...

Source file src/github.com/cert-manager/issuer-lib/controllers/certificatesigningrequest_controller.go

Documentation: github.com/cert-manager/issuer-lib/controllers 

     1  /*
     2  Copyright 2023 The cert-manager Authors.
     3  
     4  Licensed under the Apache License, Version 2.0 (the "License");
     5  you may not use this file except in compliance with the License.
     6  You may obtain a copy of the License at
     7  
     8      http://www.apache.org/licenses/LICENSE-2.0
     9  
    10  Unless required by applicable law or agreed to in writing, software
    11  distributed under the License is distributed on an "AS IS" BASIS,
    12  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  See the License for the specific language governing permissions and
    14  limitations under the License.
    15  */
    16  
    17  package controllers
    18  
    19  import (
    20  	"context"
    21  	"fmt"
    22  	"strings"
    23  
    24  	certificatesv1 "k8s.io/api/certificates/v1"
    25  	"k8s.io/apimachinery/pkg/runtime"
    26  	"k8s.io/apimachinery/pkg/types"
    27  	ctrl "sigs.k8s.io/controller-runtime"
    28  	"sigs.k8s.io/controller-runtime/pkg/client"
    29  
    30  	v1alpha1 "github.com/cert-manager/issuer-lib/api/v1alpha1"
    31  )
    32  
    33  // CertificateSigningRequestReconciler reconciles a CertificateSigningRequest object
    34  type CertificateSigningRequestReconciler struct {
    35  	RequestController
    36  }
    37  
    38  // matchIssuerType returns the IssuerType and IssuerName that matches the
    39  // signerName of the CertificateSigningRequest. If no match is found, an error
    40  // is returned.
    41  // The signerName of the CertificateSigningRequest should be in the format
    42  // "<issuer-type-id>/<issuer-id>". The issuer-type-id is obtained from the
    43  // GetIssuerTypeIdentifier function of the IssuerType.
    44  // The issuer-id is "<name>" for a ClusterIssuer resource.
    45  func (r *CertificateSigningRequestReconciler) matchIssuerType(requestObject client.Object) (v1alpha1.Issuer, types.NamespacedName, error) {
    46  	csr := requestObject.(*certificatesv1.CertificateSigningRequest)
    47  
    48  	if csr == nil {
    49  		return nil, types.NamespacedName{}, fmt.Errorf("invalid signer name, should have format <issuer-type-id>/<issuer-id>")
    50  	}
    51  
    52  	split := strings.Split(csr.Spec.SignerName, "/")
    53  	if len(split) != 2 {
    54  		return nil, types.NamespacedName{}, fmt.Errorf("invalid signer name, should have format <issuer-type-id>/<issuer-id>: %q", csr.Spec.SignerName)
    55  	}
    56  
    57  	issuerTypeIdentifier := split[0]
    58  	issuerIdentifier := split[1]
    59  
    60  	// Search for matching issuer
    61  	for _, issuerType := range r.AllIssuerTypes() {
    62  		if issuerTypeIdentifier != issuerType.Type.GetIssuerTypeIdentifier() {
    63  			continue
    64  		}
    65  
    66  		issuerObject := issuerType.Type.DeepCopyObject().(v1alpha1.Issuer)
    67  
    68  		issuerName := types.NamespacedName{
    69  			Name: issuerIdentifier,
    70  		}
    71  
    72  		if issuerType.IsNamespaced {
    73  			return nil, types.NamespacedName{}, fmt.Errorf("invalid SignerName, %q is a namespaced issuer type, namespaced issuers are not supported for Kubernetes CSRs", issuerTypeIdentifier)
    74  		}
    75  
    76  		return issuerObject, issuerName, nil
    77  	}
    78  
    79  	return nil, types.NamespacedName{}, fmt.Errorf("no issuer found for signer name: %q", csr.Spec.SignerName)
    80  }
    81  
    82  func (r *CertificateSigningRequestReconciler) Init() *CertificateSigningRequestReconciler {
    83  	r.RequestController.Init(
    84  		&certificatesv1.CertificateSigningRequest{},
    85  		CertificateSigningRequestPredicate{},
    86  		r.matchIssuerType,
    87  		func(o client.Object) RequestObjectHelper {
    88  			return &certificatesigningRequestObjectHelper{
    89  				readOnlyObj: o.(*certificatesv1.CertificateSigningRequest),
    90  			}
    91  		},
    92  	)
    93  
    94  	return r
    95  }
    96  
    97  // SetupWithManager sets up the controller with the Manager.
    98  func (r *CertificateSigningRequestReconciler) SetupWithManager(ctx context.Context, mgr ctrl.Manager) error {
    99  	if err := setupCertificateSigningRequestReconcilerScheme(mgr.GetScheme()); err != nil {
   100  		return err
   101  	}
   102  
   103  	r.Init()
   104  
   105  	return r.RequestController.SetupWithManager(
   106  		ctx,
   107  		mgr,
   108  	)
   109  }
   110  
   111  func setupCertificateSigningRequestReconcilerScheme(scheme *runtime.Scheme) error {
   112  	return certificatesv1.AddToScheme(scheme)
   113  }
   114  

View as plain text