/
manager.go
152 lines (120 loc) · 5.21 KB
/
manager.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
/*
Copyright 2020 Google LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Package sslcertificatemanager manipulates SslCertificate resources
// and communicates GCE API errors with Events.
package sslcertificatemanager
import (
"context"
"errors"
computev1 "google.golang.org/api/compute/v1"
"k8s.io/klog"
"github.com/GoogleCloudPlatform/gke-managed-certs/pkg/apis/networking.gke.io/v1"
"github.com/GoogleCloudPlatform/gke-managed-certs/pkg/clients/event"
"github.com/GoogleCloudPlatform/gke-managed-certs/pkg/clients/ssl"
"github.com/GoogleCloudPlatform/gke-managed-certs/pkg/controller/metrics"
"github.com/GoogleCloudPlatform/gke-managed-certs/pkg/controller/state"
utilserrors "github.com/GoogleCloudPlatform/gke-managed-certs/pkg/utils/errors"
"github.com/GoogleCloudPlatform/gke-managed-certs/pkg/utils/types"
)
// Interface provides operations for manipulating SslCertificate resources
// and communicates GCE API errors with Events.
type Interface interface {
// Create creates an SslCertificate object. It generates a TooManyCertificates event
// if SslCertificate quota is exceeded or BackendError event if another
// generic error occurs. On success it generates a Create event.
Create(ctx context.Context, sslCertificateName string, managedCertificate v1.ManagedCertificate) error
// Delete deletes an SslCertificate object, existing or not. If a generic error occurs,
// it generates a BackendError event. If the SslCertificate object exists
// and is successfully deleted, a Delete event is generated.
Delete(ctx context.Context, sslCertificateName string, managedCertificate *v1.ManagedCertificate) error
// Get fetches an SslCertificate object. On error a BackendError event is generated.
Get(sslCertificateName string, managedCertificate *v1.ManagedCertificate) (*computev1.SslCertificate, error)
}
type impl struct {
event event.Interface
metrics metrics.Interface
ssl ssl.Interface
state state.Interface
}
func New(event event.Interface, metrics metrics.Interface, ssl ssl.Interface, state state.Interface) Interface {
return impl{
event: event,
metrics: metrics,
ssl: ssl,
state: state,
}
}
// Create creates an SslCertificate object. It generates a TooManyCertificates event
// if SslCertificate quota is exceeded or BackendError event if another
// generic error occurs. On success it generates a Create event.
func (s impl) Create(ctx context.Context, sslCertificateName string,
managedCertificate v1.ManagedCertificate) error {
klog.Infof("Creating SslCertificate %s for ManagedCertificate %s:%s",
sslCertificateName, managedCertificate.Namespace, managedCertificate.Name)
if err := s.ssl.Create(ctx, sslCertificateName, managedCertificate.Spec.Domains); err != nil {
var sslErr *ssl.Error
if errors.As(err, &sslErr) && sslErr.IsQuotaExceeded() {
s.event.TooManyCertificates(managedCertificate, err)
s.metrics.ObserveSslCertificateQuotaError()
id := types.NewId(managedCertificate.Namespace, managedCertificate.Name)
if err := s.state.SetExcludedFromSLO(ctx, id); err != nil {
return err
}
return err
}
s.event.BackendError(managedCertificate, err)
s.metrics.ObserveSslCertificateBackendError()
return err
}
s.event.Create(managedCertificate, sslCertificateName)
klog.Infof("Created SslCertificate %s for ManagedCertificate %s:%s",
sslCertificateName, managedCertificate.Namespace, managedCertificate.Name)
return nil
}
// Delete deletes an SslCertificate object, existing or not. If a generic error occurs,
// it generates a BackendError event. If the SslCertificate object exists
// and is successfully deleted, a Delete event is generated.
func (s impl) Delete(ctx context.Context, sslCertificateName string,
managedCertificate *v1.ManagedCertificate) error {
klog.Infof("Deleting SslCertificate %s", sslCertificateName)
err := s.ssl.Delete(ctx, sslCertificateName)
if err == nil && managedCertificate != nil {
s.event.Delete(*managedCertificate, sslCertificateName)
}
if utilserrors.IgnoreNotFound(err) != nil {
s.metrics.ObserveSslCertificateBackendError()
if managedCertificate != nil {
s.event.BackendError(*managedCertificate, err)
}
return err
}
klog.Infof("Deleted SslCertificate %s", sslCertificateName)
return nil
}
// Get fetches an SslCertificate object. On errors other than the not found error
// a BackendError event is generated.
func (s impl) Get(sslCertificateName string,
managedCertificate *v1.ManagedCertificate) (*computev1.SslCertificate, error) {
sslCert, err := s.ssl.Get(sslCertificateName)
if utilserrors.IsNotFound(err) {
return nil, err
}
if err != nil {
s.metrics.ObserveSslCertificateBackendError()
if managedCertificate != nil {
s.event.BackendError(*managedCertificate, err)
}
return nil, err
}
return sslCert, nil
}