Merge pull request #312 from stuggi/certmanager_module

[tlse] Add certmanager module

Makefile

@@ -15,6 +15,7 @@ $(LOCALBIN):
 ## Tool Binaries
 CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen
 ENVTEST ?= $(LOCALBIN)/setup-envtest
+GINKGO ?= $(LOCALBIN)/ginkgo
 
 ## Tool Versions
 CONTROLLER_TOOLS_VERSION ?= v0.10.0
@@ -43,10 +44,14 @@ vet: gowork ## Run go vet against code.
 	done
 
 .PHONY: test
-test: gowork generate fmt vet envtest ## Run tests.
+test: gowork generate fmt vet envtest ginkgo ## Run tests.
 	for mod in $(shell find modules/ -maxdepth 1 -mindepth 1 -type d); do \
 		pushd ./$$mod ; \
-		KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path)" go test ./... -coverprofile cover.out || exit 1; \
+		if [ -f test/functional/suite_test.go ]; then \
+			KUBEBUILDER_ASSETS="$(shell $(ENVTEST) -v debug --bin-dir $(LOCALBIN) use $(ENVTEST_K8S_VERSION) -p path)" $(GINKGO) --trace --cover --coverprofile cover.out --covermode=atomic ${PROC_CMD} $(GINKGO_ARGS) ./test/... || exit 1; \
+		else \
+			KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path)" go test ./... -coverprofile cover.out || exit 1; \
+		fi; \
 		popd ; \
 	done
 ##@ Build
@@ -79,6 +84,11 @@ envtest: $(ENVTEST) ## Download envtest-setup locally if necessary.
 $(ENVTEST): $(LOCALBIN)
 	GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
 
+.PHONY: ginkgo
+ginkgo: $(GINKGO) ## Download ginkgo locally if necessary.
+$(GINKGO): $(LOCALBIN)
+	test -s $(LOCALBIN)/ginkgo || GOBIN=$(LOCALBIN) go install github.com/onsi/ginkgo/v2/ginkgo
+
 .PHONY: generate
 generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
 	for mod in $(shell find modules/ -maxdepth 1 -mindepth 1 -type d); do \

modules/certmanager/certificate.go

@@ -0,0 +1,130 @@
+/*
+Copyright 2023 Red Hat
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package certmanager
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	certmgrv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
+	"github.com/openstack-k8s-operators/lib-common/modules/common/helper"
+	"github.com/openstack-k8s-operators/lib-common/modules/common/util"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
+
+	k8s_errors "k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// Certificate -
+type Certificate struct {
+	certificate *certmgrv1.Certificate
+	timeout     time.Duration
+}
+
+// NewCertificate returns an initialized Certificate.
+func NewCertificate(
+	certificate *certmgrv1.Certificate,
+	timeout time.Duration,
+) *Certificate {
+	return &Certificate{
+		certificate: certificate,
+		timeout:     timeout,
+	}
+}
+
+// Cert returns an initialized certificate request obj.
+// minimal spec should be:
+// Spec:
+//
+//	commonName: keystone-public-openstack.apps-crc.testing
+//	dnsNames:
+//	- keystone-public-openstack
+//	- keystone-public-openstack.apps-crc.testing
+//	issuerRef:
+//	   kind: Issuer
+//	   name: osp-rootca-issuer
+//	secretName: keystone-public-cert
+func Cert(
+	name string,
+	namespace string,
+	labels map[string]string,
+	spec certmgrv1.CertificateSpec,
+
+) *certmgrv1.Certificate {
+	return &certmgrv1.Certificate{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      name,
+			Namespace: namespace,
+			Labels:    labels,
+		},
+		Spec: spec,
+	}
+}
+
+// CreateOrPatch - creates or patches a certificate, reconciles after Xs if object won't exist.
+func (c *Certificate) CreateOrPatch(
+	ctx context.Context,
+	h *helper.Helper,
+) (ctrl.Result, error) {
+	cert := &certmgrv1.Certificate{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      c.certificate.Name,
+			Namespace: c.certificate.Namespace,
+		},
+	}
+
+	op, err := controllerutil.CreateOrPatch(ctx, h.GetClient(), cert, func() error {
+		cert.Labels = util.MergeStringMaps(cert.Labels, c.certificate.Labels)
+		cert.Annotations = c.certificate.Annotations
+		cert.Spec = c.certificate.Spec
+
+		err := controllerutil.SetControllerReference(h.GetBeforeObject(), cert, h.GetScheme())
+		if err != nil {
+			return err
+		}
+
+		return nil
+	})
+	if err != nil {
+		if k8s_errors.IsNotFound(err) {
+			h.GetLogger().Info(fmt.Sprintf("Certificate %s not found, reconcile in %s", cert.Name, c.timeout))
+			return ctrl.Result{RequeueAfter: c.timeout}, nil
+		}
+		return ctrl.Result{}, err
+	}
+	if op != controllerutil.OperationResultNone {
+		h.GetLogger().Info(fmt.Sprintf("Route %s - %s", cert.Name, op))
+	}
+
+	return ctrl.Result{}, nil
+}
+
+// Delete - delete a certificate.
+func (c *Certificate) Delete(
+	ctx context.Context,
+	h *helper.Helper,
+) error {
+
+	err := h.GetClient().Delete(ctx, c.certificate)
+	if err != nil && !k8s_errors.IsNotFound(err) {
+		return fmt.Errorf("Error deleting certificate %s: %w", c.certificate.Name, err)
+	}
+
+	return nil
+}

