duration: 24h
# Renew 8 hours before the certificate expiration
renewBefore: 8h
- # The reference to the step issuer
+ # The reference to the CMPv2 issuer
issuerRef:
group: certmanager.onap.org
- kind: CertificateRequest
- name: certservice-issuer
+ kind: CMPv2Issuer
+ name: cmpv2-issuer
#
apiVersion: certmanager.onap.org/v1
-kind: CertServiceIssuer
+kind: CMPv2Issuer
metadata:
- name: certservice-issuer
+ name: cmpv2-issuer
namespace: onap
spec:
url: https://certservice.default.svc.cluster.local
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
- name: certserviceissuers.certmanager.onap.org
+ name: cmpv2issuers.certmanager.onap.org
spec:
group: certmanager.onap.org
names:
- kind: CertServiceIssuer
- listKind: CertServiceIssuerList
- plural: certserviceissuers
- singular: certserviceissuer
+ kind: CMPv2Issuer
+ listKind: CMPv2IssuerList
+ plural: cmpv2issuers
+ singular: cmpv2issuer
scope: Namespaced
versions:
- name: v1
storage: true
schema:
openAPIV3Schema:
- description: CertServiceIssuer is the Schema for the certserviceissuers API
+ description: CMPv2Issuer is the Schema for the cmpv2issuers API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/cmpv2api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/cmpv2api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
- description: CertServiceIssuerSpec defines the desired state of CertServiceIssuer
+ description: CMPv2IssuerSpec defines the desired state of CMPv2Issuer
properties:
url:
description: URL is the base URL for the certservice certificates instance.
type: string
keyRef:
description: keyRef is a reference to a Secret containing the
- provisioner password used to decrypt the provisioner private key.
+ cmpv2provisioner password used to decrypt the cmpv2provisioner private key.
properties:
key:
description: The key of the secret to select from. Must be a
- keyRef
type: object
status:
- description: CertServiceIssuerStatus defines the observed state of CertServiceIssuer
+ description: CMPv2IssuerStatus defines the observed state of CMPv2Issuer
properties:
conditions:
items:
- description: CertServiceIssuerCondition contains condition information for
+ description: CMPv2IssuerCondition contains condition information for
the certservice issuer.
properties:
lastTransitionTime:
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
- name: certservice-issuer-leader-election-role
+ name: cmpv2-issuer-leader-election-role
namespace: onap
rules:
- apiGroups:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
- name: certservice-issuer-manager-role
+ name: cmpv2-issuer-manager-role
rules:
- apiGroups:
- ""
- apiGroups:
- certmanager.onap.org
resources:
- - certserviceissuers
+ - cmpv2issuers
verbs:
- create
- delete
- apiGroups:
- certmanager.onap.org
resources:
- - certserviceissuers/status
+ - cmpv2issuers/status
verbs:
- get
- patch
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
- name: certservice-issuer-proxy-role
+ name: cmpv2-issuer-proxy-role
rules:
- apiGroups:
- authentication.k8s.io
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
- name: certservice-issuer-leader-election-rolebinding
+ name: cmpv2-issuer-leader-election-rolebinding
namespace: onap
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
- name: certservice-issuer-leader-election-role
+ name: cmpv2-issuer-leader-election-role
subjects:
- kind: ServiceAccount
name: default
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
- name: certservice-issuer-manager-rolebinding
+ name: cmpv2-issuer-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
- name: certservice-issuer-manager-role
+ name: cmpv2-issuer-manager-role
subjects:
- kind: ServiceAccount
name: default
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
- name: certservice-issuer-proxy-rolebinding
+ name: cmpv2-issuer-proxy-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
- name: certservice-issuer-proxy-role
+ name: cmpv2-issuer-proxy-role
subjects:
- kind: ServiceAccount
name: default
clientgoscheme "k8s.io/client-go/kubernetes/scheme"
_ "k8s.io/client-go/plugin/pkg/client/auth/gcp"
"k8s.io/utils/clock"
- certserviceapi "onap.org/oom-certservice/k8s-external-provider/src/api"
- controllers "onap.org/oom-certservice/k8s-external-provider/src/certservice-controller"
+ app "onap.org/oom-certservice/k8s-external-provider/src"
+ certserviceapi "onap.org/oom-certservice/k8s-external-provider/src/cmpv2api"
+ controllers "onap.org/oom-certservice/k8s-external-provider/src/cmpv2controller"
"os"
ctrl "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/log/zap"
func main() {
fmt.Println()
- fmt.Println(" *** Cert Service Provider v1.0.1 ***")
+ fmt.Println(" *** Cert Service Provider v1.0.2 ***")
fmt.Println()
setupLog.Info("Parsing arguments...")
LeaderElection: enableLeaderElection,
})
if err != nil {
- setupLog.Error(err, "unable to start manager")
- os.Exit(1)
+ exit(app.FAILED_TO_CREATE_CONTROLLER_MANAGER, err)
}
- setupLog.Info("Registering CertServiceIssuerReconciler...")
- if err = (&controllers.CertServiceIssuerReconciler{
+ setupLog.Info("Registering CMPv2IssuerController...")
