chore: added rust doc for certificate management trait

harmony/src/domain/topology/k8s_anywhere/k8s_anywhere.rs

@@ -453,64 +453,6 @@ impl CertificateManagement for K8sAnywhereTopology {
             details: format!("Created cert into ns: {:#?}", config.namespace.clone()),
         })
     }
-
-    async fn get_ca_certificate(
-        &self,
-        cert_name: String,
-        config: &CertificateManagementConfig,
-    ) -> Result<String, PreparationError> {
-        let namespace = config.namespace.clone().unwrap();
-        let certificate_gvk = GroupVersionKind {
-            group: "cert-manager.io".to_string(),
-            version: "v1".to_string(),
-            kind: "Certificate".to_string(),
-        };
-        let client = self.k8s_client().await.unwrap();
-        let certificate_data = client
-            .get_resource_json_value(&cert_name, Some(&namespace), &certificate_gvk)
-            .await?
-            .data;
-
-        trace!("Certificate Data {:#?}", certificate_data);
-
-        let secret_name = certificate_data
-            .get("spec")
-            .ok_or_else(|| PreparationError {
-                msg: format!("failed to get spec from Certificate {}", cert_name),
-            })?
-            .get("secretName")
-            .ok_or_else(|| PreparationError {
-                msg: format!("failed to get secretName from Certificate {}", cert_name),
-            })?;
-
-        trace!("Secret Name {:#?}", secret_name);
-
-        let secret_name: String = serde_json::from_value(secret_name.clone())
-            .map_err(|e| PreparationError { msg: e.to_string() })?;
-
-        let secret = client
-            .get_secret_json_value(&secret_name, Some(&namespace))
-            .await?
-            .data;
-
-        let ca_cert = secret
-            .get("data")
-            .ok_or_else(|| PreparationError {
-                msg: format!("failed to get data from secret {}", secret_name),
-            })?
-            .get("ca.crt")
-            .ok_or_else(|| PreparationError {
-                msg: format!("failed to get ca.crt from secret {}", secret_name),
-            })?;
-
-        trace!("ca.crt {:#?}", ca_cert.clone());
-
-        let ca_cert: String = serde_json::from_value(ca_cert.clone())
-            .map_err(|e| PreparationError { msg: e.to_string() })?;
-
-        trace!("ca.crt string {:#?}", ca_cert.clone());
-        Ok(ca_cert)
-    }
 }
 
 impl K8sAnywhereTopology {

harmony/src/modules/cert_manager/capability.rs

@@ -6,34 +6,79 @@ use crate::{
     topology::{PreparationError, PreparationOutcome},
 };
 
-///TODO rust doc explaining issuer, certificate etc
+/// Certificate management capability for a topology.
+///
+/// This trait represents the ability of a topology to provision, manage,
+/// and ensure the availability of TLS certificates.
+///
+/// Implementations may back this capability using different mechanisms,
+/// for example: a Kubernetes controller, an external PKI service, or
+/// platform-specific tooling
+///
+/// ## Concepts
+///
+/// ### Certificate Management System
+/// A certificate management system is responsible for issuing, renewing,
+/// and storing certificates. Before certificates can be created, this
+/// system must be installed and ready to serve requests.
+///
+/// ### Issuer
+/// An Issuer defines how certificates are issued and signed.
+/// It encapsulates trust configuration such as signing keys, certificate
+/// authorities, or external services. Issuers do not represent certificates
+/// themselves, but are referenced by certificate requests.
+///
+/// ### Certificate
+/// A Certificate represents a request for cryptographic identity
+/// material. It references an Issuer and defines the identities the certificate should be valid for,
+/// as well as where the resulting certificate material should be stored.
+///
+/// ## Responsibilities
+///
+/// Implementations of this trait are responsible for:
+///
+/// - Installing the underlying certificate management system
+/// - Ensuring the system is ready before certificates are requested
+/// - Creating Issuers
+/// - Creating Certificates
+///
 #[async_trait]
 pub trait CertificateManagement: Send + Sync {
+    /// Installs the underlying certificate management system for the topology.
+    ///
+    /// Abstracts away installation details
+    /// (e.g., controllers, operators, external services).
     async fn install(&self) -> Result<PreparationOutcome, PreparationError>;
 
+    /// Ensures that the certificate management system is installed and ready.
+    ///
+    /// May verify presence of required components, APIs, or controllers,
+    /// and perform installation if necessary.
     async fn ensure_certificate_management_ready(
         &self,
         config: &CertificateManagementConfig,
     ) -> Result<PreparationOutcome, PreparationError>;
 
+    /// Creates an issuer used to sign certificates.
+    ///
+    /// Abstracts away issuer representation and storage
+    /// (e.g., cluster-scoped resources, external PKI configuration).
     async fn create_issuer(
         &self,
         issuer_name: String,
         config: &CertificateManagementConfig,
     ) -> Result<PreparationOutcome, PreparationError>;
 
+    /// Creates a certificate signed by a previously created issuer.
+    ///
+    /// Abstracts away certificate request, issuance, and storage details
+    /// (e.g., secrets, files, remote APIs).
     async fn create_certificate(
         &self,
         cert_name: String,
         issuer_name: String,
         config: &CertificateManagementConfig,
     ) -> Result<PreparationOutcome, PreparationError>;
-
-    async fn get_ca_certificate(
-        &self,
-        cert_name: String,
-        config: &CertificateManagementConfig,
-    ) -> Result<String, PreparationError>;
 }
 
 #[derive(Debug, Clone, Serialize)]