -23,18 +23,18 @@ * ============LICENSE_END========================================================= */ -package api +package cmpv2api import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) func init() { - SchemeBuilder.Register(&CertServiceIssuer{}, &CertServiceIssuerList{}) + SchemeBuilder.Register(&CMPv2Issuer{}, &CMPv2IssuerList{}) } -// CertServiceIssuerSpec defines the desired state of CertServiceIssuer -type CertServiceIssuerSpec struct { +// CMPv2IssuerSpec defines the desired state of CMPv2Issuer +type CMPv2IssuerSpec struct { // URL is the base URL for the CertService certificates instance. URL string `json:"url"` @@ -43,34 +43,28 @@ type CertServiceIssuerSpec struct { KeyRef SecretKeySelector `json:"keyRef"` } -// CertServiceIssuerStatus defines the observed state of CertServiceIssuer -type CertServiceIssuerStatus struct { - // INSERT ADDITIONAL STATUS FIELD - define observed state of cluster - // Important: Run "make" to regenerate code after modifying this file +// CMPv2IssuerStatus defines the observed state of CMPv2Issuer +type CMPv2IssuerStatus struct { // +optional - Conditions []CertServiceIssuerCondition `json:"conditions,omitempty"` + Conditions []CMPv2IssuerCondition `json:"conditions,omitempty"` } -// +kubebuilder:object:root=true - -// CertServiceIssuer is the Schema for the certserviceissuers API -// +kubebuilder:subresource:status -type CertServiceIssuer struct { +type CMPv2Issuer struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Spec CertServiceIssuerSpec `json:"spec,omitempty"` - Status CertServiceIssuerStatus `json:"status,omitempty"` + Spec CMPv2IssuerSpec `json:"spec,omitempty"` + Status CMPv2IssuerStatus `json:"status,omitempty"` } // +kubebuilder:object:root=true -// CertServiceIssuerList contains a list of CertServiceIssuer -type CertServiceIssuerList struct { +// CMPv2IssuerList contains a list of CMPv2Issuer +type CMPv2IssuerList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` - Items []CertServiceIssuer `json:"items"` + Items []CMPv2Issuer `json:"items"` } // SecretKeySelector contains the reference to a secret. @@ -83,12 +77,12 @@ type SecretKeySelector struct { Key string `json:"key,omitempty"` } -// ConditionType represents a CertServiceIssuer condition type. +// ConditionType represents a CMPv2Issuer condition type. // +kubebuilder:validation:Enum=Ready type ConditionType string const ( - // ConditionReady indicates that a CertServiceIssuer is ready for use. + // ConditionReady indicates that a CMPv2Issuer is ready for use. ConditionReady ConditionType = "Ready" ) @@ -112,8 +106,8 @@ const ( ConditionUnknown ConditionStatus = "Unknown" ) -// CertServiceIssuerCondition contains condition information for the CertService issuer. -type CertServiceIssuerCondition struct { +// CMPv2IssuerCondition contains condition information for the CertService issuer. +type CMPv2IssuerCondition struct { // Type of the condition, currently ('Ready'). Type ConditionType `json:"type"` diff --git a/certServiceK8sExternalProvider/src/certservice-controller/certificaterequest_reconciler.go b/certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller.go similarity index 64% rename from certServiceK8sExternalProvider/src/certservice-controller/certificaterequest_reconciler.go rename to certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller.go index b744676e..1669c97f 100644 --- a/certServiceK8sExternalProvider/src/certservice-controller/certificaterequest_reconciler.go +++ b/certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller.go @@ -23,13 +23,13 @@ * ============LICENSE_END========================================================= */ -package certservice_controller +package cmpv2controller import ( "context" "fmt" - "onap.org/oom-certservice/k8s-external-provider/src/api" - provisioners "onap.org/oom-certservice/k8s-external-provider/src/certservice-provisioner" + "onap.org/oom-certservice/k8s-external-provider/src/cmpv2api" + provisioners "onap.org/oom-certservice/k8s-external-provider/src/cmpv2provisioner" "github.com/go-logr/logr" apiutil "github.com/jetstack/cert-manager/pkg/api/util" @@ -43,24 +43,24 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" ) -// CertificateRequestReconciler reconciles a CertServiceIssuer object. -type CertificateRequestReconciler struct { +// CertificateRequestController reconciles a CMPv2Issuer object. +type CertificateRequestController struct { client.Client Log logr.Logger Recorder record.EventRecorder } -// Reconcile will read and validate a CertServiceIssuer resource associated to the +// Reconcile will read and validate a CMPv2Issuer resource associated to the // CertificateRequest resource, and it will sign the CertificateRequest with the -// provisioner in the CertServiceIssuer. -func (reconciler *CertificateRequestReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) { +// provisioner in the CMPv2Issuer. +func (controller *CertificateRequestController) Reconcile(req ctrl.Request) (ctrl.Result, error) { ctx := context.Background() - log := reconciler.Log.WithValues("certificaterequest", req.NamespacedName) + log := controller.Log.WithValues("certificate-request-controller", req.NamespacedName) // Fetch the CertificateRequest resource being reconciled. // Just ignore the request if the certificate request has been deleted. certificateRequest := new(cmapi.CertificateRequest) - if err := reconciler.Client.Get(ctx, req.NamespacedName, certificateRequest); err != nil { + if err := controller.Client.Get(ctx, req.NamespacedName, certificateRequest); err != nil { if apierrors.IsNotFound(err) { return ctrl.Result{}, nil } @@ -69,10 +69,10 @@ func (reconciler *CertificateRequestReconciler) Reconcile(req ctrl.Request) (ctr return ctrl.Result{}, err } - // Check the CertificateRequest's issuerRef and if it does not match the api - // group name, log a message at a debug level and stop processing. - if certificateRequest.Spec.IssuerRef.Group != "" && certificateRequest.Spec.IssuerRef.Group != api.GroupVersion.Group { - log.V(4).Info("resource does not specify an issuerRef group name that we are responsible for", "group", certificateRequest.Spec.IssuerRef.Group) + if !isCMPv2CertificateRequest(certificateRequest) { + log.V(4).Info("certificate request is not CMPv2", + "group", certificateRequest.Spec.IssuerRef.Group, + "kind", certificateRequest.Spec.IssuerRef.Kind) return ctrl.Result{}, nil } @@ -83,23 +83,23 @@ func (reconciler *CertificateRequestReconciler) Reconcile(req ctrl.Request) (ctr return ctrl.Result{}, nil } - // Fetch the CertServiceIssuer resource - issuer := api.CertServiceIssuer{} + // Fetch the CMPv2Issuer resource + issuer := cmpv2api.CMPv2Issuer{} issuerNamespaceName := types.NamespacedName{ Namespace: req.Namespace, Name: certificateRequest.Spec.IssuerRef.Name, } - if err := reconciler.Client.Get(ctx, issuerNamespaceName, &issuer); err != nil { - log.Error(err, "failed to retrieve CertServiceIssuer resource", "namespace", req.Namespace, "name", certificateRequest.Spec.IssuerRef.Name) - _ = reconciler.setStatus(ctx, certificateRequest, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonPending, "Failed to retrieve CertServiceIssuer resource %s: %v", issuerNamespaceName, err) + if err := controller.Client.Get(ctx, issuerNamespaceName, &issuer); err != nil { + log.Error(err, "failed to retrieve CMPv2Issuer resource", "namespace", req.Namespace, "name", certificateRequest.Spec.IssuerRef.Name) + _ = controller.setStatus(ctx, certificateRequest, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonPending, "Failed to retrieve CMPv2Issuer resource %s: %v", issuerNamespaceName, err) return ctrl.Result{}, err } - // Check if the CertServiceIssuer resource has been marked Ready - if !certServiceIssuerHasCondition(issuer, api.CertServiceIssuerCondition{Type: api.ConditionReady, Status: api.ConditionTrue}) { + // Check if