Implement cert delete functionality

[pweil-]

Cert deletes were marked as TODO, this makes them TODONE

In order to make the cert manager testable before implementing the delete I refactored it so that you can inject how it writes (and the other config items that were previously hard coded). Commits are:

1. the refactor of the cert manager
2. the unit tests for the cert manager with a fake cert writer - tests both adds and deletes as well as valid configurations
3. implement the real delete and call the clean up code from deleting service units (services) and individual routes

@pmorie @abhgupta @smarterclayton @rajatchopra PTAL

[pweil-]

[test]

[openshift-bot]

continuous-integration/openshift-jenkins/test SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pull_requests_openshift3/1990/)

[smarterclayton]

You can call it a "cert" in these names

[smarterclayton]

Field names

[smarterclayton]

Status of this?

[pweil-]

in progress, just has been neglected in favor of security contexts and default certs. Will finish this week.

[pweil-]

Ok, I've added a status to ServiceAliasConfig that is updated after a successful cert write. The certmanager will skip configurations that have the status set to the new value. When a route is added it is always created fresh and replaced in the map so the status will be removed and force the rewrite. I will add this to the QE test cases for this card. At V(4) the certmanager will notify when cert writes are skipped.

I'll make the follow up issue for the periodic sync.

PTAL

[pweil-]

[test]

[pweil-]

#2029

[smarterclayton]

nit: this should always be if err := ...; err != nil {

[pweil-]

fixing (the one below too)

[pweil-]

re[test]

[smarterclayton]

LGTM [merge]

[openshift-bot]

continuous-integration/openshift-jenkins/merge SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pull_requests_openshift3/1990/) (Image: devenv-fedora_1431)

[openshift-bot]

Evaluated for origin up to b3b2413