-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement cert delete functionality #1817
Conversation
[test] |
continuous-integration/openshift-jenkins/test SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pull_requests_openshift3/1990/) |
// certManagerConfig provides the configuration necessary for certmanager to manipulate certificates. | ||
type certManagerConfig struct { | ||
// certificateKeyFunc is used to find the edge certificate (which also has the key) from the cert map of the ServiceAliasConfig | ||
certificateKeyFunc certificateKeyFunc |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can call it a "cert" in these names
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Field names
Status of this? |
in progress, just has been neglected in favor of security contexts and default certs. Will finish this week. |
69931e9
to
aedfd42
Compare
Ok, I've added a status to ServiceAliasConfig that is updated after a successful cert write. The certmanager will skip configurations that have the status set to the new value. When a route is added it is always created fresh and replaced in the map so the status will be removed and force the rewrite. I will add this to the QE test cases for this card. At V(4) the certmanager will notify when cert writes are skipped. I'll make the follow up issue for the periodic sync. PTAL |
[test] |
|
||
if caOk { | ||
buffer.Write(newLine) | ||
buffer.Write([]byte(caCertObj.Contents)) | ||
} | ||
|
||
cm.writeCertificate(certDir, config.Host, buffer.Bytes()) | ||
err := cm.w.WriteCertificate(cm.cfg.certDir, certObj.ID, buffer.Bytes()) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: this should always be if err := ...; err != nil {
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixing (the one below too)
re[test] |
LGTM [merge] |
continuous-integration/openshift-jenkins/merge SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pull_requests_openshift3/1990/) (Image: devenv-fedora_1431) |
Evaluated for origin up to b3b2413 |
Cert deletes were marked as TODO, this makes them TODONE
In order to make the cert manager testable before implementing the delete I refactored it so that you can inject how it writes (and the other config items that were previously hard coded). Commits are:
@pmorie @abhgupta @smarterclayton @rajatchopra PTAL