Merge pull request #17 from Keyfactor/est-54302

feat(est): Implement EST client into Signer module instead of using EST client dep

Author: fiddlermikey

.github/workflows/keyfactor-workflow.yml

@@ -0,0 +1,20 @@
+# Also called the Bootstrap Workflow
+name: Keyfactor Workflow
+
+on:
+  workflow_dispatch:
+  pull_request:
+    types: [opened, closed, synchronize, edited, reopened]
+  push:
+  create:
+    branches:
+      - 'release-*.*'
+
+jobs:
+  call-starter-workflow:
+    uses: keyfactor/actions/.github/workflows/starter.yml@v2
+    secrets:
+      token: ${{ secrets.V2BUILDTOKEN}}
+      APPROVE_README_PUSH: ${{ secrets.APPROVE_README_PUSH}}
+      gpg_key: ${{ secrets.KF_GPG_PRIVATE_KEY }}
+      gpg_pass: ${{ secrets.KF_GPG_PASSPHRASE }}

.github/workflows/release.yml

@@ -36,7 +36,7 @@ jobs:
       # Set version from DOCKER_METADATA_OUTPUT_VERSION as environment variable
       - name: Set Version
         run: |
-          echo "VERSION=${DOCKER_METADATA_OUTPUT_VERSION:8}" >> $GITHUB_ENV
+          echo "VERSION=${DOCKER_METADATA_OUTPUT_VERSION:8}.0" >> $GITHUB_ENV # Eventually will build this into Keyfactor bootstrap
 
       # Change version and appVersion in Chart.yaml to the tag in the closed PR
       - name: Update Helm App/Chart Version

.gitignore

@@ -369,4 +369,5 @@ FodyWeavers.xsd
 *.key
 credentials.yaml
 
-vendor
+vendor
+.env

CHANGELOG.md

@@ -1,3 +1,9 @@
+# v2.1.0
+## Features
+
+### Signer
+- Implemented in-project EST client to remove EJBCA Go Client as dependency
+
 # v2.0.0
 ## Features
 
@@ -19,4 +25,4 @@
 
 ### Actions
 - Added GitHub Actions for building and testing the EJBCA CSR Signer
-- Added GitHub Actions for releasing the EJBCA CSR Signer
+- Added GitHub Actions for releasing the EJBCA CSR Signer

README.md

@@ -1,3 +1,27 @@
+
+# ejbca-k8s-csr-signer
+
+An implementation of the Kubernetes CSR signing API that routes Certificate Signing Requests from the cluster to the EJBCA Enrollment API
+
+#### Integration status: Production - Ready for use in production environments.
+
+## About the Keyfactor API Client
+
+This API client allows for programmatic management of Keyfactor resources.
+
+## Support for ejbca-k8s-csr-signer
+
+ejbca-k8s-csr-signer is open source and supported on best effort level for this tool/library/client.  This means customers can report Bugs, Feature Requests, Documentation amendment or questions as well as requests for customer information required for setup that needs Keyfactor access to obtain. Such requests do not follow normal SLA commitments for response or resolution. If you have a support issue, please open a support ticket via the Keyfactor Support Portal at https://support.keyfactor.com/
+
+###### To report a problem or suggest a new feature, use the **[Issues](../../issues)** tab. If you want to contribute actual bug fixes or proposed enhancements, use the **[Pull requests](../../pulls)** tab.
+
+---
+
+
+---
+
+
+
 <a href="https://kubernetes.io">
     <img src="https://kubernetes.io/images/favicon.png" alt="Kubernetes logo" title="K8s" align="left" height="50" />
 </a>
@@ -30,4 +54,5 @@ The EJBCA CSR Signer v2.0 has breaking changes from v1.0. To migrate from v1.0 t
   * [Runtime Customization](docs/annotations.markdown)
   * [End Entity Name Selection](docs/endentitynamecustomization.markdown)
 * [Testing](docs/testing.markdown)
-* [License](LICENSE)
+* [License](LICENSE)
+

