[certmanager] Allow passing annotations to CAIssuer() and add annotat…

…ions keys Adds annotations as parameter to CAIssuer() which allows to get a CA issuer with wanted annotations. Also adds annotation keys CertDurationAnnotation and CertRenewBeforeAnnotation which can be used by consumers of the issuer to know what the default duration/renewBefore should be used in the cert request. Jira: OSPRH-6749
stuggi · May 17, 2024 · f5a1142 · f5a1142
1 parent 09a6145
commit f5a1142
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 3 deletions.
diff --git a/modules/certmanager/issuer.go b/modules/certmanager/issuer.go
@@ -42,6 +42,13 @@ const (
 	RootCAIssuerOvnDBLabel = "osp-rootca-issuer-ovn"
 	// RootCAIssuerLibvirtLabel for internal RootCA to issue libvirt TLS Certs
 	RootCAIssuerLibvirtLabel = "osp-rootca-issuer-libvirt"
+	// CertDurationAnnotation on an issuer reflects the duration to be used for certs being issued
+	CertDurationAnnotation = "cert-duration"
+	// CertRenewBeforeAnnotation on an issuer reflects the renewBefore to be used for certs being issued
+	CertRenewBeforeAnnotation = "cert-renewbefore"
+	// CertDefaultDuration - fallback duration for certificates if no CertDurationAnnotation
+	// annotation is set on the issuer
+	CertDefaultDuration = "43800h0m0s"
 )
 
 // Issuer -
@@ -86,13 +93,15 @@ func CAIssuer(
 	name string,
 	namespace string,
 	labels map[string]string,
+	annotations map[string]string,
 	secretName string,
 ) *certmgrv1.Issuer {
 	return &certmgrv1.Issuer{
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      name,
-			Namespace: namespace,
-			Labels:    labels,
+			Name:        name,
+			Namespace:   namespace,
+			Labels:      labels,
+			Annotations: annotations,
 		},
 		Spec: certmgrv1.IssuerSpec{
 			IssuerConfig: certmgrv1.IssuerConfig{

diff --git a/modules/certmanager/test/functional/certmanager_test.go b/modules/certmanager/test/functional/certmanager_test.go
@@ -100,6 +100,7 @@ var _ = Describe("certmanager module", func() {
 				"ca",
 				namespace,
 				map[string]string{"f": "l"},
+				map[string]string{"a": "l"},
 				"secret",
 			),
 			timeout,
@@ -111,6 +112,7 @@ var _ = Describe("certmanager module", func() {
 		Expect(issuer.Spec.CA).NotTo(BeNil())
 		Expect(issuer.Spec.CA.SecretName).To(Equal("secret"))
 		Expect(issuer.Labels["f"]).To(Equal("l"))
+		Expect(issuer.Annotations["a"]).To(Equal("l"))
 	})
 
 	It("deletes issuer", func() {
@@ -119,6 +121,7 @@ var _ = Describe("certmanager module", func() {
 				names.IssuerName.Name,
 				names.IssuerName.Namespace,
 				map[string]string{"f": "l"},
+				map[string]string{},
 				"secret",
 			),
 			timeout,
@@ -200,6 +203,7 @@ var _ = Describe("certmanager module", func() {
 				"ca",
 				names.Namespace,
 				map[string]string{"f": "l"},
+				map[string]string{},
 				"secret",
 			),
 			timeout,
@@ -258,6 +262,7 @@ var _ = Describe("certmanager module", func() {
 				"ca",
 				names.Namespace,
 				map[string]string{"f": "l"},
+				map[string]string{},
 				"secret",
 			),
 			timeout,
@@ -314,6 +319,7 @@ var _ = Describe("certmanager module", func() {
 				"ca",
 				names.Namespace,
 				map[string]string{"f": "l"},
+				map[string]string{},
 				"secret",
 			),
 			timeout,