+ if err = (&controllers.CMPv2IssuerController{
Client: manager.GetClient(),
- Log: ctrl.Log.WithName("controllers").WithName("CertServiceIssuer"),
+ Log: ctrl.Log.WithName("controllers").WithName("CMPv2Issuer"),
Clock: clock.RealClock{},
- Recorder: manager.GetEventRecorderFor("certservice-issuer-controller"),
+ Recorder: manager.GetEventRecorderFor("cmpv2-issuer-controller"),
}).SetupWithManager(manager); err != nil {
- setupLog.Error(err, "unable to create controller", "controller", "CertServiceIssuer")
- os.Exit(1)
+ exit(app.FAILED_TO_REGISTER_CMPv2_ISSUER_CONTROLLER, err)
}
- setupLog.Info("Registering CertificateRequestReconciler...")
- if err = (&controllers.CertificateRequestReconciler{
+ setupLog.Info("Registering CertificateRequestController...")
+ if err = (&controllers.CertificateRequestController{
Client: manager.GetClient(),
Log: ctrl.Log.WithName("controllers").WithName("CertificateRequest"),
- Recorder: manager.GetEventRecorderFor("certificaterequests-controller"),
+ Recorder: manager.GetEventRecorderFor("certificate-requests-controller"),
}).SetupWithManager(manager); err != nil {
- setupLog.Error(err, "unable to create controller", "controller", "CertificateRequest")
- os.Exit(1)
+ exit(app.FAILED_TO_REGISTER_CERT_REQUEST_CONTROLLER, err)
}
setupLog.Info("Starting k8s manager...")
if err := manager.Start(ctrl.SetupSignalHandler()); err != nil {
- setupLog.Error(err, "problem running manager")
- os.Exit(1)
+ exit(app.EXCEPTION_WHILE_RUNNING_CONTROLLER_MANAGER, err)
}
setupLog.Info("Application is up and running.")
}
+
+func exit(exitCode app.ExitCode, err error) {
+ setupLog.Error(err, exitCode.Message)
+ os.Exit(exitCode.Code)
+}
* ============LICENSE_END=========================================================
*/
-package api
+package cmpv2api
import (
"k8s.io/apimachinery/pkg/runtime/schema"
// AddToScheme adds the types in this group-version to the given scheme.
AddToScheme = SchemeBuilder.AddToScheme
)
+
+const CMPv2IssuerKind = "CMPv2Issuer"
+
* ============LICENSE_END=========================================================
*/
-package api
+package cmpv2api
import (
runtime "k8s.io/apimachinery/pkg/runtime"
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (inputCertServiceIssuer *CertServiceIssuer) DeepCopyInto(outCertServiceIssuer *CertServiceIssuer) {
- *outCertServiceIssuer = *inputCertServiceIssuer
- outCertServiceIssuer.TypeMeta = inputCertServiceIssuer.TypeMeta
- inputCertServiceIssuer.ObjectMeta.DeepCopyInto(&outCertServiceIssuer.ObjectMeta)
- inputCertServiceIssuer.Spec.DeepCopyInto(&outCertServiceIssuer.Spec)
- inputCertServiceIssuer.Status.DeepCopyInto(&outCertServiceIssuer.Status)
+func (inputCMPv2Issuer *CMPv2Issuer) DeepCopyInto(outCMPv2Issuer *CMPv2Issuer) {
+ *outCMPv2Issuer = *inputCMPv2Issuer
+ outCMPv2Issuer.TypeMeta = inputCMPv2Issuer.TypeMeta
+ inputCMPv2Issuer.ObjectMeta.DeepCopyInto(&outCMPv2Issuer.ObjectMeta)
+ inputCMPv2Issuer.Spec.DeepCopyInto(&outCMPv2Issuer.Spec)
+ inputCMPv2Issuer.Status.DeepCopyInto(&outCMPv2Issuer.Status)
}
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertServiceIssuer.
-func (inputCertServiceIssuer *CertServiceIssuer) DeepCopy() *CertServiceIssuer {
- if inputCertServiceIssuer == nil {
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CMPv2Issuer.
+func (inputCMPv2Issuer *CMPv2Issuer) DeepCopy() *CMPv2Issuer {
+ if inputCMPv2Issuer == nil {
return nil
}
- out := new(CertServiceIssuer)
- inputCertServiceIssuer.DeepCopyInto(out)
+ out := new(CMPv2Issuer)
+ inputCMPv2Issuer.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (inputCertServiceIssuer *CertServiceIssuer) DeepCopyObject() runtime.Object {
- if deepCopy := inputCertServiceIssuer.DeepCopy(); deepCopy != nil {
+func (inputCMPv2Issuer *CMPv2Issuer) DeepCopyObject() runtime.Object {
+ if deepCopy := inputCMPv2Issuer.DeepCopy(); deepCopy != nil {
return deepCopy
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (inputIssuerCondition *CertServiceIssuerCondition) DeepCopyInto(outIssuerCondition *CertServiceIssuerCondition) {
+func (inputIssuerCondition *CMPv2IssuerCondition) DeepCopyInto(outIssuerCondition *CMPv2IssuerCondition) {
*outIssuerCondition = *inputIssuerCondition
if inputIssuerCondition.LastTransitionTime != nil {
in, out := &inputIssuerCondition.LastTransitionTime, &outIssuerCondition.LastTransitionTime
}
}
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertServiceIssuerCondition.
-func (inputIssuerCondition *CertServiceIssuerCondition) DeepCopy() *CertServiceIssuerCondition {
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CMPv2IssuerCondition.
