New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable create cr ctl command to fetch certificate #3044
Conversation
5e331fe
to
05ec751
Compare
if o.CertFileName != "" { | ||
actualCertFileName = o.CertFileName | ||
} | ||
err = util.FetchCertificateFromCR(o.CMClient, req.Name, req.Namespace, actualCertFileName, o.IOStreams) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Once you in-line the code from PollUntilCRIsReadyOrTimeOut
, I think you will be able to more easily access cr
without having to call Get
again (as we will have fetched it in that earlier 'wait' code).
We also shouldn't need to check CertificateRequestHasCondition
either, as that will have already been verified above.
Once you remove these changes, the FetchCertificateFromCR
function only consists of:
// Store certificate to file
err = ioutil.WriteFile(certFileName, req.Status.Certificate, 0600)
if err != nil {
return fmt.Errorf("error when writing certificate to file: %w", err)
}
fmt.Fprintf(ioStreams.Out, "Certificate has been stored in file %s\n", certFileName)
which I think is short and concise enough to be in-lined here, which should a) make this a bit simpler to read (less jumping between files 🎉) and b) mean we don't need to export new functions
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wrote this function with the separate fetch
command in mind, thinking I could reuse this function.
I do agree that what you propose is cleaner if we are only using it in this context, but I'm not sure if we want to duplicate the writing to file logic in two places.
// Try to set Ready Condition if needed, otherwise the test just times out | ||
if test.fetchCert { | ||
go setCRReadyCondition(t, cmCl, test.inputArgs[0], test.inputNamespace) | ||
} | ||
// Create CR | ||
err = opts.Run(test.inputArgs) | ||
if err != nil { | ||
// TODO: Maybe it is desirable to make the test more fine grained, i.e. specify which error is expected, | ||
// to know where exactly things should fail and then check the correctness of the parts that shouldn't have failed |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This wasn't added here but.. yes, definitely 😄 especially as this output is user-facing in their CLI, so it's good to have the actual text encoded here so we know when we change it (either by accident or intentionally). It also helps us avoid doing something like attempting to print a structure or a pointer or something to the CLI, which is really confusing for people 😅
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the PR, I think it looks good, I just have some fairly minor suggestions.
if o.KeyFilename != "" && (len(o.KeyFilename) < 4 || o.KeyFilename[len(o.KeyFilename)-4:] != ".key") { | ||
return errors.New("file to store private key must end in '.key'") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we no longer want this restriction?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We don't, the team mentioned people might prefer other file extensions, so it would be easier to just not check at all.
Approval = this should exist in our codebase, which it should, so adding an approved label and we can get lgtm on there soon 😄 /approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: hzhou97, munnerz The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Signed-off-by: Haoxiang Zhou <haoxiang.zhou@jetstack.io>
Signed-off-by: Haoxiang Zhou <haoxiang.zhou@jetstack.io>
Signed-off-by: Haoxiang Zhou <haoxiang.zhou@jetstack.io>
Signed-off-by: Haoxiang Zhou <haoxiang.zhou@jetstack.io>
Signed-off-by: Haoxiang Zhou <haoxiang.zhou@jetstack.io>
Signed-off-by: Haoxiang Zhou <haoxiang.zhou@jetstack.io>
Signed-off-by: Haoxiang Zhou <haoxiang.zhou@jetstack.io>
Signed-off-by: Haoxiang Zhou <haoxiang.zhou@jetstack.io>
Signed-off-by: Haoxiang Zhou <haoxiang.zhou@jetstack.io>
Signed-off-by: Haoxiang Zhou <haoxiang.zhou@jetstack.io>
Signed-off-by: Haoxiang Zhou <haoxiang.zhou@jetstack.io>
Signed-off-by: Haoxiang Zhou <haoxiang.zhou@jetstack.io>
Signed-off-by: Haoxiang Zhou <haoxiang.zhou@jetstack.io>
Signed-off-by: Haoxiang Zhou <haoxiang.zhou@jetstack.io>
Signed-off-by: Haoxiang Zhou <haoxiang.zhou@jetstack.io>
Signed-off-by: Haoxiang Zhou <haoxiang.zhou@jetstack.io>
…atus.certificate Signed-off-by: Haoxiang Zhou <haoxiang.zhou@jetstack.io>
Signed-off-by: Haoxiang Zhou <haoxiang.zhou@jetstack.io>
/lgtm Thanks! |
/kind feature |
What this PR does / why we need it:
This PR enables the user to specify
--fetch-certificate
and--output-cert-file
flags to wait for the CertificateRequest that was created to be ready and store the certificate in a file.Which issue this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)
format, will close that issue when PR gets merged): fixes #Special notes for your reviewer:
Release note:
/kind feature
/area ctl