Perform Issuer/ClusterIssuer status updates in controller

pkg/controller/clusterissuers/sync.go

@@ -2,7 +2,6 @@ package issuers
 
 import (
 	"context"
-	"reflect"
 
 	"github.com/golang/glog"
 	"k8s.io/api/core/v1"
@@ -18,17 +17,16 @@ const (
 )
 
 func (c *Controller) Sync(ctx context.Context, iss *v1alpha1.ClusterIssuer) (err error) {
-	i, err := c.issuerFactory.IssuerFor(iss)
+	issuerCopy := iss.DeepCopy()
+	i, err := c.issuerFactory.IssuerFor(issuerCopy)
 
 	if err != nil {
 		return err
 	}
 
-	var status v1alpha1.IssuerStatus
-	status, err = i.Setup(ctx)
-
+	err = i.Setup(ctx)
 	defer func() {
-		if saveErr := c.updateIssuerStatus(iss, status); saveErr != nil {
+		if saveErr := c.updateIssuerStatus(issuerCopy); saveErr != nil {
 			errs := []error{saveErr}
 			if err != nil {
 				errs = append(errs, err)
@@ -40,22 +38,17 @@ func (c *Controller) Sync(ctx context.Context, iss *v1alpha1.ClusterIssuer) (err
 	if err != nil {
 		s := messageErrorInitIssuer + err.Error()
 		glog.Info(s)
-		c.recorder.Event(iss, v1.EventTypeWarning, errorInitIssuer, s)
+		c.recorder.Event(issuerCopy, v1.EventTypeWarning, errorInitIssuer, s)
 		return err
 	}
 
 	return nil
 }
 
-func (c *Controller) updateIssuerStatus(iss *v1alpha1.ClusterIssuer, status v1alpha1.IssuerStatus) error {
-	updateIssuer := iss.DeepCopy()
-	updateIssuer.Status = status
-	if reflect.DeepEqual(iss.Status, updateIssuer.Status) {
-		return nil
-	}
+func (c *Controller) updateIssuerStatus(iss *v1alpha1.ClusterIssuer) error {
 	// TODO: replace Update call with UpdateStatus. This requires a custom API
 	// server with the /status subresource enabled and/or subresource support
 	// for CRDs (https://github.com/kubernetes/kubernetes/issues/38113)
-	_, err := c.cmClient.CertmanagerV1alpha1().ClusterIssuers().Update(updateIssuer)
+	_, err := c.cmClient.CertmanagerV1alpha1().ClusterIssuers().Update(iss)
 	return err
 }

pkg/controller/issuers/sync.go

@@ -2,7 +2,6 @@ package issuers
 
 import (
 	"context"
-	"reflect"
 
 	"github.com/golang/glog"
 	"k8s.io/api/core/v1"
@@ -18,17 +17,16 @@ const (
 )
 
 func (c *Controller) Sync(ctx context.Context, iss *v1alpha1.Issuer) (err error) {
-	i, err := c.issuerFactory.IssuerFor(iss)
+	issuerCopy := iss.DeepCopy()
+	i, err := c.issuerFactory.IssuerFor(issuerCopy)
 
 	if err != nil {
 		return err
 	}
 
-	var status v1alpha1.IssuerStatus
-	status, err = i.Setup(ctx)
-
+	err = i.Setup(ctx)
 	defer func() {
-		if saveErr := c.updateIssuerStatus(iss, status); saveErr != nil {
+		if saveErr := c.updateIssuerStatus(issuerCopy); saveErr != nil {
 			errs := []error{saveErr}
 			if err != nil {
 				errs = append(errs, err)
@@ -40,22 +38,17 @@ func (c *Controller) Sync(ctx context.Context, iss *v1alpha1.Issuer) (err error)
 	if err != nil {
 		s := messageErrorInitIssuer + err.Error()
 		glog.Info(s)
-		c.recorder.Event(iss, v1.EventTypeWarning, errorInitIssuer, s)
+		c.recorder.Event(issuerCopy, v1.EventTypeWarning, errorInitIssuer, s)
 		return err
 	}
 
 	return nil
 }
 
-func (c *Controller) updateIssuerStatus(iss *v1alpha1.Issuer, status v1alpha1.IssuerStatus) error {
-	updateIssuer := iss.DeepCopy()
-	updateIssuer.Status = status
-	if reflect.DeepEqual(iss.Status, updateIssuer.Status) {
-		return nil
-	}
+func (c *Controller) updateIssuerStatus(iss *v1alpha1.Issuer) error {
 	// TODO: replace Update call with UpdateStatus. This requires a custom API
 	// server with the /status subresource enabled and/or subresource support
 	// for CRDs (https://github.com/kubernetes/kubernetes/issues/38113)
-	_, err := c.cmClient.CertmanagerV1alpha1().Issuers(iss.Namespace).Update(updateIssuer)
+	_, err := c.cmClient.CertmanagerV1alpha1().Issuers(iss.Namespace).Update(iss)
 	return err
 }

pkg/issuer/acme/setup.go

@@ -30,19 +30,17 @@ const (
 	messageAccountVerified           = "The ACME account was verified with the ACME server"
 )
 
-func (a *Acme) Setup(ctx context.Context) (v1alpha1.IssuerStatus, error) {
-	update := a.issuer.Copy()
-
-	glog.V(4).Infof("%s: getting acme account private key '%s/%s'", a.issuer.GetObjectMeta().Name, a.resourceNamespace, a.issuer.GetSpec().ACME.PrivateKey)
+func (a *Acme) Setup(ctx context.Context) error {
+	glog.V(4).Infof("%s: getting acme account private key '%s/%s'", a.issuer.GetObjectMeta().Name, a.resourceNamespace, a.issuer.GetSpec().ACME.PrivateKey.Name)
 	cl, err := a.acmeClient()
 	if k8sErrors.IsNotFound(err) {
-		glog.V(4).Infof("%s: generating acme account private key '%s/%s'", a.issuer.GetObjectMeta().Name, a.resourceNamespace, a.issuer.GetSpec().ACME.PrivateKey)
+		glog.V(4).Infof("%s: generating acme account private key '%s/%s'", a.issuer.GetObjectMeta().Name, a.resourceNamespace, a.issuer.GetSpec().ACME.PrivateKey.Name)
 		var accountPrivKey *rsa.PrivateKey
 		accountPrivKey, err = a.createAccountPrivateKey()
 		if err != nil {
 			s := messageAccountRegistrationFailed + err.Error()
-			update.UpdateStatusCondition(v1alpha1.IssuerConditionReady, v1alpha1.ConditionFalse, errorAccountRegistrationFailed, s)
-			return *update.GetStatus(), fmt.Errorf(s)
+			a.issuer.UpdateStatusCondition(v1alpha1.IssuerConditionReady, v1alpha1.ConditionFalse, errorAccountRegistrationFailed, s)
+			return fmt.Errorf(s)
 		}
 		cl = &acme.Client{
 			Key:          accountPrivKey,
@@ -55,13 +53,14 @@ func (a *Acme) Setup(ctx context.Context) (v1alpha1.IssuerStatus, error) {
 		a.recorder.Event(a.issuer, v1.EventTypeWarning, errorAccountVerificationFailed, s)
 	}
 
+	glog.V(4).Infof("Verifying ")
 	glog.V(4).Infof("%s: verifying existing registration with ACME server", a.issuer.GetObjectMeta().Name)
 	_, err = cl.GetReg(ctx, a.issuer.GetStatus().ACMEStatus().URI)
 
 	if err == nil {
 		glog.V(4).Infof("%s: verified existing registration with ACME server", a.issuer.GetObjectMeta().Name)
-		update.UpdateStatusCondition(v1alpha1.IssuerConditionReady, v1alpha1.ConditionTrue, successAccountVerified, messageAccountVerified)
-		return *update.GetStatus(), nil
+		a.issuer.UpdateStatusCondition(v1alpha1.IssuerConditionReady, v1alpha1.ConditionTrue, successAccountVerified, messageAccountVerified)
+		return nil
 	}
 
 	s := messageAccountVerificationFailed + err.Error()
@@ -73,17 +72,16 @@ func (a *Acme) Setup(ctx context.Context) (v1alpha1.IssuerStatus, error) {
 	}
 
 	account, err := cl.Register(ctx, acc, acme.AcceptTOS)
-
 	if err != nil {
 		s := messageAccountRegistrationFailed + err.Error()
-		update.UpdateStatusCondition(v1alpha1.IssuerConditionReady, v1alpha1.ConditionFalse, errorAccountRegistrationFailed, s)
-		return *update.GetStatus(), err
+		a.issuer.UpdateStatusCondition(v1alpha1.IssuerConditionReady, v1alpha1.ConditionFalse, errorAccountRegistrationFailed, s)
+		return err
 	}
 