+func (inputIssuerCondition *CMPv2IssuerCondition) DeepCopy() *CMPv2IssuerCondition {
if inputIssuerCondition == nil {
return nil
}
- out := new(CertServiceIssuerCondition)
+ out := new(CMPv2IssuerCondition)
inputIssuerCondition.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (inputIssuerList *CertServiceIssuerList) DeepCopyInto(outIssuerList *CertServiceIssuerList) {
+func (inputIssuerList *CMPv2IssuerList) DeepCopyInto(outIssuerList *CMPv2IssuerList) {
*outIssuerList = *inputIssuerList
outIssuerList.TypeMeta = inputIssuerList.TypeMeta
inputIssuerList.ListMeta.DeepCopyInto(&outIssuerList.ListMeta)
if inputIssuerList.Items != nil {
in, out := &inputIssuerList.Items, &outIssuerList.Items
- *out = make([]CertServiceIssuer, len(*in))
+ *out = make([]CMPv2Issuer, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
}
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertServiceIssuerList.
-func (inputIssuerList *CertServiceIssuerList) DeepCopy() *CertServiceIssuerList {
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CMPv2IssuerList.
+func (inputIssuerList *CMPv2IssuerList) DeepCopy() *CMPv2IssuerList {
if inputIssuerList == nil {
return nil
}
- out := new(CertServiceIssuerList)
+ out := new(CMPv2IssuerList)
inputIssuerList.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (inputIssuerList *CertServiceIssuerList) DeepCopyObject() runtime.Object {
+func (inputIssuerList *CMPv2IssuerList) DeepCopyObject() runtime.Object {
if deepCopy := inputIssuerList.DeepCopy(); deepCopy != nil {
return deepCopy
}
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (inputIssuerSpec *CertServiceIssuerSpec) DeepCopyInto(outIssuerSpec *CertServiceIssuerSpec) {
+func (inputIssuerSpec *CMPv2IssuerSpec) DeepCopyInto(outIssuerSpec *CMPv2IssuerSpec) {
*outIssuerSpec = *inputIssuerSpec
outIssuerSpec.KeyRef = inputIssuerSpec.KeyRef
}
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertServiceIssuerSpec.
-func (inputIssuerSpec *CertServiceIssuerSpec) DeepCopy() *CertServiceIssuerSpec {
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CMPv2IssuerSpec.
+func (inputIssuerSpec *CMPv2IssuerSpec) DeepCopy() *CMPv2IssuerSpec {
if inputIssuerSpec == nil {
return nil
}
- out := new(CertServiceIssuerSpec)
+ out := new(CMPv2IssuerSpec)
inputIssuerSpec.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (inputIssuerStatus *CertServiceIssuerStatus) DeepCopyInto(outIssuerStatus *CertServiceIssuerStatus) {
+func (inputIssuerStatus *CMPv2IssuerStatus) DeepCopyInto(outIssuerStatus *CMPv2IssuerStatus) {
*outIssuerStatus = *inputIssuerStatus
if inputIssuerStatus.Conditions != nil {
in, out := &inputIssuerStatus.Conditions, &outIssuerStatus.Conditions
- *out = make([]CertServiceIssuerCondition, len(*in))
+ *out = make([]CMPv2IssuerCondition, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
}
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertServiceIssuerStatus.
-func (inputIssuerStatus *CertServiceIssuerStatus) DeepCopy() *CertServiceIssuerStatus {
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CMPv2IssuerStatus.
+func (inputIssuerStatus *CMPv2IssuerStatus) DeepCopy() *CMPv2IssuerStatus {
if inputIssuerStatus == nil {
return nil
}
- out := new(CertServiceIssuerStatus)
+ out := new(CMPv2IssuerStatus)
inputIssuerStatus.DeepCopyInto(out)
return out
}
* ============LICENSE_END=========================================================
*/
-package api
+package cmpv2api
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
func init() {
- SchemeBuilder.Register(&CertServiceIssuer{}, &CertServiceIssuerList{})
+ SchemeBuilder.Register(&CMPv2Issuer{}, &CMPv2IssuerList{})
}
-// CertServiceIssuerSpec defines the desired state of CertServiceIssuer
-type CertServiceIssuerSpec struct {
+// CMPv2IssuerSpec defines the desired state of CMPv2Issuer
+type CMPv2IssuerSpec struct {
// URL is the base URL for the CertService certificates instance.
URL string `json:"url"`
KeyRef SecretKeySelector `json:"keyRef"`
}
-// CertServiceIssuerStatus defines the observed state of CertServiceIssuer
-type CertServiceIssuerStatus struct {
- // INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
- // Important: Run "make" to regenerate code after modifying this file
+// CMPv2IssuerStatus defines the observed state of CMPv2Issuer
+type CMPv2IssuerStatus struct {
// +optional
- Conditions []CertServiceIssuerCondition `json:"conditions,omitempty"`
+ Conditions []CMPv2IssuerCondition `json:"conditions,omitempty"`
}
-// +kubebuilder:object:root=true
-
-// CertServiceIssuer is the Schema for the certserviceissuers API
-// +kubebuilder:subresource:status
-type CertServiceIssuer struct {
+type CMPv2Issuer struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
- Spec CertServiceIssuerSpec `json:"spec,omitempty"`
- Status CertServiceIssuerStatus `json:"status,omitempty"`
+ Spec CMPv2IssuerSpec `json:"spec,omitempty"`
+ Status CMPv2IssuerStatus `json:"status,omitempty"`
}
// +kubebuilder:object:root=true
-// CertServiceIssuerList contains a list of CertServiceIssuer
-type CertServiceIssuerList struct {
+// CMPv2IssuerList contains a list of CMPv2Issuer
+type CMPv2IssuerList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
- Items []CertServiceIssuer `json:"items"`
+ Items []CMPv2Issuer `json:"items"`
}
// SecretKeySelector contains the reference to a secret.
