diff --git a/pkg/controller/clusterissuers/sync.go b/pkg/controller/clusterissuers/sync.go index bab48f42f..11ae6b175 100644 --- a/pkg/controller/clusterissuers/sync.go +++ b/pkg/controller/clusterissuers/sync.go @@ -2,7 +2,6 @@ package issuers import ( "context" - "reflect" "github.com/golang/glog" "k8s.io/api/core/v1" @@ -18,17 +17,16 @@ const ( ) func (c *Controller) Sync(ctx context.Context, iss *v1alpha1.ClusterIssuer) (err error) { - i, err := c.issuerFactory.IssuerFor(iss) + issuerCopy := iss.DeepCopy() + i, err := c.issuerFactory.IssuerFor(issuerCopy) if err != nil { return err } - var status v1alpha1.IssuerStatus - status, err = i.Setup(ctx) - + err = i.Setup(ctx) defer func() { - if saveErr := c.updateIssuerStatus(iss, status); saveErr != nil { + if saveErr := c.updateIssuerStatus(issuerCopy); saveErr != nil { errs := []error{saveErr} if err != nil { errs = append(errs, err) @@ -40,22 +38,17 @@ func (c *Controller) Sync(ctx context.Context, iss *v1alpha1.ClusterIssuer) (err if err != nil { s := messageErrorInitIssuer + err.Error() glog.Info(s) - c.recorder.Event(iss, v1.EventTypeWarning, errorInitIssuer, s) + c.recorder.Event(issuerCopy, v1.EventTypeWarning, errorInitIssuer, s) return err } return nil } -func (c *Controller) updateIssuerStatus(iss *v1alpha1.ClusterIssuer, status v1alpha1.IssuerStatus) error { - updateIssuer := iss.DeepCopy() - updateIssuer.Status = status - if reflect.DeepEqual(iss.Status, updateIssuer.Status) { - return nil - } +func (c *Controller) updateIssuerStatus(iss *v1alpha1.ClusterIssuer) error { // TODO: replace Update call with UpdateStatus. This requires a custom API // server with the /status subresource enabled and/or subresource support // for CRDs (https://github.com/kubernetes/kubernetes/issues/38113) - _, err := c.cmClient.CertmanagerV1alpha1().ClusterIssuers().Update(updateIssuer) + _, err := c.cmClient.CertmanagerV1alpha1().ClusterIssuers().Update(iss) return err } diff --git a/pkg/controller/issuers/sync.go b/pkg/controller/issuers/sync.go index e4c97f252..a7113707f 100644 --- a/pkg/controller/issuers/sync.go +++ b/pkg/controller/issuers/sync.go @@ -2,7 +2,6 @@ package issuers import ( "context" - "reflect" "github.com/golang/glog" "k8s.io/api/core/v1" @@ -18,17 +17,16 @@ const ( ) func (c *Controller) Sync(ctx context.Context, iss *v1alpha1.Issuer) (err error) { - i, err := c.issuerFactory.IssuerFor(iss) + issuerCopy := iss.DeepCopy() + i, err := c.issuerFactory.IssuerFor(issuerCopy) if err != nil { return err } - var status v1alpha1.IssuerStatus - status, err = i.Setup(ctx) - + err = i.Setup(ctx) defer func() { - if saveErr := c.updateIssuerStatus(iss, status); saveErr != nil { + if saveErr := c.updateIssuerStatus(issuerCopy); saveErr != nil { errs := []error{saveErr} if err != nil { errs = append(errs, err) @@ -40,22 +38,17 @@ func (c *Controller) Sync(ctx context.Context, iss *v1alpha1.Issuer) (err error) if err != nil { s := messageErrorInitIssuer + err.Error() glog.Info(s) - c.recorder.Event(iss, v1.EventTypeWarning, errorInitIssuer, s) + c.recorder.Event(issuerCopy, v1.EventTypeWarning, errorInitIssuer, s) return err } return nil } -func (c *Controller) updateIssuerStatus(iss *v1alpha1.Issuer, status v1alpha1.IssuerStatus) error { - updateIssuer := iss.DeepCopy() - updateIssuer.Status = status - if reflect.DeepEqual(iss.Status, updateIssuer.Status) { - return