зеркало из https://github.com/Azure/ARO-RP.git
Merge pull request #3929 from Azure/bvesel/refactor-clean-up
Use constant / function names everywhere possible
This commit is contained in:
Taylor Fahlman
GitHub
Коммит
8a2f3dd489
|
|
@ -13,10 +13,6 @@ import (
|
|||
"github.com/Azure/ARO-RP/pkg/util/keyvault"
|
||||
)
|
||||
|
||||
const (
|
||||
OneCertIssuerName = "OneCertV2-PublicCA"
|
||||
)
|
||||
|
||||
// if the cluster is using a managed domain and has a DigiCert-issued
|
||||
// certificate, replace the certificate with one issued by OneCert. This
|
||||
// ensures that clusters upgrading to 4.16 aren't blocked due to the SHA-1
|
||||
|
|
@ -33,13 +29,13 @@ func (m *manager) correctCertificateIssuer(ctx context.Context) error {
|
|||
|
||||
if domain != "" {
|
||||
apiHostname := strings.Split(strings.TrimPrefix(m.doc.OpenShiftCluster.Properties.APIServerProfile.URL, "https://"), ":")[0]
|
||||
err := m.ensureCertificateIssuer(ctx, m.APICertName(), apiHostname, OneCertIssuerName)
|
||||
err := m.ensureCertificateIssuer(ctx, m.APICertName(), apiHostname, OneCertPublicIssuerName)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
ingressHostname := "*" + strings.TrimSuffix(strings.TrimPrefix(m.doc.OpenShiftCluster.Properties.ConsoleProfile.URL, "https://console-openshift-console"), "/")
|
||||
err = m.ensureCertificateIssuer(ctx, m.IngressCertName(), ingressHostname, OneCertIssuerName)
|
||||
err = m.ensureCertificateIssuer(ctx, m.IngressCertName(), ingressHostname, OneCertPublicIssuerName)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
|
|||
|
|
@ -566,13 +566,13 @@ func (m *manager) Delete(ctx context.Context) error {
|
|||
|
||||
if managedDomain != "" {
|
||||
m.log.Print("deleting signed apiserver certificate")
|
||||
err = m.env.ClusterKeyvault().EnsureCertificateDeleted(ctx, m.doc.ID+"-apiserver")
|
||||
err = m.env.ClusterKeyvault().EnsureCertificateDeleted(ctx, m.APICertName())
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
m.log.Print("deleting signed ingress certificate")
|
||||
err = m.env.ClusterKeyvault().EnsureCertificateDeleted(ctx, m.doc.ID+"-ingress")
|
||||
err = m.env.ClusterKeyvault().EnsureCertificateDeleted(ctx, m.IngressCertName())
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
|
|||
|
|
@ -17,6 +17,10 @@ import (
|
|||
"github.com/Azure/ARO-RP/pkg/util/keyvault"
|
||||
)
|
||||
|
||||
const (
|
||||
OneCertPublicIssuerName = "OneCertV2-PublicCA"
|
||||
)
|
||||
|
||||
func (m *manager) createCertificates(ctx context.Context) error {
|
||||
if m.env.FeatureIsSet(env.FeatureDisableSignedCertificates) {
|
||||
return nil
|
||||
|
|
@ -36,18 +40,18 @@ func (m *manager) createCertificates(ctx context.Context) error {
|
|||
commonName string
|
||||
}{
|
||||
{
|
||||
certificateName: m.doc.ID + "-apiserver",
|
||||
certificateName: m.APICertName(),
|
||||
commonName: "api." + managedDomain,
|
||||
},
|
||||
{
|
||||
certificateName: m.doc.ID + "-ingress",
|
||||
certificateName: m.IngressCertName(),
|
||||
commonName: "*.apps." + managedDomain,
|
||||
},
|
||||
}
|
||||
|
||||
for _, c := range certs {
|
||||
m.log.Printf("creating certificate %s", c.certificateName)
|
||||
err = m.env.ClusterKeyvault().CreateSignedCertificate(ctx, "OneCertV2-PublicCA", c.certificateName, c.commonName, keyvault.EkuServerAuth)
|
||||
err = m.env.ClusterKeyvault().CreateSignedCertificate(ctx, OneCertPublicIssuerName, c.certificateName, c.commonName, keyvault.EkuServerAuth)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
@ -80,7 +84,7 @@ func (m *manager) configureAPIServerCertificate(ctx context.Context) error {
|
|||
}
|
||||
|
||||
for _, namespace := range []string{"openshift-config", "openshift-azure-operator"} {
|
||||
err = EnsureTLSSecretFromKeyvault(ctx, m.env.ClusterKeyvault(), m.ch, types.NamespacedName{Name: m.doc.ID + "-apiserver", Namespace: namespace}, m.doc.ID+"-apiserver")
|
||||
err = EnsureTLSSecretFromKeyvault(ctx, m.env.ClusterKeyvault(), m.ch, types.NamespacedName{Name: m.APICertName(), Namespace: namespace}, m.APICertName())
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
@ -98,7 +102,7 @@ func (m *manager) configureAPIServerCertificate(ctx context.Context) error {
|
|||
"api." + managedDomain,
|
||||
},
|
||||
ServingCertificate: configv1.SecretNameReference{
|
||||
Name: m.doc.ID + "-apiserver",
|
||||
Name: m.APICertName(),
|
||||
},
|
||||
},
|
||||
}
|
||||
|
|
@ -123,7 +127,7 @@ func (m *manager) configureIngressCertificate(ctx context.Context) error {
|
|||
}
|
||||
|
||||
for _, namespace := range []string{"openshift-ingress", "openshift-azure-operator"} {
|
||||
err = EnsureTLSSecretFromKeyvault(ctx, m.env.ClusterKeyvault(), m.ch, types.NamespacedName{Namespace: namespace, Name: m.doc.ID + "-ingress"}, m.doc.ID+"-ingress")
|
||||
err = EnsureTLSSecretFromKeyvault(ctx, m.env.ClusterKeyvault(), m.ch, types.NamespacedName{Namespace: namespace, Name: m.IngressCertName()}, m.IngressCertName())
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
@ -136,7 +140,7 @@ func (m *manager) configureIngressCertificate(ctx context.Context) error {
|
|||
}
|
||||
|
||||
ic.Spec.DefaultCertificate = &corev1.LocalObjectReference{
|
||||
Name: m.doc.ID + "-ingress",
|
||||
Name: m.IngressCertName(),
|
||||
}
|
||||
|
||||
_, err = m.operatorcli.OperatorV1().IngressControllers("openshift-ingress-operator").Update(ctx, ic, metav1.UpdateOptions{})
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче