Merge pull request #20 from bharath-b-rh/eso-50-2

ESO-50: Refactor code to dedicated packages to avoid duplication

Author: openshift-merge-bot[bot]

bundle/manifests/external-secrets-operator.clusterserviceversion.yaml

@@ -33,7 +33,7 @@ metadata:
     categories: Security
     console.openshift.io/disable-operand-delete: "true"
     containerImage: ""
-    createdAt: "2025-06-02T08:50:05Z"
+    createdAt: "2025-06-04T18:31:43Z"
     features.operators.openshift.io/cnf: "false"
     features.operators.openshift.io/cni: "false"
     features.operators.openshift.io/csi: "false"
@@ -244,6 +244,8 @@ spec:
           - cert-manager.io
           resources:
           - certificates
+          - clusterissuers
+          - issuers
           verbs:
           - create
           - delete

bundle/manifests/operator.openshift.io_externalsecrets.yaml

@@ -1018,6 +1018,20 @@ spec:
                         - "true"
                         - "false"
                         type: string
+                      secretRef:
+                        description: |-
+                          SecretRef is the kubernetes secret containing the TLS key pair to be used for the bitwarden server.
+                          The issuer in CertManagerConfig will be utilized to generate the required certificate if the secret
+                          reference is not provided and CertManagerConfig is configured. The key names in secret for certificate
+                          must be `tls.crt`, for private key must be `tls.key` and for CA certificate key name must be `ca.crt`.
+                        properties:
+                          name:
+                            description: Name of the secret resource being referred
+                              to.
+                            type: string
+                        required:
+                        - name
+                        type: object
                     type: object
                   logLevel:
                     default: 1

cmd/external-secrets-operator/main.go

@@ -37,7 +37,7 @@ import (
 	certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
 
 	operatorv1alpha1 "github.com/openshift/external-secrets-operator/api/v1alpha1"
-	externalsecretscontroller "github.com/openshift/external-secrets-operator/pkg/controller"
+	"github.com/openshift/external-secrets-operator/pkg/operator"
 	// +kubebuilder:scaffold:imports
 )
 
@@ -129,22 +129,16 @@ func main() {
 		WebhookServer:          webhookServer,
 		HealthProbeBindAddress: probeAddr,
 		LeaderElection:         enableLeaderElection,
-		LeaderElectionID:       "de6a4747.operator.openshift.io",
+		LeaderElectionID:       "de6a4747.externalsecretsoperator.operator.openshift.io",
 		Logger:                 ctrl.Log.WithName("operator-manager"),
 	})
 	if err != nil {
 		setupLog.Error(err, "failed to create controller manager")
 		os.Exit(1)
 	}
 
-	externalsecrets, err := externalsecretscontroller.New(mgr)
-	if err != nil {
-		setupLog.Error(err, "failed to create controller", "controller", externalsecretscontroller.ControllerName)
-		os.Exit(1)
-	}
-	if err = externalsecrets.SetupWithManager(mgr); err != nil {
-		setupLog.Error(err, "failed to set up controller with manager",
-			"controller", externalsecretscontroller.ControllerName)
+	if err := operator.StartControllers(mgr); err != nil {
+		setupLog.Error(err, "failed to start controllers")
 		os.Exit(1)
 	}
 

config/rbac/role.yaml

@@ -76,6 +76,8 @@ rules:
   - cert-manager.io
   resources:
   - certificates
+  - clusterissuers
+  - issuers
   verbs:
   - create
   - delete

pkg/controller/client.go renamed to pkg/controller/client/client.go

@@ -1,4 +1,4 @@
-package controller
+package client
 
 import (
 	"context"
@@ -10,16 +10,15 @@ import (
 	"k8s.io/client-go/util/retry"
 
 	"sigs.k8s.io/controller-runtime/pkg/client"
-	"sigs.k8s.io/controller-runtime/pkg/manager"
 )
 
-type ctrlClientImpl struct {
+type CtrlClientImpl struct {
 	client.Client
 }
 
 //go:generate go run github.com/maxbrunsfeld/counterfeiter/v6 -generate
-//counterfeiter:generate -o fakes . ctrlClient
-type ctrlClient interface {
+//counterfeiter:generate -o fakes . CtrlClient
+type CtrlClient interface {
 	Get(context.Context, client.ObjectKey, client.Object) error
 	List(context.Context, client.ObjectList, ...client.ListOption) error
 	StatusUpdate(context.Context, client.Object, ...client.SubResourceUpdateOption) error
@@ -31,47 +30,37 @@ type ctrlClient interface {
 	Exists(context.Context, client.ObjectKey, client.Object) (bool, error)
 }
 
-func NewClient(m manager.Manager, r *ExternalSecretsReconciler) (ctrlClient, error) {
-	c, err := BuildCustomClient(m, r)
-	if err != nil {
-		return nil, fmt.Errorf("failed to build custom client: %w", err)
-	}
-	return &ctrlClientImpl{
-		Client: c,
-	}, nil
-}
-
-func (c *ctrlClientImpl) Get(
+func (c *CtrlClientImpl) Get(
 	ctx context.Context, key client.ObjectKey, obj client.Object,
 ) error {
 	return c.Client.Get(ctx, key, obj)
 }
 
-func (c *ctrlClientImpl) List(
+func (c *CtrlClientImpl) List(
 	ctx context.Context, list client.ObjectList, opts ...client.ListOption,
 ) error {
 	return c.Client.List(ctx, list, opts...)
 }
 
-func (c *ctrlClientImpl) Create(
+func (c *CtrlClientImpl) Create(
 	ctx context.Context, obj client.Object, opts ...client.CreateOption,
 ) error {
 	return c.Client.Create(ctx, obj, opts...)
 }
 
-func (c *ctrlClientImpl) Delete(
+func (c *CtrlClientImpl) Delete(
 	ctx context.Context, obj client.Object, opts ...client.DeleteOption,
 ) error {
 	return c.Client.Delete(ctx, obj, opts...)
 }
 
-func (c *ctrlClientImpl) Update(
+func (c *CtrlClientImpl) Update(
 	ctx context.Context, obj client.Object, opts ...client.UpdateOption,
 ) error {
 	return c.Client.Update(ctx, obj, opts...)
 }
 
-func (c *ctrlClientImpl) UpdateWithRetry(
+func (c *CtrlClientImpl) UpdateWithRetry(
 	ctx context.Context, obj client.Object, opts ...client.UpdateOption,
 ) error {
 	key := types.NamespacedName{Name: obj.GetName(), Namespace: obj.GetNamespace()}
@@ -92,19 +81,19 @@ func (c *ctrlClientImpl) UpdateWithRetry(
 	return nil
 }
 
-func (c *ctrlClientImpl) StatusUpdate(
+func (c *CtrlClientImpl) StatusUpdate(
 	ctx context.Context, obj client.Object, opts ...client.SubResourceUpdateOption,
 ) error {
 	return c.Client.Status().Update(ctx, obj, opts...)
 }
 
-func (c *ctrlClientImpl) Patch(
+func (c *CtrlClientImpl) Patch(
 	ctx context.Context, obj client.Object, patch client.Patch, opts ...client.PatchOption,
 ) error {
 	return c.Client.Patch(ctx, obj, patch, opts...)
 }
 
-func (c *ctrlClientImpl) Exists(ctx context.Context, key client.ObjectKey, obj client.Object) (bool, error) {
+func (c *CtrlClientImpl) Exists(ctx context.Context, key client.ObjectKey, obj client.Object) (bool, error) {
 	if err := c.Client.Get(ctx, key, obj); err != nil {
 		if errors.IsNotFound(err) {
 			return false, nil