Key string `json:"key,omitempty"`
}
-// ConditionType represents a CertServiceIssuer condition type.
+// ConditionType represents a CMPv2Issuer condition type.
// +kubebuilder:validation:Enum=Ready
type ConditionType string
const (
- // ConditionReady indicates that a CertServiceIssuer is ready for use.
+ // ConditionReady indicates that a CMPv2Issuer is ready for use.
ConditionReady ConditionType = "Ready"
)
ConditionUnknown ConditionStatus = "Unknown"
)
-// CertServiceIssuerCondition contains condition information for the CertService issuer.
-type CertServiceIssuerCondition struct {
+// CMPv2IssuerCondition contains condition information for the CertService issuer.
+type CMPv2IssuerCondition struct {
// Type of the condition, currently ('Ready').
Type ConditionType `json:"type"`
* ============LICENSE_END=========================================================
*/
-package certservice_controller
+package cmpv2controller
import (
"context"
"fmt"
- "onap.org/oom-certservice/k8s-external-provider/src/api"
- provisioners "onap.org/oom-certservice/k8s-external-provider/src/certservice-provisioner"
+ "onap.org/oom-certservice/k8s-external-provider/src/cmpv2api"
+ provisioners "onap.org/oom-certservice/k8s-external-provider/src/cmpv2provisioner"
"github.com/go-logr/logr"
apiutil "github.com/jetstack/cert-manager/pkg/api/util"
"sigs.k8s.io/controller-runtime/pkg/client"
)
-// CertificateRequestReconciler reconciles a CertServiceIssuer object.
-type CertificateRequestReconciler struct {
+// CertificateRequestController reconciles a CMPv2Issuer object.
+type CertificateRequestController struct {
client.Client
Log logr.Logger
Recorder record.EventRecorder
}
-// Reconcile will read and validate a CertServiceIssuer resource associated to the
+// Reconcile will read and validate a CMPv2Issuer resource associated to the
// CertificateRequest resource, and it will sign the CertificateRequest with the
-// provisioner in the CertServiceIssuer.
-func (reconciler *CertificateRequestReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
+// provisioner in the CMPv2Issuer.
+func (controller *CertificateRequestController) Reconcile(req ctrl.Request) (ctrl.Result, error) {
ctx := context.Background()
- log := reconciler.Log.WithValues("certificaterequest", req.NamespacedName)
+ log := controller.Log.WithValues("certificate-request-controller", req.NamespacedName)
// Fetch the CertificateRequest resource being reconciled.
// Just ignore the request if the certificate request has been deleted.
certificateRequest := new(cmapi.CertificateRequest)
- if err := reconciler.Client.Get(ctx, req.NamespacedName, certificateRequest); err != nil {
+ if err := controller.Client.Get(ctx, req.NamespacedName, certificateRequest); err != nil {
if apierrors.IsNotFound(err) {
return ctrl.Result{}, nil
}
return ctrl.Result{}, err
}
- // Check the CertificateRequest's issuerRef and if it does not match the api
- // group name, log a message at a debug level and stop processing.
- if certificateRequest.Spec.IssuerRef.Group != "" && certificateRequest.Spec.IssuerRef.Group != api.GroupVersion.Group {
- log.V(4).Info("resource does not specify an issuerRef group name that we are responsible for", "group", certificateRequest.Spec.IssuerRef.Group)
+ if !isCMPv2CertificateRequest(certificateRequest) {
+ log.V(4).Info("certificate request is not CMPv2",
+ "group", certificateRequest.Spec.IssuerRef.Group,
+ "kind", certificateRequest.Spec.IssuerRef.Kind)
return ctrl.Result{}, nil
}
return ctrl.Result{}, nil
}
- // Fetch the CertServiceIssuer resource
- issuer := api.CertServiceIssuer{}
+ // Fetch the CMPv2Issuer resource
+ issuer := cmpv2api.CMPv2Issuer{}
issuerNamespaceName := types.NamespacedName{
Namespace: req.Namespace,
Name: certificateRequest.Spec.IssuerRef.Name,
}
- if err := reconciler.Client.Get(ctx, issuerNamespaceName, &issuer); err != nil {
- log.Error(err, "failed to retrieve CertServiceIssuer resource", "namespace", req.Namespace, "name", certificateRequest.Spec.IssuerRef.Name)
- _ = reconciler.setStatus(ctx, certificateRequest, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonPending, "Failed to retrieve CertServiceIssuer resource %s: %v", issuerNamespaceName, err)
+ if err := controller.Client.Get(ctx, issuerNamespaceName, &issuer); err != nil {
+ log.Error(err, "failed to retrieve CMPv2Issuer resource", "namespace", req.Namespace, "name", certificateRequest.Spec.IssuerRef.Name)
+ _ = controller.setStatus(ctx, certificateRequest, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonPending, "Failed to retrieve CMPv2Issuer resource %s: %v", issuerNamespaceName, err)
return ctrl.Result{}, err
}
- // Check if the CertServiceIssuer resource has been marked Ready