nil - } +func (c *Controller) updateIssuerStatus(iss *v1alpha1.Issuer) error { // TODO: replace Update call with UpdateStatus. This requires a custom API // server with the /status subresource enabled and/or subresource support // for CRDs (https://github.com/kubernetes/kubernetes/issues/38113) - _, err := c.cmClient.CertmanagerV1alpha1().Issuers(iss.Namespace).Update(updateIssuer) + _, err := c.cmClient.CertmanagerV1alpha1().Issuers(iss.Namespace).Update(iss) return err } diff --git a/pkg/issuer/acme/setup.go b/pkg/issuer/acme/setup.go index 15fb1cf0f..645e3e4cb 100644 --- a/pkg/issuer/acme/setup.go +++ b/pkg/issuer/acme/setup.go @@ -30,19 +30,17 @@ const ( messageAccountVerified = "The ACME account was verified with the ACME server" ) -func (a *Acme) Setup(ctx context.Context) (v1alpha1.IssuerStatus, error) { - update := a.issuer.Copy() - - glog.V(4).Infof("%s: getting acme account private key '%s/%s'", a.issuer.GetObjectMeta().Name, a.resourceNamespace, a.issuer.GetSpec().ACME.PrivateKey) +func (a *Acme) Setup(ctx context.Context) error { + glog.V(4).Infof("%s: getting acme account private key '%s/%s'", a.issuer.GetObjectMeta().Name, a.resourceNamespace, a.issuer.GetSpec().ACME.PrivateKey.Name) cl, err := a.acmeClient() if k8sErrors.IsNotFound(err) { - glog.V(4).Infof("%s: generating acme account private key '%s/%s'", a.issuer.GetObjectMeta().Name, a.resourceNamespace, a.issuer.GetSpec().ACME.PrivateKey) + glog.V(4).Infof("%s: generating acme account private key '%s/%s'", a.issuer.GetObjectMeta().Name, a.resourceNamespace, a.issuer.GetSpec().ACME.PrivateKey.Name) var accountPrivKey *rsa.PrivateKey accountPrivKey, err = a.createAccountPrivateKey() if err != nil { s := messageAccountRegistrationFailed + err.Error() - update.UpdateStatusCondition(v1alpha1.IssuerConditionReady, v1alpha1.ConditionFalse, errorAccountRegistrationFailed, s) - return *update.GetStatus(), fmt.Errorf(s) + a.issuer.UpdateStatusCondition(v1alpha1.IssuerConditionReady, v1alpha1.ConditionFalse, errorAccountRegistrationFailed, s) + return fmt.Errorf(s) } cl = &acme.Client{ Key: accountPrivKey, @@ -55,13 +53,14 @@ func (a *Acme) Setup(ctx context.Context) (v1alpha1.IssuerStatus, error) { a.recorder.Event(a.issuer, v1.EventTypeWarning, errorAccountVerificationFailed, s) } + glog.V(4).Infof("Verifying ") glog.V(4).Infof("%s: verifying existing registration with ACME server", a.issuer.GetObjectMeta().Name) _, err = cl.GetReg(ctx, a.issuer.GetStatus().ACMEStatus().URI) if err == nil { glog.V(4).Infof("%s: verified existing registration with ACME server", a.issuer.GetObjectMeta().Name) - update.UpdateStatusCondition(v1alpha1.IssuerConditionReady, v1alpha1.ConditionTrue, successAccountVerified, messageAccountVerified) - return *update.GetStatus(), nil + a.issuer.UpdateStatusCondition(v1alpha1.IssuerConditionReady, v1alpha1.ConditionTrue, successAccountVerified, messageAccountVerified) + return nil } s := messageAccountVerificationFailed + err.Error() @@ -73,17 +72,16 @@ func (a *Acme) Setup(ctx context.Context) (v1alpha1.IssuerStatus, error) { } account, err := cl.Register(ctx, acc, acme.AcceptTOS) - if err != nil { s := messageAccountRegistrationFailed + err.Error() - update.UpdateStatusCondition(v1alpha1.IssuerConditionReady, v1alpha1.ConditionFalse, errorAccountRegistrationFailed, s) - return *update.GetStatus(), err + a.issuer.UpdateStatusCondition(v1alpha1.IssuerConditionReady, v1alpha1.ConditionFalse, errorAccountRegistrationFailed, s) + return err } - update.UpdateStatusCondition(v1alpha1.IssuerConditionReady, v1alpha1.ConditionTrue, successAccountRegistered, messageAccountRegistered) - update.GetStatus().ACMEStatus().URI = account.URI + a.issuer.UpdateStatusCondition(v1alpha1.IssuerConditionReady, v1alpha1.ConditionTrue, successAccountRegistered, messageAccountRegistered) + a.issuer.GetStatus().ACMEStatus().URI = account.URI - return *update.GetStatus(), nil + return nil } func (a *Acme) createAccountPrivateKey() (*rsa.PrivateKey, error) { diff --git a/pkg/issuer/ca/setup.go b/pkg/issuer/ca/setup.go index ff70156fb..02a728f6d 100644 --- a/pkg/issuer/ca/setup.go +++ b/pkg/issuer/ca/setup.go @@ -24,30 +24,28 @@ const ( messageKeyPairVerified = "Signing CA verified" ) -func (c *CA) Setup(ctx context.Context) (v1alpha1.IssuerStatus, error) { - update := c.issuer.Copy() - - cert, err := kube.SecretTLSCert(c.secretsLister, c.resourceNamespace, update.GetSpec().CA.SecretName) +func (c *CA) Setup(ctx context.Context) error { + cert, err := kube.SecretTLSCert(c.secretsLister, c.resourceNamespace, c.issuer.GetSpec().CA.SecretName) if k8sErrors.IsNotFound(err) { s := messageErrorGetKeyPair + err.Error() glog.Info(s) - c.recorder.Event(update, v1.EventTypeWarning, errorGetKeyPair, s) - update.UpdateStatusCondition(v1alpha1.IssuerConditionReady, v1alpha1.ConditionFalse, errorGetKeyPair, s) - return *update.GetStatus(), err + c.recorder.Event(c.issuer, v1.EventTypeWarning, errorGetKeyPair, s) + c.issuer.UpdateStatusCondition(v1alpha1.IssuerConditionReady, v1alpha1.ConditionFalse, errorGetKeyPair, s) + return err } if !cert.IsCA { s := messageErrorGetKeyPair + "certificate is not a CA" glog.Info(s) - c.recorder.Event(update, v1.EventTypeWarning, errorInvalidKeyPair, s) - update.UpdateStatusCondition(v1alpha1.IssuerConditionReady, v1alpha1.ConditionFalse, errorInvalidKeyPair, s) - return *update.GetStatus(), fmt.Errorf(s) + c.recorder.Event(c.issuer, v1.EventTypeWarning, errorInvalidKeyPair, s) + c.issuer.UpdateStatusCondition(v1alpha1.IssuerConditionReady, v1alpha1.ConditionFalse, errorInvalidKeyPair, s) + return fmt.Errorf(s) } glog.Info(messageKeyPairVerified) - c.recorder.Event(update, v1.EventTypeNormal, successKeyPairVerified, messageKeyPairVerified) - update.UpdateStatusCondition(v1alpha1.IssuerConditionReady, v1alpha1.ConditionTrue, successKeyPairVerified, messageKeyPairVerified) + c.recorder.Event(c.issuer, v1.EventTypeNormal, successKeyPairVerified, messageKeyPairVerified) + c.issuer.UpdateStatusCondition(v1alpha1.IssuerConditionReady, v1alpha1.ConditionTrue, successKeyPairVerified, messageKeyPairVerified) - return *update.GetStatus(), nil + return nil } diff --git a/pkg/issuer/issuer.go b/pkg/issuer/issuer.go index 02b028236..c5e74de21 100644 --- a/pkg/issuer/issuer.go +++ b/pkg/issuer/issuer.go @@ -10,7 +10,7 @@ type Interface interface { // Setup initialises the issuer. This may include registering accounts with // a service, creating a CA and storing it somewhere, or verifying // credentials and authorization with a remote server. - Setup(ctx context.Context) (v1alpha1.IssuerStatus, error) + Setup(ctx context.Context) error // Prepare Prepare(context.Context, *v1alpha1.Certificate) error // Issue attempts to issue a certificate as described by the certificate