Merge pull request #96 from djkormo/release-2.1.2

adding 2.1.2 release

.github/workflows/pipeline.yaml

@@ -1,13 +1,13 @@
 name: operator pipeline
-
-on:
-  push:
-    paths:
-      - 'api/**.go'
-      - 'config/**.go'
-      - 'controllers/**.go'
-      - '**.go'
-      - 'Dockerfile'
+  on:
+    workflow_dispatch:
+    push:
+      paths:
+        - 'api/**.go'
+        - 'config/**.go'
+        - 'controllers/**.go'
+        - '**.go'
+        - 'Dockerfile'
 
 
 jobs:

adcs/ntlm_certsrv.go

@@ -6,7 +6,7 @@ import (
 	"crypto/x509"
 	"errors"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	neturl "net/url"
 	"os"
@@ -19,10 +19,10 @@ import (
 )
 
 type NtlmCertsrv struct {
-	url        string
-	username   string
-	password   string
-	ca         string
+	url      string
+	username string
+	password string
+	//ca         string
 	httpClient *http.Client
 }
 
@@ -142,10 +142,10 @@ func (s *NtlmCertsrv) GetExistingCertificate(id string) (AdcsResponseStatus, str
 	defer res.Body.Close()
 
 	if res.StatusCode == http.StatusOK {
-		switch ct := strings.Split(res.Header.Get(http.CanonicalHeaderKey("content-type")), ";"); ct[0] {
+		switch ct := strings.Split(res.Header.Get("content-type"), ";"); ct[0] {
 		case ct_html:
 			// Denied or pending
-			body, err := ioutil.ReadAll(res.Body)
+			body, err := io.ReadAll(res.Body)
 			if err != nil {
 				log.Error(err, "Cannot read ADCS Certserv response")
 				return certStatus, "", id, err
@@ -192,7 +192,7 @@ func (s *NtlmCertsrv) GetExistingCertificate(id string) (AdcsResponseStatus, str
 
 		case ct_pkix:
 			// Certificate
-			cert, err := ioutil.ReadAll(res.Body)
+			cert, err := io.ReadAll(res.Body)
 			if err != nil {
 				log.Error(err, "Cannot read ADCS Certserv response")
 				return certStatus, "", id, err
@@ -267,7 +267,7 @@ func (s *NtlmCertsrv) RequestCertificate(csr string, template string) (AdcsRespo
 		log.Info("Sending request", "response", res)
 	}
 
-	body, err := ioutil.ReadAll(res.Body)
+	body, err := io.ReadAll(res.Body)
 
 	log.Info("Body", "body", body)
 
@@ -341,7 +341,7 @@ func (s *NtlmCertsrv) obtainCaCertificate(certPage string, expectedContentType s
 		return "", err
 	}
 	defer res1.Body.Close()
-	body, err := ioutil.ReadAll(res1.Body)
+	body, err := io.ReadAll(res1.Body)
 	if err != nil {
 		log.Error(err, "Cannot read ADCS Certserv response")
 		return "", err
@@ -373,13 +373,13 @@ func (s *NtlmCertsrv) obtainCaCertificate(certPage string, expectedContentType s
 	defer res2.Body.Close()
 
 	if res2.StatusCode == http.StatusOK {
-		ct := res2.Header.Get(http.CanonicalHeaderKey("content-type"))
+		ct := res2.Header.Get("content-type")
 		if expectedContentType != ct {
 			err = errors.New("Unexpected content type")
 			log.Error(err, err.Error(), "content type", ct)
 			return "", err
 		}
-		body, err := ioutil.ReadAll(res2.Body)
+		body, err := io.ReadAll(res2.Body)
 		if err != nil {
 			log.Error(err, "Cannot read ADCS Certserv response")
 			return "", err

charts/adcs-issuer/Chart.yaml

@@ -13,10 +13,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 2.1.1
+version: 2.1.2
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "2.1.1"
+appVersion: "2.1.2"
 

charts/adcs-issuer/templates/deployment.yaml

@@ -77,7 +77,7 @@ spec:
           readOnlyRootFilesystem: true
           capabilities:
             drop:
-            - all
+            - ALL
 
 
         volumeMounts:

charts/adcs-issuer/values.yaml

@@ -8,7 +8,7 @@ controllerManager:
   manager:
     image:
       repository: djkormo/adcs-issuer
-      tag: 2.1.0
+      tag: 2.1.2
     resources:
       limits:
         cpu: 100m
@@ -79,7 +79,7 @@ nodeSelector: {}
 # ADCS Simulator 
 
 simulator:
-  enabled: true
+  enabled: false
   clusterIssuserName: adcs-sim-adcsclusterissuer
   deploymentName: adcs-sim-deployment
   configMapName: adcs-sim-configmap
@@ -125,7 +125,7 @@ simulator:
     readOnlyRootFilesystem: true
     capabilities:
       drop:
-      - all
+      - ALL
 
   resources:
 

controllers/adcsrequest_controller.go

@@ -91,11 +91,20 @@ func (r *AdcsRequestReconciler) Reconcile(ctx context.Context, req ctrl.Request)
 
 	// Get the original CertificateRequest to set result in
 	cr, err := r.CertificateRequestController.GetCertificateRequest(ctx, req.NamespacedName)
+	if err != nil {
+		log.Error(err, "Failed request will be re-tried", "retry interval", issuer.RetryInterval)
+		return ctrl.Result{Requeue: true, RequeueAfter: issuer.RetryInterval}, nil
+	}
+
 	switch ar.Status.State {
 	case api.Pending:
 		// Check again later
 		log.Info(fmt.Sprintf("Pending request will be re-tried in %v", issuer.StatusCheckInterval))
-		r.setStatus(ctx, ar)
+		err = r.setStatus(ctx, ar)
+		if err != nil {
+			log.Error(err, "Failed request will be re-tried", "retry interval", issuer.RetryInterval)
+			return ctrl.Result{Requeue: true, RequeueAfter: issuer.RetryInterval}, nil
+		}
 		return ctrl.Result{Requeue: true, RequeueAfter: issuer.StatusCheckInterval}, nil
 	case api.Ready:
 
@@ -113,18 +122,36 @@ func (r *AdcsRequestReconciler) Reconcile(ctx context.Context, req ctrl.Request)
 
 		// CA cert is inside the cert above
 		// cr.Status.CA = caCert
-		r.CertificateRequestController.SetStatus(ctx, &cr, cmmeta.ConditionTrue, cmapi.CertificateRequestReasonIssued, "ADCS request successful")
+		err = r.CertificateRequestController.SetStatus(ctx, &cr, cmmeta.ConditionTrue, cmapi.CertificateRequestReasonIssued, "ADCS request successful")
+		if err != nil {
+			log.Error(err, "Failed request will be re-tried", "retry interval", issuer.RetryInterval)
+			return ctrl.Result{Requeue: true, RequeueAfter: issuer.RetryInterval}, nil
+		}
 
 	case api.Rejected:
 		// This is a little hack for strange cert-manager behavior in case of failed request. Cert-manager automatically
 		// re-tries such requests (re-created CertificateRequest object) what doesn't make sense in case of rejection.
 		// We keep the Reason 'Pending' to prevent from re-trying while the actual status is in the Status Condition's Message field.
 		// TODO: change it when cert-manager handles this better.
-		r.CertificateRequestController.SetStatus(ctx, &cr, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonPending, "ADCS request rejected")
+		err = r.CertificateRequestController.SetStatus(ctx, &cr, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonPending, "ADCS request rejected")
+		if err != nil {
+			log.Error(err, "Failed request will be re-tried", "retry interval", issuer.RetryInterval)
+			return ctrl.Result{Requeue: true, RequeueAfter: issuer.RetryInterval}, nil
+		}
+
 	case api.Errored:
-		r.CertificateRequestController.SetStatus(ctx, &cr, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonFailed, "ADCS request errored")
+		err = r.CertificateRequestController.SetStatus(ctx, &cr, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonFailed, "ADCS request errored")
+		if err != nil {
+			log.Error(err, "Failed request will be re-tried", "retry interval", issuer.RetryInterval)
+			return ctrl.Result{Requeue: true, RequeueAfter: issuer.RetryInterval}, nil
+		}
+	}
+
+	err = r.setStatus(ctx, ar)
+	if err != nil {
+		log.Error(err, "Failed request will be re-tried", "retry interval", issuer.RetryInterval)
+		return ctrl.Result{Requeue: true, RequeueAfter: issuer.RetryInterval}, nil
 	}
-	r.setStatus(ctx, ar)
 