- if !certServiceIssuerHasCondition(issuer, api.CertServiceIssuerCondition{Type: api.ConditionReady, Status: api.ConditionTrue}) {
+ // Check if the CMPv2Issuer resource has been marked Ready
+ if !cmpv2IssuerHasCondition(issuer, cmpv2api.CMPv2IssuerCondition{Type: cmpv2api.ConditionReady, Status: cmpv2api.ConditionTrue}) {
err := fmt.Errorf("resource %s is not ready", issuerNamespaceName)
- log.Error(err, "failed to retrieve CertServiceIssuer resource", "namespace", req.Namespace, "name", certificateRequest.Spec.IssuerRef.Name)
- _ = reconciler.setStatus(ctx, certificateRequest, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonPending, "CertServiceIssuer resource %s is not Ready", issuerNamespaceName)
+ log.Error(err, "failed to retrieve CMPv2Issuer resource", "namespace", req.Namespace, "name", certificateRequest.Spec.IssuerRef.Name)
+ _ = controller.setStatus(ctx, certificateRequest, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonPending, "CMPv2Issuer resource %s is not Ready", issuerNamespaceName)
return ctrl.Result{}, err
}
provisioner, ok := provisioners.Load(issuerNamespaceName)
if !ok {
err := fmt.Errorf("provisioner %s not found", issuerNamespaceName)
- log.Error(err, "failed to provisioner for CertServiceIssuer resource")
- _ = reconciler.setStatus(ctx, certificateRequest, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonPending, "Failed to load provisioner for CertServiceIssuer resource %s", issuerNamespaceName)
+ log.Error(err, "failed to provisioner for CMPv2Issuer resource")
+ _ = controller.setStatus(ctx, certificateRequest, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonPending, "Failed to load provisioner for CMPv2Issuer resource %s", issuerNamespaceName)
return ctrl.Result{}, err
}
signedPEM, trustedCAs, err := provisioner.Sign(ctx, certificateRequest)
if err != nil {
log.Error(err, "failed to sign certificate request")
- return ctrl.Result{}, reconciler.setStatus(ctx, certificateRequest, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonFailed, "Failed to sign certificate request: %v", err)
+ return ctrl.Result{}, controller.setStatus(ctx, certificateRequest, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonFailed, "Failed to sign certificate request: %v", err)
}
certificateRequest.Status.Certificate = signedPEM
certificateRequest.Status.CA = trustedCAs
- return ctrl.Result{}, reconciler.setStatus(ctx, certificateRequest, cmmeta.ConditionTrue, cmapi.CertificateRequestReasonIssued, "Certificate issued")
+ return ctrl.Result{}, controller.setStatus(ctx, certificateRequest, cmmeta.ConditionTrue, cmapi.CertificateRequestReasonIssued, "Certificate issued")
}
// SetupWithManager initializes the CertificateRequest controller into the
// controller runtime.
-func (reconciler *CertificateRequestReconciler) SetupWithManager(manager ctrl.Manager) error {
+func (controller *CertificateRequestController) SetupWithManager(manager ctrl.Manager) error {
return ctrl.NewControllerManagedBy(manager).
For(&cmapi.CertificateRequest{}).
- Complete(reconciler)
+ Complete(controller)
}
-// certServiceIssuerHasCondition will return true if the given CertServiceIssuer resource has
-// a condition matching the provided CertServiceIssuerCondition. Only the Type and
+// cmpv2IssuerHasCondition will return true if the given CMPv2Issuer resource has
+// a condition matching the provided CMPv2IssuerCondition. Only the Type and
// Status field will be used in the comparison, meaning that this function will
// return 'true' even if the Reason, Message and LastTransitionTime fields do
// not match.
-func certServiceIssuerHasCondition(issuer api.CertServiceIssuer, condition api.CertServiceIssuerCondition) bool {
+func cmpv2IssuerHasCondition(issuer cmpv2api.CMPv2Issuer, condition cmpv2api.CMPv2IssuerCondition) bool {
existingConditions := issuer.Status.Conditions
for _, cond := range existingConditions {
if condition.Type == cond.Type && condition.Status == cond.Status {
return false
}
-func (reconciler *CertificateRequestReconciler) setStatus(ctx context.Context, certificateRequest *cmapi.CertificateRequest, status cmmeta.ConditionStatus, reason, message string, args ...interface{}) error {
+func isCMPv2CertificateRequest(certificateRequest *cmapi.CertificateRequest) bool {
+ return certificateRequest.Spec.IssuerRef.Group != "" &&
+ certificateRequest.Spec.IssuerRef.Group == cmpv2api.GroupVersion.Group &&
+ certificateRequest.Spec.IssuerRef.Kind == cmpv2api.CMPv2IssuerKind
+
+}
+
+func (controller *CertificateRequestController) setStatus(ctx context.Context, certificateRequest *cmapi.CertificateRequest, status cmmeta.ConditionStatus, reason, message string, args ...interface{}) error {
completeMessage := fmt.Sprintf(message, args...)
