Skip to content

Commit 161c86b

Browse files
openshift-merge-robotopenshift-merge-robot
authored
Merge pull request #1855 from ecordell/service-duplicate-ownerrefs
Bug 1819457: Services should not have duplicate ownerrefs
2 parents b78f806 + 35827c6 commit 161c86b

14 files changed

+2380
-3
lines changed

pkg/controller/certs/certs.go

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,18 @@ import (
1515
"time"
1616
)
1717

18+
type CertGenerator interface {
19+
Generate(notAfter time.Time, organization string, ca *KeyPair, hosts []string) (*KeyPair, error)
20+
}
21+
22+
type CertGeneratorFunc func(notAfter time.Time, organization string, ca *KeyPair, hosts []string) (*KeyPair, error)
23+
24+
func (f CertGeneratorFunc) Generate(notAfter time.Time, organization string, ca *KeyPair, hosts []string) (*KeyPair, error) {
25+
return f(notAfter, organization, ca, hosts)
26+
}
27+
28+
var _ CertGenerator = CertGeneratorFunc(CreateSignedServingPair)
29+
1830
// KeyPair stores an x509 certificate and its ECDSA private key
1931
type KeyPair struct {
2032
Cert *x509.Certificate

pkg/controller/install/certresources.go

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,10 @@ var _ certResource = &apiServiceDescriptionsWithCAPEM{}
2222

2323
var _ certResource = &webhookDescriptionWithCAPEM{}
2424

25+
// TODO: to keep refactoring minimal for backports, this is factored out here so that it can be replaced
26+
// during tests. but it should be properly injected instead.
27+
var certGenerator certs.CertGenerator = certs.CertGeneratorFunc(certs.CreateSignedServingPair)
28+
2529
const (
2630
// DefaultCertMinFresh is the default min-fresh value - 1 day
2731
DefaultCertMinFresh = time.Hour * 24
@@ -256,7 +260,7 @@ func (i *StrategyDeploymentInstaller) installCertRequirementsForDeployment(deplo
256260
fmt.Sprintf("%s.%s", service.GetName(), i.owner.GetNamespace()),
257261
fmt.Sprintf("%s.%s.svc", service.GetName(), i.owner.GetNamespace()),
258262
}
259-
servingPair, err := certs.CreateSignedServingPair(rotateAt, Organization, ca, hosts)
263+
servingPair, err := certGenerator.Generate(rotateAt, Organization, ca, hosts)
260264
if err != nil {
261265
logger.Warnf("could not generate signed certs for hosts %v", hosts)
262266
return nil, nil, err
@@ -562,6 +566,7 @@ func AddDefaultCertVolumeAndVolumeMounts(depSpec *appsv1.DeploymentSpec, secretN
562566
}
563567
addCertVolumeAndVolumeMount(depSpec, volume, mount)
564568
}
569+
565570
func addCertVolumeAndVolumeMount(depSpec *appsv1.DeploymentSpec, volume corev1.Volume, volumeMount corev1.VolumeMount) {
566571
replaced := false
567572
for i, v := range depSpec.Template.Spec.Volumes {

0 commit comments

Comments
 (0)