Resync certificates on changes to their referenced issuers

Signed-off-by: James Munnelly <james@munnelly.eu>
2018-11-28 17:01:15 +00:00 · 2018-11-28 17:01:15 +00:00 · 1cbfa7ada7
commit 1cbfa7ada7
parent dc97dde2ef
2 changed files with 52 additions and 0 deletions
--- a/pkg/controller/certificates/checks.go
+++ b/pkg/controller/certificates/checks.go
@ -29,6 +29,28 @@ import (
 	cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1alpha1"
 )

+func (c *Controller) handleGenericIssuer(obj interface{}) {
+	iss, ok := obj.(cmapi.GenericIssuer)
+	if !ok {
+		runtime.HandleError(fmt.Errorf("Object does not implement GenericIssuer %#v", obj))
+		return
+	}
+
+	certs, err := c.certificatesForGenericIssuer(iss)
+	if err != nil {
+		runtime.HandleError(fmt.Errorf("Error looking up Certificates observing Issuer/ClusterIssuer: %s/%s", iss.GetObjectMeta().Namespace, iss.GetObjectMeta().Name))
+		return
+	}
+	for _, crt := range certs {
+		key, err := keyFunc(crt)
+		if err != nil {
+			runtime.HandleError(err)
+			continue
+		}
+		c.queue.Add(key)
+	}
+}
+
 func (c *Controller) handleSecretResource(obj interface{}) {
 	var secret *corev1.Secret
 	var ok bool
@ -72,6 +94,34 @@ func (c *Controller) certificatesForSecret(secret *corev1.Secret) ([]*cmapi.Cert
 	return affected, nil
 }

+func (c *Controller) certificatesForGenericIssuer(iss cmapi.GenericIssuer) ([]*cmapi.Certificate, error) {
+	crts, err := c.certificateLister.List(labels.NewSelector())
+
+	if err != nil {
+		return nil, fmt.Errorf("error listing certificiates: %s", err.Error())
+	}
+
+	_, isClusterIssuer := iss.(*cmapi.ClusterIssuer)
+
+	var affected []*cmapi.Certificate
+	for _, crt := range crts {
+		if isClusterIssuer && crt.Spec.IssuerRef.Kind != cmapi.ClusterIssuerKind {
+			continue
+		}
+		if !isClusterIssuer {
+			if crt.Namespace != iss.GetObjectMeta().Namespace {
+				continue
+			}
+		}
+		if crt.Spec.IssuerRef.Name != iss.GetObjectMeta().Name {
+			continue
+		}
+		affected = append(affected, crt)
+	}
+
+	return affected, nil
+}
+
 func (c *Controller) handleOwnedResource(obj interface{}) {
 	metaobj, ok := obj.(metav1.Object)
 	if !ok {
--- a/pkg/controller/certificates/controller.go
+++ b/pkg/controller/certificates/controller.go
@ -73,10 +73,12 @@ func New(ctx *controllerpkg.Context) *Controller {
 	ctrl.syncedFuncs = append(ctrl.syncedFuncs, certificateInformer.Informer().HasSynced)

 	issuerInformer := ctrl.SharedInformerFactory.Certmanager().V1alpha1().Issuers()
+	issuerInformer.Informer().AddEventHandler(&controllerpkg.BlockingEventHandler{WorkFunc: ctrl.handleGenericIssuer})
 	ctrl.issuerLister = issuerInformer.Lister()
 	ctrl.syncedFuncs = append(ctrl.syncedFuncs, issuerInformer.Informer().HasSynced)

 	clusterIssuerInformer := ctrl.SharedInformerFactory.Certmanager().V1alpha1().ClusterIssuers()
+	clusterIssuerInformer.Informer().AddEventHandler(&controllerpkg.BlockingEventHandler{WorkFunc: ctrl.handleGenericIssuer})
 	ctrl.clusterIssuerLister = clusterIssuerInformer.Lister()
 	ctrl.syncedFuncs = append(ctrl.syncedFuncs, clusterIssuerInformer.Informer().HasSynced)