go.mod

@@ -3,10 +3,10 @@ module github.com/Keyfactor/ejbca-k8s-csr-signer
 go 1.20
 
 require (
-	github.com/Keyfactor/ejbca-go-client v1.3.7
 	github.com/Keyfactor/ejbca-go-client-sdk v0.1.5
 	github.com/go-logr/logr v1.3.0
 	github.com/stretchr/testify v1.8.4
+	go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352
 	k8s.io/api v0.28.4
 	k8s.io/apimachinery v0.28.4
 	k8s.io/client-go v0.28.4
@@ -49,7 +49,6 @@ require (
 	github.com/prometheus/common v0.45.0 // indirect
 	github.com/prometheus/procfs v0.12.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
-	go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.26.0 // indirect
 	golang.org/x/exp v0.0.0-20231206192017-f3f8817b8deb // indirect

go.sum

@@ -1,5 +1,3 @@
-github.com/Keyfactor/ejbca-go-client v1.3.7 h1:QhcBaR8O99ngG+zdRMYPsqFIoioc6tStq2zP2EuwNGU=
-github.com/Keyfactor/ejbca-go-client v1.3.7/go.mod h1:onVifqcnxbIsYU/cEEYql3q8VbdhBlbzeH6I2MxPNFU=
 github.com/Keyfactor/ejbca-go-client-sdk v0.1.5 h1:PLX7NH6q26XyxIA7TQfZbKJawsXLZ+6yYs9pBYHsZrU=
 github.com/Keyfactor/ejbca-go-client-sdk v0.1.5/go.mod h1:12uc/cynQy/GEiYnYJgivFjRGpyusPvIu/vLYAscejs=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
@@ -67,7 +65,6 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
-github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
 github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 h1:jWpvCLoY8Z/e3VKvlsiIGKtc+UG6U5vzxaoagmhXfyg=
 github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0/go.mod h1:QUyp042oQthUoa9bqDv0ER0wrtXnBruoNd7aNjkbP+k=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@@ -198,8 +195,6 @@ k8s.io/component-base v0.28.4 h1:c/iQLWPdUgI90O+T9TeECg8o7N3YJTiuz2sKxILYcYo=
 k8s.io/component-base v0.28.4/go.mod h1:m9hR0uvqXDybiGL2nf/3Lf0MerAfQXzkfWhUY58JUbU=
 k8s.io/klog/v2 v2.110.1 h1:U/Af64HJf7FcwMcXyKm2RPM22WZzyR7OSpYj5tg3cL0=
 k8s.io/klog/v2 v2.110.1/go.mod h1:YGtd1984u+GgbuZ7e08/yBuAfKLSO0+uR1Fhi6ExXjo=
-k8s.io/kube-openapi v0.0.0-20231129212854-f0671cc7e66a h1:ZeIPbyHHqahGIbeyLJJjAUhnxCKqXaDY+n89Ms8szyA=
-k8s.io/kube-openapi v0.0.0-20231129212854-f0671cc7e66a/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA=
 k8s.io/kube-openapi v0.0.0-20231206194836-bf4651e18aa8 h1:vzKzxN5uyJZLY8HL1/OovW7BJefnsBIWt8T7Gjh2boQ=
 k8s.io/kube-openapi v0.0.0-20231206194836-bf4651e18aa8/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA=
 k8s.io/utils v0.0.0-20231127182322-b307cd553661 h1:FepOBzJ0GXm8t0su67ln2wAZjbQ6RxQGZDnzuLcrUTI=

integration-manifest.json

@@ -2,8 +2,9 @@
   "$schema": "https://keyfactor.github.io/integration-manifest-schema.json",
   "integration_type": "api-client",
   "name": "ejbca-k8s-csr-signer",
-  "status": "pilot",
+  "status": "production",
   "link_github": true,
+  "platform_matrix": "linux/arm64,linux/amd64,linux/s390x,linux/ppc64le",
   "description": "An implementation of the Kubernetes CSR signing API that routes Certificate Signing Requests from the cluster to the EJBCA Enrollment API",
   "support_level": "kf-community",
   "release_dir": ""

internal/controllers/certificatesigningrequest_controller.go

@@ -1,5 +1,5 @@
 /*
-Copyright © 2023 Keyfactor
+Copyright © 2024 Keyfactor
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

internal/controllers/certificatesigningrequest_controller_test.go

@@ -1,5 +1,5 @@
 /*
-Copyright © 2023 Keyfactor
+Copyright © 2024 Keyfactor
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.