From 6ab0db38e45284144f7ad8bad50e86e588248a08 Mon Sep 17 00:00:00 2001 From: Erik Godding Boye Date: Thu, 15 Aug 2024 23:11:00 +0200 Subject: [PATCH] refactor: dedicated target data struct Signed-off-by: Erik Godding Boye --- pkg/bundle/bundle.go | 4 ++-- pkg/bundle/source.go | 31 ++----------------------------- pkg/bundle/target.go | 36 ++++++++++++++++++++++++++++++++++-- pkg/bundle/target_test.go | 4 ++-- 4 files changed, 40 insertions(+), 35 deletions(-) diff --git a/pkg/bundle/bundle.go b/pkg/bundle/bundle.go index cc9953a0..220bc4fa 100644 --- a/pkg/bundle/bundle.go +++ b/pkg/bundle/bundle.go @@ -303,12 +303,12 @@ func (b *bundle) reconcileBundle(ctx context.Context, req ctrl.Request) (result if target.Kind == configMapTarget { syncFunc = func(targetLog logr.Logger, target targetResource, shouldExist bool) (bool, error) { - return b.syncConfigMapTarget(ctx, targetLog, &bundle, target.Name, target.Namespace, resolvedBundle, shouldExist) + return b.syncConfigMapTarget(ctx, targetLog, &bundle, target.Name, target.Namespace, resolvedBundle.targetData, shouldExist) } } if target.Kind == secretTarget { syncFunc = func(targetLog logr.Logger, target targetResource, shouldExist bool) (bool, error) { - return b.syncSecretTarget(ctx, targetLog, &bundle, target.Name, target.Namespace, resolvedBundle, shouldExist) + return b.syncSecretTarget(ctx, targetLog, &bundle, target.Name, target.Namespace, resolvedBundle.targetData, shouldExist) } } diff --git a/pkg/bundle/source.go b/pkg/bundle/source.go index e94c6df2..3c2c33fb 100644 --- a/pkg/bundle/source.go +++ b/pkg/bundle/source.go @@ -27,7 +27,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" trustapi "github.com/cert-manager/trust-manager/pkg/apis/trust/v1alpha1" - "github.com/cert-manager/trust-manager/pkg/bundle/internal/truststore" "github.com/cert-manager/trust-manager/pkg/util" ) @@ -37,8 +36,7 @@ type notFoundError struct{ error } // certificate data from concatenating all the sources together, binary data for any additional formats and // any metadata from the sources which needs to be exposed on the Bundle resource's status field. type bundleData struct { - data string - binaryData map[string][]byte + targetData defaultCAPackageStringID string } @@ -93,7 +91,7 @@ func (b *bundle) buildSourceBundle(ctx context.Context, sources []trustapi.Bundl return bundleData{}, fmt.Errorf("couldn't find any valid certificates in bundle") } - if err := resolvedBundle.populateData(certPool, formats); err != nil { + if err := resolvedBundle.populate(certPool, formats); err != nil { return bundleData{}, err } @@ -193,28 +191,3 @@ func (b *bundle) secretBundle(ctx context.Context, ref *trustapi.SourceObjectKey } return results.String(), nil } - -func (b *bundleData) populateData(pool *util.CertPool, formats *trustapi.AdditionalFormats) error { - b.data = pool.PEM() - - if formats != nil { - b.binaryData = make(map[string][]byte) - - if formats.JKS != nil { - encoded, err := truststore.NewJKSEncoder(*formats.JKS.Password).Encode(pool) - if err != nil { - return fmt.Errorf("failed to encode JKS: %w", err) - } - b.binaryData[formats.JKS.Key] = encoded - } - - if formats.PKCS12 != nil { - encoded, err := truststore.NewPKCS12Encoder(*formats.PKCS12.Password).Encode(pool) - if err != nil { - return fmt.Errorf("failed to encode PKCS12: %w", err) - } - b.binaryData[formats.PKCS12.Key] = encoded - } - } - return nil -} diff --git a/pkg/bundle/target.go b/pkg/bundle/target.go index e857458d..d836359e 100644 --- a/pkg/bundle/target.go +++ b/pkg/bundle/target.go @@ -36,6 +36,8 @@ import ( trustapi "github.com/cert-manager/trust-manager/pkg/apis/trust/v1alpha1" "github.com/cert-manager/trust-manager/pkg/bundle/internal/ssa_client" + "github.com/cert-manager/trust-manager/pkg/bundle/internal/truststore" + "github.com/cert-manager/trust-manager/pkg/util" ) // syncConfigMapTarget syncs the given data to the target ConfigMap in the given namespace. @@ -48,7 +50,7 @@ func (b *bundle) syncConfigMapTarget( bundle *trustapi.Bundle, name string, namespace string, - resolvedBundle bundleData, + resolvedBundle targetData, shouldExist bool, ) (bool, error) { configMap := &metav1.PartialObjectMetadata{ @@ -154,7 +156,7 @@ func (b *bundle) syncSecretTarget( bundle *trustapi.Bundle, name string, namespace string, - resolvedBundle bundleData, + resolvedBundle targetData, shouldExist bool, ) (bool, error) { secret := &metav1.PartialObjectMetadata{ @@ -394,3 +396,33 @@ func (b *bundle) patchSecretResource(ctx context.Context, applyConfig *coreapply return nil } + +type targetData struct { + data string + binaryData map[string][]byte +} + +func (b *targetData) populate(pool *util.CertPool, formats *trustapi.AdditionalFormats) error { + b.data = pool.PEM() + + if formats != nil { + b.binaryData = make(map[string][]byte) + + if formats.JKS != nil { + encoded, err := truststore.NewJKSEncoder(*formats.JKS.Password).Encode(pool) + if err != nil { + return fmt.Errorf("failed to encode JKS: %w", err) + } + b.binaryData[formats.JKS.Key] = encoded + } + + if formats.PKCS12 != nil { + encoded, err := truststore.NewPKCS12Encoder(*formats.PKCS12.Password).Encode(pool) + if err != nil { + return fmt.Errorf("failed to encode PKCS12: %w", err) + } + b.binaryData[formats.PKCS12.Key] = encoded + } + } + return nil +} diff --git a/pkg/bundle/target_test.go b/pkg/bundle/target_test.go index 7457aaeb..46e6636b 100644 --- a/pkg/bundle/target_test.go +++ b/pkg/bundle/target_test.go @@ -617,7 +617,7 @@ func Test_syncConfigMapTarget(t *testing.T) { AdditionalFormats: &trustapi.AdditionalFormats{}, }, } - resolvedBundle := bundleData{data: data, binaryData: make(map[string][]byte)} + resolvedBundle := targetData{data: data, binaryData: make(map[string][]byte)} if test.withJKS { spec.Target.AdditionalFormats.JKS = &trustapi.JKS{ KeySelector: trustapi.KeySelector{ @@ -1237,7 +1237,7 @@ func Test_syncSecretTarget(t *testing.T) { AdditionalFormats: &trustapi.AdditionalFormats{}, }, } - resolvedBundle := bundleData{data: data, binaryData: make(map[string][]byte)} + resolvedBundle := targetData{data: data, binaryData: make(map[string][]byte)} if test.withJKS { spec.Target.AdditionalFormats.JKS = &trustapi.JKS{ KeySelector: trustapi.KeySelector{