modules/certmanager/go.mod

@@ -0,0 +1,96 @@
+module github.com/openstack-k8s-operators/lib-common/modules/certmanager
+
+go 1.19
+
+require (
+	github.com/cert-manager/cert-manager v1.11.4
+	github.com/go-logr/logr v1.2.4
+	github.com/google/uuid v1.3.0
+	github.com/onsi/ginkgo/v2 v2.11.0
+	github.com/onsi/gomega v1.27.8
+	github.com/openstack-k8s-operators/lib-common/modules/common v0.1.0
+	github.com/openstack-k8s-operators/lib-common/modules/test v0.0.0-20230612101529-af40f24b2b62
+	go.uber.org/zap v1.24.0
+	k8s.io/api v0.26.6
+	k8s.io/apimachinery v0.26.6
+	k8s.io/client-go v0.26.6
+	sigs.k8s.io/controller-runtime v0.14.6
+)
+
+require (
+	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/cespare/xxhash/v2 v2.2.0 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/emicklei/go-restful/v3 v3.10.1 // indirect
+	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
+	github.com/fsnotify/fsnotify v1.6.0 // indirect
+	github.com/go-logr/zapr v1.2.3 // indirect
+	github.com/go-openapi/jsonpointer v0.19.6 // indirect
+	github.com/go-openapi/jsonreference v0.20.1 // indirect
+	github.com/go-openapi/swag v0.22.3 // indirect
+	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/google/gnostic v0.6.9 // indirect
+	github.com/google/go-cmp v0.5.9 // indirect
+	github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 // indirect
+	github.com/gophercloud/gophercloud v1.5.0 // indirect
+	github.com/imdario/mergo v0.3.16 // indirect
+	github.com/josharian/intern v1.0.0 // indirect
+	github.com/k8snetworkplumbingwg/network-attachment-definition-client v1.4.0 // indirect
+	github.com/mailru/easyjson v0.7.7 // indirect
+	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/openshift/api v3.9.0+incompatible // indirect
+	github.com/openstack-k8s-operators/infra-operator/apis v0.0.0-20230720153501-076b82bb4427 // indirect
+	github.com/openstack-k8s-operators/keystone-operator/api v0.0.0-20230612072624-8ebcfc19377a // indirect
+	github.com/openstack-k8s-operators/lib-common/modules/openstack v0.0.0-20230606033311-3b01713e4d45 // indirect
+	github.com/openstack-k8s-operators/mariadb-operator/api v0.0.0-20230717141726-1bd909777952 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/prometheus/client_golang v1.14.0 // indirect
+	github.com/prometheus/client_model v0.3.0 // indirect
+	github.com/prometheus/common v0.37.0 // indirect
+	github.com/prometheus/procfs v0.8.0 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
+	go.uber.org/atomic v1.9.0 // indirect
+	go.uber.org/multierr v1.8.0 // indirect
+	golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 // indirect
+	golang.org/x/oauth2 v0.4.0 // indirect
+	golang.org/x/sys v0.9.0 // indirect
+	golang.org/x/term v0.8.0 // indirect
+	golang.org/x/time v0.3.0 // indirect
+	golang.org/x/tools v0.9.3 // indirect
+	gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect
+	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/protobuf v1.28.1 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+	k8s.io/apiextensions-apiserver v0.26.6 // indirect
+	k8s.io/component-base v0.26.6 // indirect
+	k8s.io/kube-openapi v0.0.0-20230308215209-15aac26d736a // indirect
+	sigs.k8s.io/gateway-api v0.6.0 // indirect
+	sigs.k8s.io/yaml v1.3.0 // indirect
+)
+
+require (
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/google/gofuzz v1.2.0 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	golang.org/x/net v0.10.0 // indirect
+	golang.org/x/text v0.9.0 // indirect
+	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+	k8s.io/klog/v2 v2.100.1 // indirect
+	k8s.io/utils v0.0.0-20230711102312-30195339c3c7 // indirect; indirect // indirect
+	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect; indirect // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
+)
+
+replace github.com/openstack-k8s-operators/lib-common/modules/common => ../common
+
+replace github.com/openstack-k8s-operators/lib-common/modules/test => ../test
+
+// mschuppert: map to latest commit from release-4.13 tag
+// must consistent within modules and service operators
+replace github.com/openshift/api => github.com/openshift/api v0.0.0-20230414143018-3367bc7e6ac7