feat: implentation to use a preinstalled cluster issuer to create a certificate

Reviewed-on: #156

harmony/src/domain/interpret/mod.rs

@@ -194,3 +194,11 @@ impl From<String> for InterpretError {
         }
     }
 }
+
+impl From<serde_yaml::Error> for InterpretError {
+    fn from(value: serde_yaml::Error) -> Self {
+        Self {
+            msg: format!("InterpretError : {value}"),
+        }
+    }
+}

harmony/src/modules/application/features/helm_argocd_score.rs

@@ -160,6 +160,9 @@ global:
   ## Used for ingresses, certificates, SSO, notifications, etc.
   domain: {domain}
 
+  securityContext: 
+    runAsUser: null
+
   # -- Runtime class name for all components
   runtimeClassName: ""
 
@@ -471,6 +474,13 @@ redis:
   # -- Redis name
   name: redis
 
+  serviceAccount:
+    create: true
+
+  securityContext:
+    runAsUser: null
+
+
   ## Redis image
   image:
     # -- Redis repository

harmony/src/modules/cert_manager/gen_ca_cert.rs

@@ -0,0 +1,106 @@
+use std::sync::Arc;
+
+use async_trait::async_trait;
+use harmony_types::id::Id;
+use serde::Serialize;
+
+use crate::{
+    data::Version,
+    interpret::{Interpret, InterpretError, InterpretName, InterpretStatus, Outcome},
+    inventory::Inventory,
+    score::Score,
+    topology::{K8sclient, Topology, k8s::K8sClient},
+};
+
+#[derive(Clone, Serialize, Debug)]
+pub struct GenerateCaCertScore {
+    cluster_issuer_name: String,
+    dns_names: String,
+    operator_namespace: String,
+}
+
+impl<T: Topology + K8sclient> Score<T> for GenerateCaCertScore {
+    fn name(&self) -> String {
+        "GenerateCaCertScore".to_string()
+    }
+
+    fn create_interpret(&self) -> Box<dyn Interpret<T>> {
+        Box::new(GenerateCaCertIntepret {
+            score: self.clone(),
+        })
+    }
+}
+
+#[derive(Clone, Serialize, Debug)]
+pub struct GenerateCaCertIntepret {
+    score: GenerateCaCertScore,
+}
+
+#[async_trait]
+impl<T: Topology + K8sclient> Interpret<T> for GenerateCaCertIntepret {
+    async fn execute(
+        &self,
+        _inventory: &Inventory,
+        topology: &T,
+    ) -> Result<Outcome, InterpretError> {
+        let client = topology.k8s_client().await.unwrap();
+        let cert_yaml = self
+            .build_cert_request_yaml(&self.score.cluster_issuer_name, &self.score.dns_names)
+            .unwrap();
+        self.apply_cert_request(&client, cert_yaml, &self.score.operator_namespace)
+            .await?;
+        Ok(Outcome::success("created ca cert".to_string()))
+    }
+
+    fn get_name(&self) -> InterpretName {
+        InterpretName::Custom("GenerateCaCertInterpret")
+    }
+
+    fn get_version(&self) -> Version {
+        todo!()
+    }
+
+    fn get_status(&self) -> InterpretStatus {
+        todo!()
+    }
+
+    fn get_children(&self) -> Vec<Id> {
+        todo!()
+    }
+}
+
+impl GenerateCaCertIntepret {
+    pub fn build_cert_request_yaml(
+        &self,
+        cluster_issuer_name: &str,
+        dns_names: &str,
+    ) -> Result<serde_yaml::Value, InterpretError> {
+        let cert_yaml = format!(
+            r#"
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: ingress-cert
+  namespace: openshift-ingress
+spec:
+  secretName: ingress-cert-tls
+  issuerRef:
+    name: {cluster_issuer_name}
+    kind: ClusterIssuer
+  dnsNames:
+  - "*.{dns_names}"
+        "#
+        );
+        Ok(serde_yaml::to_value(cert_yaml)?)
+    }
+    pub async fn apply_cert_request(
+        &self,
+        client: &Arc<K8sClient>,
+        cert_yaml: serde_yaml::Value,
+        operator_namespace: &str,
+    ) -> Result<(), InterpretError> {
+        Ok(client
+            .apply_yaml(&cert_yaml, Some(operator_namespace))
+            .await?)
+    }
+}

harmony/src/modules/cert_manager/mod.rs

@@ -1,2 +1,3 @@
+mod gen_ca_cert;
 mod helm;
 pub use helm::*;

harmony/src/modules/prometheus/rhob_alerting_score.rs

@@ -12,9 +12,6 @@ use std::process::Command;
 use crate::modules::k8s::ingress::{K8sIngressScore, PathType};
 use crate::modules::monitoring::kube_prometheus::crd::grafana_default_dashboard::build_default_dashboard;
 use crate::modules::monitoring::kube_prometheus::crd::rhob_alertmanager_config::RHOBObservability;
-use crate::modules::monitoring::kube_prometheus::crd::rhob_alertmanagers::{
-    Alertmanager, AlertmanagerSpec,
-};
 use crate::modules::monitoring::kube_prometheus::crd::rhob_grafana::{
     Grafana, GrafanaDashboard, GrafanaDashboardSpec, GrafanaDatasource, GrafanaDatasourceConfig,
     GrafanaDatasourceSpec, GrafanaSpec,
@@ -25,13 +22,8 @@ use crate::modules::monitoring::kube_prometheus::crd::rhob_monitoring_stack::{
 use crate::modules::monitoring::kube_prometheus::crd::rhob_prometheus_rules::{
     PrometheusRule, PrometheusRuleSpec, RuleGroup,
 };
-use crate::modules::monitoring::kube_prometheus::crd::rhob_prometheuses::{
+use crate::modules::monitoring::kube_prometheus::crd::rhob_prometheuses::LabelSelector;
-    AlertmanagerEndpoints, LabelSelector, PrometheusSpec, PrometheusSpecAlerting,
-};
 
-use crate::modules::monitoring::kube_prometheus::crd::rhob_role::{
-    build_prom_role, build_prom_rolebinding, build_prom_service_account,
-};
 use crate::modules::monitoring::kube_prometheus::crd::rhob_service_monitor::{
     ServiceMonitor, ServiceMonitorSpec,
 };