-	update.UpdateStatusCondition(v1alpha1.IssuerConditionReady, v1alpha1.ConditionTrue, successAccountRegistered, messageAccountRegistered)
-	update.GetStatus().ACMEStatus().URI = account.URI
+	a.issuer.UpdateStatusCondition(v1alpha1.IssuerConditionReady, v1alpha1.ConditionTrue, successAccountRegistered, messageAccountRegistered)
+	a.issuer.GetStatus().ACMEStatus().URI = account.URI
 
-	return *update.GetStatus(), nil
+	return nil
 }
 
 func (a *Acme) createAccountPrivateKey() (*rsa.PrivateKey, error) {

pkg/issuer/ca/setup.go

@@ -24,30 +24,28 @@ const (
 	messageKeyPairVerified = "Signing CA verified"
 )
 
-func (c *CA) Setup(ctx context.Context) (v1alpha1.IssuerStatus, error) {
-	update := c.issuer.Copy()
-
-	cert, err := kube.SecretTLSCert(c.secretsLister, c.resourceNamespace, update.GetSpec().CA.SecretName)
+func (c *CA) Setup(ctx context.Context) error {
+	cert, err := kube.SecretTLSCert(c.secretsLister, c.resourceNamespace, c.issuer.GetSpec().CA.SecretName)
 
 	if k8sErrors.IsNotFound(err) {
 		s := messageErrorGetKeyPair + err.Error()
 		glog.Info(s)
-		c.recorder.Event(update, v1.EventTypeWarning, errorGetKeyPair, s)
-		update.UpdateStatusCondition(v1alpha1.IssuerConditionReady, v1alpha1.ConditionFalse, errorGetKeyPair, s)
-		return *update.GetStatus(), err
+		c.recorder.Event(c.issuer, v1.EventTypeWarning, errorGetKeyPair, s)
+		c.issuer.UpdateStatusCondition(v1alpha1.IssuerConditionReady, v1alpha1.ConditionFalse, errorGetKeyPair, s)
+		return err
 	}
 
 	if !cert.IsCA {
 		s := messageErrorGetKeyPair + "certificate is not a CA"
 		glog.Info(s)
-		c.recorder.Event(update, v1.EventTypeWarning, errorInvalidKeyPair, s)
-		update.UpdateStatusCondition(v1alpha1.IssuerConditionReady, v1alpha1.ConditionFalse, errorInvalidKeyPair, s)
-		return *update.GetStatus(), fmt.Errorf(s)
+		c.recorder.Event(c.issuer, v1.EventTypeWarning, errorInvalidKeyPair, s)
+		c.issuer.UpdateStatusCondition(v1alpha1.IssuerConditionReady, v1alpha1.ConditionFalse, errorInvalidKeyPair, s)
+		return fmt.Errorf(s)
 	}
 
 	glog.Info(messageKeyPairVerified)
-	c.recorder.Event(update, v1.EventTypeNormal, successKeyPairVerified, messageKeyPairVerified)
-	update.UpdateStatusCondition(v1alpha1.IssuerConditionReady, v1alpha1.ConditionTrue, successKeyPairVerified, messageKeyPairVerified)
+	c.recorder.Event(c.issuer, v1.EventTypeNormal, successKeyPairVerified, messageKeyPairVerified)
+	c.issuer.UpdateStatusCondition(v1alpha1.IssuerConditionReady, v1alpha1.ConditionTrue, successKeyPairVerified, messageKeyPairVerified)
 
-	return *update.GetStatus(), nil
+	return nil
 }

pkg/issuer/issuer.go

@@ -10,7 +10,7 @@ type Interface interface {
 	// Setup initialises the issuer. This may include registering accounts with
 	// a service, creating a CA and storing it somewhere, or verifying
 	// credentials and authorization with a remote server.
-	Setup(ctx context.Context) (v1alpha1.IssuerStatus, error)
+	Setup(ctx context.Context) error
 	// Prepare
 	Prepare(context.Context, *v1alpha1.Certificate) error
 	// Issue attempts to issue a certificate as described by the certificate