diff --git a/config/crd/bases/certmanager.step.sm_stepclusterissuers.yaml b/config/crd/bases/certmanager.step.sm_stepclusterissuers.yaml
index ed3865e335aea28a2eea455fe7e395e2a0c814f6..2eda0a35d14c5904a308eba6efdc431498084b5c 100644
--- a/config/crd/bases/certmanager.step.sm_stepclusterissuers.yaml
+++ b/config/crd/bases/certmanager.step.sm_stepclusterissuers.yaml
@@ -22,10 +22,14 @@ spec:
description: StepClusterIssuer is the Schema for the stepclusterissuers API
properties:
apiVersion:
- description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
- description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
@@ -33,11 +37,14 @@ spec:
description: StepClusterIssuerSpec defines the desired state of StepClusterIssuer
properties:
caBundle:
- description: CABundle is a base64 encoded TLS certificate used to verify connections to the step certificates server. If not set the system root certificates are used to validate the TLS connection.
+ description: CABundle is a base64 encoded TLS certificate used to
+ verify connections to the step certificates server. If not set the
+ system root certificates are used to validate the TLS connection.
format: byte
type: string
provisioner:
- description: Provisioner contains the step certificates provisioner configuration.
+ description: Provisioner contains the step certificates provisioner
+ configuration.
properties:
kid:
description: KeyID is the kid property of the JWK provisioner.
@@ -46,16 +53,21 @@ spec:
description: Names is the name of the JWK provisioner.
type: string
passwordRef:
- description: PasswordRef is a reference to a Secret containing the provisioner password used to decrypt the provisioner private key.
+ description: PasswordRef is a reference to a Secret containing
+ the provisioner password used to decrypt the provisioner private
+ key.
properties:
key:
- description: The key of the secret to select from. Must be a valid secret key.
+ description: The key of the secret to select from. Must be
+ a valid secret key.
type: string
name:
- description: The name of the secret in the pod's namespace to select from.
+ description: The name of the secret in the pod's namespace
+ to select from.
type: string
namespace:
- description: The namespace of the secret in the pod's namespace to select from.
+ description: The namespace of the secret in the pod's namespace
+ to select from.
type: string
required:
- name
@@ -78,17 +90,21 @@ spec:
properties:
conditions:
items:
- description: StepClusterIssuerCondition contains condition information for the step issuer.
+ description: StepClusterIssuerCondition contains condition information
+ for the step issuer.
properties:
lastTransitionTime:
- description: LastTransitionTime is the timestamp corresponding to the last status change of this condition.
+ description: LastTransitionTime is the timestamp corresponding
+ to the last status change of this condition.
format: date-time
type: string
message:
- description: Message is a human readable description of the details of the last transition, complementing reason.
+ description: Message is a human readable description of the
+ details of the last transition, complementing reason.
type: string
reason:
- description: Reason is a brief machine readable explanation for the condition's last transition.
+ description: Reason is a brief machine readable explanation
+ for the condition's last transition.
type: string
status:
allOf:
@@ -100,7 +116,8 @@ spec:
- "True"
- "False"
- Unknown
- description: Status of the condition, one of ('True', 'False', 'Unknown').
+ description: Status of the condition, one of ('True', 'False',
+ 'Unknown').
type: string
type:
description: Type of the condition, currently ('Ready').
diff --git a/config/crd/bases/certmanager.step.sm_stepissuers.yaml b/config/crd/bases/certmanager.step.sm_stepissuers.yaml
index 3c7f1ff3b94b7cf2bcccbc3233ebd286c099b79b..3d883661b62115f265fc35cc415ee8b7896c8487 100644
--- a/config/crd/bases/certmanager.step.sm_stepissuers.yaml
+++ b/config/crd/bases/certmanager.step.sm_stepissuers.yaml
@@ -22,10 +22,14 @@ spec:
description: StepIssuer is the Schema for the stepissuers API
properties:
apiVersion:
- description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
- description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
@@ -33,11 +37,14 @@ spec:
description: StepIssuerSpec defines the desired state of StepIssuer
properties:
caBundle:
- description: CABundle is a base64 encoded TLS certificate used to verify connections to the step certificates server. If not set the system root certificates are used to validate the TLS connection.
+ description: CABundle is a base64 encoded TLS certificate used to
+ verify connections to the step certificates server. If not set the
+ system root certificates are used to validate the TLS connection.
format: byte
type: string
provisioner:
- description: Provisioner contains the step certificates provisioner configuration.
+ description: Provisioner contains the step certificates provisioner
+ configuration.
properties:
kid:
description: KeyID is the kid property of the JWK provisioner.
@@ -46,13 +53,17 @@ spec:
description: Names is the name of the JWK provisioner.
type: string
passwordRef:
- description: PasswordRef is a reference to a Secret containing the provisioner password used to decrypt the provisioner private key.
