diff --git a/bundle/manifests/rhtas-operator.clusterserviceversion.yaml b/bundle/manifests/rhtas-operator.clusterserviceversion.yaml index 9e2e425a2..06eb08dbd 100644 --- a/bundle/manifests/rhtas-operator.clusterserviceversion.yaml +++ b/bundle/manifests/rhtas-operator.clusterserviceversion.yaml @@ -297,7 +297,7 @@ metadata: ] capabilities: Seamless Upgrades containerImage: registry.redhat.io/rhtas/rhtas-rhel9-operator@sha256:028b6eec7f821b18cf710237a7613ef76d2bacdeff56462368e4e186f26627cc - createdAt: "2024-09-12T13:55:45Z" + createdAt: "2024-09-16T09:07:25Z" features.operators.openshift.io/cnf: "false" features.operators.openshift.io/cni: "false" features.operators.openshift.io/csi: "false" diff --git a/internal/controller/common/utils/kubernetes/service.go b/internal/controller/common/utils/kubernetes/service.go index 30f699953..1c50fa953 100644 --- a/internal/controller/common/utils/kubernetes/service.go +++ b/internal/controller/common/utils/kubernetes/service.go @@ -2,14 +2,14 @@ package kubernetes import ( "context" - "fmt" + "errors" corev1 "k8s.io/api/core/v1" + apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/types" - "sigs.k8s.io/controller-runtime/pkg/client" - + "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/util/intstr" + "sigs.k8s.io/controller-runtime/pkg/client" ) func CreateService(namespace string, name string, portName string, port int, targetPort int32, labels map[string]string) *corev1.Service { @@ -33,35 +33,25 @@ func CreateService(namespace string, name string, portName string, port int, tar } } -func GetInternalUrl(ctx context.Context, cli client.Client, namespace, serviceName string) (string, error) { - svc := &corev1.Service{ - ObjectMeta: metav1.ObjectMeta{ - Name: serviceName, - Namespace: namespace, - }, - } - - err := cli.Get(ctx, types.NamespacedName{ - Name: serviceName, - Namespace: namespace, - }, svc) +func FindService(ctx context.Context, c client.Client, namespace string, labels map[string]string) (*corev1.Service, error) { - if err != nil { - return "", err - } - return fmt.Sprintf("%s.%s.svc.cluster.local", svc.Name, svc.Namespace), nil -} - -func GetService(client client.Client, namespace, serviceName string) (*corev1.Service, error) { - var service corev1.Service + list := &corev1.ServiceList{} - err := client.Get(context.TODO(), types.NamespacedName{ - Name: serviceName, - Namespace: namespace, - }, &service) + err := c.List(ctx, list, client.InNamespace(namespace), client.MatchingLabels(labels)) if err != nil { return nil, err } - return &service, nil + if len(list.Items) > 1 { + return nil, errors.New("duplicate resource") + } + + if len(list.Items) == 1 { + return &list.Items[0], nil + } + + return nil, apierrors.NewNotFound(schema.GroupResource{ + Group: list.GetObjectKind().GroupVersionKind().Group, + Resource: list.GetObjectKind().GroupVersionKind().Kind, + }, "") } diff --git a/internal/controller/constants/images.go b/internal/controller/constants/images.go index aa491eaa0..205ee3173 100644 --- a/internal/controller/constants/images.go +++ b/internal/controller/constants/images.go @@ -1,28 +1,28 @@ package constants var ( - TrillianLogSignerImage = "registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:3a73910e112cb7b8ad04c4063e3840fb70f97ed07fc3eb907573a46b2f8f6b7b" - TrillianServerImage = "registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:23579db8db307a14cad37f5cb1bdf759611decd72d875241184549e31353387f" - TrillianDbImage = "registry.redhat.io/rhtas/trillian-database-rhel9@sha256:310ecbd9247a2af587dd6bca1b262cf5d753938409fb74c59a53622e22eb1c31" + TrillianLogSignerImage = "quay.io/securesign/trillian-logsigner@sha256:3a73910e112cb7b8ad04c4063e3840fb70f97ed07fc3eb907573a46b2f8f6b7b" + TrillianServerImage = "quay.io/securesign/trillian-logserver@sha256:23579db8db307a14cad37f5cb1bdf759611decd72d875241184549e31353387f" + TrillianDbImage = "quay.io/securesign/trillian-database@sha256:310ecbd9247a2af587dd6bca1b262cf5d753938409fb74c59a53622e22eb1c31" // TODO: remove and check the DB pod status TrillianNetcatImage = "registry.redhat.io/openshift4/ose-tools-rhel8@sha256:486b4d2dd0d10c5ef0212714c94334e04fe8a3d36cf619881986201a50f123c7" - FulcioServerImage = "registry.redhat.io/rhtas/fulcio-rhel9@sha256:a384c19951fb77813cdefb8057bbe3670ef489eb61172d8fd2dde47b23aecebc" + FulcioServerImage = "quay.io/securesign/fulcio-server@sha256:a384c19951fb77813cdefb8057bbe3670ef489eb61172d8fd2dde47b23aecebc" - RekorRedisImage = "registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:c936589847e5658e3be01bf7251da6372712bf98f4d100024a18ea59cfec5975" - RekorServerImage = "registry.redhat.io/rhtas/rekor-server-rhel9@sha256:96efc463b5f5fa631cca2e1a2195bb0abbd72da0c5083a9d90371d245d01387d" - RekorSearchUiImage = "registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:8ed9d49539e2305c2c41e2ad6b9f5763a53e93ab7590de1c413d846544091009" - BackfillRedisImage = "registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:22016378cf4a312ac7b15067e560ea42805c168ddf2ae64adb2fcc784bb9ba15" + RekorRedisImage = "quay.io/securesign/trillian-redis@sha256:c936589847e5658e3be01bf7251da6372712bf98f4d100024a18ea59cfec5975" + RekorServerImage = "quay.io/securesign/rekor-server@sha256:96efc463b5f5fa631cca2e1a2195bb0abbd72da0c5083a9d90371d245d01387d" + RekorSearchUiImage = "quay.io/securesign/rekor-search-ui@sha256:8ed9d49539e2305c2c41e2ad6b9f5763a53e93ab7590de1c413d846544091009" + BackfillRedisImage = "quay.io/securesign/rekor-backfill-redis@sha256:22016378cf4a312ac7b15067e560ea42805c168ddf2ae64adb2fcc784bb9ba15" - TufImage = "registry.redhat.io/rhtas/tuffer@sha256:fc0160028b0bcbc03c69156584ead3dfec6d517dab305386ee238cc0e87433de" + TufImage = "quay.io/securesign/tuffer@sha256:fc0160028b0bcbc03c69156584ead3dfec6d517dab305386ee238cc0e87433de" - CTLogImage = "registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:671c5ea4de7184f0dcdd6c6583d74dc8b0b039799c57efb5e8a31981cd9b415e" + CTLogImage = "quay.io/securesign/certificate-transparency-go@sha256:671c5ea4de7184f0dcdd6c6583d74dc8b0b039799c57efb5e8a31981cd9b415e" HttpServerImage = "registry.access.redhat.com/ubi9/httpd-24@sha256:7874b82335a80269dcf99e5983c2330876f5fe8bdc33dc6aa4374958a2ffaaee" - ClientServerImage_cg = "registry.redhat.io/rhtas/client-server-cg-rhel9@sha256:0469bef1617c60481beda30947f279a0b106d0e54c600e823064a2b5b89bc120" - ClientServerImage_re = "registry.redhat.io/rhtas/client-server-re-rhel9@sha256:7990157e558dc5ff6e315c84a107bbadc7aeb3aaed39a9171e751671be5d89f0" - ClientServerImage_f = "registry.redhat.io/rhtas/client-server-f-rhel9@sha256:aca918e6994ad5f95c71f725428fc3f2865299b1860c2740d1c18f03324cc3c9" - SegmentBackupImage = "registry.redhat.io/rhtas/segment-reporting-rhel9@sha256:625b5beef8b97d0e9fdf1d92bacd31a51de6b8c172e9aac2c98167253738bb61" - TimestampAuthorityImage = "registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:788f298596b5c0c70e06ac210f8e68ce7bf3348c56b7f36eb6b84cdd85f0d01d" + ClientServerImage_cg = "quay.io/securesign/cli-client-server-cg@sha256:0469bef1617c60481beda30947f279a0b106d0e54c600e823064a2b5b89bc120" + ClientServerImage_re = "quay.io/securesign/client-server-re@sha256:7990157e558dc5ff6e315c84a107bbadc7aeb3aaed39a9171e751671be5d89f0" + ClientServerImage_f = "quay.io/securesign/client-server-f@sha256:aca918e6994ad5f95c71f725428fc3f2865299b1860c2740d1c18f03324cc3c9" + SegmentBackupImage = "quay.io/securesign/segment-backup-job@sha256:625b5beef8b97d0e9fdf1d92bacd31a51de6b8c172e9aac2c98167253738bb61" + TimestampAuthorityImage = "quay.io/securesign/timestamp-authority@sha256:788f298596b5c0c70e06ac210f8e68ce7bf3348c56b7f36eb6b84cdd85f0d01d" ) diff --git a/internal/controller/ctlog/actions/constants.go b/internal/controller/ctlog/actions/constants.go deleted file mode 100644 index 9e1a264d7..000000000 --- a/internal/controller/ctlog/actions/constants.go +++ /dev/null @@ -1,22 +0,0 @@ -package actions - -import "github.com/securesign/operator/internal/controller/constants" - -const ( - DeploymentName = "ctlog" - ComponentName = "ctlog" - RBACName = "ctlog" - MonitoringRoleName = "prometheus-k8s-ctlog" - - CertCondition = "FulcioCertAvailable" - ServerPortName = "http" - ServerPort = 80 - HttpsServerPortName = "https" - HttpsServerPort = 443 - ServerTargetPort = 6962 - MetricsPortName = "metrics" - MetricsPort = 6963 - ServerCondition = "ServerAvailable" - - CTLPubLabel = constants.LabelNamespace + "/ctfe.pub" -) diff --git a/internal/controller/ctlog/actions/deployment.go b/internal/controller/ctlog/actions/deployment.go index 824342ea4..32efd2789 100644 --- a/internal/controller/ctlog/actions/deployment.go +++ b/internal/controller/ctlog/actions/deployment.go @@ -4,12 +4,12 @@ import ( "context" "fmt" - cutils "github.com/securesign/operator/internal/controller/common/utils" - rhtasv1alpha1 "github.com/securesign/operator/api/v1alpha1" "github.com/securesign/operator/internal/controller/common/action" + cutils "github.com/securesign/operator/internal/controller/common/utils" "github.com/securesign/operator/internal/controller/common/utils/kubernetes" "github.com/securesign/operator/internal/controller/constants" + constants2 "github.com/securesign/operator/internal/controller/ctlog/constants" "github.com/securesign/operator/internal/controller/ctlog/utils" trillian "github.com/securesign/operator/internal/controller/trillian/actions" "k8s.io/apimachinery/pkg/api/meta" @@ -59,14 +59,14 @@ func (i deployAction) Handle(ctx context.Context, instance *rhtasv1alpha1.CTlog) i.Logger.V(1).Info("Communication to trillian log server is insecure") } - labels := constants.LabelsFor(ComponentName, DeploymentName, instance.Name) + labels := constants.LabelsFor(constants2.ComponentName, constants2.DeploymentName, instance.Name) switch { case instance.Spec.Trillian.Address == "": instance.Spec.Trillian.Address = fmt.Sprintf("%s.%s.svc", trillian.LogserverDeploymentName, instance.Namespace) } - dp, err := utils.CreateDeployment(instance, DeploymentName, RBACName, labels, ServerTargetPort, MetricsPort) + dp, err := utils.CreateDeployment(instance, constants2.DeploymentName, constants2.RBACName, labels, constants2.ServerTargetPort, constants2.MetricsPort) if err != nil { meta.SetStatusCondition(&instance.Status.Conditions, metav1.Condition{ Type: constants.Ready, diff --git a/internal/controller/ctlog/actions/handle_fulcio_root.go b/internal/controller/ctlog/actions/handle_fulcio_root.go index 672d61a8c..ca710d771 100644 --- a/internal/controller/ctlog/actions/handle_fulcio_root.go +++ b/internal/controller/ctlog/actions/handle_fulcio_root.go @@ -8,6 +8,7 @@ import ( "github.com/securesign/operator/internal/controller/common/action" k8sutils "github.com/securesign/operator/internal/controller/common/utils/kubernetes" "github.com/securesign/operator/internal/controller/constants" + constants2 "github.com/securesign/operator/internal/controller/ctlog/constants" "github.com/securesign/operator/internal/controller/fulcio/actions" v1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/equality" @@ -75,7 +76,7 @@ func (g handleFulcioCert) Handle(ctx context.Context, instance *v1alpha1.CTlog) } meta.SetStatusCondition(&instance.Status.Conditions, metav1.Condition{ - Type: CertCondition, + Type: constants2.CertCondition, Status: metav1.ConditionFalse, Reason: constants.Failure, Message: "Cert not found", @@ -111,7 +112,7 @@ func (g handleFulcioCert) Handle(ctx context.Context, instance *v1alpha1.CTlog) } meta.SetStatusCondition(&instance.Status.Conditions, metav1.Condition{ - Type: CertCondition, + Type: constants2.CertCondition, Status: metav1.ConditionTrue, Reason: "Resolved", }, diff --git a/internal/controller/ctlog/actions/handle_fulcio_root_test.go b/internal/controller/ctlog/actions/handle_fulcio_root_test.go index 33c522d68..899a57c94 100644 --- a/internal/controller/ctlog/actions/handle_fulcio_root_test.go +++ b/internal/controller/ctlog/actions/handle_fulcio_root_test.go @@ -4,6 +4,7 @@ import ( "context" "testing" + constants2 "github.com/securesign/operator/internal/controller/ctlog/constants" testAction "github.com/securesign/operator/internal/testing/action" . "github.com/onsi/gomega" @@ -58,7 +59,7 @@ func Test_HandleFulcioCert_Autodiscover(t *testing.T) { g.Expect(i.Status.RootCertificates[0].Key).Should(Equal("key")) g.Expect(i.Status.RootCertificates[0].Name).Should(Equal("secret")) - g.Expect(meta.IsStatusConditionTrue(i.Status.Conditions, CertCondition)).To(BeTrue()) + g.Expect(meta.IsStatusConditionTrue(i.Status.Conditions, constants2.CertCondition)).To(BeTrue()) } func Test_HandleFulcioCert_Empty(t *testing.T) { @@ -150,7 +151,7 @@ func Test_HandleFulcioCert_Configured(t *testing.T) { g.Expect(i.Status.RootCertificates[1].Key).Should(Equal("key")) g.Expect(i.Status.RootCertificates[1].Name).Should(Equal("secret-2")) - g.Expect(meta.IsStatusConditionTrue(i.Status.Conditions, CertCondition)).To(BeTrue()) + g.Expect(meta.IsStatusConditionTrue(i.Status.Conditions, constants2.CertCondition)).To(BeTrue()) } func Test_HandleFulcioCert_Configured_Priority(t *testing.T) { @@ -201,7 +202,7 @@ func Test_HandleFulcioCert_Configured_Priority(t *testing.T) { g.Expect(i.Status.RootCertificates[0].Key).Should(Equal("key")) g.Expect(i.Status.RootCertificates[0].Name).Should(Equal("my-secret")) - g.Expect(meta.IsStatusConditionTrue(i.Status.Conditions, CertCondition)).To(BeTrue()) + g.Expect(meta.IsStatusConditionTrue(i.Status.Conditions, constants2.CertCondition)).To(BeTrue()) } func Test_HandleFulcioCert_Delete_ServerConfig(t *testing.T) { @@ -246,7 +247,7 @@ func Test_HandleFulcioCert_Delete_ServerConfig(t *testing.T) { g.Expect(a.CanHandle(context.TODO(), i)).To(BeTrue()) _ = a.Handle(context.TODO(), i) - g.Expect(meta.IsStatusConditionTrue(i.Status.Conditions, CertCondition)).To(BeTrue()) + g.Expect(meta.IsStatusConditionTrue(i.Status.Conditions, constants2.CertCondition)).To(BeTrue()) g.Expect(i.Status.ServerConfigRef).To(BeNil()) g.Expect(c.Get(context.TODO(), types.NamespacedName{Name: "ctlog-config", Namespace: instance.GetNamespace()}, &v1.Secret{})).To(HaveOccurred()) diff --git a/internal/controller/ctlog/actions/handle_keys.go b/internal/controller/ctlog/actions/handle_keys.go index 9e655e476..09e17e2de 100644 --- a/internal/controller/ctlog/actions/handle_keys.go +++ b/internal/controller/ctlog/actions/handle_keys.go @@ -8,6 +8,7 @@ import ( "github.com/securesign/operator/internal/controller/common/action" k8sutils "github.com/securesign/operator/internal/controller/common/utils/kubernetes" "github.com/securesign/operator/internal/controller/constants" + constants2 "github.com/securesign/operator/internal/controller/ctlog/constants" "github.com/securesign/operator/internal/controller/ctlog/utils" v1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/equality" @@ -107,8 +108,8 @@ func (g handleKeys) Handle(ctx context.Context, instance *v1alpha1.CTlog) *actio data = map[string][]byte{"public": config.PublicKey} } - labels := constants.LabelsFor(ComponentName, DeploymentName, instance.Name) - labels[CTLPubLabel] = "public" + labels := constants.LabelsFor(constants2.ComponentName, constants2.DeploymentName, instance.Name) + labels[constants2.CTLPubLabel] = "public" secret := k8sutils.CreateImmutableSecret(fmt.Sprintf(KeySecretNameFormat, instance.Name), instance.Namespace, data, labels) @@ -117,7 +118,7 @@ func (g handleKeys) Handle(ctx context.Context, instance *v1alpha1.CTlog) *actio } // ensure that only new key is exposed - if err := g.Client.DeleteAllOf(ctx, &v1.Secret{}, client.InNamespace(instance.Namespace), client.MatchingLabels(constants.LabelsFor(ComponentName, DeploymentName, instance.Name)), client.HasLabels{CTLPubLabel}); err != nil { + if err := g.Client.DeleteAllOf(ctx, &v1.Secret{}, client.InNamespace(instance.Namespace), client.MatchingLabels(constants.LabelsFor(constants2.ComponentName, constants2.DeploymentName, instance.Name)), client.HasLabels{constants2.CTLPubLabel}); err != nil { return g.Failed(err) } diff --git a/internal/controller/ctlog/actions/initialize.go b/internal/controller/ctlog/actions/initialize.go index 48510d43c..150f7dbf3 100644 --- a/internal/controller/ctlog/actions/initialize.go +++ b/internal/controller/ctlog/actions/initialize.go @@ -8,6 +8,7 @@ import ( "github.com/securesign/operator/internal/controller/common/action" commonUtils "github.com/securesign/operator/internal/controller/common/utils/kubernetes" "github.com/securesign/operator/internal/controller/constants" + constants2 "github.com/securesign/operator/internal/controller/ctlog/constants" "k8s.io/apimachinery/pkg/api/meta" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) @@ -34,7 +35,7 @@ func (i initializeAction) Handle(ctx context.Context, instance *rhtasv1alpha1.CT ok bool err error ) - labels := constants.LabelsForComponent(ComponentName, instance.Name) + labels := constants.LabelsForComponent(constants2.ComponentName, instance.Name) ok, err = commonUtils.DeploymentIsRunning(ctx, i.Client, instance.Namespace, labels) switch { case errors.Is(err, commonUtils.ErrDeploymentNotReady): diff --git a/internal/controller/ctlog/actions/monitoring.go b/internal/controller/ctlog/actions/monitoring.go index 4e60affa7..3f36c5f6b 100644 --- a/internal/controller/ctlog/actions/monitoring.go +++ b/internal/controller/ctlog/actions/monitoring.go @@ -9,6 +9,7 @@ import ( "github.com/securesign/operator/internal/controller/common/action" "github.com/securesign/operator/internal/controller/common/utils/kubernetes" "github.com/securesign/operator/internal/controller/constants" + constants2 "github.com/securesign/operator/internal/controller/ctlog/constants" v1 "k8s.io/api/rbac/v1" "k8s.io/apimachinery/pkg/api/meta" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -37,11 +38,11 @@ func (i monitoringAction) Handle(ctx context.Context, instance *rhtasv1alpha1.CT err error ) - monitoringLabels := constants.LabelsFor(ComponentName, MonitoringRoleName, instance.Name) + monitoringLabels := constants.LabelsFor(constants2.ComponentName, constants2.MonitoringRoleName, instance.Name) role := kubernetes.CreateRole( instance.Namespace, - MonitoringRoleName, + constants2.MonitoringRoleName, monitoringLabels, []v1.PolicyRule{ { @@ -68,12 +69,12 @@ func (i monitoringAction) Handle(ctx context.Context, instance *rhtasv1alpha1.CT roleBinding := kubernetes.CreateRoleBinding( instance.Namespace, - MonitoringRoleName, + constants2.MonitoringRoleName, monitoringLabels, v1.RoleRef{ APIGroup: v1.SchemeGroupVersion.Group, Kind: "Role", - Name: MonitoringRoleName, + Name: constants2.MonitoringRoleName, }, []v1.Subject{ {Kind: "ServiceAccount", Name: "prometheus-k8s", Namespace: "openshift-monitoring"}, @@ -95,16 +96,16 @@ func (i monitoringAction) Handle(ctx context.Context, instance *rhtasv1alpha1.CT serviceMonitor := kubernetes.CreateServiceMonitor( instance.Namespace, - DeploymentName, + constants2.DeploymentName, monitoringLabels, []monitoringv1.Endpoint{ { Interval: monitoringv1.Duration("30s"), - Port: MetricsPortName, + Port: constants2.MetricsPortName, Scheme: "http", }, }, - constants.LabelsForComponent(ComponentName, instance.Name), + constants.LabelsForComponent(constants2.ComponentName, instance.Name), ) if err = controllerutil.SetControllerReference(instance, serviceMonitor, i.Client.Scheme()); err != nil { diff --git a/internal/controller/ctlog/actions/rbac.go b/internal/controller/ctlog/actions/rbac.go index b5d0028e3..4d1a1461f 100644 --- a/internal/controller/ctlog/actions/rbac.go +++ b/internal/controller/ctlog/actions/rbac.go @@ -8,6 +8,7 @@ import ( "github.com/securesign/operator/internal/controller/common/action" "github.com/securesign/operator/internal/controller/common/utils/kubernetes" "github.com/securesign/operator/internal/controller/constants" + constants2 "github.com/securesign/operator/internal/controller/ctlog/constants" v1 "k8s.io/api/core/v1" rbacv1 "k8s.io/api/rbac/v1" "k8s.io/apimachinery/pkg/api/meta" @@ -36,11 +37,11 @@ func (i rbacAction) Handle(ctx context.Context, instance *rhtasv1alpha1.CTlog) * var ( err error ) - labels := constants.LabelsFor(ComponentName, RBACName, instance.Name) + labels := constants.LabelsFor(constants2.ComponentName, constants2.RBACName, instance.Name) sa := &v1.ServiceAccount{ ObjectMeta: metav1.ObjectMeta{ - Name: RBACName, + Name: constants2.RBACName, Namespace: instance.Namespace, Labels: labels, }, @@ -60,7 +61,7 @@ func (i rbacAction) Handle(ctx context.Context, instance *rhtasv1alpha1.CTlog) * }) return i.FailedWithStatusUpdate(ctx, fmt.Errorf("could not create SA: %w", err), instance) } - role := kubernetes.CreateRole(instance.Namespace, RBACName, labels, []rbacv1.PolicyRule{ + role := kubernetes.CreateRole(instance.Namespace, constants2.RBACName, labels, []rbacv1.PolicyRule{ { APIGroups: []string{""}, Resources: []string{"configmaps"}, @@ -86,13 +87,13 @@ func (i rbacAction) Handle(ctx context.Context, instance *rhtasv1alpha1.CTlog) * }) return i.FailedWithStatusUpdate(ctx, fmt.Errorf("could not create Role: %w", err), instance) } - rb := kubernetes.CreateRoleBinding(instance.Namespace, RBACName, labels, rbacv1.RoleRef{ + rb := kubernetes.CreateRoleBinding(instance.Namespace, constants2.RBACName, labels, rbacv1.RoleRef{ APIGroup: v1.SchemeGroupVersion.Group, Kind: "Role", - Name: RBACName, + Name: constants2.RBACName, }, []rbacv1.Subject{ - {Kind: "ServiceAccount", Name: RBACName, Namespace: instance.Namespace}, + {Kind: "ServiceAccount", Name: constants2.RBACName, Namespace: instance.Namespace}, }) if err = ctrl.SetControllerReference(instance, rb, i.Client.Scheme()); err != nil { diff --git a/internal/controller/ctlog/actions/resolve_tree.go b/internal/controller/ctlog/actions/resolve_tree.go index 0c885551a..d7cf6a3a2 100644 --- a/internal/controller/ctlog/actions/resolve_tree.go +++ b/internal/controller/ctlog/actions/resolve_tree.go @@ -9,6 +9,7 @@ import ( "github.com/securesign/operator/internal/controller/common" "github.com/securesign/operator/internal/controller/common/action" "github.com/securesign/operator/internal/controller/constants" + constants2 "github.com/securesign/operator/internal/controller/ctlog/constants" "github.com/securesign/operator/internal/controller/ctlog/utils" actions2 "github.com/securesign/operator/internal/controller/trillian/actions" v1 "k8s.io/api/core/v1" @@ -80,7 +81,7 @@ func (i resolveTreeAction) Handle(ctx context.Context, instance *rhtasv1alpha1.C tree, err = i.createTree(ctx, "ctlog-tree", trillUrl, constants.CreateTreeDeadline) if err != nil { meta.SetStatusCondition(&instance.Status.Conditions, metav1.Condition{ - Type: ServerCondition, + Type: constants2.ServerCondition, Status: metav1.ConditionFalse, Reason: constants.Failure, Message: err.Error(), diff --git a/internal/controller/ctlog/actions/server_config.go b/internal/controller/ctlog/actions/server_config.go index 384102e1e..9f416a523 100644 --- a/internal/controller/ctlog/actions/server_config.go +++ b/internal/controller/ctlog/actions/server_config.go @@ -8,6 +8,7 @@ import ( "github.com/securesign/operator/internal/controller/common/action" utils "github.com/securesign/operator/internal/controller/common/utils/kubernetes" "github.com/securesign/operator/internal/controller/constants" + constants2 "github.com/securesign/operator/internal/controller/ctlog/constants" ctlogUtils "github.com/securesign/operator/internal/controller/ctlog/utils" trillian "github.com/securesign/operator/internal/controller/trillian/actions" corev1 "k8s.io/api/core/v1" @@ -70,7 +71,7 @@ func (i serverConfig) Handle(ctx context.Context, instance *rhtasv1alpha1.CTlog) instance.Spec.Trillian.Address = fmt.Sprintf("%s.%s.svc", trillian.LogserverDeploymentName, instance.Namespace) } - labels := constants.LabelsFor(ComponentName, DeploymentName, instance.Name) + labels := constants.LabelsFor(constants2.ComponentName, constants2.DeploymentName, instance.Name) trillianService := instance.DeepCopy().Spec.Trillian diff --git a/internal/controller/ctlog/actions/service.go b/internal/controller/ctlog/actions/service.go index 5bec77935..726efb38a 100644 --- a/internal/controller/ctlog/actions/service.go +++ b/internal/controller/ctlog/actions/service.go @@ -9,6 +9,7 @@ import ( "github.com/securesign/operator/internal/controller/common/utils/kubernetes" k8sutils "github.com/securesign/operator/internal/controller/common/utils/kubernetes" "github.com/securesign/operator/internal/controller/constants" + constants2 "github.com/securesign/operator/internal/controller/ctlog/constants" "github.com/securesign/operator/internal/controller/ctlog/utils" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/meta" @@ -40,24 +41,21 @@ func (i serviceAction) Handle(ctx context.Context, instance *rhtasv1alpha1.CTlog updated bool ) - labels := constants.LabelsFor(ComponentName, ComponentName, instance.Name) + labels := constants.LabelsFor(constants2.ComponentName, constants2.ComponentName, instance.Name) var port int - var portName string if utils.UseTLS(instance) { - port = HttpsServerPort - portName = HttpsServerPortName + port = constants2.HttpsServerPort } else { - port = ServerPort - portName = ServerPortName + port = constants2.ServerPort } - svc := kubernetes.CreateService(instance.Namespace, ComponentName, portName, port, ServerTargetPort, labels) + svc := kubernetes.CreateService(instance.Namespace, constants2.ComponentName, constants2.ServerPortName, port, constants2.ServerTargetPort, labels) if instance.Spec.Monitoring.Enabled { svc.Spec.Ports = append(svc.Spec.Ports, corev1.ServicePort{ - Name: MetricsPortName, + Name: constants2.MetricsPortName, Protocol: corev1.ProtocolTCP, - Port: MetricsPort, - TargetPort: intstr.FromInt32(MetricsPort), + Port: constants2.MetricsPort, + TargetPort: intstr.FromInt32(constants2.MetricsPort), }) } diff --git a/internal/controller/ctlog/constants/constants.go b/internal/controller/ctlog/constants/constants.go new file mode 100644 index 000000000..625ee451d --- /dev/null +++ b/internal/controller/ctlog/constants/constants.go @@ -0,0 +1,21 @@ +package constants + +import "github.com/securesign/operator/internal/controller/constants" + +const ( + DeploymentName = "ctlog" + ComponentName = "ctlog" + RBACName = "ctlog" + MonitoringRoleName = "prometheus-k8s-ctlog" + + CertCondition = "FulcioCertAvailable" + ServerPortName = "ctlog-server" + HttpsServerPort = 443 + ServerPort = 80 + ServerTargetPort = 6962 + MetricsPortName = "metrics" + MetricsPort = 6963 + ServerCondition = "ServerAvailable" + + CTLPubLabel = constants.LabelNamespace + "/ctfe.pub" +) diff --git a/internal/controller/ctlog/ctlog_controller.go b/internal/controller/ctlog/ctlog_controller.go index f4a7052fc..0802ecfea 100644 --- a/internal/controller/ctlog/ctlog_controller.go +++ b/internal/controller/ctlog/ctlog_controller.go @@ -22,6 +22,7 @@ import ( olpredicate "github.com/operator-framework/operator-lib/predicate" "github.com/securesign/operator/internal/controller/annotations" "github.com/securesign/operator/internal/controller/common/action/transitions" + "github.com/securesign/operator/internal/controller/ctlog/constants" "k8s.io/apimachinery/pkg/runtime/schema" "github.com/securesign/operator/internal/controller/ctlog/actions" @@ -89,7 +90,7 @@ func (r *CTlogReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl target := instance.DeepCopy() acs := []action.Action[*rhtasv1alpha1.CTlog]{ transitions.NewToPendingPhaseAction[*rhtasv1alpha1.CTlog](func(_ *rhtasv1alpha1.CTlog) []string { - return []string{actions.CertCondition} + return []string{constants.CertCondition} }), transitions.NewToCreatePhaseAction[*rhtasv1alpha1.CTlog](), diff --git a/internal/controller/ctlog/ctlog_controller_test.go b/internal/controller/ctlog/ctlog_controller_test.go index 54d60daa7..d9de4062b 100644 --- a/internal/controller/ctlog/ctlog_controller_test.go +++ b/internal/controller/ctlog/ctlog_controller_test.go @@ -23,7 +23,7 @@ import ( "github.com/securesign/operator/api/v1alpha1" "github.com/securesign/operator/internal/controller/common/utils/kubernetes" "github.com/securesign/operator/internal/controller/constants" - "github.com/securesign/operator/internal/controller/ctlog/actions" + constants2 "github.com/securesign/operator/internal/controller/ctlog/constants" fulcio "github.com/securesign/operator/internal/controller/fulcio/actions" trillian "github.com/securesign/operator/internal/controller/trillian/actions" k8sTest "github.com/securesign/operator/internal/testing/kubernetes" @@ -149,13 +149,13 @@ var _ = Describe("CTlog controller", func() { deployment := &appsv1.Deployment{} By("Checking if Deployment was successfully created in the reconciliation") Eventually(func() error { - return k8sClient.Get(ctx, types.NamespacedName{Name: actions.DeploymentName, Namespace: Namespace}, deployment) + return k8sClient.Get(ctx, types.NamespacedName{Name: constants2.DeploymentName, Namespace: Namespace}, deployment) }).Should(Succeed()) By("Checking if Service was successfully created in the reconciliation") service := &corev1.Service{} Eventually(func() error { - return k8sClient.Get(ctx, types.NamespacedName{Name: actions.ComponentName, Namespace: Namespace}, service) + return k8sClient.Get(ctx, types.NamespacedName{Name: constants2.ComponentName, Namespace: Namespace}, service) }).Should(Succeed()) Expect(service.Spec.Ports[0].Port).Should(Equal(int32(80))) @@ -173,14 +173,14 @@ var _ = Describe("CTlog controller", func() { By("Checking if controller will return deployment to desired state") deployment = &appsv1.Deployment{} Eventually(func() error { - return k8sClient.Get(ctx, types.NamespacedName{Name: actions.DeploymentName, Namespace: Namespace}, deployment) + return k8sClient.Get(ctx, types.NamespacedName{Name: constants2.DeploymentName, Namespace: Namespace}, deployment) }).Should(Succeed()) replicas := int32(99) deployment.Spec.Replicas = &replicas Expect(k8sClient.Status().Update(ctx, deployment)).Should(Succeed()) Eventually(func(g Gomega) int32 { deployment = &appsv1.Deployment{} - g.Expect(k8sClient.Get(ctx, types.NamespacedName{Name: actions.DeploymentName, Namespace: Namespace}, deployment)).Should(Succeed()) + g.Expect(k8sClient.Get(ctx, types.NamespacedName{Name: constants2.DeploymentName, Namespace: Namespace}, deployment)).Should(Succeed()) return *deployment.Spec.Replicas }).Should(Equal(int32(1))) }) diff --git a/internal/controller/ctlog/ctlog_hot_update_test.go b/internal/controller/ctlog/ctlog_hot_update_test.go index be59556e5..6e1ec4e02 100644 --- a/internal/controller/ctlog/ctlog_hot_update_test.go +++ b/internal/controller/ctlog/ctlog_hot_update_test.go @@ -20,6 +20,7 @@ import ( "context" "time" + constants2 "github.com/securesign/operator/internal/controller/ctlog/constants" k8sTest "github.com/securesign/operator/internal/testing/kubernetes" "github.com/securesign/operator/internal/controller/ctlog/utils" @@ -27,7 +28,6 @@ import ( "github.com/securesign/operator/api/v1alpha1" "github.com/securesign/operator/internal/controller/common/utils/kubernetes" "github.com/securesign/operator/internal/controller/constants" - "github.com/securesign/operator/internal/controller/ctlog/actions" fulcio "github.com/securesign/operator/internal/controller/fulcio/actions" trillian "github.com/securesign/operator/internal/controller/trillian/actions" "k8s.io/apimachinery/pkg/api/equality" @@ -125,7 +125,7 @@ var _ = Describe("CTlog update test", func() { deployment := &appsv1.Deployment{} By("Checking if Deployment was successfully created in the reconciliation") Eventually(func() error { - return k8sClient.Get(ctx, types.NamespacedName{Name: actions.DeploymentName, Namespace: Namespace}, deployment) + return k8sClient.Get(ctx, types.NamespacedName{Name: constants2.DeploymentName, Namespace: Namespace}, deployment) }).Should(Succeed()) By("Move to Ready phase") @@ -160,22 +160,22 @@ var _ = Describe("CTlog update test", func() { By("CTL deployment is updated") Eventually(func() bool { updated := &appsv1.Deployment{} - Expect(k8sClient.Get(ctx, types.NamespacedName{Name: actions.DeploymentName, Namespace: Namespace}, updated)).To(Succeed()) + Expect(k8sClient.Get(ctx, types.NamespacedName{Name: constants2.DeploymentName, Namespace: Namespace}, updated)).To(Succeed()) return equality.Semantic.DeepDerivative(deployment.Spec.Template.Spec.Volumes, updated.Spec.Template.Spec.Volumes) }).Should(BeFalse()) By("Move to Ready phase") deployment = &appsv1.Deployment{} - Expect(k8sClient.Get(ctx, types.NamespacedName{Name: actions.DeploymentName, Namespace: Namespace}, deployment)).To(Succeed()) + Expect(k8sClient.Get(ctx, types.NamespacedName{Name: constants2.DeploymentName, Namespace: Namespace}, deployment)).To(Succeed()) Expect(k8sTest.SetDeploymentToReady(ctx, k8sClient, deployment)).To(Succeed()) By("Private key has changed") key, err := utils.CreatePrivateKey() Expect(err).To(Not(HaveOccurred())) Expect(k8sClient.Create(ctx, kubernetes.CreateSecret("key-secret", Namespace, - map[string][]byte{"private": key.PrivateKey}, constants.LabelsFor(actions.ComponentName, Name, instance.Name)))).To(Succeed()) + map[string][]byte{"private": key.PrivateKey}, constants.LabelsFor(constants2.ComponentName, Name, instance.Name)))).To(Succeed()) - Expect(k8sClient.Get(ctx, types.NamespacedName{Name: actions.DeploymentName, Namespace: Namespace}, deployment)).To(Succeed()) + Expect(k8sClient.Get(ctx, types.NamespacedName{Name: constants2.DeploymentName, Namespace: Namespace}, deployment)).To(Succeed()) found := &v1alpha1.CTlog{} Eventually(func(g Gomega) error { g.Expect(k8sClient.Get(ctx, typeNamespaceName, found)).Should(Succeed()) @@ -198,7 +198,7 @@ var _ = Describe("CTlog update test", func() { By("CTL deployment is updated") Eventually(func(g Gomega) bool { updated := &appsv1.Deployment{} - g.Expect(k8sClient.Get(ctx, types.NamespacedName{Name: actions.DeploymentName, Namespace: Namespace}, updated)).To(Succeed()) + g.Expect(k8sClient.Get(ctx, types.NamespacedName{Name: constants2.DeploymentName, Namespace: Namespace}, updated)).To(Succeed()) return equality.Semantic.DeepDerivative(deployment.Spec.Template.Spec.Volumes, updated.Spec.Template.Spec.Volumes) }).Should(BeFalse()) }) diff --git a/internal/controller/fulcio/actions/deployment.go b/internal/controller/fulcio/actions/deployment.go index 9c1f10243..6b6980bc3 100644 --- a/internal/controller/fulcio/actions/deployment.go +++ b/internal/controller/fulcio/actions/deployment.go @@ -2,12 +2,16 @@ package actions import ( "context" + "errors" "fmt" rhtasv1alpha1 "github.com/securesign/operator/api/v1alpha1" "github.com/securesign/operator/internal/controller/common/action" + "github.com/securesign/operator/internal/controller/common/utils/kubernetes" "github.com/securesign/operator/internal/controller/constants" + ctlogAction "github.com/securesign/operator/internal/controller/ctlog/constants" futils "github.com/securesign/operator/internal/controller/fulcio/utils" + "sigs.k8s.io/controller-runtime/pkg/client" "k8s.io/apimachinery/pkg/api/meta" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -37,29 +41,21 @@ func (i deployAction) Handle(ctx context.Context, instance *rhtasv1alpha1.Fulcio err error ) - labels := constants.LabelsFor(ComponentName, DeploymentName, instance.Name) - useTLS, err := futils.UseTLS(ctx, i.Client, instance) - if err != nil { + instanceCopy := instance.DeepCopy() + if err = resolveCtlAddress(ctx, i.Client, instanceCopy); err != nil { + meta.SetStatusCondition(&instance.Status.Conditions, metav1.Condition{ + Type: constants.Ready, + Status: metav1.ConditionFalse, + Reason: constants.Creating, + Message: "Resolving CTLog address", + }) + i.StatusUpdate(ctx, instance) return i.Requeue() } - if instance.Spec.Ctlog.Address == "" { - if useTLS { - instance.Spec.Ctlog.Address = fmt.Sprintf("https://ctlog.%s.svc", instance.Namespace) - } else { - instance.Spec.Ctlog.Address = fmt.Sprintf("http://ctlog.%s.svc", instance.Namespace) - } - } - if instance.Spec.Ctlog.Port == nil { - var port int32 - if useTLS { - port = int32(443) - } else { - port = int32(80) - } - instance.Spec.Ctlog.Port = &port - } - dp, err := futils.CreateDeployment(instance, DeploymentName, RBACName, labels) + labels := constants.LabelsFor(ComponentName, DeploymentName, instance.Name) + + dp, err := futils.CreateDeployment(instanceCopy, DeploymentName, RBACName, labels) if err != nil { if err != nil { meta.SetStatusCondition(&instance.Status.Conditions, metav1.Condition{ @@ -72,20 +68,6 @@ func (i deployAction) Handle(ctx context.Context, instance *rhtasv1alpha1.Fulcio } } - if useTLS { - caPath, err := futils.CAPath(ctx, i.Client, instance) - if err != nil { - meta.SetStatusCondition(&instance.Status.Conditions, metav1.Condition{ - Type: constants.Ready, - Status: metav1.ConditionFalse, - Reason: constants.Failure, - Message: err.Error(), - }) - return i.FailedWithStatusUpdate(ctx, fmt.Errorf("could not get CA path: %w", err), instance) - } - dp.Spec.Template.Spec.Containers[0].Args = append(dp.Spec.Template.Spec.Containers[0].Args, "--ct-log.tls-ca-cert", caPath) - } - if err = controllerutil.SetControllerReference(instance, dp, i.Client.Scheme()); err != nil { return i.Failed(fmt.Errorf("could not set controller reference for Deployment: %w", err)) } @@ -108,3 +90,37 @@ func (i deployAction) Handle(ctx context.Context, instance *rhtasv1alpha1.Fulcio return i.Continue() } } + +func resolveCtlAddress(ctx context.Context, cli client.Client, instance *rhtasv1alpha1.Fulcio) error { + if instance.Spec.Ctlog.Prefix == "" { + return futils.CtlogPrefixNotSpecified + } + + if instance.Spec.Ctlog.Address != "" { + if instance.Spec.Ctlog.Port == nil { + return futils.CtlogPortNotSpecified + } + return nil + } + + svc, err := kubernetes.FindService(ctx, cli, instance.Namespace, constants.LabelsForComponent(ctlogAction.ComponentName, instance.Name)) + if err != nil { + return err + } + + for _, port := range svc.Spec.Ports { + if port.Name == ctlogAction.ServerPortName { + var protocol string + instance.Spec.Ctlog.Port = &port.Port + switch port.Port { + case 443: + protocol = "https://" + case 80: + protocol = "http://" + } + instance.Spec.Ctlog.Address = fmt.Sprintf("%s%s.%s.svc", protocol, svc.Name, svc.Namespace) + return nil + } + } + return errors.New("protocol name not found") +} diff --git a/internal/controller/fulcio/utils/fulcio_deployment.go b/internal/controller/fulcio/utils/fulcio_deployment.go index a38544abd..b59caa2fb 100644 --- a/internal/controller/fulcio/utils/fulcio_deployment.go +++ b/internal/controller/fulcio/utils/fulcio_deployment.go @@ -29,6 +29,20 @@ func CreateDeployment(instance *v1alpha1.Fulcio, deploymentName string, sa strin return nil, errors.New("CA secret is not specified") } + var err error + switch { + case instance.Spec.Ctlog.Address == "": + err = fmt.Errorf("CreateDeployment: %w", CtlogAddressNotSpecified) + case instance.Spec.Ctlog.Port == nil: + err = fmt.Errorf("CreateDeployment: %w", CtlogPortNotSpecified) + case instance.Spec.Ctlog.Prefix == "": + err = fmt.Errorf("CreateDeployment: %w", CtlogPrefixNotSpecified) + } + + if err != nil { + return nil, err + } + containerPorts := []corev1.ContainerPort{ { Protocol: corev1.ProtocolTCP, @@ -56,26 +70,9 @@ func CreateDeployment(instance *v1alpha1.Fulcio, deploymentName string, sa strin "/var/run/fulcio-secrets/key.pem", "--fileca-cert", "/var/run/fulcio-secrets/cert.pem", + fmt.Sprintf("--ct-log-url=%s:%d/%s", instance.Spec.Ctlog.Address, *instance.Spec.Ctlog.Port, instance.Spec.Ctlog.Prefix), } - var err error - var ctlogUrl string - switch { - case instance.Spec.Ctlog.Address == "": - err = fmt.Errorf("CreateDeployment: %w", CtlogAddressNotSpecified) - case instance.Spec.Ctlog.Port == nil: - err = fmt.Errorf("CreateDeployment: %w", CtlogPortNotSpecified) - case instance.Spec.Ctlog.Prefix == "": - err = fmt.Errorf("CreateDeployment: %w", CtlogPrefixNotSpecified) - default: - ctlogUrl = fmt.Sprintf("%s:%d/%s", instance.Spec.Ctlog.Address, *instance.Spec.Ctlog.Port, instance.Spec.Ctlog.Prefix) - } - - if err != nil { - return nil, err - } - args = append(args, fmt.Sprintf("--ct-log-url=%s", ctlogUrl)) - env := make([]corev1.EnvVar, 0) if instance.Status.Certificate.PrivateKeyPasswordRef != nil { env = append(env, corev1.EnvVar{ diff --git a/internal/controller/fulcio/utils/tls.go b/internal/controller/fulcio/utils/tls.go deleted file mode 100644 index d229ce561..000000000 --- a/internal/controller/fulcio/utils/tls.go +++ /dev/null @@ -1,51 +0,0 @@ -package utils - -import ( - "context" - "fmt" - - rhtasv1alpha1 "github.com/securesign/operator/api/v1alpha1" - "github.com/securesign/operator/internal/controller/common/utils/kubernetes" - "sigs.k8s.io/controller-runtime/pkg/client" -) - -func UseTLS(ctx context.Context, client client.Client, instance *rhtasv1alpha1.Fulcio) (bool, error) { - - if instance == nil { - return false, nil - } - - service, err := kubernetes.GetService(client, instance.Namespace, "ctlog") - if err != nil { - return false, fmt.Errorf("failed to get ctlog service: %w", err) - } - - for _, port := range service.Spec.Ports { - if port.Name == "https" || port.Port == 443 { - return true, nil - } - } - return kubernetes.IsOpenShift(), nil -} - -func CAPath(ctx context.Context, cli client.Client, instance *rhtasv1alpha1.Fulcio) (string, error) { - if instance.Spec.TrustedCA != nil { - cfgTrust, err := kubernetes.GetConfigMap(ctx, cli, instance.Namespace, instance.Spec.TrustedCA.Name) - if err != nil { - return "", err - } - if len(cfgTrust.Data) != 1 { - err = fmt.Errorf("%s ConfigMap can contain only 1 record", instance.Spec.TrustedCA.Name) - return "", err - } - for key := range cfgTrust.Data { - return "/var/run/configs/tas/ca-trust/" + key, nil - } - } - - if instance.Spec.TrustedCA == nil && kubernetes.IsOpenShift() { - return "/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt", nil - } - - return "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt", nil -} diff --git a/internal/controller/securesign/actions/ensure_ctlog.go b/internal/controller/securesign/actions/ensure_ctlog.go index 539adfeeb..9fc7fc786 100644 --- a/internal/controller/securesign/actions/ensure_ctlog.go +++ b/internal/controller/securesign/actions/ensure_ctlog.go @@ -4,11 +4,11 @@ import ( "context" "github.com/securesign/operator/internal/controller/annotations" + ctlogConstants "github.com/securesign/operator/internal/controller/ctlog/constants" rhtasv1alpha1 "github.com/securesign/operator/api/v1alpha1" "github.com/securesign/operator/internal/controller/common/action" "github.com/securesign/operator/internal/controller/constants" - "github.com/securesign/operator/internal/controller/ctlog/actions" "k8s.io/apimachinery/pkg/api/meta" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "sigs.k8s.io/controller-runtime/pkg/client" @@ -40,7 +40,7 @@ func (i ctlogAction) Handle(ctx context.Context, instance *rhtasv1alpha1.Secures ctlog.Name = instance.Name