From 9e1d4692ae99b1539ad2ab048a8d013e73f86772 Mon Sep 17 00:00:00 2001 From: Jose Date: Thu, 20 Apr 2023 06:40:49 +0200 Subject: [PATCH] Support Quarkus 3 --- README.md | 1 + deployment/pom.xml | 5 +- .../deployment/CertManagerProcessor.java | 57 ++-- .../utils/CertManagerConfigUtil.java | 5 +- .../ROOT/pages/includes/attributes.adoc | 2 +- .../pages/includes/quarkus-certificate.adoc | 243 ++++++++++++------ docs/modules/ROOT/pages/index.adoc | 3 +- .../certmanager/tests/Endpoint.java | 4 +- .../certmanager/tests/EndpointIT.java | 7 +- .../certmanager/tests/Endpoint.java | 4 +- .../src/main/resources/application.properties | 1 + .../certmanager/tests/OpenShiftIT.java | 2 + pom.xml | 2 +- runtime/pom.xml | 2 +- 14 files changed, 222 insertions(+), 116 deletions(-) diff --git a/README.md b/README.md index 55e3383..519256f 100644 --- a/README.md +++ b/README.md @@ -19,6 +19,7 @@ The documentation for this extension can be found [here](https://quarkiverse.git | Quarkus Cert-Manager Version | Quarkus Version | |---|---| +| 0.1.0 | Quarkus 3+ | | 0.0.2 | Quarkus 2.12+ | | 0.0.1 | Quarkus 2.12+ | diff --git a/deployment/pom.xml b/deployment/pom.xml index b15293e..6f7c73b 100644 --- a/deployment/pom.xml +++ b/deployment/pom.xml @@ -29,7 +29,10 @@ io.dekorate certmanager-annotations - noapt + + + + 3.5.5 io.dekorate diff --git a/deployment/src/main/java/io/quarkiverse/certmanager/deployment/CertManagerProcessor.java b/deployment/src/main/java/io/quarkiverse/certmanager/deployment/CertManagerProcessor.java index 5728c04..d766080 100644 --- a/deployment/src/main/java/io/quarkiverse/certmanager/deployment/CertManagerProcessor.java +++ b/deployment/src/main/java/io/quarkiverse/certmanager/deployment/CertManagerProcessor.java @@ -54,12 +54,15 @@ public class CertManagerProcessor { private static final Logger LOGGER = Logger.getLogger(CertManagerProcessor.class); @BuildStep - FeatureBuildItem feature(Capabilities capabilities, ApplicationInfoBuildItem applicationInfo, CertificateConfig config, + public FeatureBuildItem feature(Capabilities capabilities, ApplicationInfoBuildItem applicationInfo, + CertificateConfig config, BuildProducer configurationSupplier, BuildProducer decorators) { validate(config); - configureDekorateToGenerateCertManagerResources(config, configurationSupplier); - configureSecuredEndpoints(capabilities, applicationInfo, config, decorators); + String name = getResourceName(capabilities, applicationInfo); + + configureDekorateToGenerateCertManagerResources(name, config, configurationSupplier); + configureSecuredEndpoints(name, capabilities, config, decorators); return new FeatureBuildItem(FEATURE); } @@ -74,36 +77,36 @@ private void validate(CertificateConfig config) { } } - private static void configureSecuredEndpoints(Capabilities capabilities, ApplicationInfoBuildItem applicationInfo, - CertificateConfig config, BuildProducer decorators) { + private static void configureSecuredEndpoints(String name, Capabilities capabilities, CertificateConfig config, + BuildProducer decorators) { if (config.autoconfigure() == AutoConfigureMode.NONE) { return; } if (config.autoconfigure() == AutoConfigureMode.AUTOMATIC) { if (isOpenShift(capabilities) && isRouteExposed()) { - configureRouteTsl(capabilities, applicationInfo, config, decorators); + configureRouteTsl(name, config, decorators); } else if (isIngressExposed()) { - configureIngressTsl(capabilities, applicationInfo, config, decorators); + configureIngressTsl(name, config, decorators); } else { configureQuarkusHttpSsl(config, decorators); } } else