fix: verify templates render properly

Signed-off-by: Tyler Witlin <[email protected]>
djkormo · Aug 29, 2024 · 1e055ec · 1e055ec
1 parent 666b183
commit 1e055ec
Show file tree

Hide file tree

Showing 4 changed files with 71 additions and 96 deletions.
diff --git a/charts/adcs-issuer/templates/adcsissuer-crd.yaml b/charts/adcs-issuer/templates/adcsissuer-crd.yaml
@@ -7,7 +7,7 @@ metadata:
     cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "chart.fullname" . }}-
     controller-gen.kubebuilder.io/version: v0.7.0
   labels:
-    {{- include "chart.labels" . | nindent 4 }}
+  {{- include "chart.labels" . | nindent 4 }}
 spec:
   group: adcs.certmanager.csf.nokia.com
   names:
@@ -17,63 +17,74 @@ spec:
     singular: adcsissuer
   scope: Namespaced
   versions:
-    - name: v1
-      schema:
-        openAPIV3Schema:
-          description: AdcsIssuer is the Schema for the adcsissuers API
-          type: object
-          properties:
-            apiVersion:
-              description: APIVersion defines the versioned schema of this representation of an object.
-              type: string
-            kind:
-              description: Kind is a string value representing the REST resource this object represents.
-              type: string
-            metadata:
-              type: object
-            spec:
-              description: AdcsIssuerSpec defines the desired state of AdcsIssuer
-              type: object
-              properties:
-                caBundle:
-                  description: CABundle is a PEM encoded TLS certificate to use to verify connections to the ADCS server.
-                  type: string
-                  format: byte
-                credentialsRef:
-                  description: CredentialsRef is a reference to a Secret containing the username and password for the ADCS server.
-                  type: object
-                  properties:
-                    name:
-                      description: Name of the referent.
-                      type: string
-                  required:
-                    - name
-                retryInterval:
-                  description: How often to retry in case of communication errors (in time.ParseDuration() format). Default: 1 hour.
-                  type: string
-                statusCheckInterval:
-                  description: How often to check for request status in the server (in time.ParseDuration() format). Default: 6 hours.
-                  type: string
-                templateName:
-                  description: Which ADCS Template should this issuer use. Defaults to the value specified in main.go or as a CLI option.
-                  type: string
-                url:
-                  description: URL is the base URL for the ADCS instance.
-                  type: string
-              required:
-                - credentialsRef
-                - url
-            status:
-              description: AdcsIssuerStatus defines the observed state of AdcsIssuer
-              type: object
-      served: true
-      storage: true
-      subresources:
-        status: {}
+  - name: v1
+    schema:
+      openAPIV3Schema:
+        description: AdcsIssuer is the Schema for the adcsissuers API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: AdcsIssuerSpec defines the desired state of AdcsIssuer
+            properties:
+              caBundle:
+                description: CABundle is a PEM encoded TLS certifiate to use to verify
+                  connections to the ADCS server.
+                format: byte
+                type: string
+              credentialsRef:
+                description: CredentialsRef is a reference to a Secret containing the
+                  username and password for the ADCS server. The secret must contain
+                  two keys, 'username' and 'password'.
+                properties:
+                  name:
+                    description: Name of the referent.
+                    type: string
+                required:
+                - name
+                type: object
+              retryInterval:
+                description: How often to retry in case of communication errors (in
+                  time.ParseDuration() format) Default 1 hour.
+                type: string
+              statusCheckInterval:
+                description: How often to check for request status in the server (in
+                  time.ParseDuration() format) Default 6 hours.
+                type: string
+              templateName:
+                description: Which ADCS Template should this issuer use Defaults to
+                  the what is specified in main.go or as an cli option.
+                type: string
+              url:
+                description: URL is the base URL for the ADCS instance
+                type: string
+            required:
+            - credentialsRef
+            - url
+            type: object
+          status:
+            description: AdcsIssuerStatus defines the observed state of AdcsIssuer
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
 status:
   acceptedNames:
     kind: ""
     plural: ""
   conditions: []
   storedVersions: []
-{{- end }}
+
+{{- end  }}
diff --git a/charts/adcs-issuer/templates/adcsrequest-crd.yaml b/charts/adcs-issuer/templates/adcsrequest-crd.yaml
@@ -104,4 +104,4 @@ status:
   conditions: []
   storedVersions: []
 
-{{- end  }}    
+{{- end  }}
diff --git a/charts/adcs-issuer/templates/simulator-clusterissuer.yaml b/charts/adcs-issuer/templates/simulator-clusterissuer.yaml
@@ -1,5 +1,4 @@
 {{- if .Values.simulator.enabled }}
-
 apiVersion: adcs.certmanager.csf.nokia.com/v1
 kind: ClusterAdcsIssuer
 metadata:
@@ -9,43 +8,7 @@ metadata:
     {{- include "chart.labels" . | nindent 4 }}
 spec:
   caBundle: |
-    {{- .Values.simulator.caBundle | default (cat <<EOF | b64enc | nindent 4 }}
-    -----BEGIN CERTIFICATE-----
-    MIIF1zCCA7+gAwIBAgIUKPE3KrkaTPCJKqXKY8pttmj152UwDQYJKoZIhvcNAQEL
-    BQAwZDELMAkGA1UEBhMCUEwxDzANBgNVBAgMBldhcnNhdzEPMA0GA1UEBwwGTW9y
-    ZG9yMRAwDgYDVQQKDAdBRENTU0lNMQswCQYDVQQLDAJJVDEUMBIGA1UEAwwLZXhh
-    bXBsZS5jb20wHhcNMjMxMjMxMTI1MjQ1WhcNMzMxMjI4MTI1MjQ1WjBkMQswCQYD
-    VQQGEwJQTDEPMA0GA1UECAwGV2Fyc2F3MQ8wDQYDVQQHDAZNb3Jkb3IxEDAOBgNV
-    BAoMB0FEQ1NTSU0xCzAJBgNVBAsMAklUMRQwEgYDVQQDDAtleGFtcGxlLmNvbTCC
-    AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALknWaSZSfOn33GlDJhE51Iw
-    E4+FE6b/C0PoYta+oe87SMd146xdjBCb+AtNYQnpvEnVG2a8G1mj4rHxkToB/Rxc
-    r9wm2TZ5tD1IpOSDEpgIYNEsX7kfrqKlKA/8regFoB7QLkk5MsOmMo+YOrZccbZJ
-    U144WMmu0nlR1mXDMDtA6DOyaIHCTCPMkV8F70PwNDC0U7jKgWSAHAZG4kPjXMJT
-    mdx1cvN5rK7wKC0cF+vEGStcL/sSvMZhAt08n+rqEGnt7aWtlaDAmKUe0Jl58Bv8
-    ZoX76vVUw//7hEhrMQKlcm/Ui4UTH0niyN8h8SJQnYXw6VFMa8s1o6Su4xHoxvr7
-    T2LrTJa2/4PconyD8lo6KYDwOkEj+udzimgU6O/l3LE7WRAhxRhPB63aecop0sl8
-    Nmz5NtylvU0xeTWFd4gOTQFgQNN9ViMqqnUhxdB4q3cKnMm5DH7Lr2drEElCJq3R
-    xvqbrW9wrotie4+g1fLty6ZLnksEvGs26ueAjlXQDGSeOdM8lMtyV6GlkgI65nhh
-    cbsAcR8vTLITUbO66JaN3QlIkpxMY70hgvYYTI/yx3CTHdn6fhpSmrJlxX9Ng2gU
-    ahtQiMPqwn/7+2MUUEkChz3RWQWSbqEM3DFi9MiYHmP/cfBQrGXHZvw7nk026uuq
-    GKlbIUk+pZTbhMgePYR3AgMBAAGjgYAwfjAdBgNVHQ4EFgQUTKZUB+EXTViSnWiv
-    3X4eR7xtiuEwHwYDVR0jBBgwFoAUTKZUB+EXTViSnWiv3X4eR7xtiuEwDwYDVR0T
-    AQH/BAUwAwEB/zArBgNVHREEJDAiggtleGFtcGxlLmNvbYINKi5leGFtcGxlLmNv
-    bYcECgAAATANBgkqhkiG9w0BAQsFAAOCAgEAcd5greti44ukjgxWSNoYFs6HZ659
-    OostxKLH0jMFSUQxvt5trK9kjw27hWYg5C73WIc3Xle/byPSykTQsxq9ti96qe0T
-    U4+hsfdFVekqlN83h3pZ/LoD9yElX2vzFkLaiqn/7GWdf6m472zpgXx6oPlP6GTV
-    n9pbqPhbutMSAjpomrR5SiuePosViV1UjPv6QUvKWuS+GOP0HzY+Ku1yfez1/pRp
-    0t5JTgMNUoYSkjC4dSyPBy9HQMxR7Oig3MNzYeuC90sYvv6GJ4n9sqQxcj+aDc3g
-    bDxFZV9Qu19W+zCgLP25aqsc3R52c0dEbByZVEj2u36U7o2sgERPViv3Nw9qcfZE
-    mTZ/+UQ9yuYrf9aKc0qSU5qVouzx1nG9TQbX/5ghZgmwULRLTig2owAibD05JU0e
-    aynSCbmEJkdIPx5drKzbaB9RKJ//jrkpmUSCO8B9RjRVZmmIItxdn28pyDy7A8JX
-    XYwBFQIftCB1WPixxrliTiYrQotKgK4T7A/ytTayFMtaMvBqM7oulj5v3PowcfZj
-    hkezaNPsRx4cLSG/9Pc02Q0EHCjLzl8S8F8/m06njYu9kPdG77uV25ovSaNynBm4
-    jf17P52P5zqPwWQsOMOu51OTDhyagDh1qVJayr4k9skApIyYEBTshBBuOwrP/nxF
-    F8SDNn5wjsYpUIs=
-    -----END CERTIFICATE-----
-    EOF
-    }}
+    {{- .Values.simulator.caBundle | default "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlGMXpDQ0E3K2dBd0lCQWdJVUtQRTNLcmthVFBDSktxWEtZOHB0dG1qMTUyVXdEUVlKS29aSWh2Y05BUUVMDQpCUUF3WkRFTE1Ba0dBMVVFQmhNQ1VFd3hEekFOQmdOVkJBZ01CbGRoY25OaGR6RVBNQTBHQTFVRUJ3d0dUVzl5DQpaRzl5TVJBd0RnWURWUVFLREFkQlJFTlRVMGxOTVFzd0NRWURWUVFMREFKSlZERVVNQklHQTFVRUF3d0xaWGhoDQpiWEJzWlM1amIyMHdIaGNOTWpNeE1qTXhNVEkxTWpRMVdoY05Nek14TWpJNE1USTFNalExV2pCa01Rc3dDUVlEDQpWUVFHRXdKUVRERVBNQTBHQTFVRUNBd0dWMkZ5YzJGM01ROHdEUVlEVlFRSERBWk5iM0prYjNJeEVEQU9CZ05WDQpCQW9NQjBGRVExTlRTVTB4Q3pBSkJnTlZCQXNNQWtsVU1SUXdFZ1lEVlFRRERBdGxlR0Z0Y0d4bExtTnZiVENDDQpBaUl3RFFZSktvWklodmNOQVFFQkJRQURnZ0lQQURDQ0Fnb0NnZ0lCQUxrbldhU1pTZk9uMzNHbERKaEU1MUl3DQpFNCtGRTZiL0MwUG9ZdGErb2U4N1NNZDE0NnhkakJDYitBdE5ZUW5wdkVuVkcyYThHMW1qNHJIeGtUb0IvUnhjDQpyOXdtMlRaNXREMUlwT1NERXBnSVlORXNYN2tmcnFLbEtBLzhyZWdGb0I3UUxrazVNc09tTW8rWU9yWmNjYlpKDQpVMTQ0V01tdTBubFIxbVhETUR0QTZET3lhSUhDVENQTWtWOEY3MFB3TkRDMFU3aktnV1NBSEFaRzRrUGpYTUpUDQptZHgxY3ZONXJLN3dLQzBjRit2RUdTdGNML3NTdk1aaEF0MDhuK3JxRUdudDdhV3RsYURBbUtVZTBKbDU4QnY4DQpab1g3NnZWVXcvLzdoRWhyTVFLbGNtL1VpNFVUSDBuaXlOOGg4U0pRbllYdzZWRk1hOHMxbzZTdTR4SG94dnI3DQpUMkxyVEphMi80UGNvbnlEOGxvNktZRHdPa0VqK3VkemltZ1U2Ty9sM0xFN1dSQWh4UmhQQjYzYWVjb3Awc2w4DQpObXo1TnR5bHZVMHhlVFdGZDRnT1RRRmdRTk45VmlNcXFuVWh4ZEI0cTNjS25NbTVESDdMcjJkckVFbENKcTNSDQp4dnFiclc5d3JvdGllNCtnMWZMdHk2Wkxua3NFdkdzMjZ1ZUFqbFhRREdTZU9kTThsTXR5VjZHbGtnSTY1bmhoDQpjYnNBY1I4dlRMSVRVYk82NkphTjNRbElrcHhNWTcwaGd2WVlUSS95eDNDVEhkbjZmaHBTbXJKbHhYOU5nMmdVDQphaHRRaU1QcXduLzcrMk1VVUVrQ2h6M1JXUVdTYnFFTTNERmk5TWlZSG1QL2NmQlFyR1hIWnZ3N25rMDI2dXVxDQpHS2xiSVVrK3BaVGJoTWdlUFlSM0FnTUJBQUdqZ1lBd2ZqQWRCZ05WSFE0RUZnUVVUS1pVQitFWFRWaVNuV2l2DQozWDRlUjd4dGl1RXdId1lEVlIwakJCZ3dGb0FVVEtaVUIrRVhUVmlTbldpdjNYNGVSN3h0aXVFd0R3WURWUjBUDQpBUUgvQkFVd0F3RUIvekFyQmdOVkhSRUVKREFpZ2d0bGVHRnRjR3hsTG1OdmJZSU5LaTVsZUdGdGNHeGxMbU52DQpiWWNFQ2dBQUFUQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FnRUFjZDVncmV0aTQ0dWtqZ3hXU05vWUZzNkhaNjU5DQpPb3N0eEtMSDBqTUZTVVF4dnQ1dHJLOWtqdzI3aFdZZzVDNzNXSWMzWGxlL2J5UFN5a1RRc3hxOXRpOTZxZTBUDQpVNCtoc2ZkRlZla3FsTjgzaDNwWi9Mb0Q5eUVsWDJ2ekZrTGFpcW4vN0dXZGY2bTQ3MnpwZ1h4Nm9QbFA2R1RWDQpuOXBicVBoYnV0TVNBanBvbXJSNVNpdWVQb3NWaVYxVWpQdjZRVXZLV3VTK0dPUDBIelkrS3UxeWZlejEvcFJwDQowdDVKVGdNTlVvWVNrakM0ZFN5UEJ5OUhRTXhSN09pZzNNTnpZZXVDOTBzWXZ2NkdKNG45c3FReGNqK2FEYzNnDQpiRHhGWlY5UXUxOVcrekNnTFAyNWFxc2MzUjUyYzBkRWJCeVpWRWoydTM2VTdvMnNnRVJQVml2M053OXFjZlpFDQptVFovK1VROXl1WXJmOWFLYzBxU1U1cVZvdXp4MW5HOVRRYlgvNWdoWmdtd1VMUkxUaWcyb3dBaWJEMDVKVTBlDQpheW5TQ2JtRUprZElQeDVkckt6YmFCOVJLSi8vanJrcG1VU0NPOEI5UmpSVlptbUlJdHhkbjI4cHlEeTdBOEpYDQpYWXdCRlFJZnRDQjFXUGl4eHJsaVRpWXJRb3RLZ0s0VDdBL3l0VGF5Rk10YU12QnFNN291bGo1djNQb3djZlpqDQpoa2V6YU5Qc1J4NGNMU0cvOVBjMDJRMEVIQ2pMemw4UzhGOC9tMDZuall1OWtQZEc3N3VWMjVvdlNhTnluQm00DQpqZjE3UDUyUDV6cVB3V1FzT01PdTUxT1REaHlhZ0RoMXFWSmF5cjRrOXNrQXBJeVlFQlRzaEJCdU93clAvbnhGDQpGOFNETm41d2pzWXBVSXM9DQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t" | nindent 4 }}
   credentialsRef:
     name: {{ .Values.simulator.secretName | default "adcs-sim-secret" }} # secret with username and password
   statusCheckInterval: 1m

