-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathrenew.go
41 lines (29 loc) · 1.24 KB
/
renew.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
package ca
import (
"context"
"github.com/jetstack-experimental/cert-manager/pkg/apis/certmanager/v1alpha1"
"github.com/jetstack-experimental/cert-manager/pkg/util/kube"
"github.com/jetstack-experimental/cert-manager/pkg/util/pki"
)
const (
errorRenewCert = "ErrRenewCert"
successCertRenewed = "CertIssueSuccess"
messageErrorRenewCert = "Error issuing TLS certificate: "
messageCertRenewed = "Certificate issued successfully"
)
func (c *CA) Renew(ctx context.Context, crt *v1alpha1.Certificate) ([]byte, []byte, error) {
signeeKey, err := kube.SecretTLSKey(c.secretsLister, crt.Namespace, crt.Spec.SecretName)
if err != nil {
s := messageErrorGetCertKeyPair + err.Error()
crt.UpdateStatusCondition(v1alpha1.CertificateConditionReady, v1alpha1.ConditionFalse, errorGetCertKeyPair, s)
return nil, nil, err
}
certPem, err := c.obtainCertificate(crt, signeeKey)
if err != nil {
s := messageErrorRenewCert + err.Error()
crt.UpdateStatusCondition(v1alpha1.CertificateConditionReady, v1alpha1.ConditionFalse, errorRenewCert, s)
return nil, nil, err
}
crt.UpdateStatusCondition(v1alpha1.CertificateConditionReady, v1alpha1.ConditionTrue, successCertRenewed, messageCertRenewed)
return pki.EncodePKCS1PrivateKey(signeeKey), certPem, nil
}