/
create.go
89 lines (73 loc) · 2.7 KB
/
create.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
package vaultcrt
import (
"context"
"github.com/giantswarm/microerror"
apiv1 "k8s.io/api/core/v1"
apimeta "k8s.io/apimachinery/pkg/api/meta"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/types"
capi "sigs.k8s.io/cluster-api/api/v1beta1"
"github.com/giantswarm/cert-operator/v3/service/controller/key"
)
func (r *Resource) ApplyCreateChange(ctx context.Context, obj, createChange interface{}) error {
secretToCreate, err := toSecret(createChange)
if err != nil {
return microerror.Mask(err)
}
if secretToCreate != nil {
customObject, err := key.ToCustomObject(obj)
if err != nil {
return microerror.Mask(err)
}
r.logger.LogCtx(ctx, "level", "debug", "message", "finding cluster resource")
cluster := &capi.Cluster{}
err = r.ctrlClient.Get(ctx, types.NamespacedName{
Namespace: customObject.Namespace,
Name: key.ClusterID(customObject)},
cluster)
if apimeta.IsNoMatchError(err) {
// fall through if the cluster CRD is not installed. This is the case in KVM installations, we ignore them for now.
} else if err != nil {
return microerror.Maskf(notFoundError, "Could not find cluster %s in namespace %s.",
key.ClusterID(customObject),
customObject.Namespace)
}
r.logger.LogCtx(ctx, "level", "debug", "message", "creating the secret in the Kubernetes API")
_, err = r.k8sClient.CoreV1().Secrets(customObject.GetNamespace()).Create(ctx, secretToCreate, metav1.CreateOptions{})
if err != nil {
return microerror.Mask(err)
}
r.logger.LogCtx(ctx, "level", "debug", "message", "created the secret in the Kubernetes API")
} else {
r.logger.LogCtx(ctx, "level", "debug", "message", "the secret does not need to be created in the Kubernetes API")
}
return nil
}
func (r *Resource) newCreateChange(ctx context.Context, obj, currentState, desiredState interface{}) (interface{}, error) {
customObject, err := key.ToCustomObject(obj)
if err != nil {
return nil, microerror.Mask(err)
}
currentSecret, err := toSecret(currentState)
if err != nil {
return nil, microerror.Mask(err)
}
desiredSecret, err := toSecret(desiredState)
if err != nil {
return nil, microerror.Mask(err)
}
r.logger.LogCtx(ctx, "level", "debug", "message", "finding out if the secret has to be created")
var secretToCreate *apiv1.Secret
if currentSecret == nil {
ca, crt, k, err := r.issueCertificate(customObject)
if err != nil {
return nil, microerror.Mask(err)
}
secretToCreate = desiredSecret
secretToCreate.StringData[key.CAID] = ca
secretToCreate.StringData[key.CrtID] = crt
secretToCreate.StringData[key.KeyID] = k
}
r.logger.LogCtx(ctx, "level", "debug", "message", "found out if the secret has to be created")
return secretToCreate, nil
}