+ description: PasswordRef is a reference to a Secret containing
+ the provisioner password used to decrypt the provisioner private
+ key.
properties:
key:
- description: The key of the secret to select from. Must be a valid secret key.
+ description: The key of the secret to select from. Must be
+ a valid secret key.
type: string
name:
- description: The name of the secret in the pod's namespace to select from.
+ description: The name of the secret in the pod's namespace
+ to select from.
type: string
required:
- name
@@ -74,17 +85,21 @@ spec:
properties:
conditions:
items:
- description: StepIssuerCondition contains condition information for the step issuer.
+ description: StepIssuerCondition contains condition information
+ for the step issuer.
properties:
lastTransitionTime:
- description: LastTransitionTime is the timestamp corresponding to the last status change of this condition.
+ description: LastTransitionTime is the timestamp corresponding
+ to the last status change of this condition.
format: date-time
type: string
message:
- description: Message is a human readable description of the details of the last transition, complementing reason.
+ description: Message is a human readable description of the
+ details of the last transition, complementing reason.
type: string
reason:
- description: Reason is a brief machine readable explanation for the condition's last transition.
+ description: Reason is a brief machine readable explanation
+ for the condition's last transition.
type: string
status:
allOf:
@@ -96,7 +111,8 @@ spec:
- "True"
- "False"
- Unknown
- description: Status of the condition, one of ('True', 'False', 'Unknown').
+ description: Status of the condition, one of ('True', 'False',
+ 'Unknown').
type: string
type:
description: Type of the condition, currently ('Ready').
diff --git a/controllers/certificaterequest_controller.go b/controllers/certificaterequest_controller.go
index 9eb1e22e949a7cf8443962097dc8c3cf4a7c7393..7d622a44e57cf57392f7307523c1c180278891ab 100644
--- a/controllers/certificaterequest_controller.go
+++ b/controllers/certificaterequest_controller.go
@@ -113,7 +113,7 @@ func (r *CertificateRequestReconciler) Reconcile(ctx context.Context, req ctrl.R
iss := api.StepClusterIssuer{}
issNamespaceName := types.NamespacedName{
Namespace: "",
- Name: cr.Spec.IssuerRef.Name,
+ Name: cr.Spec.IssuerRef.Name,
}
if err := r.Client.Get(ctx, issNamespaceName, &iss); err != nil {
@@ -121,7 +121,7 @@ func (r *CertificateRequestReconciler) Reconcile(ctx context.Context, req ctrl.R
_ = r.setStatus(ctx, cr, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonPending, "Failed to retrieve StepClusterIssuer resource %s: %v", issNamespaceName, err)
return ctrl.Result{}, err
}
-
+
// Check if the StepClusterIssuer resource has been marked Ready
if !stepClusterIssuerHasCondition(iss, api.StepClusterIssuerCondition{Type: api.ConditionReady, Status: api.ConditionTrue}) {
err := fmt.Errorf("resource %s is not ready", issNamespaceName)
@@ -129,7 +129,7 @@ func (r *CertificateRequestReconciler) Reconcile(ctx context.Context, req ctrl.R
_ = r.setStatus(ctx, cr, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonPending, "StepClusterIssuer resource %s is not Ready", issNamespaceName)
return ctrl.Result{}, err
}
-
+
// Load the provisioner that will sign the CertificateRequest
provisioner, ok := provisioners.Load(issNamespaceName)
if !ok {
@@ -138,7 +138,7 @@ func (r *CertificateRequestReconciler) Reconcile(ctx context.Context, req ctrl.R
_ = r.setStatus(ctx, cr, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonPending, "Failed to load provisioner for StepClusterIssuer resource %s", issNamespaceName)
return ctrl.Result{}, err
}
-
+
// Sign CertificateRequest
signedPEM, trustedCAs, err := provisioner.Sign(ctx, cr)
if err != nil {
@@ -147,14 +147,14 @@ func (r *CertificateRequestReconciler) Reconcile(ctx context.Context, req ctrl.R
}
cr.Status.Certificate = signedPEM
cr.Status.CA = trustedCAs
-
+
return ctrl.Result{}, r.setStatus(ctx, cr, cmmeta.ConditionTrue, cmapi.CertificateRequestReasonIssued, "Certificate issued")
} else {
iss := api.StepIssuer{}
issNamespaceName := types.NamespacedName{
- Namespace: req.Namespace,
- Name: cr.Spec.IssuerRef.Name,
- }
+ Namespace: req.Namespace,
+ Name: cr.Spec.IssuerRef.Name,
+ }
if err := r.Client.Get(ctx, issNamespaceName, &iss); err != nil {
log.Error(err, "failed to retrieve StepIssuer resource", "namespace", req.Namespace, "name", cr.Spec.IssuerRef.Name)