Skip to content

Commit 27bf804

Browse files
stuggistuggi
committed
[TLSe] add certmanager module
Adds modules/certmanager which provides functionality to create/update/delete Issuers and Certificates. Jira: OSP-26853
1 parent 8305912 commit 27bf804

File tree

4 files changed

+1024
-0
lines changed

4 files changed

+1024
-0
lines changed

modules/certmanager/certificate.go

Lines changed: 130 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,130 @@
1+
/*
2+
Copyright 2023 Red Hat
3+
4+
Licensed under the Apache License, Version 2.0 (the "License");
5+
you may not use this file except in compliance with the License.
6+
You may obtain a copy of the License at
7+
8+
http://www.apache.org/licenses/LICENSE-2.0
9+
10+
Unless required by applicable law or agreed to in writing, software
11+
distributed under the License is distributed on an "AS IS" BASIS,
12+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13+
See the License for the specific language governing permissions and
14+
limitations under the License.
15+
*/
16+
17+
package certmanager
18+
19+
import (
20+
"context"
21+
"fmt"
22+
"time"
23+
24+
certmgrv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
25+
"github.com/openstack-k8s-operators/lib-common/modules/common/helper"
26+
"github.com/openstack-k8s-operators/lib-common/modules/common/util"
27+
ctrl "sigs.k8s.io/controller-runtime"
28+
"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
29+
30+
k8s_errors "k8s.io/apimachinery/pkg/api/errors"
31+
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
32+
)
33+
34+
// Certificate -
35+
type Certificate struct {
36+
certificate *certmgrv1.Certificate
37+
timeout time.Duration
38+
}
39+
40+
// NewCertificate returns an initialized Certificate.
41+
func NewCertificate(
42+
certificate *certmgrv1.Certificate,
43+
timeout time.Duration,
44+
) *Certificate {
45+
return &Certificate{
46+
certificate: certificate,
47+
timeout: timeout,
48+
}
49+
}
50+
51+
// Cert returns an initialized certificate request obj.
52+
// minimal spec should be:
53+
// Spec:
54+
//
55+
// commonName: keystone-public-openstack.apps-crc.testing
56+
// dnsNames:
57+
// - keystone-public-openstack
58+
// - keystone-public-openstack.apps-crc.testing
59+
// issuerRef:
60+
// kind: Issuer
61+
// name: osp-rootca-issuer
62+
// secretName: keystone-public-cert
63+
func Cert(
64+
name string,
65+
namespace string,
66+
labels map[string]string,
67+
spec certmgrv1.CertificateSpec,
68+
69+
) *certmgrv1.Certificate {
70+
return &certmgrv1.Certificate{
71+
ObjectMeta: metav1.ObjectMeta{
72+
Name: name,
73+
Namespace: namespace,
74+
Labels: labels,
75+
},
76+
Spec: spec,
77+
}
78+
}
79+
80+
// CreateOrPatch - creates or patches a certificate, reconciles after Xs if object won't exist.
81+
func (c *Certificate) CreateOrPatch(
82+
ctx context.Context,
83+
h *helper.Helper,
84+
) (ctrl.Result, error) {
85+
cert := &certmgrv1.Certificate{
86+
ObjectMeta: metav1.ObjectMeta{
87+
Name: c.certificate.Name,
88+
Namespace: c.certificate.Namespace,
89+
},
90+
}
91+
92+
op, err := controllerutil.CreateOrPatch(ctx, h.GetClient(), cert, func() error {
93+
cert.Labels = util.MergeStringMaps(cert.Labels, c.certificate.Labels)
94+
cert.Annotations = c.certificate.Annotations
95+
cert.Spec = c.certificate.Spec
96+
97+
err := controllerutil.SetControllerReference(h.GetBeforeObject(), cert, h.GetScheme())
98+
if err != nil {
99+
return err
100+
}
101+
102+
return nil
103+
})
104+
if err != nil {
105+
if k8s_errors.IsNotFound(err) {
106+
h.GetLogger().Info(fmt.Sprintf("Certificate %s not found, reconcile in %s", cert.Name, c.timeout))
107+
return ctrl.Result{RequeueAfter: c.timeout}, nil
108+
}
109+
return ctrl.Result{}, err
110+
}
111+
if op != controllerutil.OperationResultNone {
112+
h.GetLogger().Info(fmt.Sprintf("Route %s - %s", cert.Name, op))
113+
}
114+
115+
return ctrl.Result{}, nil
116+
}
117+
118+
// Delete - delete a certificate.
119+
func (c *Certificate) Delete(
120+
ctx context.Context,
121+
h *helper.Helper,
122+
) error {
123+
124+
err := h.GetClient().Delete(ctx, c.certificate)
125+
if err != nil && !k8s_errors.IsNotFound(err) {
126+
return fmt.Errorf("Error deleting certificate %s: %w", c.certificate.Name, err)
127+
}
128+
129+
return nil
130+
}

