refactor: certificates generation package and secrets

[fabriziosestito]

Description

This PR refactors the generation utilities in the admissionregistration package,
removing duplication and simplifying the current implementation.
It renames admissionregistration in certs and reactors the existing reconciler unit test in integration tests clauses.

Additional info

• This PR also changes the golangci configuration to add an exception for the ok map index in the varnamelen linter. However we should uniform and clean up the golangci configurations across all the KW repos, this is tracked by: Uniform golangci configuration across all repositories #778

• There are a few incongruences with the naming, for instance, this status

  kubewarden-controller/pkg/apis/policies/v1/policyserver_types.go

  Line 132 in 030edce

  PolicyServerCASecretReconciled PolicyServerConditionType = "CASecretReconciled"

  should be probably named CertSecretReconciled instead. Fixing this is out of scope for this PR and I will create an issue about it.

Fixes: #775, #664

[codecov]

Codecov Report

Attention: Patch coverage is 81.57895% with 14 lines in your changes missing coverage. Please review.

Project coverage is 72.97%. Comparing base (e3750b2) to head (c5a217e).

Files	Patch %	Lines
internal/pkg/admission/policy-server-ca-secret.go	73.33%	6 Missing and 2 partials ⚠️
internal/pkg/certs/certs.go	86.36%	3 Missing and 3 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #777      +/-   ##
==========================================
- Coverage   74.05%   72.97%   -1.09%     
==========================================
  Files          28       26       -2     
  Lines        1808     1780      -28     
==========================================
- Hits         1339     1299      -40     
- Misses        353      366      +13     
+ Partials      116      115       -1     

Flag	Coverage Δ
integration-tests	60.61% <81.57%> (-1.28%)	⬇️
unit-tests	37.87% <0.00%> (-12.33%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[flavio]

I think we should address some naming confusion about Policy Server CA, see my notes.

Overall LGTM

[flavio]

This is retrieving the Root CA created by our controller. I suggest to rename this helper function to reflect that.

Maybe something like getInternalRootCASecret ?

[flavio]

Again, there's a bit of naming confusion here we inherited from the past.

This method creates the certificate used by a specific Policy Server instance, there's no CA associated with a Policy Server

[flavio]

Same here, the naming is confusing since no CA is stored inside of the Secret that is returned

[flavio]

This function is always generating the CA, it doesn't look into the contents of the secret that is passed as parameter.

Why don't we change the signature of the function to be something like that?

func createInternalCASecret() (policyServerSecret *corev1.Secret, error)

[flavio]

Maybe something for later, but I would also rename this file since it can mislead into thinking each Policy Server has a dedicated CA

[fabriziosestito]

@flavio I've addressed the comments in c3cbdf4.

I tracked all the naming-related comments in: #782

[fabriziosestito]

Blocked: waiting for 1.14 release

[flavio]

Approving, the naming changes I've suggested are going to be done inside of future PRs