diff --git a/harmony/src/domain/topology/k8s_anywhere/k8s_anywhere.rs b/harmony/src/domain/topology/k8s_anywhere/k8s_anywhere.rs index ca99847..d6b86da 100644 --- a/harmony/src/domain/topology/k8s_anywhere/k8s_anywhere.rs +++ b/harmony/src/domain/topology/k8s_anywhere/k8s_anywhere.rs @@ -18,7 +18,7 @@ use crate::{ inventory::Inventory, modules::{ cert_manager::{ - capability::{CertificateManagement, CertificateManagementConfig, Issuer}, + capability::{CertificateManagement, CertificateManagementConfig}, crd::{score_certificate::CertificateScore, score_issuer::IssuerScore}, operator::CertManagerOperatorScore, }, @@ -376,6 +376,7 @@ impl CertificateManagement for K8sAnywhereTopology { .interpret(&Inventory::empty(), self) .await .map_err(|e| PreparationError { msg: e.to_string() })?; + Ok(PreparationOutcome::Success { details: format!( "Installed cert-manager into ns: {}", @@ -388,31 +389,52 @@ impl CertificateManagement for K8sAnywhereTopology { &self, config: &CertificateManagementConfig, ) -> Result { - self.certificate_issuer_ready(Issuer::Issuer, config) - .await?; + todo!() + } + + async fn create_issuer( + &self, + issuer_name: String, + config: &CertificateManagementConfig, + ) -> Result { + let issuer_score = IssuerScore { + config: config.clone(), + }; + + issuer_score + .interpret(&Inventory::empty(), self) + .await + .map_err(|e| PreparationError { msg: e.to_string() })?; + Ok(PreparationOutcome::Success { - details: "issuer ready".to_string(), + details: format!("issuer of kind {} is ready", issuer_name), }) } async fn create_certificate( &self, cert_name: String, + issuer_name: String, config: &CertificateManagementConfig, ) -> Result { + self.certificate_issuer_ready( + issuer_name.clone(), + self.k8s_client().await.unwrap(), + config, + ) + .await?; + let cert = CertificateScore { - name: cert_name, + cert_name: cert_name, config: config.clone(), + issuer_name, }; cert.interpret(&Inventory::empty(), self) .await .map_err(|e| PreparationError { msg: e.to_string() })?; Ok(PreparationOutcome::Success { - details: format!( - "Created cert into ns: {:#?}", - config.namespace.clone() - ), + details: format!("Created cert into ns: {:#?}", config.namespace.clone()), }) } } @@ -436,6 +458,35 @@ impl K8sAnywhereTopology { } } + pub async fn certificate_issuer_ready( + &self, + issuer_name: String, + k8s_client: Arc, + config: &CertificateManagementConfig, + ) -> Result { + let ns = config.namespace.clone().ok_or_else(|| PreparationError { + msg: "namespace is required".to_string(), + })?; + + let gvk = GroupVersionKind { + group: "cert-manager.io".to_string(), + version: "v1".to_string(), + kind: "Issuer".to_string(), + }; + + match k8s_client + .get_resource_json_value(&issuer_name, Some(&ns), &gvk) + .await + { + Ok(_cert_issuer) => Ok(PreparationOutcome::Success { + details: format!("issuer of kind {} is ready", issuer_name), + }), + Err(e) => Err(PreparationError { + msg: format!("{} issuer {} not present", e.to_string(), issuer_name), + }), + } + } + pub async fn get_k8s_distribution(&self) -> Result<&KubernetesDistribution, PreparationError> { self.k8s_distribution .get_or_try_init(async || { @@ -968,29 +1019,6 @@ impl K8sAnywhereTopology { ), }) } - - async fn certificate_issuer_ready( - &self, - issuer: Issuer, - config: &CertificateManagementConfig, - ) -> Result { - match issuer { - Issuer::ClusterIssuer => todo!(), - - Issuer::Issuer => { - let issuer_score = IssuerScore { - config: config.clone(), - }; - issuer_score - .interpret(&Inventory::empty(), self) - .await - .map_err(|e| PreparationError { msg: e.to_string() })?; - Ok(PreparationOutcome::Success { - details: format!("issuer of kind {} is ready", issuer.to_string()), - }) - } - } - } } #[derive(Clone, Debug)] diff --git a/harmony/src/modules/cert_manager/capability.rs b/harmony/src/modules/cert_manager/capability.rs index bd0c921..0c6940d 100644 --- a/harmony/src/modules/cert_manager/capability.rs +++ b/harmony/src/modules/cert_manager/capability.rs @@ -1,8 +1,12 @@ use async_trait::async_trait; use serde::Serialize; -use crate::{modules::cert_manager::crd::{AcmeIssuer, CaIssuer}, topology::{PreparationError, PreparationOutcome}}; +use crate::{ + modules::cert_manager::crd::{AcmeIssuer, CaIssuer}, + topology::{PreparationError, PreparationOutcome}, +}; +///TODO rust doc explaining issuer, certificate etc #[async_trait] pub trait CertificateManagement: Send + Sync { async fn install( @@ -15,9 +19,16 @@ pub trait CertificateManagement: Send + Sync { config: &CertificateManagementConfig, ) -> Result; + async fn create_issuer( + &self, + issuer_name: String, + config: &CertificateManagementConfig, + ) -> Result; + async fn create_certificate( &self, cert_name: String, + issuer_name: String, config: &CertificateManagementConfig, ) -> Result; } @@ -30,19 +41,3 @@ pub struct CertificateManagementConfig { pub ca_issuer: Option, pub self_signed: bool, } - -#[derive(Serialize)] -pub enum Issuer { - ClusterIssuer, - Issuer, -} - -impl std::fmt::Display for Issuer { - fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { - match self { - Issuer::Issuer => f.write_str("Issuer"), - Issuer::ClusterIssuer => f.write_str("ClusterIssuer"), - } - } -} - diff --git a/harmony/src/modules/cert_manager/crd/certificate.rs b/harmony/src/modules/cert_manager/crd/certificate.rs index 7c0866b..2375b0b 100644 --- a/harmony/src/modules/cert_manager/crd/certificate.rs +++ b/harmony/src/modules/cert_manager/crd/certificate.rs @@ -110,4 +110,3 @@ pub struct PrivateKey { #[serde(skip_serializing_if = "Option::is_none")] pub rotation_policy: Option, } - diff --git a/harmony/src/modules/cert_manager/crd/cluster_issuer.rs b/harmony/src/modules/cert_manager/crd/cluster_issuer.rs index 4939548..0348972 100644 --- a/harmony/src/modules/cert_manager/crd/cluster_issuer.rs +++ b/harmony/src/modules/cert_manager/crd/cluster_issuer.rs @@ -42,4 +42,3 @@ impl Default for ClusterIssuerSpec { } } } - diff --git a/harmony/src/modules/cert_manager/crd/mod.rs b/harmony/src/modules/cert_manager/crd/mod.rs index 70ea469..7f8e6d1 100644 --- a/harmony/src/modules/cert_manager/crd/mod.rs +++ b/harmony/src/modules/cert_manager/crd/mod.rs @@ -1,12 +1,11 @@ use serde::{Deserialize, Serialize}; - pub mod certificate; -pub mod issuer; pub mod cluster_issuer; +pub mod issuer; //pub mod score_cluster_issuer; -pub mod score_issuer; pub mod score_certificate; +pub mod score_issuer; #[derive(Deserialize, Serialize, Clone, Debug)] #[serde(rename_all = "camelCase")] diff --git a/harmony/src/modules/cert_manager/crd/score_certificate.rs b/harmony/src/modules/cert_manager/crd/score_certificate.rs index 53c2a34..9e51235 100644 --- a/harmony/src/modules/cert_manager/crd/score_certificate.rs +++ b/harmony/src/modules/cert_manager/crd/score_certificate.rs @@ -16,7 +16,8 @@ use crate::{ #[derive(Debug, Clone, Serialize)] pub struct CertificateScore { - pub name: String, + pub cert_name: String, + pub issuer_name: String, pub config: CertificateManagementConfig, } @@ -28,14 +29,14 @@ impl Score for CertificateScore { fn create_interpret(&self) -> Box> { let cert = Certificate { metadata: ObjectMeta { - name: Some(self.name.clone()), + name: Some(self.cert_name.clone()), namespace: self.config.namespace.clone(), ..Default::default() }, spec: CertificateSpec { - secret_name: format!("{}-tls", self.name.clone()), + secret_name: format!("{}-tls", self.cert_name.clone()), issuer_ref: IssuerRef { - name: self.config.name.clone(), + name: self.issuer_name.clone(), kind: Some("Issuer".into()), group: Some("cert-manager.io".into()), }, diff --git a/harmony/src/modules/cert_manager/crd/score_issuer.rs b/harmony/src/modules/cert_manager/crd/score_issuer.rs index 05af62d..f30f155 100644 --- a/harmony/src/modules/cert_manager/crd/score_issuer.rs +++ b/harmony/src/modules/cert_manager/crd/score_issuer.rs @@ -4,10 +4,13 @@ use serde::Serialize; use crate::{ interpret::Interpret, modules::{ - cert_manager::{capability::CertificateManagementConfig, crd::{ - AcmeIssuer, CaIssuer, SelfSignedIssuer, - issuer::{Issuer, IssuerSpec}, - }}, + cert_manager::{ + capability::CertificateManagementConfig, + crd::{ + SelfSignedIssuer, + issuer::{Issuer, IssuerSpec}, + }, + }, k8s::resource::K8sResourceScore, }, score::Score, @@ -26,7 +29,7 @@ impl Score for IssuerScore { fn create_interpret(&self) -> Box> { let metadata = ObjectMeta { - name: Some(self.config.name.clone()), + name: Some(format!("{}-issuer", self.config.namespace.clone().unwrap())), namespace: self.config.namespace.clone(), ..ObjectMeta::default() }; diff --git a/harmony/src/modules/cert_manager/mod.rs b/harmony/src/modules/cert_manager/mod.rs index 430252d..9de3b9a 100644 --- a/harmony/src/modules/cert_manager/mod.rs +++ b/harmony/src/modules/cert_manager/mod.rs @@ -1,7 +1,7 @@ pub mod capability; pub mod cluster_issuer; +pub mod crd; mod helm; pub mod operator; pub mod score_k8s; -pub mod crd; pub use helm::*;