apiutil.SetCertificateRequestCondition(certificateRequest, cmapi.CertificateRequestConditionReady, status, reason, completeMessage)
if status == cmmeta.ConditionFalse {
eventType = core.EventTypeWarning
}
- reconciler.Recorder.Event(certificateRequest, eventType, reason, completeMessage)
+ controller.Recorder.Event(certificateRequest, eventType, reason, completeMessage)
- return reconciler.Client.Status().Update(ctx, certificateRequest)
+ return controller.Client.Status().Update(ctx, certificateRequest)
}
--- /dev/null
+package cmpv2controller
+
+import (
+ cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
+ "testing"
+)
+
+func TestIsCMPv2CertificateRequest_notCMPv2Request(t *testing.T) {
+ request := new(cmapi.CertificateRequest)
+ if isCMPv2CertificateRequest(request) {
+ t.Logf("CPMv2 request [NOK]")
+ t.FailNow()
+ }
+
+ request.Spec.IssuerRef.Group = "certmanager.onap.org"
+ request.Spec.IssuerRef.Kind = "CertificateRequest"
+ if isCMPv2CertificateRequest(request) {
+ t.Logf("CPMv2 request [NOK]")
+ t.FailNow()
+ }
+}
+
+func TestIsCMPv2CertificateRequest_CMPvRequest(t *testing.T) {
+ request := new(cmapi.CertificateRequest)
+ request.Spec.IssuerRef.Group = "certmanager.onap.org"
+ request.Spec.IssuerRef.Kind = "CMPv2Issuer"
+
+ if isCMPv2CertificateRequest(request) {
+ t.Logf("CPMv2 request [OK]")
+ } else {
+ t.Logf("Not a CPMv2 request [NOK]")
+ t.FailNow()
+ }
+}
+
* ============LICENSE_END=========================================================
*/
-package certservice_controller
+package cmpv2controller
import (
"context"
"k8s.io/apimachinery/pkg/types"
"k8s.io/client-go/tools/record"
"k8s.io/utils/clock"
- "onap.org/oom-certservice/k8s-external-provider/src/api"
- provisioners "onap.org/oom-certservice/k8s-external-provider/src/certservice-provisioner"
+ "onap.org/oom-certservice/k8s-external-provider/src/cmpv2api"
+ provisioners "onap.org/oom-certservice/k8s-external-provider/src/cmpv2provisioner"
ctrl "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/client"
)
-// CertServiceIssuerReconciler reconciles a CertServiceIssuer object
-type CertServiceIssuerReconciler struct {
+// CMPv2IssuerController reconciles a CMPv2Issuer object
+type CMPv2IssuerController struct {
client.Client
Log logr.Logger
Clock clock.Clock
Recorder record.EventRecorder
}
-// Reconcile will read and validate the CertServiceIssuer resources, it will set the
+// Reconcile will read and validate the CMPv2Issuer resources, it will set the
// status condition ready to true if everything is right.
-func (reconciler *CertServiceIssuerReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
+func (controller *CMPv2IssuerController) Reconcile(req ctrl.Request) (ctrl.Result, error) {
ctx := context.Background()
- log := reconciler.Log.WithValues("certservice-issuer-controller", req.NamespacedName)
+ log := controller.Log.WithValues("cmpv2-issuer-controller", req.NamespacedName)
- issuer := new(api.CertServiceIssuer)
- if err := reconciler.Client.Get(ctx, req.NamespacedName, issuer); err != nil {
- log.Error(err, "failed to retrieve CertServiceIssuer resource")
+ issuer := new(cmpv2api.CMPv2Issuer)
+ if err := controller.Client.Get(ctx, req.NamespacedName, issuer); err != nil {
+ log.Error(err, "failed to retrieve CMPv2Issuer resource")
return ctrl.Result{}, client.IgnoreNotFound(err)
}
log.Info("Issuer loaded: ", "issuer", issuer)
- statusReconciler := newStatusReconciler(reconciler, issuer, log)
- if err := validateCertServiceIssuerSpec(issuer.Spec); err != nil {
- log.Error(err, "failed to validate CertServiceIssuer resource")
- statusReconciler.UpdateNoError(ctx, api.ConditionFalse, "Validation", "Failed to validate resource: %v", err)
+ statusUpdater := newStatusUpdater(controller, issuer, log)
+ if err := validateCMPv2IssuerSpec(issuer.Spec); err != nil {
+ log.Error(err, "failed to validate CMPv2Issuer resource")
+ statusUpdater.UpdateNoError(ctx, cmpv2api.ConditionFalse, "Validation", "Failed to validate resource: %v", err)
return ctrl.Result{}, err
}
log.Info("Issuer validated. ")
Namespace: req.Namespace,
Name: issuer.Spec.KeyRef.Name,
}
- if err := reconciler.Client.Get(ctx, secretNamespaceName, &secret); err != nil {
- log.Error(err, "failed to retrieve CertServiceIssuer provisioner secret", "namespace", secretNamespaceName.Namespace, "name", secretNamespaceName.Name)
+ if err := controller.Client.Get(ctx, secretNamespaceName, &secret); err != nil {
+ log.Error(err, "failed to retrieve CMPv2Issuer provisioner secret", "namespace", secretNamespaceName.Namespace, "name", secretNamespaceName.Name)
if apierrors.IsNotFound(err) {
- statusReconciler.UpdateNoError(ctx, api.ConditionFalse, "NotFound", "Failed to retrieve provisioner secret: %v", err)
+ statusUpdater.UpdateNoError(ctx, cmpv2api.ConditionFalse, "NotFound", "Failed to retrieve provisioner secret: %v", err)
} else {
- statusReconciler.UpdateNoError(ctx, api.ConditionFalse, "Error", "Failed to retrieve provisioner secret: %v", err)
+ statusUpdater.UpdateNoError(ctx, cmpv2api.ConditionFalse, "Error", "Failed to retrieve provisioner secret: %v", err)
}
return ctrl.Result{}, err
}
password, ok := secret.Data[issuer.Spec.KeyRef.Key]
if !ok {
err := fmt.Errorf("secret %s does not contain key %s", secret.Name, issuer.Spec.KeyRef.Key)
- log.Error(err, "failed to retrieve CertServiceIssuer provisioner secret", "namespace", secretNamespaceName.Namespace, "name", secretNamespaceName.Name)
- statusReconciler.UpdateNoError(ctx, api.ConditionFalse, "NotFound", "Failed to retrieve provisioner secret: %v", err)
+ log.Error(err, "failed to retrieve CMPv2Issuer provisioner secret", "namespace", secretNamespaceName.Namespace, "name", secretNamespaceName.Name)
+ statusUpdater.UpdateNoError(ctx, cmpv2api.ConditionFalse, "NotFound", "Failed to retrieve provisioner secret: %v", err)
return ctrl.Result{}, err
}
provisioner, err := provisioners.New(issuer, password)
if err != nil {
log.Error(err, "failed to initialize provisioner")
- statusReconciler.UpdateNoError(ctx, api.ConditionFalse, "Error", "failed initialize provisioner")
+ statusUpdater.UpdateNoError(ctx, cmpv2api.ConditionFalse, "Error", "failed initialize provisioner")
return ctrl.Result{}, err
}
provisioners.Store(req.NamespacedName, provisioner)
- log.Info( "CertServiceIssuer verified. Updating status to Verified...")