 	return ctrl.Result{}, nil
 }

controllers/certificaterequest_controller.go

@@ -161,7 +161,11 @@ func (r *CertificateRequestReconciler) Reconcile(ctx context.Context, req ctrl.R
 	if err != nil {
 		return ctrl.Result{}, err
 	}
-	r.SetStatus(ctx, &cr, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonPending, "Processing ADCS request")
+
+	err = r.SetStatus(ctx, &cr, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonPending, "Processing ADCS request")
+	if err != nil {
+		return ctrl.Result{}, err
+	}
 
 	log.V(4).Info("setstatus", "ctx", ctx, "cr", &cr)
 

deploy.env

@@ -1,6 +1,6 @@
 APP_NAME=adcs-issuer
 DOCKER_REPO=djkormo
-VERSION=2.1.1
+VERSION=2.1.2
 
 
 

go.mod

@@ -7,9 +7,6 @@ require (
 	github.com/cert-manager/cert-manager v1.14.3
 	github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa
 	github.com/go-logr/logr v1.4.1
-	github.com/jetstack/cert-manager v1.4.0-alpha.1
-	github.com/onsi/ginkgo v1.16.5
-	github.com/onsi/gomega v1.29.0
 	github.com/stretchr/testify v1.8.4
 	github.com/sykesm/zap-logfmt v0.0.4
 	go.uber.org/zap v1.26.0
@@ -23,17 +20,13 @@ require (
 )
 
 require (
-	cloud.google.com/go v0.90.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver/v4 v4.0.0 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
-	github.com/evanphx/json-patch v5.7.0+incompatible // indirect
 	github.com/evanphx/json-patch/v5 v5.7.0 // indirect
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
-	github.com/go-asn1-ber/asn1-ber v1.5.5 // indirect
-	github.com/go-ldap/ldap/v3 v3.4.6 // indirect
 	github.com/go-logr/zapr v1.3.0 // indirect
 	github.com/go-openapi/jsonpointer v0.20.2 // indirect
 	github.com/go-openapi/jsonreference v0.20.4 // indirect
@@ -45,18 +38,15 @@ require (
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/uuid v1.5.0 // indirect
-	github.com/googleapis/gnostic v0.5.5 // indirect
 	github.com/imdario/mergo v0.3.16 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
-	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
 	github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
-	github.com/nxadm/tail v1.4.8 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/prometheus/client_golang v1.18.0 // indirect
@@ -65,28 +55,24 @@ require (
 	github.com/prometheus/procfs v0.12.0 // indirect
 	github.com/spf13/cobra v1.8.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
-	go.uber.org/atomic v1.10.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	golang.org/x/crypto v0.17.0 // indirect
+	golang.org/x/crypto v0.24.0 // indirect
 	golang.org/x/exp v0.0.0-20231226003508-02704c960a9b // indirect
-	golang.org/x/net v0.19.0 // indirect
+	golang.org/x/net v0.26.0 // indirect
 	golang.org/x/oauth2 v0.15.0 // indirect
-	golang.org/x/sys v0.15.0 // indirect
-	golang.org/x/term v0.15.0 // indirect
-	golang.org/x/text v0.14.0 // indirect
+	golang.org/x/sys v0.21.0 // indirect
+	golang.org/x/term v0.21.0 // indirect
+	golang.org/x/text v0.16.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
 	google.golang.org/appengine v1.6.8 // indirect
 	google.golang.org/protobuf v1.33.0 // indirect
-	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
-	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/apiextensions-apiserver v0.29.0 // indirect
 	k8s.io/component-base v0.29.0 // indirect
 	k8s.io/klog/v2 v2.110.1 // indirect
-	k8s.io/kube-aggregator v0.29.0 // indirect
 	k8s.io/kube-openapi v0.0.0-20240103051144-eec4567ac022 // indirect
 	sigs.k8s.io/gateway-api v1.0.0 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect