diff --git a/pkg/controller/certificatesigningrequests/acme/acme.go b/pkg/controller/certificatesigningrequests/acme/acme.go index f2eaa4d11..d562360f2 100644 --- a/pkg/controller/certificatesigningrequests/acme/acme.go +++ b/pkg/controller/certificatesigningrequests/acme/acme.go @@ -59,6 +59,9 @@ type ACME struct { acmeClientV cmacmeclientset.AcmeV1Interface certClient certificatesclient.CertificateSigningRequestInterface + // fieldManager is the manager name used for the Apply operations. + fieldManager string + recorder record.EventRecorder copiedAnnotationPrefixes []string @@ -84,6 +87,7 @@ func NewACME(ctx *controllerpkg.Context) certificatesigningrequests.Signer { certClient: ctx.Client.CertificatesV1().CertificateSigningRequests(), recorder: ctx.Recorder, copiedAnnotationPrefixes: ctx.CertificateOptions.CopiedAnnotationPrefixes, + fieldManager: ctx.FieldManager, } } @@ -104,7 +108,7 @@ func (a *ACME) Sign(ctx context.Context, csr *certificatesv1.CertificateSigningR log.Error(err, message) a.recorder.Event(csr, corev1.EventTypeWarning, "RequestParsingError", message) ctrlutil.CertificateSigningRequestSetFailed(csr, "RequestParsingError", message) - _, uerr := a.certClient.UpdateStatus(ctx, csr, metav1.UpdateOptions{}) + _, uerr := ctrlutil.UpdateOrApplyStatus(ctx, a.certClient, csr, certificatesv1.CertificateFailed, a.fieldManager) return uerr } @@ -117,7 +121,7 @@ func (a *ACME) Sign(ctx context.Context, csr *certificatesv1.CertificateSigningR log.Error(err, message) a.recorder.Event(csr, corev1.EventTypeWarning, "InvalidOrder", message) ctrlutil.CertificateSigningRequestSetFailed(csr, "InvalidOrder", message) - _, uerr := a.certClient.UpdateStatus(ctx, csr, metav1.UpdateOptions{}) + _, uerr := ctrlutil.UpdateOrApplyStatus(ctx, a.certClient, csr, certificatesv1.CertificateFailed, a.fieldManager) return uerr } @@ -129,7 +133,7 @@ func (a *ACME) Sign(ctx context.Context, csr *certificatesv1.CertificateSigningR log.Error(err, message) a.recorder.Event(csr, corev1.EventTypeWarning, "OrderBuildingError", message) ctrlutil.CertificateSigningRequestSetFailed(csr, "OrderBuildingError", message) - _, uerr := a.certClient.UpdateStatus(ctx, csr, metav1.UpdateOptions{}) + _, uerr := ctrlutil.UpdateOrApplyStatus(ctx, a.certClient, csr, certificatesv1.CertificateFailed, a.fieldManager) return uerr } @@ -174,7 +178,7 @@ func (a *ACME) Sign(ctx context.Context, csr *certificatesv1.CertificateSigningR a.recorder.Event(csr, corev1.EventTypeWarning, "OrderFailed", message) ctrlutil.CertificateSigningRequestSetFailed(csr, "OrderFailed", message) - _, uerr := a.certClient.UpdateStatus(ctx, csr, metav1.UpdateOptions{}) + _, uerr := ctrlutil.UpdateOrApplyStatus(ctx, a.certClient, csr, certificatesv1.CertificateFailed, a.fieldManager) return uerr } @@ -215,7 +219,7 @@ func (a *ACME) Sign(ctx context.Context, csr *certificatesv1.CertificateSigningR } csr.Status.Certificate = order.Status.Certificate - csr, err = a.certClient.UpdateStatus(ctx, csr, metav1.UpdateOptions{}) + csr, err = ctrlutil.UpdateOrApplyStatus(ctx, a.certClient, csr, "", a.fieldManager) if err != nil { message := "Error updating certificate" a.recorder.Eventf(csr, corev1.EventTypeWarning, "SigningError", "%s: %s", message, err) diff --git a/pkg/controller/certificatesigningrequests/ca/BUILD.bazel b/pkg/controller/certificatesigningrequests/ca/BUILD.bazel index 6a69d50fe..81084294b 100644 --- a/pkg/controller/certificatesigningrequests/ca/BUILD.bazel +++ b/pkg/controller/certificatesigningrequests/ca/BUILD.bazel @@ -18,7 +18,6 @@ go_library( "@io_k8s_api//certificates/v1:go_default_library", "@io_k8s_api//core/v1:go_default_library", "@io_k8s_apimachinery//pkg/api/errors:go_default_library", - "@io_k8s_apimachinery//pkg/apis/meta/v1:go_default_library", "@io_k8s_client_go//kubernetes/typed/certificates/v1:go_default_library", "@io_k8s_client_go//listers/core/v1:go_default_library", "@io_k8s_client_go//tools/record:go_default_library", diff --git a/pkg/controller/certificatesigningrequests/ca/ca.go b/pkg/controller/certificatesigningrequests/ca/ca.go index dd777a216..4ea5f5d8e 100644 --- a/pkg/controller/certificatesigningrequests/ca/ca.go +++ b/pkg/controller/certificatesigningrequests/ca/ca.go @@ -25,7 +25,6 @@ import ( certificatesv1 "k8s.io/api/certificates/v1" corev1 "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" certificatesclient "k8s.io/client-go/kubernetes/typed/certificates/v1" corelisters "k8s.io/client-go/listers/core/v1" "k8s.io/client-go/tools/record" @@ -57,6 +56,9 @@ type CA struct { certClient certificatesclient.CertificateSigningRequestInterface + // fieldManager is the manager name used for the Apply operations. + fieldManager string + recorder record.EventRecorder // Used for testing to get reproducible resulting certificates @@ -78,6 +80,7 @@ func NewCA(ctx *controllerpkg.Context) certificatesigningrequests.Signer { issuerOptions: ctx.IssuerOptions, secretsLister: ctx.KubeSharedInformerFactory.Core().V1().Secrets().Lister(), certClient: ctx.Client.CertificatesV1().CertificateSigningRequests(), + fieldManager: ctx.FieldManager, recorder: ctx.Recorder, templateGenerator: pki.GenerateTemplateFromCertificateSigningRequest, signingFn: pki.SignCSRTemplate, @@ -120,7 +123,7 @@ func (c *CA) Sign(ctx context.Context, csr *certificatesv1.CertificateSigningReq message := fmt.Sprintf("Error generating certificate template: %s", err) c.recorder.Event(csr, corev1.EventTypeWarning, "SigningError", message) util.CertificateSigningRequestSetFailed(csr, "SigningError", message) - _, err = c.certClient.UpdateStatus(ctx, csr, metav1.UpdateOptions{}) + _, err := util.UpdateOrApplyStatus(ctx, c.certClient, csr, certificatesv1.CertificateFailed, c.fieldManager) return err } @@ -132,12 +135,12 @@ func (c *CA) Sign(ctx context.Context, csr *certificatesv1.CertificateSigningReq message := fmt.Sprintf("Error signing certificate: %s", err) c.recorder.Event(csr, corev1.EventTypeWarning, "SigningError", message) util.CertificateSigningRequestSetFailed(csr, "SigningError", message) - _, err := c.certClient.UpdateStatus(ctx, csr, metav1.UpdateOptions{}) + _, err := util.UpdateOrApplyStatus(ctx, c.certClient, csr, certificatesv1.CertificateFailed, c.fieldManager) return err } csr.Status.Certificate = bundle.ChainPEM - csr, err = c.certClient.UpdateStatus(ctx, csr, metav1.UpdateOptions{}) + csr, err = util.UpdateOrApplyStatus(ctx, c.certClient, csr, "", c.fieldManager) if err != nil { message := "Error updating certificate" c.recorder.Eventf(csr, corev1.EventTypeWarning, "SigningError", "%s: %s", message, err) diff --git a/pkg/controller/certificatesigningrequests/controller.go b/pkg/controller/certificatesigningrequests/controller.go index c878f96a5..d8f44f62f 100644 --- a/pkg/controller/certificatesigningrequests/controller.go +++ b/pkg/controller/certificatesigningrequests/controller.go @@ -63,6 +63,9 @@ type Controller struct { csrLister certificateslisters.CertificateSigningRequestLister sarClient authzclient.SubjectAccessReviewInterface + // fieldManager is the manager name used for the Apply operations. + fieldManager string + queue workqueue.RateLimitingInterface // logger to be used by this controller @@ -180,6 +183,7 @@ func (c *Controller) Register(ctx *controllerpkg.Context) (workqueue.RateLimitin // recorder records events about resources to the Kubernetes api c.recorder = ctx.Recorder c.certClient = kubeClient.CertificatesV1().CertificateSigningRequests() + c.fieldManager = ctx.FieldManager // Construct the signer implementation with the built component context. c.signer = c.signerConstructor(ctx) diff --git a/pkg/controller/certificatesigningrequests/selfsigned/BUILD.bazel b/pkg/controller/certificatesigningrequests/selfsigned/BUILD.bazel index 9622a46c2..8b0d96be0 100644 --- a/pkg/controller/certificatesigningrequests/selfsigned/BUILD.bazel +++ b/pkg/controller/certificatesigningrequests/selfsigned/BUILD.bazel @@ -19,7 +19,6 @@ go_library( "@io_k8s_api//certificates/v1:go_default_library", "@io_k8s_api//core/v1:go_default_library", "@io_k8s_apimachinery//pkg/api/errors:go_default_library", - "@io_k8s_apimachinery//pkg/apis/meta/v1:go_default_library", "@io_k8s_client_go//kubernetes/typed/certificates/v1:go_default_library", "@io_k8s_client_go//listers/core/v1:go_default_library", "@io_k8s_client_go//tools/record:go_default_library", diff --git a/pkg/controller/certificatesigningrequests/selfsigned/selfsigned.go b/pkg/controller/certificatesigningrequests/selfsigned/selfsigned.go index 9f2a51c63..658447bd2 100644 --- a/pkg/controller/certificatesigningrequests/selfsigned/selfsigned.go +++ b/pkg/controller/certificatesigningrequests/selfsigned/selfsigned.go @@ -26,7 +26,6 @@ import ( certificatesv1 "k8s.io/api/certificates/v1" corev1 "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" certificatesclient "k8s.io/client-go/kubernetes/typed/certificates/v1" corelisters "k8s.io/client-go/listers/core/v1" "k8s.io/client-go/tools/record" @@ -58,6 +57,9 @@ type SelfSigned struct { certClient certificatesclient.CertificateSigningRequestInterface + // fieldManager is the manager name used for the Apply operations. + fieldManager string + recorder record.EventRecorder // Used for testing to get reproducible resulting certificates @@ -79,6 +81,7 @@ func NewSelfSigned(ctx *controllerpkg.Context) certificatesigningrequests.Signer issuerOptions: ctx.IssuerOptions, secretsLister: ctx.KubeSharedInformerFactory.Core().V1().Secrets().Lister(), certClient: ctx.Client.CertificatesV1().CertificateSigningRequests(), + fieldManager: ctx.FieldManager, recorder: ctx.Recorder, signingFn: pki.SignCertificate, } @@ -101,7 +104,7 @@ func (s *SelfSigned) Sign(ctx context.Context, csr *certificatesv1.CertificateSi log.Error(errors.New(message), "") s.recorder.Event(csr, corev1.EventTypeWarning, "MissingAnnotation", message) util.CertificateSigningRequestSetFailed(csr, "MissingAnnotation", message) - _, err := s.certClient.UpdateStatus(ctx, csr, metav1.UpdateOptions{}) + _, err := util.UpdateOrApplyStatus(ctx, s.certClient, csr, certificatesv1.CertificateFailed, s.fieldManager) return err } @@ -113,7 +116,7 @@ func (s *SelfSigned) Sign(ctx context.Context, csr *certificatesv1.CertificateSi log.Error(err, message) s.recorder.Event(csr, corev1.EventTypeWarning, "SecretNotFound", message) util.CertificateSigningRequestSetFailed(csr, "SecretNotFound", message) - _, err = s.certClient.UpdateStatus(ctx, csr, metav1.UpdateOptions{}) + _, err = util.UpdateOrApplyStatus(ctx, s.certClient, csr, certificatesv1.CertificateFailed, s.fieldManager) return err } @@ -122,7 +125,7 @@ func (s *SelfSigned) Sign(ctx context.Context, csr *certificatesv1.CertificateSi log.Error(err, message) s.recorder.Eventf(csr, corev1.EventTypeWarning, "ErrorParsingKey", "%s: %s", message, err) util.CertificateSigningRequestSetFailed(csr, "ErrorParsingKey", message) - _, err = s.certClient.UpdateStatus(ctx, csr, metav1.UpdateOptions{}) + _, err = util.UpdateOrApplyStatus(ctx, s.certClient, csr, certificatesv1.CertificateFailed, s.fieldManager) return err } @@ -132,7 +135,7 @@ func (s *SelfSigned) Sign(ctx context.Context, csr *certificatesv1.CertificateSi log.Error(err, message) s.recorder.Eventf(csr, corev1.EventTypeWarning, "ErrorGettingSecret", "%s: %s", message, err) util.CertificateSigningRequestSetFailed(csr, "ErrorGettingSecret", message) - _, err = s.certClient.UpdateStatus(ctx, csr, metav1.UpdateOptions{}) + _, err = util.UpdateOrApplyStatus(ctx, s.certClient, csr, certificatesv1.CertificateFailed, s.fieldManager) return err } @@ -142,7 +145,7 @@ func (s *SelfSigned) Sign(ctx context.Context, csr *certificatesv1.CertificateSi log.Error(err, message) s.recorder.Event(csr, corev1.EventTypeWarning, "ErrorGenerating", message) util.CertificateSigningRequestSetFailed(csr, "ErrorGenerating", message) - _, err = s.certClient.UpdateStatus(ctx, csr, metav1.UpdateOptions{}) + _, err = util.UpdateOrApplyStatus(ctx, s.certClient, csr, certificatesv1.CertificateFailed, s.fieldManager) return err } @@ -155,7 +158,7 @@ func (s *SelfSigned) Sign(ctx context.Context, csr *certificatesv1.CertificateSi log.Error(err, message) s.recorder.Event(csr, corev1.EventTypeWarning, "ErrorPublicKey", message) util.CertificateSigningRequestSetFailed(csr, "ErrorPublicKey", message) - _, err = s.certClient.UpdateStatus(ctx, csr, metav1.UpdateOptions{}) + _, err = util.UpdateOrApplyStatus(ctx, s.certClient, csr, certificatesv1.CertificateFailed, s.fieldManager) return err } @@ -169,7 +172,7 @@ func (s *SelfSigned) Sign(ctx context.Context, csr *certificatesv1.CertificateSi log.Error(err, message) s.recorder.Event(csr, corev1.EventTypeWarning, "ErrorKeyMatch", message) util.CertificateSigningRequestSetFailed(csr, "ErrorKeyMatch", message) - _, err = s.certClient.UpdateStatus(ctx, csr, metav1.UpdateOptions{}) + _, err = util.UpdateOrApplyStatus(ctx, s.certClient, csr, certificatesv1.CertificateFailed, s.fieldManager) return err } @@ -178,12 +181,12 @@ func (s *SelfSigned) Sign(ctx context.Context, csr *certificatesv1.CertificateSi message := fmt.Sprintf("Error signing certificate: %s", err) s.recorder.Event(csr, corev1.EventTypeWarning, "ErrorSigning", message) util.CertificateSigningRequestSetFailed(csr, "ErrorSigning", message) - _, err = s.certClient.UpdateStatus(ctx, csr, metav1.UpdateOptions{}) + _, err = util.UpdateOrApplyStatus(ctx, s.certClient, csr, certificatesv1.CertificateFailed, s.fieldManager) return err } csr.Status.Certificate = certPEM - csr, err = s.certClient.UpdateStatus(ctx, csr, metav1.UpdateOptions{}) + csr, err = util.UpdateOrApplyStatus(ctx, s.certClient, csr, "", s.fieldManager) if err != nil { message := "Error updating certificate" s.recorder.Eventf(csr, corev1.EventTypeWarning, "ErrorUpdate", "%s: %s", message, err) diff --git a/pkg/controller/certificatesigningrequests/sync.go b/pkg/controller/certificatesigningrequests/sync.go index c41abc302..f4c042de6 100644 --- a/pkg/controller/certificatesigningrequests/sync.go +++ b/pkg/controller/certificatesigningrequests/sync.go @@ -119,11 +119,8 @@ func (c *Controller) Sync(ctx context.Context, csr *certificatesv1.CertificateSi message := fmt.Sprintf("Requester may not reference Namespaced Issuer %s/%s", ref.Namespace, ref.Name) c.recorder.Event(csr, corev1.EventTypeWarning, "DeniedReference", message) util.CertificateSigningRequestSetFailed(csr, "DeniedReference", message) - if _, err := c.certClient.UpdateStatus(ctx, csr, metav1.UpdateOptions{}); err != nil { - return err - } - - return nil + _, err := util.UpdateOrApplyStatus(ctx, c.certClient, csr, certificatesv1.CertificateFailed, c.fieldManager) + return err } } diff --git a/pkg/controller/certificatesigningrequests/vault/BUILD.bazel b/pkg/controller/certificatesigningrequests/vault/BUILD.bazel index 8b60e6e41..ddbad8f13 100644 --- a/pkg/controller/certificatesigningrequests/vault/BUILD.bazel +++ b/pkg/controller/certificatesigningrequests/vault/BUILD.bazel @@ -17,7 +17,6 @@ go_library( "@io_k8s_api//certificates/v1:go_default_library", "@io_k8s_api//core/v1:go_default_library", "@io_k8s_apimachinery//pkg/api/errors:go_default_library", - "@io_k8s_apimachinery//pkg/apis/meta/v1:go_default_library", "@io_k8s_client_go//kubernetes/typed/certificates/v1:go_default_library", "@io_k8s_client_go//listers/core/v1:go_default_library", "@io_k8s_client_go//tools/record:go_default_library", diff --git a/pkg/controller/certificatesigningrequests/vault/vault.go b/pkg/controller/certificatesigningrequests/vault/vault.go index d74e8ba3e..edd188a58 100644 --- a/pkg/controller/certificatesigningrequests/vault/vault.go +++ b/pkg/controller/certificatesigningrequests/vault/vault.go @@ -25,7 +25,6 @@ import ( certificatesv1 "k8s.io/api/certificates/v1" corev1 "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" certificatesclient "k8s.io/client-go/kubernetes/typed/certificates/v1" corelisters "k8s.io/client-go/listers/core/v1" "k8s.io/client-go/tools/record" @@ -56,6 +55,9 @@ type Vault struct { certClient certificatesclient.CertificateSigningRequestInterface clientBuilder internalvault.ClientBuilder + + // fieldManager is the manager name used for the Apply operations. + fieldManager string } func init() { @@ -73,6 +75,7 @@ func NewVault(ctx *controllerpkg.Context) certificatesigningrequests.Signer { recorder: ctx.Recorder, certClient: ctx.Client.CertificatesV1().CertificateSigningRequests(), clientBuilder: internalvault.New, + fieldManager: ctx.FieldManager, } } @@ -92,7 +95,7 @@ func (v *Vault) Sign(ctx context.Context, csr *certificatesv1.CertificateSigning log.Error(err, message) v.recorder.Event(csr, corev1.EventTypeWarning, "SecretNotFound", message) util.CertificateSigningRequestSetFailed(csr, "SecretNotFound", message) - _, err := v.certClient.UpdateStatus(ctx, csr, metav1.UpdateOptions{}) + _, err := util.UpdateOrApplyStatus(ctx, v.certClient, csr, certificatesv1.CertificateFailed, v.fieldManager) return err } @@ -109,7 +112,7 @@ func (v *Vault) Sign(ctx context.Context, csr *certificatesv1.CertificateSigning log.Error(err, message) v.recorder.Event(csr, corev1.EventTypeWarning, "ErrorParseDuration", message) util.CertificateSigningRequestSetFailed(csr, "ErrorParseDuration", message) - _, err := v.certClient.UpdateStatus(ctx, csr, metav1.UpdateOptions{}) + _, err := util.UpdateOrApplyStatus(ctx, v.certClient, csr, certificatesv1.CertificateFailed, v.fieldManager) return err } @@ -119,14 +122,14 @@ func (v *Vault) Sign(ctx context.Context, csr *certificatesv1.CertificateSigning log.Error(err, message) v.recorder.Event(csr, corev1.EventTypeWarning, "ErrorSigning", message) util.CertificateSigningRequestSetFailed(csr, "ErrorSigning", message) - _, err := v.certClient.UpdateStatus(ctx, csr, metav1.UpdateOptions{}) + _, err := util.UpdateOrApplyStatus(ctx, v.certClient, csr, certificatesv1.CertificateFailed, v.fieldManager) return err } log.V(logf.DebugLevel).Info("certificate issued") csr.Status.Certificate = certPEM - csr, err = v.certClient.UpdateStatus(ctx, csr, metav1.UpdateOptions{}) + csr, err = util.UpdateOrApplyStatus(ctx, v.certClient, csr, "", v.fieldManager) if err != nil { message := "Error updating certificate" v.recorder.Eventf(csr, corev1.EventTypeWarning, "ErrorUpdate", "%s: %s", message, err) diff --git a/pkg/controller/certificatesigningrequests/venafi/venafi.go b/pkg/controller/certificatesigningrequests/venafi/venafi.go index b623d5db4..942f7f678 100644 --- a/pkg/controller/certificatesigningrequests/venafi/venafi.go +++ b/pkg/controller/certificatesigningrequests/venafi/venafi.go @@ -57,6 +57,9 @@ type Venafi struct { recorder record.EventRecorder clientBuilder venaficlient.VenafiClientBuilder + + // fieldManager is the manager name used for the Apply operations. + fieldManager string } func init() { @@ -74,6 +77,7 @@ func NewVenafi(ctx *controllerpkg.Context) certificatesigningrequests.Signer { certClient: ctx.Client.CertificatesV1().CertificateSigningRequests(), recorder: ctx.Recorder, clientBuilder: venaficlient.New, + fieldManager: ctx.FieldManager, } } @@ -113,7 +117,7 @@ func (v *Venafi) Sign(ctx context.Context, csr *certificatesv1.CertificateSignin message := fmt.Sprintf("Failed to parse %q annotation: %s", experimentalapi.CertificateSigningRequestVenafiCustomFieldsAnnotationKey, err) v.recorder.Event(csr, corev1.EventTypeWarning, "ErrorCustomFields", message) util.CertificateSigningRequestSetFailed(csr, "ErrorCustomFields", message) - _, userr := v.certClient.UpdateStatus(ctx, csr, metav1.UpdateOptions{}) + _, userr := util.UpdateOrApplyStatus(ctx, v.certClient, csr, certificatesv1.CertificateFailed, v.fieldManager) return userr } } @@ -124,7 +128,7 @@ func (v *Venafi) Sign(ctx context.Context, csr *certificatesv1.CertificateSignin log.Error(err, message) v.recorder.Event(csr, corev1.EventTypeWarning, "ErrorParseDuration", message) util.CertificateSigningRequestSetFailed(csr, "ErrorParseDuration", message) - _, userr := v.certClient.UpdateStatus(ctx, csr, metav1.UpdateOptions{}) + _, userr := util.UpdateOrApplyStatus(ctx, v.certClient, csr, certificatesv1.CertificateFailed, v.fieldManager) return userr } @@ -144,7 +148,7 @@ func (v *Venafi) Sign(ctx context.Context, csr *certificatesv1.CertificateSignin log.Error(err, "") v.recorder.Event(csr, corev1.EventTypeWarning, "ErrorCustomFields", err.Error()) util.CertificateSigningRequestSetFailed(csr, "ErrorCustomFields", err.Error()) - _, userr := v.certClient.UpdateStatus(ctx, csr, metav1.UpdateOptions{}) + _, userr := util.UpdateOrApplyStatus(ctx, v.certClient, csr, certificatesv1.CertificateFailed, v.fieldManager) return userr default: @@ -152,7 +156,7 @@ func (v *Venafi) Sign(ctx context.Context, csr *certificatesv1.CertificateSignin log.Error(err, message) v.recorder.Event(csr, corev1.EventTypeWarning, "ErrorRequest", message) util.CertificateSigningRequestSetFailed(csr, "ErrorRequest", message) - _, userr := v.certClient.UpdateStatus(ctx, csr, metav1.UpdateOptions{}) + _, userr := util.UpdateOrApplyStatus(ctx, v.certClient, csr, certificatesv1.CertificateFailed, v.fieldManager) return userr } } @@ -194,12 +198,12 @@ func (v *Venafi) Sign(ctx context.Context, csr *certificatesv1.CertificateSignin log.Error(err, message) v.recorder.Event(csr, corev1.EventTypeWarning, "ErrorParse", message) util.CertificateSigningRequestSetFailed(csr, "ErrorParse", message) - _, userr := v.certClient.UpdateStatus(ctx, csr, metav1.UpdateOptions{}) + _, userr := util.UpdateOrApplyStatus(ctx, v.certClient, csr, certificatesv1.CertificateFailed, v.fieldManager) return userr } csr.Status.Certificate = bundle.ChainPEM - csr, err = v.certClient.UpdateStatus(ctx, csr, metav1.UpdateOptions{}) + csr, err = util.UpdateOrApplyStatus(ctx, v.certClient, csr, "", v.fieldManager) if err != nil { message := "Error updating certificate" v.recorder.Eventf(csr, corev1.EventTypeWarning, "SigningError", "%s: %s", message, err)