Azure / aks-app-routing-operator / 16685477625

coverage: 81.394% (-0.02%) from 81.41%
16685477625

push

github

OliverMKing 
add validation

4051 of 4977 relevant lines covered (81.39%)

22.78 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

83.48
/pkg/controller/defaultdomaincert/default_domain_cert_controller.go
1 
package defaultdomaincert
2 









3



import (










4



        "context"










5



        "errors"










6



        "fmt"










7



        "time"










8












9



        approutingv1alpha1 "github.com/Azure/aks-app-routing-operator/api/v1alpha1"










10



        "github.com/Azure/aks-app-routing-operator/pkg/config"










11



        "github.com/Azure/aks-app-routing-operator/pkg/controller/controllername"










12



        "github.com/Azure/aks-app-routing-operator/pkg/controller/metrics"










13



        "github.com/Azure/aks-app-routing-operator/pkg/manifests"










14



        "github.com/Azure/aks-app-routing-operator/pkg/store"










15



        "github.com/Azure/aks-app-routing-operator/pkg/tls"










16



        "github.com/Azure/aks-app-routing-operator/pkg/util"










17



        corev1 "k8s.io/api/core/v1"










18



        apierrors "k8s.io/apimachinery/pkg/api/errors"










19



        metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"










20



        "k8s.io/client-go/tools/record"










21



        ctrl "sigs.k8s.io/controller-runtime"










22



        "sigs.k8s.io/controller-runtime/pkg/client"










23



        "sigs.k8s.io/controller-runtime/pkg/log"










24



)










25












26



var name = controllername.New("default", "domain", "cert", "reconciler")










27












28



type defaultDomainCertControllerReconciler struct {










29



        client client.Client










30



        events record.EventRecorder










31



        conf   *config.Config










32



        store  store.Store










33



}










34












35



func NewReconciler(conf *config.Config, mgr ctrl.Manager, store store.Store) error {




2





36



        metrics.InitControllerMetrics(name)




2





37






2





38



        if err := store.AddFile(conf.DefaultDomainCertPath); err != nil {




3





39



                return fmt.Errorf("adding default domain cert %s to store: %w", conf.DefaultDomainCertPath, err)




1





40



        }




1





41












42



        if err := store.AddFile(conf.DefaultDomainKeyPath); err != nil {




2





43



                return fmt.Errorf("adding default domain key %s to store: %w", conf.DefaultDomainKeyPath, err)




1





44



        }




1





45












46



        reconciler := &defaultDomainCertControllerReconciler{




×







47



                client: mgr.GetClient(),




×







48



                events: mgr.GetEventRecorderFor("aks-app-routing-operator"),




×







49



                conf:   conf,




×







50



                store:  store,




×







51



        }




×







52






×







53



        if _, _, err := reconciler.getAndVerifyCertAndKey(); err != nil {




×







54



                return fmt.Errorf("verifying cert and key: %w", err)




×







55



        }




×







56












57



        if err := name.AddToController(




×







58



                ctrl.NewControllerManagedBy(mgr).




×







59



                        For(&approutingv1alpha1.DefaultDomainCertificate{}).




×







60



                        Owns(&corev1.Secret{}),




×







61



                mgr.GetLogger(),




×







62



        ).Complete(reconciler); err != nil {




×







63



                return fmt.Errorf("building the controller: %w", err)




×







64



        }




×







65












66



        return nil




×







67



}










68












69



func (d *defaultDomainCertControllerReconciler) Reconcile(ctx context.Context, req ctrl.Request) (res ctrl.Result, err error) {




11





70



        start := time.Now()




11





71



        lgr := log.FromContext(ctx, "name", req.Name, "namespace", req.Namespace)




11





72



        ctx = log.IntoContext(ctx, lgr)




11





73






11





74



        lgr.Info("reconciling DefaultDomainCertificate")




11





75



        defer func() {




22





76



                lgr.Info("reconcile finished", "latency", time.Since(start))




11





77



        }()




11





78












79



        defaultDomainCertificate := &approutingv1alpha1.DefaultDomainCertificate{}




11





80



        if err := d.client.Get(ctx, req.NamespacedName, defaultDomainCertificate); err != nil {




13





81



                if apierrors.IsNotFound(err) { // object was deleted




3





82



                        lgr.Info("DefaultDomainCertificate not found")




1





83



                        return ctrl.Result{}, nil




1





84



                }




1





85












86



                lgr.Error(err, "unable to get DefaultDomainCertificate")