diff --git a/charts/adcs-issuer/values.yaml b/charts/adcs-issuer/values.yaml
@@ -146,14 +146,15 @@ simulator:
   secretCertificateName: adcs-sim-certificate-secret  # Name of the secret for simulator certificates.
   secretName: adcs-sim-secret                 # Name of the secret for simulator credentials.
   serviceName: adcs-sim-service               # Name of the service for the simulator.
-  
+
   # @section Certificate
   # Certificate settings for the simulator, managed by cert-manager.
   issuerName: adcs-sim-issuer                 # Name of the cert-manager issuer to use.
   issuerKind: Issuer                          # Kind of the cert-manager issuer (Issuer or ClusterIssuer).
   issuerGroup: cert-manager.io                # API group of the issuer.
   certificateDuration: 2160h                  # Duration of the certificate validity (default: 90 days).
   certificateRenewBefore: 360h                # When to renew the certificate before expiry (default: 15 days).
+  caBundle: ""                               # CA bundle for the certificate.
 
   # @section Image
   # Image settings for the ADCS Simulator.
@@ -254,7 +255,7 @@ simulator:
       memory: 500Mi
     requests:
       cpu: 100m
-      memory: 100Mi  
+      memory: 100Mi
 
   # @section Example Certificate
   # Configuration for an example certificate used by the simulator.