the CMPv2Issuer resource has been marked Ready + if !cmpv2IssuerHasCondition(issuer, cmpv2api.CMPv2IssuerCondition{Type: cmpv2api.ConditionReady, Status: cmpv2api.ConditionTrue}) { err := fmt.Errorf("resource %s is not ready", issuerNamespaceName) - log.Error(err, "failed to retrieve CertServiceIssuer resource", "namespace", req.Namespace, "name", certificateRequest.Spec.IssuerRef.Name) - _ = reconciler.setStatus(ctx, certificateRequest, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonPending, "CertServiceIssuer resource %s is not Ready", issuerNamespaceName) + log.Error(err, "failed to retrieve CMPv2Issuer resource", "namespace", req.Namespace, "name", certificateRequest.Spec.IssuerRef.Name) + _ = controller.setStatus(ctx, certificateRequest, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonPending, "CMPv2Issuer resource %s is not Ready", issuerNamespaceName) return ctrl.Result{}, err } @@ -107,8 +107,8 @@ func (reconciler *CertificateRequestReconciler) Reconcile(req ctrl.Request) (ctr provisioner, ok := provisioners.Load(issuerNamespaceName) if !ok { err := fmt.Errorf("provisioner %s not found", issuerNamespaceName) - log.Error(err, "failed to provisioner for CertServiceIssuer resource") - _ = reconciler.setStatus(ctx, certificateRequest, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonPending, "Failed to load provisioner for CertServiceIssuer resource %s", issuerNamespaceName) + log.Error(err, "failed to provisioner for CMPv2Issuer resource") + _ = controller.setStatus(ctx, certificateRequest, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonPending, "Failed to load provisioner for CMPv2Issuer resource %s", issuerNamespaceName) return ctrl.Result{}, err } @@ -116,28 +116,28 @@ func (reconciler *CertificateRequestReconciler) Reconcile(req ctrl.Request) (ctr signedPEM, trustedCAs, err := provisioner.Sign(ctx, certificateRequest) if err != nil { log.Error(err, "failed to sign certificate request") - return ctrl.Result{}, reconciler.setStatus(ctx, certificateRequest, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonFailed, "Failed to sign certificate request: %v", err) + return ctrl.Result{}, controller.setStatus(ctx, certificateRequest, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonFailed, "Failed to sign certificate request: %v", err) } certificateRequest.Status.Certificate = signedPEM certificateRequest.Status.CA = trustedCAs - return ctrl.Result{}, reconciler.setStatus(ctx, certificateRequest, cmmeta.ConditionTrue, cmapi.CertificateRequestReasonIssued, "Certificate issued") + return ctrl.Result{}, controller.setStatus(ctx, certificateRequest, cmmeta.ConditionTrue, cmapi.CertificateRequestReasonIssued, "Certificate issued") } // SetupWithManager initializes the CertificateRequest controller into the // controller runtime. -func (reconciler *CertificateRequestReconciler) SetupWithManager(manager ctrl.Manager) error { +func (controller *CertificateRequestController) SetupWithManager(manager ctrl.Manager) error { return ctrl.NewControllerManagedBy(manager). For(&cmapi.CertificateRequest{}). - Complete(reconciler) + Complete(controller) } -// certServiceIssuerHasCondition will return true if the given CertServiceIssuer resource has -// a condition matching the provided CertServiceIssuerCondition. Only the Type and +// cmpv2IssuerHasCondition will return true if the given CMPv2Issuer resource has +// a condition matching the provided CMPv2IssuerCondition. Only the Type and // Status field will be used in the comparison, meaning that this function will // return 'true' even if the Reason, Message and LastTransitionTime fields do // not match. -func certServiceIssuerHasCondition(issuer api.CertServiceIssuer, condition api.CertServiceIssuerCondition) bool { +func cmpv2IssuerHasCondition(issuer cmpv2api.CMPv2Issuer, condition cmpv2api.CMPv2IssuerCondition) bool { existingConditions := issuer.Status.Conditions for _, cond := range existingConditions { if condition.Type == cond.Type && condition.Status == cond.Status { @@ -147,7 +147,14 @@ func certServiceIssuerHasCondition(issuer api.CertServiceIssuer, condition api.C return false } -func (reconciler *CertificateRequestReconciler) setStatus(ctx context.Context, certificateRequest *cmapi.CertificateRequest, status cmmeta.ConditionStatus, reason, message string, args ...interface{}) error { +func isCMPv2CertificateRequest(certificateRequest *cmapi.CertificateRequest) bool { + return certificateRequest.Spec.IssuerRef.Group != "" && + certificateRequest.Spec.IssuerRef.Group == cmpv2api.GroupVersion.Group && + certificateRequest.Spec.IssuerRef.Kind == cmpv2api.CMPv2IssuerKind + +} + +func (controller *CertificateRequestController) setStatus(ctx context.Context, certificateRequest *cmapi.CertificateRequest, status cmmeta.ConditionStatus, reason, message string, args ...interface{}) error { completeMessage := fmt.Sprintf(message, args...) apiutil.SetCertificateRequestCondition(certificateRequest, cmapi.CertificateRequestConditionReady, status, reason, completeMessage) @@ -156,7 +163,7 @@ func (reconciler *CertificateRequestReconciler) setStatus(ctx context.Context, c if status == cmmeta.ConditionFalse { eventType = core.EventTypeWarning } - reconciler.Recorder.Event(certificateRequest, eventType, reason, completeMessage) + controller.Recorder.Event(certificateRequest, eventType, reason, completeMessage) - return reconciler.Client.Status().Update(ctx, certificateRequest) + return controller.Client.Status().Update(ctx, certificateRequest) } diff --git a/certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller_test.go b/certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller_test.go new file mode 100644 index 00000000..36cfbc48 --- /dev/null +++ b/certServiceK8sExternalProvider/src/cmpv2controller/certificate_request_controller_test.go @@ -0,0 +1,35 @@ +package cmpv2controller + +import ( + cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1" + "testing" +) + +func TestIsCMPv2CertificateRequest_notCMPv2Request(t *testing.T) { + request := new(cmapi.CertificateRequest) + if isCMPv2CertificateRequest(request) { + t.Logf("CPMv2 request [NOK]") + t.FailNow() + } + + request.Spec.IssuerRef.Group = "certmanager.onap.org" + request.Spec.IssuerRef.Kind = "CertificateRequest" + if isCMPv2CertificateRequest(request) { + t.Logf("CPMv2 request [NOK]") + t.FailNow() + } +} + +func TestIsCMPv2CertificateRequest_CMPvRequest(t *testing.T) { + request := new(cmapi.CertificateRequest) + request.Spec.IssuerRef.Group = "certmanager.onap.org" + request.Spec.IssuerRef.Kind = "CMPv2Issuer" + + if isCMPv2CertificateRequest(request) { + t.Logf("CPMv2 request [OK]") + } else { + t.Logf("Not a CPMv2 request [NOK]") + t.FailNow() + } +} + diff --git a/certServiceK8sExternalProvider/src/certservice-controller/certservice_issuer_reconciler.go b/certServiceK8sExternalProvider/src/cmpv2controller/cmpv2_issuer_controller.go similarity index 57% rename from certServiceK8sExternalProvider/src/certservice-controller/certservice_issuer_reconciler.go rename to certServiceK8sExternalProvider/src/cmpv2controller/cmpv2_issuer_controller.go index b826e2dd..e5b1b196 100644 --- a/certServiceK8sExternalProvider/src/certservice-controller/certservice_issuer_reconciler.go +++ b/certServiceK8sExternalProvider/src/cmpv2controller/cmpv2_issuer_controller.go @@ -23,7 +23,7 @@ * ============LICENSE_END========================================================= */ -package certservice_controller +package cmpv2controller import ( "context" @@ -34,37 +34,37 @@ import ( "k8s.io/apimachinery/pkg/types" "k8s.io/client-go/tools/record" "k8s.io/utils/clock" - "onap.org/oom-certservice/k8s-external-provider/src/api" - provisioners "onap.org/oom-certservice/k8s-external-provider/src/certservice-provisioner" + "onap.org/oom-certservice/k8s-external-provider/src/cmpv2api" + provisioners "onap.org/oom-certservice/k8s-external-provider/src/cmpv2provisioner" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" ) -// CertServiceIssuerReconciler reconciles a CertServiceIssuer object -type CertServiceIssuerReconciler struct { +// CMPv2IssuerController reconciles a CMPv2Issuer object +type CMPv2IssuerController struct { client.Client Log logr.Logger Clock clock.Clock Recorder record.EventRecorder } -// Reconcile will read and validate the CertServiceIssuer resources, it will set the +// Reconcile will read and validate the CMPv2Issuer resources, it will set the // status condition ready to true if everything is right. -func (reconciler *CertServiceIssuerReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) { +func (controller *CMPv2IssuerController) Reconcile(req ctrl.Request) (ctrl.Result, error) { ctx := context.Background() - log := reconciler.Log.WithValues("certservice-issuer-controller", req.NamespacedName) + log := controller.Log.WithValues("cmpv2-issuer-controller", req.NamespacedName) - issuer := new(api.CertServiceIssuer) - if err := reconciler.Client.Get(ctx, req.NamespacedName, issuer); err != nil { - log.Error(err, "failed to retrieve CertServiceIssuer resource") + issuer := new(cmpv2api.CMPv2Issuer) + if err := controller.Client.Get(ctx, req.NamespacedName, issuer); err != nil { + log.Error(err, "failed to retrieve CMPv2Issuer resource") return ctrl.Result{}, client.IgnoreNotFound(err) } log.Info("Issuer loaded: ", "issuer", issuer) - statusReconciler := newStatusReconciler(reconciler, issuer, log) - if err := validateCertServiceIssuerSpec(issuer.Spec); err != nil { - log.Error(err, "failed to validate CertServiceIssuer resource") - statusReconciler.UpdateNoError(ctx, api.ConditionFalse, "Validation", "Failed to validate resource: %v", err) + statusUpdater := newStatusUpdater(controller, issuer, log) + if err := validateCMPv2IssuerSpec(issuer.Spec); err != nil { + log.Error(err, "failed to validate CMPv2Issuer resource") + statusUpdater.UpdateNoError(ctx, cmpv2api.ConditionFalse, "Validation", "Failed to validate resource: %v", err) return ctrl.Result{}, err } log.Info("Issuer validated. ") @@ -75,20 +75,20 @@ func (reconciler *CertServiceIssuerReconciler) Reconcile(req ctrl.Request) (ctrl Namespace: req.Namespace, Name: issuer.Spec.KeyRef.Name, } - if err := reconciler.Client.Get(ctx, secretNamespaceName, &secret); err != nil { - log.Error(err, "failed to retrieve CertServiceIssuer provisioner secret", "namespace", secretNamespaceName.Namespace, "name", secretNamespaceName.Name) + if err := controller.Client.Get(ctx, secretNamespaceName, &secret); err != nil { + log.Error(err, "failed to retrieve CMPv2Issuer provisioner secret", "namespace", secretNamespaceName.Namespace, "name", secretNamespaceName.Name) if apierrors.IsNotFound(err) { - statusReconciler.UpdateNoError(ctx, api.ConditionFalse, "NotFound", "Failed to retrieve provisioner secret: %v", err) + statusUpdater.UpdateNoError(ctx, cmpv2api.ConditionFalse, "NotFound", "Failed to retrieve provisioner secret: %v", err) } else { - statusReconciler.UpdateNoError(ctx, api.ConditionFalse, "Error", "Failed to retrieve provisioner secret: %v", err) + statusUpdater.UpdateNoError(ctx, cmpv2api.ConditionFalse, "Error", "Failed to retrieve provisioner secret: %v", err) } return ctrl.Result{}, err } password, ok := secret.Data[issuer.Spec.KeyRef.Key] if !ok { err := fmt.Errorf("secret %s does not contain key %s", secret.Name, issuer.Spec.KeyRef.Key) - log.Error(err, "failed to retrieve CertServiceIssuer provisioner secret", "namespace", secretNamespaceName.Namespace, "name", secretNamespaceName.Name) - statusReconciler.UpdateNoError(ctx, api.ConditionFalse, "NotFound", "Failed to retrieve provisioner secret: %v", err) + log.Error(err, "failed to retrieve CMPv2Issuer provisioner secret", "namespace", secretNamespaceName.Namespace, "name", secretNamespaceName.Name) + statusUpdater.UpdateNoError(ctx, cmpv2api.ConditionFalse, "NotFound", "Failed