1





87



                return ctrl.Result{}, err




1





88



        }










89












90



        if defaultDomainCertificate.Spec.Target.Secret == nil {




10





91



                err := errors.New("DefaultDomainCertificate has no target secret specified")




1





92



                lgr.Error(err, "DefaultDomainCertificate has no target specified, this should be blocked by CRD CEL validation")




1





93



                return ctrl.Result{}, err




1





94



        }




1





95












96



        lgr = lgr.WithValues("secretTarget", *defaultDomainCertificate.Spec.Target.Secret)




8





97



        ctx = log.IntoContext(ctx, lgr)




8





98






8





99



        lgr.Info("upserting Secret for DefaultDomainCertificate")




8





100



        secret, err := d.generateSecret(defaultDomainCertificate)




8





101



        if err != nil {




9





102



                err := fmt.Errorf("generating Secret for DefaultDomainCertificate: %w", err)




1





103



                lgr.Error(err, "failed to generate Secret for DefaultDomainCertificate")




1





104



                return ctrl.Result{}, err




1





105



        }




1





106












107



        if err := util.Upsert(ctx, d.client, secret); err != nil {




9





108



                d.events.Eventf(defaultDomainCertificate, corev1.EventTypeWarning, "ApplyingCertificateSecretFailed", "Failed to apply Secret for DefaultDomainCertificate: %s", err.Error())




2





109



                lgr.Error(err, "failed to upsert Secret for DefaultDomainCertificate")




2





110



                return ctrl.Result{}, err




2





111



        }




2





112












113



        // Update the status of the DefaultDomainCertificate










114



        defaultDomainCertificate.SetCondition(metav1.Condition{




5





115



                Type:    approutingv1alpha1.DefaultDomainCertificateConditionTypeAvailable,




5





116



                Status:  metav1.ConditionTrue,




5





117



                Reason:  "CertificateSecretApplied",




5





118



                Message: fmt.Sprintf("Secret %s/%s successfully applied for DefaultDomainCertificate", secret.Namespace, secret.Name),




5





119



        })




5





120



        if err := d.client.Status().Update(ctx, defaultDomainCertificate); err != nil {




6





121



                lgr.Error(err, "failed to update status for DefaultDomainCertificate")




1





122



                return ctrl.Result{}, err




1





123



        }




1





124












125



        return ctrl.Result{}, nil




4





126



}










127












128



func (d *defaultDomainCertControllerReconciler) generateSecret(defaultDomainCertificate *approutingv1alpha1.DefaultDomainCertificate) (*corev1.Secret, error) {




17





129



        cert, key, err := d.getAndVerifyCertAndKey()




17





130



        if err != nil {




24





131



                return nil, fmt.Errorf("getting and verifying cert and key: %w", err)




7





132



        }




7





133












134



        secret := &corev1.Secret{




10





135



                ObjectMeta: metav1.ObjectMeta{




10





136



                        Name:      *defaultDomainCertificate.Spec.Target.Secret,




10





137



                        Namespace: defaultDomainCertificate.Namespace,




10





138



                        Labels:    manifests.GetTopLevelLabels(),




10





139



                },




10





140



                TypeMeta: metav1.TypeMeta{




10





141



                        Kind:       "Secret",




10





142



                        APIVersion: corev1.SchemeGroupVersion.String(),




10





143



                },




10





144



                Type: corev1.SecretTypeTLS,




10





145



                Data: map[string][]byte{




10





146



                        "tls.crt": cert,




10





147



                        "tls.key": key,




10





148



                },




10





149



        }




10





150






10





151



        owner := manifests.GetOwnerRefs(defaultDomainCertificate, true)




10





152



        secret.SetOwnerReferences(owner)




10





153






10





154



        return secret, nil




10





155



}










156












157



func (d *defaultDomainCertControllerReconciler) getAndVerifyCertAndKey() ([]byte, []byte, error) {




21





158



        key, ok := d.store.GetContent(d.conf.DefaultDomainKeyPath)




21





159



        if key == nil || !ok {




24





160



                return nil, nil, fmt.Errorf("failed to get default domain key from store")




3





161



        }




3





162












163



        cert, ok := d.store.GetContent(d.conf.DefaultDomainCertPath)




18





164



        if cert == nil || !ok {




22





165



                return nil, nil, fmt.Errorf("failed to get default domain cert from store")




4





166



        }




4





167












168



        if _, err := tls.ParseTLSCertificate(cert, key); err != nil {




17





169



                return nil, nil, fmt.Errorf("validating cert and key: %w", err)




3





170



        }




3





171












172



        return cert, key, nil




11





173



}
























    

  • 

    •