WIP: adds extensible issuing controller

Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
cert-manager · Apr 5, 2020 · eb16d01 · eb16d01
1 parent 7d8cd73
commit eb16d01
Show file tree

Hide file tree

Showing 10 changed files with 1,054 additions and 0 deletions.
diff --git a/pkg/api/util/conditions.go b/pkg/api/util/conditions.go
@@ -164,6 +164,21 @@ func SetCertificateCondition(crt *cmapi.Certificate, conditionType cmapi.Certifi
 	klog.Infof("Setting lastTransitionTime for Certificate %q condition %q to %v", crt.Name, conditionType, nowTime.Time)
 }
 
+// RemoteCertificateCondition will remove any condition with this condition type
+func RemoveCertificateCondition(crt *cmapi.Certificate, conditionType cmapi.CertificateConditionType) {
+	// Search through existing conditions
+	for i, cond := range crt.Status.Conditions {
+		// Skip unrelated conditions
+		if cond.Type != conditionType {
+			continue
+		}
+
+		// Remove this condition from the condition slice
+		copy(crt.Status.Conditions[i:], crt.Status.Conditions[i+1:])
+		crt.Status.Conditions = crt.Status.Conditions[:len(crt.Status.Conditions)-1]
+	}
+}
+
 // SetCertificateRequestCondition will set a 'condition' on the given CertificateRequest.
 // - If no condition of the same type already exists, the condition will be
 //   inserted with the LastTransitionTime set to the current time.
@@ -249,6 +264,24 @@ func CertificateRequestReadyReason(cr *cmapi.CertificateRequest) string {
 	return ""
 }
 
+// This returns with the message if the CertificateRequest contains an
+// Failed condition, and returns "" otherwise.
+func CertificateRequestFailedMessage(cr *cmapi.CertificateRequest) string {
+	if cr == nil {
+		return ""
+	}
+
+	for _, con := range cr.Status.Conditions {
+		if con.Type == cmapi.CertificateRequestConditionReady &&
+			con.Status == cmmeta.ConditionFalse &&
+			con.Reason == cmapi.CertificateRequestReasonFailed {
+			return con.Message
+		}
+	}
+
+	return ""
+}
+
 // This returns with the message if the CertificateRequest contains an
 // InvalidRequest condition, and returns "" otherwise.
 func CertificateRequestInvalidRequestMessage(cr *cmapi.CertificateRequest) string {

diff --git a/pkg/apis/certmanager/v1alpha2/types.go b/pkg/apis/certmanager/v1alpha2/types.go
@@ -55,6 +55,7 @@ const (
 // Annotation names for CertificateRequests
 const (
 	CRPrivateKeyAnnotationKey = "cert-manager.io/private-key-secret-name"
+	CRRevisionAnnotationKey   = "cert-manager.io/revision"
 )
 
 const (

diff --git a/pkg/apis/certmanager/v1alpha3/types.go b/pkg/apis/certmanager/v1alpha3/types.go
@@ -55,6 +55,7 @@ const (
 // Annotation names for CertificateRequests
 const (
 	CRPrivateKeyAnnotationKey = "cert-manager.io/private-key-secret-name"
+	CRRevisionAnnotationKey   = "cert-manager.io/revision"
 )
 
 const (

diff --git a/pkg/controller/expcertificates/BUILD.bazel b/pkg/controller/expcertificates/BUILD.bazel
@@ -29,6 +29,7 @@ filegroup(
     name = "all-srcs",
     srcs = [
         ":package-srcs",
+        "//pkg/controller/expcertificates/issuing:all-srcs",
         "//pkg/controller/expcertificates/trigger:all-srcs",
     ],
     tags = ["automanaged"],

diff --git a/pkg/controller/expcertificates/issuing/BUILD.bazel b/pkg/controller/expcertificates/issuing/BUILD.bazel
@@ -0,0 +1,65 @@
+load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
+
+go_library(
+    name = "go_default_library",
+    srcs = [
+        "issuing_controller.go",
+        "keystore.go",
+        "secret.go",
+    ],
+    importpath = "github.com/jetstack/cert-manager/pkg/controller/expcertificates/issuing",
+    visibility = ["//visibility:public"],
+    deps = [
+        "//pkg/api/util:go_default_library",
+        "//pkg/apis/certmanager/v1alpha2:go_default_library",
+        "//pkg/apis/meta/v1:go_default_library",
+        "//pkg/client/clientset/versioned:go_default_library",
+        "//pkg/client/informers/externalversions:go_default_library",
+        "//pkg/client/listers/certmanager/v1alpha2:go_default_library",
+        "//pkg/controller:go_default_library",
+        "//pkg/controller/expcertificates:go_default_library",
+        "//pkg/logs:go_default_library",
+        "//pkg/util/kube:go_default_library",
+        "//pkg/util/pki:go_default_library",
+        "@com_github_go_logr_logr//:go_default_library",
+        "@com_github_pavel_v_chernykh_keystore_go//:go_default_library",
+        "@com_sslmate_software_src_go_pkcs12//:go_default_library",
+        "@io_k8s_api//core/v1:go_default_library",
+        "@io_k8s_apimachinery//pkg/api/errors:go_default_library",
+        "@io_k8s_apimachinery//pkg/apis/meta/v1:go_default_library",
+        "@io_k8s_apimachinery//pkg/labels:go_default_library",
+        "@io_k8s_client_go//informers:go_default_library",
+        "@io_k8s_client_go//kubernetes:go_default_library",
+        "@io_k8s_client_go//listers/core/v1:go_default_library",
+        "@io_k8s_client_go//tools/cache:go_default_library",
+        "@io_k8s_client_go//tools/record:go_default_library",
+        "@io_k8s_client_go//util/workqueue:go_default_library",
+        "@io_k8s_utils//clock:go_default_library",
+    ],
+)
+
+filegroup(
+    name = "package-srcs",
+    srcs = glob(["**"]),
+    tags = ["automanaged"],
+    visibility = ["//visibility:private"],
+)
+
+filegroup(
+    name = "all-srcs",
+    srcs = [":package-srcs"],
+    tags = ["automanaged"],
+    visibility = ["//visibility:public"],
+)
+
+go_test(
+    name = "go_default_test",
+    srcs = ["keystore_test.go"],
+    embed = [":go_default_library"],
+    deps = [
+        "//pkg/apis/certmanager/v1alpha2:go_default_library",
+        "//pkg/util/pki:go_default_library",
+        "@com_github_pavel_v_chernykh_keystore_go//:go_default_library",
+        "@com_sslmate_software_src_go_pkcs12//:go_default_library",
+    ],
+)