modules/certmanager/go.mod

Lines changed: 76 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,76 @@
1+
module github.com/openstack-k8s-operators/lib-common/modules/certmanager
2+
3+
go 1.19
4+
5+
require (
6+
github.com/cert-manager/cert-manager v1.11.4
7+
github.com/openstack-k8s-operators/lib-common/modules/common v0.1.0
8+
k8s.io/apimachinery v0.26.6
9+
sigs.k8s.io/controller-runtime v0.14.6
10+
)
11+
12+
require (
13+
github.com/beorn7/perks v1.0.1 // indirect
14+
github.com/cespare/xxhash/v2 v2.2.0 // indirect
15+
github.com/davecgh/go-spew v1.1.1 // indirect
16+
github.com/emicklei/go-restful/v3 v3.10.1 // indirect
17+
github.com/evanphx/json-patch/v5 v5.6.0 // indirect
18+
github.com/fsnotify/fsnotify v1.6.0 // indirect
19+
github.com/go-logr/logr v1.2.4 // indirect
20+
github.com/go-openapi/jsonpointer v0.19.6 // indirect
21+
github.com/go-openapi/jsonreference v0.20.1 // indirect
22+
github.com/go-openapi/swag v0.22.3 // indirect
23+
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
24+
github.com/golang/protobuf v1.5.3 // indirect
25+
github.com/google/gnostic v0.6.9 // indirect
26+
github.com/google/go-cmp v0.5.9 // indirect
27+
github.com/google/uuid v1.3.0 // indirect
28+
github.com/imdario/mergo v0.3.16 // indirect
29+
github.com/josharian/intern v1.0.0 // indirect
30+
github.com/mailru/easyjson v0.7.7 // indirect
31+
github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
32+
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
33+
github.com/pkg/errors v0.9.1 // indirect
34+
github.com/prometheus/client_golang v1.14.0 // indirect
35+
github.com/prometheus/client_model v0.3.0 // indirect
36+
github.com/prometheus/common v0.37.0 // indirect
37+
github.com/prometheus/procfs v0.8.0 // indirect
38+
github.com/spf13/pflag v1.0.5 // indirect
39+
golang.org/x/oauth2 v0.4.0 // indirect
40+
golang.org/x/sys v0.9.0 // indirect
41+
golang.org/x/term v0.8.0 // indirect
42+
golang.org/x/time v0.3.0 // indirect
43+
gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect
44+
google.golang.org/appengine v1.6.7 // indirect
45+
google.golang.org/protobuf v1.28.1 // indirect
46+
gopkg.in/yaml.v3 v3.0.1 // indirect
47+
k8s.io/api v0.26.6 // indirect
48+
k8s.io/apiextensions-apiserver v0.26.6 // indirect
49+
k8s.io/client-go v0.26.6 // indirect
50+
k8s.io/component-base v0.26.6 // indirect
51+
k8s.io/kube-openapi v0.0.0-20230308215209-15aac26d736a // indirect
52+
sigs.k8s.io/gateway-api v0.6.0 // indirect
53+
sigs.k8s.io/yaml v1.3.0 // indirect
54+
)
55+
56+
require (
57+
github.com/gogo/protobuf v1.3.2 // indirect
58+
github.com/google/gofuzz v1.2.0 // indirect
59+
github.com/json-iterator/go v1.1.12 // indirect
60+
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
61+
github.com/modern-go/reflect2 v1.0.2 // indirect
62+
golang.org/x/net v0.10.0 // indirect
63+
golang.org/x/text v0.9.0 // indirect
64+
gopkg.in/inf.v0 v0.9.1 // indirect
65+
gopkg.in/yaml.v2 v2.4.0 // indirect
66+
k8s.io/klog/v2 v2.100.1 // indirect
67+
k8s.io/utils v0.0.0-20230711102312-30195339c3c7 // indirect; indirect // indirect
68+
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect; indirect // indirect
69+
sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
70+
)
71+
72+
replace github.com/openstack-k8s-operators/lib-common/modules/common => ../common
73+
74+
// mschuppert: map to latest commit from release-4.13 tag
75+
// must consistent within modules and service operators
76+
replace github.com/openshift/api => github.com/openshift/api v0.0.0-20230414143018-3367bc7e6ac7

0 commit comments

Comments
 (0)