ctlog.Namespace = instance.Namespace - ctlog.Labels = constants.LabelsFor(actions.ComponentName, ctlog.Name, instance.Name) + ctlog.Labels = constants.LabelsFor(ctlogConstants.ComponentName, ctlog.Name, instance.Name) ctlog.Annotations = annotations.FilterInheritable(instance.Annotations) ctlog.Spec = instance.Spec.Ctlog diff --git a/internal/controller/tuf/actions/deployment.go b/internal/controller/tuf/actions/deployment.go index d7cace5a1..4d00bbbab 100644 --- a/internal/controller/tuf/actions/deployment.go +++ b/internal/controller/tuf/actions/deployment.go @@ -37,7 +37,6 @@ func (i deployAction) Handle(ctx context.Context, instance *rhtasv1alpha1.Tuf) * ) labels := constants.LabelsFor(ComponentName, DeploymentName, instance.Name) - dp := tufutils.CreateTufDeployment(instance, DeploymentName, RBACName, labels) if err = controllerutil.SetControllerReference(instance, dp, i.Client.Scheme()); err != nil { diff --git a/internal/controller/tuf/tuf_controller_test.go b/internal/controller/tuf/tuf_controller_test.go index a3992ad4d..ecf5de53f 100644 --- a/internal/controller/tuf/tuf_controller_test.go +++ b/internal/controller/tuf/tuf_controller_test.go @@ -21,12 +21,12 @@ import ( "maps" "time" + actions2 "github.com/securesign/operator/internal/controller/ctlog/constants" k8sTest "github.com/securesign/operator/internal/testing/kubernetes" "github.com/securesign/operator/api/v1alpha1" "github.com/securesign/operator/internal/controller/common/utils/kubernetes" "github.com/securesign/operator/internal/controller/constants" - actions2 "github.com/securesign/operator/internal/controller/ctlog/actions" "github.com/securesign/operator/internal/controller/tuf/actions" batchv1 "k8s.io/api/batch/v1" v1 "k8s.io/api/networking/v1" diff --git a/test/e2e/support/tas/ctlog/ctlog.go b/test/e2e/support/tas/ctlog/ctlog.go index 0f7b4e969..de77973e0 100644 --- a/test/e2e/support/tas/ctlog/ctlog.go +++ b/test/e2e/support/tas/ctlog/ctlog.go @@ -3,6 +3,7 @@ package ctlog import ( "context" + constants2 "github.com/securesign/operator/internal/controller/ctlog/constants" "github.com/securesign/operator/test/e2e/support" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -10,7 +11,6 @@ import ( "github.com/securesign/operator/api/v1alpha1" "github.com/securesign/operator/internal/controller/common/utils/kubernetes" "github.com/securesign/operator/internal/controller/constants" - "github.com/securesign/operator/internal/controller/ctlog/actions" v1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/meta" "k8s.io/apimachinery/pkg/types" @@ -25,7 +25,7 @@ func Verify(ctx context.Context, cli client.Client, namespace string, name strin Eventually(func(g Gomega) (bool, error) { return kubernetes.DeploymentIsRunning(ctx, cli, namespace, map[string]string{ - kubernetes.ComponentLabel: actions.ComponentName, + kubernetes.ComponentLabel: constants2.ComponentName, }) }).Should(BeTrue()) } @@ -33,7 +33,7 @@ func Verify(ctx context.Context, cli client.Client, namespace string, name strin func GetServerPod(ctx context.Context, cli client.Client, ns string) func() *v1.Pod { return func() *v1.Pod { list := &v1.PodList{} - _ = cli.List(ctx, list, client.InNamespace(ns), client.MatchingLabels{kubernetes.ComponentLabel: actions.ComponentName, kubernetes.NameLabel: "ctlog"}) + _ = cli.List(ctx, list, client.InNamespace(ns), client.MatchingLabels{kubernetes.ComponentLabel: constants2.ComponentName, kubernetes.NameLabel: "ctlog"}) if len(list.Items) != 1 { return nil } diff --git a/test/e2e/update/ctlog_test.go b/test/e2e/update/ctlog_test.go index ea8da81d1..34634d791 100644 --- a/test/e2e/update/ctlog_test.go +++ b/test/e2e/update/ctlog_test.go @@ -6,6 +6,7 @@ import ( "context" "time" + ctlogAction "github.com/securesign/operator/internal/controller/ctlog/constants" "github.com/securesign/operator/test/e2e/support/tas" "github.com/securesign/operator/test/e2e/support/tas/ctlog" @@ -15,7 +16,6 @@ import ( . "github.com/onsi/gomega" "github.com/securesign/operator/api/v1alpha1" "github.com/securesign/operator/internal/controller/constants" - ctlogAction "github.com/securesign/operator/internal/controller/ctlog/actions" tufAction "github.com/securesign/operator/internal/controller/tuf/actions" "github.com/securesign/operator/test/e2e/support" v1 "k8s.io/api/core/v1" diff --git a/test/e2e/update/fulcio_test.go b/test/e2e/update/fulcio_test.go index 7e2ac7b76..f0ff4fd2d 100644 --- a/test/e2e/update/fulcio_test.go +++ b/test/e2e/update/fulcio_test.go @@ -7,6 +7,7 @@ import ( "encoding/json" "time" + ctlogAction "github.com/securesign/operator/internal/controller/ctlog/constants" "github.com/securesign/operator/test/e2e/support/tas" fulcioAction "github.com/securesign/operator/internal/controller/fulcio/actions" @@ -18,7 +19,6 @@ import ( . "github.com/onsi/gomega" "github.com/securesign/operator/api/v1alpha1" "github.com/securesign/operator/internal/controller/constants" - ctlogAction "github.com/securesign/operator/internal/controller/ctlog/actions" tufAction "github.com/securesign/operator/internal/controller/tuf/actions" "github.com/securesign/operator/test/e2e/support" v1 "k8s.io/api/core/v1" diff --git a/test/e2e/upgrade_test.go b/test/e2e/upgrade_test.go index a7975cf6a..a7f9a3e94 100644 --- a/test/e2e/upgrade_test.go +++ b/test/e2e/upgrade_test.go @@ -10,6 +10,7 @@ import ( "strings" "time" + ctl "github.com/securesign/operator/internal/controller/ctlog/constants" "github.com/securesign/operator/test/e2e/support/tas/ctlog" "github.com/securesign/operator/test/e2e/support/tas/fulcio" "github.com/securesign/operator/test/e2e/support/tas/rekor" @@ -25,7 +26,6 @@ import ( tasv1alpha "github.com/securesign/operator/api/v1alpha1" "github.com/securesign/operator/internal/controller/common/utils" "github.com/securesign/operator/internal/controller/constants" - ctl "github.com/securesign/operator/internal/controller/ctlog/actions" fulcioAction "github.com/securesign/operator/internal/controller/fulcio/actions" rekorAction "github.com/securesign/operator/internal/controller/rekor/actions" "github.com/securesign/operator/internal/controller/securesign/actions"