Skip to content

Commit

Permalink
Merge pull request #3929 from Azure/bvesel/refactor-clean-up
Browse files Browse the repository at this point in the history
Use constant / function names everywhere possible
  • Loading branch information
fahlmant authored Oct 31, 2024
2 parents 27c26e1 + 122ac0f commit 8a2f3dd
Show file tree
Hide file tree
Showing 3 changed files with 15 additions and 15 deletions.
8 changes: 2 additions & 6 deletions pkg/cluster/correct_cert_issuer.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,10 +13,6 @@ import (
"github.com/Azure/ARO-RP/pkg/util/keyvault"
)

const (
OneCertIssuerName = "OneCertV2-PublicCA"
)

// if the cluster is using a managed domain and has a DigiCert-issued
// certificate, replace the certificate with one issued by OneCert. This
// ensures that clusters upgrading to 4.16 aren't blocked due to the SHA-1
Expand All @@ -33,13 +29,13 @@ func (m *manager) correctCertificateIssuer(ctx context.Context) error {

if domain != "" {
apiHostname := strings.Split(strings.TrimPrefix(m.doc.OpenShiftCluster.Properties.APIServerProfile.URL, "https://"), ":")[0]
err := m.ensureCertificateIssuer(ctx, m.APICertName(), apiHostname, OneCertIssuerName)
err := m.ensureCertificateIssuer(ctx, m.APICertName(), apiHostname, OneCertPublicIssuerName)
if err != nil {
return err
}

ingressHostname := "*" + strings.TrimSuffix(strings.TrimPrefix(m.doc.OpenShiftCluster.Properties.ConsoleProfile.URL, "https://console-openshift-console"), "/")
err = m.ensureCertificateIssuer(ctx, m.IngressCertName(), ingressHostname, OneCertIssuerName)
err = m.ensureCertificateIssuer(ctx, m.IngressCertName(), ingressHostname, OneCertPublicIssuerName)
if err != nil {
return err
}
Expand Down
4 changes: 2 additions & 2 deletions pkg/cluster/delete.go
Original file line number Diff line number Diff line change
Expand Up @@ -566,13 +566,13 @@ func (m *manager) Delete(ctx context.Context) error {

if managedDomain != "" {
m.log.Print("deleting signed apiserver certificate")
err = m.env.ClusterKeyvault().EnsureCertificateDeleted(ctx, m.doc.ID+"-apiserver")
err = m.env.ClusterKeyvault().EnsureCertificateDeleted(ctx, m.APICertName())
if err != nil {
return err
}

m.log.Print("deleting signed ingress certificate")
err = m.env.ClusterKeyvault().EnsureCertificateDeleted(ctx, m.doc.ID+"-ingress")
err = m.env.ClusterKeyvault().EnsureCertificateDeleted(ctx, m.IngressCertName())
if err != nil {
return err
}
Expand Down
18 changes: 11 additions & 7 deletions pkg/cluster/tls.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,10 @@ import (
"github.com/Azure/ARO-RP/pkg/util/keyvault"
)

const (
OneCertPublicIssuerName = "OneCertV2-PublicCA"
)

func (m *manager) createCertificates(ctx context.Context) error {
if m.env.FeatureIsSet(env.FeatureDisableSignedCertificates) {
return nil
Expand All @@ -36,18 +40,18 @@ func (m *manager) createCertificates(ctx context.Context) error {
commonName string
}{
{
certificateName: m.doc.ID + "-apiserver",
certificateName: m.APICertName(),
commonName: "api." + managedDomain,
},
{
certificateName: m.doc.ID + "-ingress",
certificateName: m.IngressCertName(),
commonName: "*.apps." + managedDomain,
},
}

for _, c := range certs {
m.log.Printf("creating certificate %s", c.certificateName)
err = m.env.ClusterKeyvault().CreateSignedCertificate(ctx, "OneCertV2-PublicCA", c.certificateName, c.commonName, keyvault.EkuServerAuth)
err = m.env.ClusterKeyvault().CreateSignedCertificate(ctx, OneCertPublicIssuerName, c.certificateName, c.commonName, keyvault.EkuServerAuth)
if err != nil {
return err
}
Expand Down Expand Up @@ -80,7 +84,7 @@ func (m *manager) configureAPIServerCertificate(ctx context.Context) error {
}

for _, namespace := range []string{"openshift-config", "openshift-azure-operator"} {
err = EnsureTLSSecretFromKeyvault(ctx, m.env.ClusterKeyvault(), m.ch, types.NamespacedName{Name: m.doc.ID + "-apiserver", Namespace: namespace}, m.doc.ID+"-apiserver")
err = EnsureTLSSecretFromKeyvault(ctx, m.env.ClusterKeyvault(), m.ch, types.NamespacedName{Name: m.APICertName(), Namespace: namespace}, m.APICertName())
if err != nil {
return err
}
Expand All @@ -98,7 +102,7 @@ func (m *manager) configureAPIServerCertificate(ctx context.Context) error {
"api." + managedDomain,
},
ServingCertificate: configv1.SecretNameReference{
Name: m.doc.ID + "-apiserver",
Name: m.APICertName(),
},
},
}
Expand All @@ -123,7 +127,7 @@ func (m *manager) configureIngressCertificate(ctx context.Context) error {
}

for _, namespace := range []string{"openshift-ingress", "openshift-azure-operator"} {
err = EnsureTLSSecretFromKeyvault(ctx, m.env.ClusterKeyvault(), m.ch, types.NamespacedName{Namespace: namespace, Name: m.doc.ID + "-ingress"}, m.doc.ID+"-ingress")
err = EnsureTLSSecretFromKeyvault(ctx, m.env.ClusterKeyvault(), m.ch, types.NamespacedName{Namespace: namespace, Name: m.IngressCertName()}, m.IngressCertName())
if err != nil {
return err
}
Expand All @@ -136,7 +140,7 @@ func (m *manager) configureIngressCertificate(ctx context.Context) error {
}

ic.Spec.DefaultCertificate = &corev1.LocalObjectReference{
Name: m.doc.ID + "-ingress",
Name: m.IngressCertName(),
}

_, err = m.operatorcli.OperatorV1().IngressControllers("openshift-ingress-operator").Update(ctx, ic, metav1.UpdateOptions{})
Expand Down

0 comments on commit 8a2f3dd

Please sign in to comment.