- return ctrl.Result{}, statusReconciler.Update(ctx, api.ConditionTrue, "Verified", "CertServiceIssuer verified and ready to sign certificates")
+ log.Info( "CMPv2Issuer verified. Updating status to Verified...")
+ return ctrl.Result{}, statusUpdater.Update(ctx, cmpv2api.ConditionTrue, "Verified", "CMPv2Issuer verified and ready to sign certificates")
}
-// SetupWithManager initializes the CertServiceIssuer controller into the controller
+// SetupWithManager initializes the CMPv2Issuer controller into the controller
// runtime.
-func (reconciler *CertServiceIssuerReconciler) SetupWithManager(manager ctrl.Manager) error {
+func (controller *CMPv2IssuerController) SetupWithManager(manager ctrl.Manager) error {
return ctrl.NewControllerManagedBy(manager).
- For(&api.CertServiceIssuer{}).
- Complete(reconciler)
+ For(&cmpv2api.CMPv2Issuer{}).
+ Complete(controller)
}
-func validateCertServiceIssuerSpec(issuerSpec api.CertServiceIssuerSpec) error {
+func validateCMPv2IssuerSpec(issuerSpec cmpv2api.CMPv2IssuerSpec) error {
switch {
case issuerSpec.URL == "":
return fmt.Errorf("spec.url cannot be empty")
* ============LICENSE_END=========================================================
*/
-package certservice_controller
+package cmpv2controller
import (
"context"
"github.com/go-logr/logr"
core "k8s.io/api/core/v1"
meta "k8s.io/apimachinery/pkg/apis/meta/v1"
- "onap.org/oom-certservice/k8s-external-provider/src/api"
+ "onap.org/oom-certservice/k8s-external-provider/src/cmpv2api"
)
-type certServiceIssuerStatusReconciler struct {
- *CertServiceIssuerReconciler
- issuer *api.CertServiceIssuer
+type CMPv2IssuerStatusUpdater struct {
+ *CMPv2IssuerController
+ issuer *cmpv2api.CMPv2Issuer
logger logr.Logger
}
-func newStatusReconciler(reconciler *CertServiceIssuerReconciler, issuer *api.CertServiceIssuer, log logr.Logger) *certServiceIssuerStatusReconciler {
- return &certServiceIssuerStatusReconciler{
- CertServiceIssuerReconciler: reconciler,
- issuer: issuer,
- logger: log,
+func newStatusUpdater(controller *CMPv2IssuerController, issuer *cmpv2api.CMPv2Issuer, log logr.Logger) *CMPv2IssuerStatusUpdater {
+ return &CMPv2IssuerStatusUpdater{
+ CMPv2IssuerController: controller,
+ issuer: issuer,
+ logger: log,
}
}
-func (reconciler *certServiceIssuerStatusReconciler) Update(ctx context.Context, status api.ConditionStatus, reason, message string, args ...interface{}) error {
+func (updater *CMPv2IssuerStatusUpdater) Update(ctx context.Context, status cmpv2api.ConditionStatus, reason, message string, args ...interface{}) error {
completeMessage := fmt.Sprintf(message, args...)
- reconciler.setCondition(status, reason, completeMessage)
+ updater.setCondition(status, reason, completeMessage)
// Fire an Event to additionally inform users of the change
eventType := core.EventTypeNormal
- if status == api.ConditionFalse {
+ if status == cmpv2api.ConditionFalse {
eventType = core.EventTypeWarning
}
- reconciler.logger.Info("Firing event: ", "issuer", reconciler.issuer, "eventtype", eventType, "reason", reason, "message", completeMessage)
- reconciler.Recorder.Event(reconciler.issuer, eventType, reason, completeMessage)
+ updater.logger.Info("Firing event: ", "issuer", updater.issuer, "eventtype", eventType, "reason", reason, "message", completeMessage)
+ updater.Recorder.Event(updater.issuer, eventType, reason, completeMessage)
- reconciler.logger.Info("Updating issuer... ")
- return reconciler.Client.Update(ctx, reconciler.issuer)
+ updater.logger.Info("Updating issuer... ")
+ return updater.Client.Update(ctx, updater.issuer)
}
-func (reconciler *certServiceIssuerStatusReconciler) UpdateNoError(ctx context.Context, status api.ConditionStatus, reason, message string, args ...interface{}) {
- if err := reconciler.Update(ctx, status, reason, message, args...); err != nil {
- reconciler.logger.Error(err, "failed to update", "status", status, "reason", reason)
+func (updater *CMPv2IssuerStatusUpdater) UpdateNoError(ctx context.Context, status cmpv2api.ConditionStatus, reason, message string, args ...interface{}) {
+ if err := updater.Update(ctx, status, reason, message, args...); err != nil {
+ updater.logger.Error(err, "failed to update", "status", status, "reason", reason)
}
}
-// setCondition will set a 'condition' on the given api.CertServiceIssuer resource.