to retrieve provisioner secret: %v", err) return ctrl.Result{}, err } @@ -96,24 +96,24 @@ func (reconciler *CertServiceIssuerReconciler) Reconcile(req ctrl.Request) (ctrl provisioner, err := provisioners.New(issuer, password) if err != nil { log.Error(err, "failed to initialize provisioner") - statusReconciler.UpdateNoError(ctx, api.ConditionFalse, "Error", "failed initialize provisioner") + statusUpdater.UpdateNoError(ctx, cmpv2api.ConditionFalse, "Error", "failed initialize provisioner") return ctrl.Result{}, err } provisioners.Store(req.NamespacedName, provisioner) - log.Info( "CertServiceIssuer verified. Updating status to Verified...") - return ctrl.Result{}, statusReconciler.Update(ctx, api.ConditionTrue, "Verified", "CertServiceIssuer verified and ready to sign certificates") + log.Info( "CMPv2Issuer verified. Updating status to Verified...") + return ctrl.Result{}, statusUpdater.Update(ctx, cmpv2api.ConditionTrue, "Verified", "CMPv2Issuer verified and ready to sign certificates") } -// SetupWithManager initializes the CertServiceIssuer controller into the controller +// SetupWithManager initializes the CMPv2Issuer controller into the controller // runtime. -func (reconciler *CertServiceIssuerReconciler) SetupWithManager(manager ctrl.Manager) error { +func (controller *CMPv2IssuerController) SetupWithManager(manager ctrl.Manager) error { return ctrl.NewControllerManagedBy(manager). - For(&api.CertServiceIssuer{}). - Complete(reconciler) + For(&cmpv2api.CMPv2Issuer{}). + Complete(controller) } -func validateCertServiceIssuerSpec(issuerSpec api.CertServiceIssuerSpec) error { +func validateCMPv2IssuerSpec(issuerSpec cmpv2api.CMPv2IssuerSpec) error { switch { case issuerSpec.URL == "": return fmt.Errorf("spec.url cannot be empty") diff --git a/certServiceK8sExternalProvider/src/certservice-controller/certservice_issuer_status_reconciler.go b/certServiceK8sExternalProvider/src/cmpv2controller/cmpv2_issuer_status_updater.go similarity index 53% rename from certServiceK8sExternalProvider/src/certservice-controller/certservice_issuer_status_reconciler.go rename to certServiceK8sExternalProvider/src/cmpv2controller/cmpv2_issuer_status_updater.go index f2c0452e..f2ec5c5a 100644 --- a/certServiceK8sExternalProvider/src/certservice-controller/certservice_issuer_status_reconciler.go +++ b/certServiceK8sExternalProvider/src/cmpv2controller/cmpv2_issuer_status_updater.go @@ -23,7 +23,7 @@ * ============LICENSE_END========================================================= */ -package certservice_controller +package cmpv2controller import ( "context" @@ -31,46 +31,46 @@ import ( "github.com/go-logr/logr" core "k8s.io/api/core/v1" meta "k8s.io/apimachinery/pkg/apis/meta/v1" - "onap.org/oom-certservice/k8s-external-provider/src/api" + "onap.org/oom-certservice/k8s-external-provider/src/cmpv2api" ) -type certServiceIssuerStatusReconciler struct { - *CertServiceIssuerReconciler - issuer *api.CertServiceIssuer +type CMPv2IssuerStatusUpdater struct { + *CMPv2IssuerController + issuer *cmpv2api.CMPv2Issuer logger logr.Logger } -func newStatusReconciler(reconciler *CertServiceIssuerReconciler, issuer *api.CertServiceIssuer, log logr.Logger) *certServiceIssuerStatusReconciler { - return &certServiceIssuerStatusReconciler{ - CertServiceIssuerReconciler: reconciler, - issuer: issuer, - logger: log, +func newStatusUpdater(controller *CMPv2IssuerController, issuer *cmpv2api.CMPv2Issuer, log logr.Logger) *CMPv2IssuerStatusUpdater { + return &CMPv2IssuerStatusUpdater{ + CMPv2IssuerController: controller, + issuer: issuer, + logger: log, } } -func (reconciler *certServiceIssuerStatusReconciler) Update(ctx context.Context, status api.ConditionStatus, reason, message string, args ...interface{}) error { +func (updater *CMPv2IssuerStatusUpdater) Update(ctx context.Context, status cmpv2api.ConditionStatus, reason, message string, args ...interface{}) error { completeMessage := fmt.Sprintf(message, args...) - reconciler.setCondition(status, reason, completeMessage) + updater.setCondition(status, reason, completeMessage) // Fire an Event to additionally inform users of the change eventType := core.EventTypeNormal - if status == api.ConditionFalse { + if status == cmpv2api.ConditionFalse { eventType = core.EventTypeWarning } - reconciler.logger.Info("Firing event: ", "issuer", reconciler.issuer, "eventtype", eventType, "reason", reason, "message", completeMessage) - reconciler.Recorder.Event(reconciler.issuer, eventType, reason, completeMessage) + updater.logger.Info("Firing event: ", "issuer", updater.issuer, "eventtype", eventType, "reason", reason, "message", completeMessage) + updater.Recorder.Event(updater.issuer, eventType, reason, completeMessage) - reconciler.logger.Info("Updating issuer... ") - return reconciler.Client.Update(ctx, reconciler.issuer) + updater.logger.Info("Updating issuer... ") + return updater.Client.Update(ctx, updater.issuer) } -func (reconciler *certServiceIssuerStatusReconciler) UpdateNoError(ctx context.Context, status api.ConditionStatus, reason, message string, args ...interface{}) { - if err := reconciler.Update(ctx, status, reason, message, args...); err != nil { - reconciler.logger.Error(err, "failed to update", "status", status, "reason", reason) +func (updater *CMPv2IssuerStatusUpdater) UpdateNoError(ctx context.Context, status cmpv2api.ConditionStatus, reason, message string, args ...interface{}) { + if err := updater.Update(ctx, status, reason, message, args...); err != nil { + updater.logger.Error(err, "failed to update", "status", status, "reason", reason) } } -// setCondition will set a 'condition' on the given api.CertServiceIssuer resource. +// setCondition will set a 'condition' on the given cmpv2api.CMPv2Issuer resource. // // - If no condition of the same type already exists, the condition will be // inserted with the LastTransitionTime set to the current time. @@ -79,10 +79,10 @@ func (reconciler *certServiceIssuerStatusReconciler) UpdateNoError(ctx context.C // - If a condition of the same type and different state already exists, the // condition will be updated and the LastTransitionTime set to the current // time. -func (reconciler *certServiceIssuerStatusReconciler) setCondition(status api.ConditionStatus, reason, message string) { - now := meta.NewTime(reconciler.Clock.Now()) - issuerCondition := api.CertServiceIssuerCondition{ - Type: api.ConditionReady, +func (updater *CMPv2IssuerStatusUpdater) setCondition(status cmpv2api.ConditionStatus, reason, message string) { + now := meta.NewTime(updater.Clock.Now()) + issuerCondition := cmpv2api.CMPv2IssuerCondition{ + Type: cmpv2api.ConditionReady, Status: status, Reason: reason, Message: message, @@ -90,9 +90,9 @@ func (reconciler *certServiceIssuerStatusReconciler) setCondition(status api.Con } // Search through existing conditions - for i, condition := range reconciler.issuer.Status.Conditions { + for i, condition := range updater.issuer.Status.Conditions { // Skip unrelated conditions - if condition.Type != api.ConditionReady { + if condition.Type != cmpv2api.ConditionReady { continue } @@ -101,16 +101,16 @@ func (reconciler *certServiceIssuerStatusReconciler) setCondition(status api.Con if condition.Status == status { issuerCondition.LastTransitionTime = condition.LastTransitionTime } else { - reconciler.logger.Info("found status change for CertServiceIssuer condition; setting lastTransitionTime", "condition", condition.Type, "old_status", condition.Status, "new_status", status, "time", now.Time) + updater.logger.Info("found status change for CMPv2Issuer condition; setting lastTransitionTime", "condition", condition.Type, "old_status", condition.Status, "new_status", status, "time", now.Time) } // Overwrite the existing condition - reconciler.issuer.Status.Conditions[i] = issuerCondition + updater.issuer.Status.Conditions[i] = issuerCondition return } // If we've not found an existing condition of this type, we simply insert // the new condition into the slice. - reconciler.issuer.Status.Conditions = append(reconciler.issuer.Status.Conditions, issuerCondition) - reconciler.logger.Info("setting lastTransitionTime for CertServiceIssuer condition", "condition", api.ConditionReady, "time", now.Time) + updater.issuer.Status.Conditions = append(updater.issuer.Status.Conditions, issuerCondition) + updater.logger.Info("setting lastTransitionTime for CMPv2Issuer condition", "condition", cmpv2api.ConditionReady, "time", now.Time) } diff --git a/certServiceK8sExternalProvider/src/certservice-provisioner/certservice-provisioner.go b/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner.go similarity index 94% rename from certServiceK8sExternalProvider/src/certservice-provisioner/certservice-provisioner.go rename to certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner.go index 262e708b..a51b8425 100644 --- a/certServiceK8sExternalProvider/src/certservice-provisioner/certservice-provisioner.go +++ b/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner.go @@ -23,7 +23,7 @@ * ============LICENSE_END========================================================= */ -package provisioners +package cmpv2provisioner import ( "bytes" @@ -34,7 +34,7 @@ import ( "fmt" certmanager "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1" "k8s.io/apimachinery/pkg/types" - "onap.org/oom-certservice/k8s-external-provider/src/api" + "onap.org/oom-certservice/k8s-external-provider/src/cmpv2api" ctrl "sigs.k8s.io/controller-runtime" "sync" ) @@ -47,14 +47,14 @@ type CertServiceCA struct { key []byte } -func New(certServiceIssuer *api.CertServiceIssuer, key []byte) (*CertServiceCA, error) { +func New(cmpv2Issuer *cmpv2api.CMPv2Issuer, key []byte) (*CertServiceCA, error) { ca := CertServiceCA{} - ca.name = certServiceIssuer.Name - ca.url = certServiceIssuer.Spec.URL + ca.name = cmpv2Issuer.Name + ca.url = cmpv2Issuer.Spec.URL ca.key = key - log := ctrl.Log.WithName("certservice-provisioner") + log := ctrl.Log.WithName("cmpv2-provisioner") log.Info("Configuring CA: ", "name", ca.name, "url", ca.url, "key", ca.key) return &ca, nil diff --git a/certServiceK8sExternalProvider/test/certservice-provisioner/certservice-provisioner_test.go b/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_test.go similarity index 97% rename from certServiceK8sExternalProvider/test/certservice-provisioner/certservice-provisioner_test.go rename to certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_test.go index b439ef6b..92d09b3c 100644 --- a/certServiceK8sExternalProvider/test/certservice-provisioner/certservice-provisioner_test.go +++ b/certServiceK8sExternalProvider/src/cmpv2provisioner/cmpv2_provisioner_test.go @@ -18,7 +18,7 @@ * ============LICENSE_END========================================================= */ -package certservice_provisioner +package cmpv2provisioner import ( "testing" diff --git a/certServiceK8sExternalProvider/src/exit_code.go b/certServiceK8sExternalProvider/src/exit_code.go new file mode 100644 index 00000000..dea56c83 --- /dev/null +++ b/certServiceK8sExternalProvider/src/exit_code.go @@ -0,0 +1,20 @@ +package app + +type ExitCode struct { + Code int + Message string +} + +func newExitCode(code int, message string) *ExitCode{ + exitCode := new (ExitCode) + exitCode.Code = code + exitCode.Message = message + return exitCode +} + +var ( + FAILED_TO_CREATE_CONTROLLER_MANAGER = ExitCode{1, "unable to create k8s controller manager"} + FAILED_TO_REGISTER_CMPv2_ISSUER_CONTROLLER = ExitCode{2, "unable to register CMPv2Issuer controller"} + FAILED_TO_REGISTER_CERT_REQUEST_CONTROLLER = ExitCode{3, "unable to register CertificateRequestController"} + EXCEPTION_WHILE_RUNNING_CONTROLLER_MANAGER = ExitCode{4, "an exception occurs while running k8s controller manager"} +) -- 2.16.6