diff --git a/cmd/controller/app/controller.go b/cmd/controller/app/controller.go index 966c1cfea..668c9c85b 100644 --- a/cmd/controller/app/controller.go +++ b/cmd/controller/app/controller.go @@ -24,7 +24,6 @@ import ( "time" corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" dynamicclient "k8s.io/client-go/dynamic" @@ -48,10 +47,10 @@ import ( "github.com/jetstack/cert-manager/pkg/controller" "github.com/jetstack/cert-manager/pkg/controller/clusterissuers" dnsutil "github.com/jetstack/cert-manager/pkg/issuer/acme/dns/util" - "github.com/jetstack/cert-manager/pkg/issuer/acme/http/internal/istio" logf "github.com/jetstack/cert-manager/pkg/logs" "github.com/jetstack/cert-manager/pkg/metrics" "github.com/jetstack/cert-manager/pkg/util" + "github.com/jetstack/cert-manager/pkg/util/istio" ) const controllerAgentName = "cert-manager" @@ -72,14 +71,14 @@ func Run(opts *options.ControllerOptions, stopCh <-chan struct{}) { os.Exit(1) } - ctx.IstioEnabled, err = isIstioInstalled(ctx) + ctx.IstioEnabled, err = istio.IsIstioInstalled(ctx) if err != nil { log.Error(err, "failed to discover if Istio is available") os.Exit(1) } if ctx.IstioEnabled { - ctx.IstioEnabled, err = canListVirtualService(rootCtx, ctx, opts.Namespace) + ctx.IstioEnabled, err = istio.CanListVirtualService(ctx, opts.Namespace) if err != nil { log.Error(err, "failed to list Istio VirtualServices") os.Exit(1) @@ -163,33 +162,6 @@ func Run(opts *options.ControllerOptions, stopCh <-chan struct{}) { startLeaderElection(rootCtx, opts, leaderElectionClient, ctx.Recorder, run) } -func isIstioInstalled(ctx *controller.Context) (bool, error) { - groups, err := ctx.Client.Discovery().ServerGroups() - if err != nil { - return false, err - } - - for _, group := range groups.Groups { - if group.Name == istio.VirtualServiceGvr().Group { - return true, nil - } - } - return false, nil -} - -func canListVirtualService(rootCtx context.Context, ctx *controller.Context, namespace string) (bool, error) { - // Check if sa has permissions to list virtualservice - _, err := ctx.DynamicClient.Resource(istio.VirtualServiceGvr()).Namespace(namespace).List(rootCtx, metav1.ListOptions{}) - if errors.IsForbidden(err) { - return false, nil - } - if err != nil { - return false, err - } - - return true, nil -} - func buildControllerContext(ctx context.Context, stopCh <-chan struct{}, opts *options.ControllerOptions) (*controller.Context, *rest.Config, error) { log := logf.FromContext(ctx, "build-context") // Load the users Kubernetes config diff --git a/pkg/controller/acmechallenges/controller.go b/pkg/controller/acmechallenges/controller.go index dac14fd0b..d959a7495 100644 --- a/pkg/controller/acmechallenges/controller.go +++ b/pkg/controller/acmechallenges/controller.go @@ -35,10 +35,10 @@ import ( cmlisters "github.com/jetstack/cert-manager/pkg/client/listers/certmanager/v1" controllerpkg "github.com/jetstack/cert-manager/pkg/controller" "github.com/jetstack/cert-manager/pkg/controller/acmechallenges/scheduler" + "github.com/jetstack/cert-manager/pkg/internal/apis/istio" "github.com/jetstack/cert-manager/pkg/issuer" "github.com/jetstack/cert-manager/pkg/issuer/acme/dns" "github.com/jetstack/cert-manager/pkg/issuer/acme/http" - "github.com/jetstack/cert-manager/pkg/issuer/acme/http/internal/istio" logf "github.com/jetstack/cert-manager/pkg/logs" ) diff --git a/pkg/util/istio/istio.go b/pkg/util/istio/istio.go new file mode 100644 index 000000000..05843af3d --- /dev/null +++ b/pkg/util/istio/istio.go @@ -0,0 +1,52 @@ +/* +Copyright 2020 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package istio + +import ( + "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + "github.com/jetstack/cert-manager/pkg/controller" + "github.com/jetstack/cert-manager/pkg/internal/apis/istio" +) + +func IsIstioInstalled(ctx *controller.Context) (bool, error) { + groups, err := ctx.Client.Discovery().ServerGroups() + if err != nil { + return false, err + } + + for _, group := range groups.Groups { + if group.Name == istio.VirtualServiceGvr().Group { + return true, nil + } + } + return false, nil +} + +func CanListVirtualService(ctx *controller.Context, namespace string) (bool, error) { + // Check if sa has permissions to list virtualservice + _, err := ctx.DynamicClient.Resource(istio.VirtualServiceGvr()).Namespace(namespace).List(ctx.RootContext, metav1.ListOptions{}) + if errors.IsForbidden(err) { + return false, nil + } + if err != nil { + return false, err + } + + return true, nil +}