if (config.autoconfigure() == AutoConfigureMode.ALL) { configureQuarkusHttpSsl(config, decorators); if (isOpenShift(capabilities) && isRouteExposed()) { - configureRouteTsl(capabilities, applicationInfo, config, decorators); + configureRouteTsl(name, config, decorators); } if (isIngressExposed()) { - configureIngressTsl(capabilities, applicationInfo, config, decorators); + configureIngressTsl(name, config, decorators); } } else if (config.autoconfigure() == AutoConfigureMode.CLUSTER_ONLY) { if (isOpenShift(capabilities) && isRouteExposed()) { - configureRouteTsl(capabilities, applicationInfo, config, decorators); + configureRouteTsl(name, config, decorators); } if (isIngressExposed()) { - configureIngressTsl(capabilities, applicationInfo, config, decorators); + configureIngressTsl(name, config, decorators); } } else if (config.autoconfigure() == AutoConfigureMode.HTTPS_ONLY) { configureQuarkusHttpSsl(config, decorators); @@ -143,39 +146,35 @@ private static void configureQuarkusHttpSsl(CertificateConfig config, BuildProdu } } - private static void configureRouteTsl(Capabilities capabilities, ApplicationInfoBuildItem applicationInfo, - CertificateConfig certificateConfig, BuildProducer decorators) { + private static void configureRouteTsl(String name, CertificateConfig certificateConfig, + BuildProducer decorators) { if (certificateConfig.issuerRef().isPresent()) { String issuerName = certificateConfig.issuerRef().get().name(); - if (CLUSTER_ISSUER.equals(certificateConfig.issuerRef().get().kind())) { - addAnnotationIntoRoute(CertManagerAnnotations.CLUSTER_ISSUER, issuerName, capabilities, applicationInfo, - decorators); + Optional kind = certificateConfig.issuerRef().get().kind(); + if (kind.isPresent() && CLUSTER_ISSUER.equals(kind.get())) { + addAnnotationIntoRoute(name, CertManagerAnnotations.CLUSTER_ISSUER, issuerName, decorators); } else { - addAnnotationIntoRoute(CertManagerAnnotations.ISSUER, issuerName, capabilities, applicationInfo, decorators); + addAnnotationIntoRoute(name, CertManagerAnnotations.ISSUER, issuerName, decorators); } } else { - addAnnotationIntoRoute(CertManagerAnnotations.ISSUER, getResourceName(capabilities, applicationInfo), - capabilities, applicationInfo, decorators); + addAnnotationIntoRoute(name, CertManagerAnnotations.ISSUER, name, decorators); } } - private static void configureIngressTsl(Capabilities capabilities, ApplicationInfoBuildItem applicationInfo, - CertificateConfig certificateConfig, + private static void configureIngressTsl(String name, CertificateConfig certificateConfig, BuildProducer decorators) { String[] tlsHosts = certificateConfig.dnsNames().map(l -> l.toArray(new String[0])).orElse(new String[0]); decorators.produce(new DecoratorBuildItem(KUBERNETES, - new AddIngressTlsDecorator(getResourceName(capabilities, applicationInfo), + new AddIngressTlsDecorator(name, new IngressBuilder() .withTlsSecretName(certificateConfig.secretName()) .withTlsHosts(tlsHosts) .build()))); } - private static void addAnnotationIntoRoute(String annotation, String value, Capabilities capabilities, - ApplicationInfoBuildItem applicationInfo, + private static void addAnnotationIntoRoute(String name, String annotation, String value, BuildProducer decorators) { - decorators.produce(new DecoratorBuildItem(OPENSHIFT_GROUP, - new AddAnnotationDecorator(getResourceName(capabilities, applicationInfo), annotation, value, ROUTE))); + decorators.produce(new DecoratorBuildItem(OPENSHIFT_GROUP, new AddAnnotationDecorator(name, annotation, value, ROUTE))); } private static void configureQuarkusHttpSslWithKeystore(CertificateConfig config, KeystoreType type, @@ -196,16 +195,16 @@ private static void configureQuarkusHttpSslWithKeystore(CertificateConfig config } - private static void configureDekorateToGenerateCertManagerResources(CertificateConfig config, + private static void configureDekorateToGenerateCertManagerResources(String name, CertificateConfig config, BuildProducer configurationSupplier) { configurationSupplier.produce( new ConfigurationSupplierBuildItem( new PropertyConfiguration( CertificateConfigAdapter.newBuilder( - CertManagerConfigUtil.transformToDekorateProperties(config))))); + CertManagerConfigUtil.transformToDekorateProperties(name, config))))); } - public static String getResourceName(Capabilities capabilities, ApplicationInfoBuildItem info) { + private static String getResourceName(Capabilities capabilities, ApplicationInfoBuildItem info) { Config config = ConfigProvider.getConfig(); Optional resourceName; if (isOpenShift(capabilities)) { diff --git a/deployment/src/main/java/io/quarkiverse/certmanager/deployment/utils/CertManagerConfigUtil.java b/deployment/src/main/java/io/quarkiverse/certmanager/deployment/utils/CertManagerConfigUtil.java index 5bb5141..becd7c5 100644 --- a/deployment/src/main/java/io/quarkiverse/certmanager/deployment/utils/CertManagerConfigUtil.java +++ b/deployment/src/main/java/io/quarkiverse/certmanager/deployment/utils/CertManagerConfigUtil.java @@ -16,14 +16,13 @@ public final class CertManagerConfigUtil { private static final String QUARKUS_PREFIX = "quarkus.certificate."; - private static final String DEKORATE_PREFIX = "dekorate.certificate."; private static final String MULTIPART_SEPARATOR_PATTERN = Pattern.quote("."); private CertManagerConfigUtil() { } - public static Map transformToDekorateProperties(CertificateConfig certificateConfig) { + public static Map transformToDekorateProperties(String name, CertificateConfig certificateConfig) { Config config = ConfigProvider.getConfig(); Map certificateProperties = StreamSupport.stream(config.getPropertyNames().spliterator(), false) .filter(k -> k.startsWith(QUARKUS_PREFIX)) @@ -33,6 +32,8 @@ public static Map transformToDekorateProperties(CertificateConfi // workaround to deal with properties that are Optional>. ConfigProvider.getConfig() retrieves these // properties as string "a,b" instead of the type Optional>, so we need to manually add it. overwriteNonStringProperties(certificateConfig, certificateProperties); + // set the name if it does not exist + certificateProperties.putIfAbsent("name", name); return certificateProperties; } diff --git a/docs/modules/ROOT/pages/includes/attributes.adoc b/docs/modules/ROOT/pages/includes/attributes.adoc index 63086ff..616c53c 100644 --- a/docs/modules/ROOT/pages/includes/attributes.adoc +++ b/docs/modules/ROOT/pages/includes/attributes.adoc @@ -1,4 +1,4 @@ -:quarkus-version: 2.16.0.Final +:quarkus-version: 3.0.0.Final :quarkus-certmanager-version: 0.0.2 :maven-version: 3.8.1+ diff --git a/docs/modules/ROOT/pages/includes/quarkus-certificate.adoc b/docs/modules/ROOT/pages/includes/quarkus-certificate.adoc index b1aa468..88bab7a 100644 --- a/docs/modules/ROOT/pages/includes/quarkus-certificate.adoc +++ b/docs/modules/ROOT/pages/includes/quarkus-certificate.adoc @@ -238,6 +238,8 @@ a|icon:lock[title=Fixed at build time] [[quarkus-certificate_quarkus.certificate [.description] -- +The name of the resource being referred to. + ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_CERTIFICATE_ISSUER_REF_NAME+++[] endif::add-copy-button-to-env-var[] @@ -252,6 +254,8 @@ a|icon:lock[title=Fixed at build time] [[quarkus-certificate_quarkus.certificate [.description] -- +The kind of the resource being referred to. + ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_CERTIFICATE_ISSUER_REF_KIND+++[] endif::add-copy-button-to-env-var[] @@ -266,6 +270,8 @@ a|icon:lock[title=Fixed at build time] [[quarkus-certificate_quarkus.certificate [.description] -- +The group of the resource being referred to. + ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_CERTIFICATE_ISSUER_REF_GROUP+++[] endif::add-copy-button-to-env-var[] @@ -285,6 +291,8 @@ a|icon:lock[title=Fixed at build time] [[quarkus-certificate_quarkus.certificate [.description] -- +The name of the secret used to sign Certificates issued by this Issuer. + ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_CERTIFICATE_CA_SECRET_NAME+++[] endif::add-copy-button-to-env-var[] @@ -299,6 +307,8 @@ a|icon:lock[title=Fixed at build time] [[quarkus-certificate_quarkus.certificate [.description] -- +The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. + ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_CERTIFICATE_CA_CRL_DISTRIBUTION_POINTS+++[] endif::add-copy-button-to-env-var[] @@ -318,6 +328,8 @@ a|icon:lock[title=Fixed at build time] [[quarkus-certificate_quarkus.certificate [.description] -- +The connection address for the Vault server, e.g: “https://vault.example.com:8200”. + ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_CERTIFICATE_VAULT_SERVER+++[] endif::add-copy-button-to-env-var[] @@ -332,6 +344,8 @@ a|icon:lock[title=Fixed at build time] [[quarkus-certificate_quarkus.certificate [.description] -- +The mount path of the Vault PKI backend’s sign endpoint, e.g: “my_pki_mount/sign/my-role-name”. + ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_CERTIFICATE_VAULT_PATH+++[] endif::add-copy-button-to-env-var[] @@ -360,6 +374,8 @@ a|icon:lock[title=Fixed at build time] [[quarkus-certificate_quarkus.certificate [.description] -- +The PEM-encoded CA bundle (base64-encoded) used to validate Vault server certificate. + ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_CERTIFICATE_VAULT_CA_BUNDLE+++[] endif::add-copy-button-to-env-var[] @@ -370,7 +386,7 @@ endif::add-copy-button-to-env-var[] |required icon:exclamation-circle[title=Configuration property is required] -h|[[quarkus-certificate_quarkus.certificate.vault.auth-token-secret-ref]]link:#quarkus-certificate_quarkus.certificate.vault.auth-token-secret-ref[] +h|[[quarkus-certificate_quarkus.certificate.vault.auth-token-secret-ref-the-reference-where-to-retrieve-the-vault-token]]link:#quarkus-certificate_quarkus.certificate.vault.auth-token-secret-ref-the-reference-where-to-retrieve-the-vault-token[The reference where to retrieve the Vault token] This configuration section is optional h|Type h|Default @@ -379,6 +395,8 @@ a|icon:lock[title=Fixed at build time] [[quarkus-certificate_quarkus.certificate [.description] -- +The name of the resource being referred to. + ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_CERTIFICATE_VAULT_AUTH_TOKEN_SECRET_REF_NAME+++[] endif::add-copy-button-to-env-var[] @@ -393,6 +411,8 @@ a|icon:lock[title=Fixed at build time] [[quarkus-certificate_quarkus.certificate [.description] -- +The key of the entry in the Secret resource’s data field to be used. + ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_CERTIFICATE_VAULT_AUTH_TOKEN_SECRET_REF_KEY+++[] endif::add-copy-button-to-env-var[] @@ -403,10 +423,17 @@ endif::add-copy-button-to-env-var[] |required