certificate: consolidate provider related config and helpers

Moves code related to bootstrapping the certificate manager/provider into to `pkg/certificate/providers`. This code will be reused across osm-controller and the sidecar injector app. The sidecar injector component will be moved out of osm-controller as a part of openservicemesh#1939, and this change is required to reuse code across the two apps. The change does the following: - Moves certificate provider related code that needs to be reused into `pkg/certificate/providers`. - Creates structs for the different cert provider options and validation methods for those options. - A `Config` struct to leverage to retrieve CA bundle secret information (currently used by tests). Thi will be leveraged by the osm-injector component to retrieve the CA bundle secret created by osm-controller. - Refactors existing cert provider initialization code for code reusability. - Makes `--ca-bundle-secret-name` mandatory. The Helm charts always pass this option and this is required for issue openservicemesh#1939. Signed-off-by: Shashank Ram <shashr2204@gmail.com>
shashankram · Feb 5, 2021 · a31a1db · a31a1db
1 parent 13e95e3
commit a31a1db
Show file tree

Hide file tree

Showing 10 changed files with 507 additions and 279 deletions.
diff --git a/cmd/osm-controller/certificates.go b/cmd/osm-controller/certificates.go
diff --git a/cmd/osm-controller/certificates_test.go b/cmd/osm-controller/certificates_test.go
@@ -13,6 +13,7 @@ import (
 	. "github.com/onsi/gomega"
 
 	"github.com/openservicemesh/osm/pkg/certificate/pem"
+	"github.com/openservicemesh/osm/pkg/certificate/providers"
 	"github.com/openservicemesh/osm/pkg/certificate/providers/tresor"
 	"github.com/openservicemesh/osm/pkg/constants"
 	"github.com/openservicemesh/osm/pkg/tests"
@@ -36,6 +37,10 @@ var _ = Describe("Test CMD tools", func() {
 			ns := uuid.New().String()
 			secretName := uuid.New().String()
 
+			certProviderConfig := providers.NewCertificateProviderConfig(kubeClient, nil, nil, osmCertificateManagerKind, ns,
+				secretName, tresorOptions, vaultOptions, certManagerOptions)
+			Expect(err).ToNot(HaveOccurred())
+
 			secret := &corev1.Secret{
 				ObjectMeta: v1.ObjectMeta{
 					Name:      secretName,
@@ -51,7 +56,7 @@ var _ = Describe("Test CMD tools", func() {
 			_, err := kubeClient.CoreV1().Secrets(ns).Create(context.Background(), secret, v1.CreateOptions{})
 			Expect(err).ToNot(HaveOccurred())
 
-			actual, err := getCertFromKubernetes(kubeClient, ns, secretName)
+			actual, err := certProviderConfig.GetCertFromKubernetes()
 			Expect(err).ToNot(HaveOccurred())
 
 			expectedCert := pem.Certificate(certPEM)
@@ -71,7 +76,11 @@ var _ = Describe("Test CMD tools", func() {
 			ns := uuid.New().String()
 			secretName := uuid.New().String()
 
-			rootCert, err := getCertFromKubernetes(kubeClient, ns, secretName)
+			certProviderConfig := providers.NewCertificateProviderConfig(kubeClient, nil, nil, osmCertificateManagerKind, ns,
+				secretName, tresorOptions, vaultOptions, certManagerOptions)
+			Expect(err).ToNot(HaveOccurred())
+
+			rootCert, err := certProviderConfig.GetCertFromKubernetes()
 			Expect(err).ToNot(HaveOccurred())
 			Expect(rootCert).To(BeNil())
 		})
@@ -82,6 +91,10 @@ var _ = Describe("Test CMD tools", func() {
 			ns := uuid.New().String()
 			secretName := uuid.New().String()
 
+			certProviderConfig := providers.NewCertificateProviderConfig(kubeClient, nil, nil, osmCertificateManagerKind, ns,
+				secretName, tresorOptions, vaultOptions, certManagerOptions)
+			Expect(err).ToNot(HaveOccurred())
+
 			keyPEM := []byte(uuid.New().String())
 
 			secret := &corev1.Secret{
@@ -98,7 +111,7 @@ var _ = Describe("Test CMD tools", func() {
 			_, err := kubeClient.CoreV1().Secrets(ns).Create(context.Background(), secret, v1.CreateOptions{})
 			Expect(err).ToNot(HaveOccurred())
 
-			rootCert, err := getCertFromKubernetes(kubeClient, ns, secretName)
+			rootCert, err := certProviderConfig.GetCertFromKubernetes()
 			Expect(err).To(HaveOccurred())
 			Expect(rootCert).To(BeNil())
 		})
@@ -109,6 +122,10 @@ var _ = Describe("Test CMD tools", func() {
 			ns := uuid.New().String()
 			secretName := uuid.New().String()
 
+			certProviderConfig := providers.NewCertificateProviderConfig(kubeClient, nil, nil, osmCertificateManagerKind, ns,
+				secretName, tresorOptions, vaultOptions, certManagerOptions)
+			Expect(err).ToNot(HaveOccurred())
+
 			secret := &corev1.Secret{
 				ObjectMeta: v1.ObjectMeta{
 					Name:      secretName,
@@ -123,7 +140,7 @@ var _ = Describe("Test CMD tools", func() {
 			_, err := kubeClient.CoreV1().Secrets(ns).Create(context.Background(), secret, v1.CreateOptions{})
 			Expect(err).ToNot(HaveOccurred())
 
-			rootCert, err := getCertFromKubernetes(kubeClient, ns, secretName)
+			rootCert, err := certProviderConfig.GetCertFromKubernetes()
 			Expect(err).To(HaveOccurred())
 			Expect(rootCert).To(BeNil())
 		})
@@ -134,6 +151,10 @@ var _ = Describe("Test CMD tools", func() {
 			ns := uuid.New().String()
 			secretName := uuid.New().String()
 
+			certProviderConfig := providers.NewCertificateProviderConfig(kubeClient, nil, nil, osmCertificateManagerKind, ns,
+				secretName, tresorOptions, vaultOptions, certManagerOptions)
+			Expect(err).ToNot(HaveOccurred())
+
 			certPEM := []byte(uuid.New().String())
 			keyPEM := []byte(uuid.New().String())
 
@@ -151,7 +172,7 @@ var _ = Describe("Test CMD tools", func() {
 			_, err := kubeClient.CoreV1().Secrets(ns).Create(context.Background(), secret, v1.CreateOptions{})
 			Expect(err).ToNot(HaveOccurred())
 
-			rootCert, err := getCertFromKubernetes(kubeClient, ns, secretName)
+			rootCert, err := certProviderConfig.GetCertFromKubernetes()
 			Expect(err).To(HaveOccurred())
 			Expect(rootCert).To(BeNil())
 		})