+// setCondition will set a 'condition' on the given cmpv2api.CMPv2Issuer resource.
//
// - If no condition of the same type already exists, the condition will be
// inserted with the LastTransitionTime set to the current time.
// - If a condition of the same type and different state already exists, the
// condition will be updated and the LastTransitionTime set to the current
// time.
-func (reconciler *certServiceIssuerStatusReconciler) setCondition(status api.ConditionStatus, reason, message string) {
- now := meta.NewTime(reconciler.Clock.Now())
- issuerCondition := api.CertServiceIssuerCondition{
- Type: api.ConditionReady,
+func (updater *CMPv2IssuerStatusUpdater) setCondition(status cmpv2api.ConditionStatus, reason, message string) {
+ now := meta.NewTime(updater.Clock.Now())
+ issuerCondition := cmpv2api.CMPv2IssuerCondition{
+ Type: cmpv2api.ConditionReady,
Status: status,
Reason: reason,
Message: message,
}
// Search through existing conditions
- for i, condition := range reconciler.issuer.Status.Conditions {
+ for i, condition := range updater.issuer.Status.Conditions {
// Skip unrelated conditions
- if condition.Type != api.ConditionReady {
+ if condition.Type != cmpv2api.ConditionReady {
continue
}
if condition.Status == status {
issuerCondition.LastTransitionTime = condition.LastTransitionTime
} else {
- reconciler.logger.Info("found status change for CertServiceIssuer condition; setting lastTransitionTime", "condition", condition.Type, "old_status", condition.Status, "new_status", status, "time", now.Time)
+ updater.logger.Info("found status change for CMPv2Issuer condition; setting lastTransitionTime", "condition", condition.Type, "old_status", condition.Status, "new_status", status, "time", now.Time)
}
// Overwrite the existing condition
- reconciler.issuer.Status.Conditions[i] = issuerCondition
+ updater.issuer.Status.Conditions[i] = issuerCondition
return
}
// If we've not found an existing condition of this type, we simply insert
// the new condition into the slice.
- reconciler.issuer.Status.Conditions = append(reconciler.issuer.Status.Conditions, issuerCondition)
- reconciler.logger.Info("setting lastTransitionTime for CertServiceIssuer condition", "condition", api.ConditionReady, "time", now.Time)
+ updater.issuer.Status.Conditions = append(updater.issuer.Status.Conditions, issuerCondition)
+ updater.logger.Info("setting lastTransitionTime for CMPv2Issuer condition", "condition", cmpv2api.ConditionReady, "time", now.Time)
}
* ============LICENSE_END=========================================================
*/
-package provisioners
+package cmpv2provisioner
import (
"bytes"
"fmt"
certmanager "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
"k8s.io/apimachinery/pkg/types"
- "onap.org/oom-certservice/k8s-external-provider/src/api"
+ "onap.org/oom-certservice/k8s-external-provider/src/cmpv2api"
ctrl "sigs.k8s.io/controller-runtime"
"sync"
)
key []byte
}
-func New(certServiceIssuer *api.CertServiceIssuer, key []byte) (*CertServiceCA, error) {
+func New(cmpv2Issuer *cmpv2api.CMPv2Issuer, key []byte) (*CertServiceCA, error) {
ca := CertServiceCA{}
- ca.name = certServiceIssuer.Name
- ca.url = certServiceIssuer.Spec.URL
+ ca.name = cmpv2Issuer.Name
+ ca.url = cmpv2Issuer.Spec.URL
ca.key = key
- log := ctrl.Log.WithName("certservice-provisioner")
+ log := ctrl.Log.WithName("cmpv2-provisioner")
log.Info("Configuring CA: ", "name", ca.name, "url", ca.url, "key", ca.key)
return &ca, nil
* ============LICENSE_END=========================================================
*/
-package certservice_provisioner
+package cmpv2provisioner
import (
"testing"
--- /dev/null
+package app
+
+type ExitCode struct {
+ Code int
+ Message string
+}
+
+func newExitCode(code int, message string) *ExitCode{
+ exitCode := new (ExitCode)
+ exitCode.Code = code
+ exitCode.Message = message
+ return exitCode
+}
+
+var (
+ FAILED_TO_CREATE_CONTROLLER_MANAGER = ExitCode{1, "unable to create k8s controller manager"}
+ FAILED_TO_REGISTER_CMPv2_ISSUER_CONTROLLER = ExitCode{2, "unable to register CMPv2Issuer controller"}
+ FAILED_TO_REGISTER_CERT_REQUEST_CONTROLLER = ExitCode{3, "unable to register CertificateRequestController"}
+ EXCEPTION_WHILE_RUNNING_CONTROLLER_MANAGER = ExitCode{4, "an exception occurs while running k8s controller manager"}
+)
Code Review / oom / platform / cert-service.git / commitdiff