diff --git a/internal/config/config.go b/internal/config/config.go index 3ed1dba9..f8c0f79a 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -28,33 +28,32 @@ const ( ) type RpaasConfig struct { - WebSocketAllowedOrigins []string `json:"websocket-allowed-origins"` - Clusters []ClusterConfig `json:"clusters"` - ConfigDenyPatterns []regexp.Regexp `json:"config-deny-patterns"` - ServiceName string `json:"service-name"` - APIUsername string `json:"api-username"` - APIPassword string `json:"api-password"` - TLSCertificate string `json:"tls-certificate"` - TLSKey string `json:"tls-key"` - DefaultAffinity *corev1.Affinity `json:"default-affinity"` - TeamAffinity map[string]corev1.Affinity `json:"team-affinity"` - SyncInterval time.Duration `json:"sync-interval"` - DashboardTemplate string `json:"dashboard-template"` - DefaultCertManagerIssuer string `json:"default-cert-manager-issuer"` - LoadBalancerNameLabelKey string `json:"loadbalancer-name-label-key"` - WebSocketHandshakeTimeout time.Duration `json:"websocket-handshake-timeout"` - WebSocketReadBufferSize int `json:"websocket-read-buffer-size"` - WebSocketWriteBufferSize int `json:"websocket-write-buffer-size"` - WebSocketPingInterval time.Duration `json:"websocket-ping-interval"` - WebSocketMaxIdleTime time.Duration `json:"websocket-max-idle-time"` - WebSocketWriteWait time.Duration `json:"websocket-write-wait"` - SuppressPrivateKeyOnCertificatesList bool `json:"suppress-private-key-on-certificates-list"` - MultiCluster bool `json:"multi-cluster"` - NamespacedInstances bool `json:"namespaced-instances"` - EnableCertManager bool `json:"enable-cert-manager"` - NewInstanceReplicas int `json:"new-instance-replicas"` - ForbiddenAnnotationsPrefixes []string `json:"forbidden-annotations-prefixes"` - DebugImage string `json:"debug-image"` + WebSocketAllowedOrigins []string `json:"websocket-allowed-origins"` + Clusters []ClusterConfig `json:"clusters"` + ConfigDenyPatterns []regexp.Regexp `json:"config-deny-patterns"` + ServiceName string `json:"service-name"` + APIUsername string `json:"api-username"` + APIPassword string `json:"api-password"` + TLSCertificate string `json:"tls-certificate"` + TLSKey string `json:"tls-key"` + DefaultAffinity *corev1.Affinity `json:"default-affinity"` + TeamAffinity map[string]corev1.Affinity `json:"team-affinity"` + SyncInterval time.Duration `json:"sync-interval"` + DashboardTemplate string `json:"dashboard-template"` + DefaultCertManagerIssuer string `json:"default-cert-manager-issuer"` + LoadBalancerNameLabelKey string `json:"loadbalancer-name-label-key"` + WebSocketHandshakeTimeout time.Duration `json:"websocket-handshake-timeout"` + WebSocketReadBufferSize int `json:"websocket-read-buffer-size"` + WebSocketWriteBufferSize int `json:"websocket-write-buffer-size"` + WebSocketPingInterval time.Duration `json:"websocket-ping-interval"` + WebSocketMaxIdleTime time.Duration `json:"websocket-max-idle-time"` + WebSocketWriteWait time.Duration `json:"websocket-write-wait"` + MultiCluster bool `json:"multi-cluster"` + NamespacedInstances bool `json:"namespaced-instances"` + EnableCertManager bool `json:"enable-cert-manager"` + NewInstanceReplicas int `json:"new-instance-replicas"` + ForbiddenAnnotationsPrefixes []string `json:"forbidden-annotations-prefixes"` + DebugImage string `json:"debug-image"` } type ClusterConfig struct { diff --git a/internal/controllers/certificates/cert_manager.go b/internal/controllers/certificates/cert_manager.go index 1ce28d2c..9f946f48 100644 --- a/internal/controllers/certificates/cert_manager.go +++ b/internal/controllers/certificates/cert_manager.go @@ -104,12 +104,18 @@ func removeOldCertificates(ctx context.Context, c client.Client, instance, insta certName = CertManagerCertificateName } - if err = DeleteCertificate(ctx, c, instance, certName); err != nil { + if err = c.Delete(ctx, &cert); err != nil { return err } - if err = c.Delete(ctx, &cert); err != nil { + var secret corev1.Secret + err = c.Get(ctx, types.NamespacedName{Name: cert.Spec.SecretName, Namespace: instance.Namespace}, &secret) + if err != nil && !k8serrors.IsNotFound(err) { return err + } else if err == nil { + if err = c.Delete(ctx, &secret); err != nil { + return err + } } } diff --git a/internal/pkg/rpaas/certificates.go b/internal/pkg/rpaas/certificates.go index c3a20d2b..232e3235 100644 --- a/internal/pkg/rpaas/certificates.go +++ b/internal/pkg/rpaas/certificates.go @@ -30,6 +30,7 @@ func (m *k8sRpaasManager) GetCertManagerRequests(ctx context.Context, instanceNa var requests []clientTypes.CertManager for _, r := range instance.CertManagerRequests() { requests = append(requests, clientTypes.CertManager{ + Name: r.Name, Issuer: r.Issuer, DNSNames: r.DNSNames, IPAddresses: r.IPAddresses, diff --git a/pkg/web/api.go b/pkg/web/api.go index a8a60cf9..e516317f 100644 --- a/pkg/web/api.go +++ b/pkg/web/api.go @@ -230,7 +230,6 @@ func newEcho(targetFactory target.Factory) *echo.Echo { group.POST("/:instance/certificate", updateCertificate) group.DELETE("/:instance/certificate/:name", deleteCertificate) group.DELETE("/:instance/certificate", deleteCertificate) - group.GET("/:instance/certificate", getCertificates) group.GET("/:instance/cert-manager", listCertManagerRequests) group.POST("/:instance/cert-manager", updateCertManagerRequest) group.DELETE("/:instance/cert-manager", deleteCertManagerRequest) diff --git a/pkg/web/certificate.go b/pkg/web/certificate.go index 9d97f984..ea39805d 100644 --- a/pkg/web/certificate.go +++ b/pkg/web/certificate.go @@ -15,7 +15,6 @@ import ( "github.com/labstack/echo/v4" - "github.com/tsuru/rpaas-operator/internal/config" "github.com/tsuru/rpaas-operator/internal/pkg/rpaas" "github.com/tsuru/rpaas-operator/pkg/rpaas/client/types" ) @@ -71,31 +70,6 @@ func updateCertificate(c echo.Context) error { return c.NoContent(http.StatusOK) } -func getCertificates(c echo.Context) error { - ctx := c.Request().Context() - manager, err := getManager(ctx) - if err != nil { - return err - } - - certList, _, err := manager.GetCertificates(ctx, c.Param("instance")) - if err != nil { - return err - } - - if certList == nil { - certList = make([]rpaas.CertificateData, 0) - } - - if config.Get().SuppressPrivateKeyOnCertificatesList { - for i := range certList { - certList[i].Key = "*** private ***" - } - } - - return c.JSON(http.StatusOK, certList) -} - func listCertManagerRequests(c echo.Context) error { ctx := c.Request().Context() diff --git a/pkg/web/certificate_test.go b/pkg/web/certificate_test.go index f714bf9d..8665032d 100644 --- a/pkg/web/certificate_test.go +++ b/pkg/web/certificate_test.go @@ -19,7 +19,6 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "github.com/tsuru/rpaas-operator/internal/config" "github.com/tsuru/rpaas-operator/internal/pkg/rpaas" "github.com/tsuru/rpaas-operator/internal/pkg/rpaas/fake" clientTypes "github.com/tsuru/rpaas-operator/pkg/rpaas/client/types" @@ -230,90 +229,6 @@ func Test_deleteCertificate(t *testing.T) { } } -func Test_GetCertificates(t *testing.T) { - tests := []struct { - name string - manager rpaas.RpaasManager - instance string - expectedCode int - expectedBody string - config *config.RpaasConfig - }{ - { - name: "when the instance does not exist", - manager: &fake.RpaasManager{}, - instance: "my-instance", - expectedCode: http.StatusOK, - expectedBody: "[]", - }, - { - name: "when the instance and certificate exists", - manager: &fake.RpaasManager{ - FakeGetCertificates: func(instanceName string) ([]rpaas.CertificateData, []clientTypes.Event, error) { - return []rpaas.CertificateData{ - { - Name: "cert-name", - Certificate: `my-certificate`, - Key: `my-key`, - }, - }, nil, nil - }, - }, - instance: "real-instance", - expectedCode: http.StatusOK, - expectedBody: "[{\"name\":\"cert-name\",\"certificate\":\"my-certificate\",\"key\":\"my-key\"}]", - }, - { - name: "when the instance exists but the certificate has a missing key", - manager: &fake.RpaasManager{ - FakeGetCertificates: func(instanceName string) ([]rpaas.CertificateData, []clientTypes.Event, error) { - return nil, nil, fmt.Errorf("key data not found") - }, - }, - instance: "real-instance", - expectedCode: http.StatusInternalServerError, - expectedBody: "{\"message\":\"key data not found\"}", - }, - { - name: "when suppressing private key is enabled", - instance: "my-instance", - config: &config.RpaasConfig{ - SuppressPrivateKeyOnCertificatesList: true, - }, - manager: &fake.RpaasManager{ - FakeGetCertificates: func(instance string) ([]rpaas.CertificateData, []clientTypes.Event, error) { - return []rpaas.CertificateData{ - { - Name: "my-example.com", - Certificate: "X509 certificate", - Key: "PEM ENCODED KEY", - }, - }, nil, nil - }, - }, - expectedCode: http.StatusOK, - expectedBody: "[{\"name\":\"my-example.com\",\"certificate\":\"X509 certificate\",\"key\":\"*** private ***\"}]", - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - if tt.config != nil { - config.Set(*tt.config) - } - srv := newTestingServer(t, tt.manager) - defer srv.Close() - path := fmt.Sprintf("%s/resources/%s/certificate", srv.URL, tt.instance) - request, err := http.NewRequest(http.MethodGet, path, nil) - require.NoError(t, err) - rsp, err := srv.Client().Do(request) - require.NoError(t, err) - assert.Equal(t, tt.expectedCode, rsp.StatusCode) - assert.Equal(t, tt.expectedBody, bodyContent(rsp)) - }) - } -} - func Test_GetCertManagerRequests(t *testing.T) { tests := map[string]struct { manager rpaas.RpaasManager