icon:exclamation-circle[title=Configuration property is required] +h|[[quarkus-certificate_quarkus.certificate.vault.auth-app-role-the-vault-authentication-using-app-role-auth-mechanism]]link:#quarkus-certificate_quarkus.certificate.vault.auth-app-role-the-vault-authentication-using-app-role-auth-mechanism[The Vault authentication using App Role auth mechanism] +This configuration section is optional +h|Type +h|Default + a|icon:lock[title=Fixed at build time] [[quarkus-certificate_quarkus.certificate.vault.auth-app-role.path]]`link:#quarkus-certificate_quarkus.certificate.vault.auth-app-role.path[quarkus.certificate.vault.auth-app-role.path]` [.description] -- +The App Role authentication backend is mounted in Vault, e.g: “approle” + ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_CERTIFICATE_VAULT_AUTH_APP_ROLE_PATH+++[] endif::add-copy-button-to-env-var[] @@ -421,6 +448,8 @@ a|icon:lock[title=Fixed at build time] [[quarkus-certificate_quarkus.certificate [.description] -- +The App Role authentication backend when setting up the authentication backend in Vault. + ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_CERTIFICATE_VAULT_AUTH_APP_ROLE_ROLE_ID+++[] endif::add-copy-button-to-env-var[] @@ -431,130 +460,91 @@ endif::add-copy-button-to-env-var[] |required icon:exclamation-circle[title=Configuration property is required] -a|icon:lock[title=Fixed at build time] [[quarkus-certificate_quarkus.certificate.vault.auth-kubernetes.mount-path]]`link:#quarkus-certificate_quarkus.certificate.vault.auth-kubernetes.mount-path[quarkus.certificate.vault.auth-kubernetes.mount-path]` - -[.description] --- -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_CERTIFICATE_VAULT_AUTH_KUBERNETES_MOUNT_PATH+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_CERTIFICATE_VAULT_AUTH_KUBERNETES_MOUNT_PATH+++` -endif::add-copy-button-to-env-var[] ---|string -|required icon:exclamation-circle[title=Configuration property is required] - +h|[[quarkus-certificate_quarkus.certificate.vault.auth-app-role.secret-ref-the-reference-to-a-key-in-a-secret-that-contains-the-app-role-secret-used-to-authenticate-with-vault]]link:#quarkus-certificate_quarkus.certificate.vault.auth-app-role.secret-ref-the-reference-to-a-key-in-a-secret-that-contains-the-app-role-secret-used-to-authenticate-with-vault[The reference to a key in a Secret that contains the App Role secret used to authenticate with Vault] +This configuration section is optional +h|Type +h|Default -a|icon:lock[title=Fixed at build time] [[quarkus-certificate_quarkus.certificate.vault.auth-kubernetes.role]]`link:#quarkus-certificate_quarkus.certificate.vault.auth-kubernetes.role[quarkus.certificate.vault.auth-kubernetes.role]` +a|icon:lock[title=Fixed at build time] [[quarkus-certificate_quarkus.certificate.vault.auth-app-role.secret-ref.name]]`link:#quarkus-certificate_quarkus.certificate.vault.auth-app-role.secret-ref.name[quarkus.certificate.vault.auth-app-role.secret-ref.name]` [.description] -- +The name of the resource being referred to. + ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_CERTIFICATE_VAULT_AUTH_KUBERNETES_ROLE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_CERTIFICATE_VAULT_AUTH_APP_ROLE_SECRET_REF_NAME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_CERTIFICATE_VAULT_AUTH_KUBERNETES_ROLE+++` +Environment variable: `+++QUARKUS_CERTIFICATE_VAULT_AUTH_APP_ROLE_SECRET_REF_NAME+++` endif::add-copy-button-to-env-var[] --|string |required icon:exclamation-circle[title=Configuration property is required] -a|icon:lock[title=Fixed at build time] [[quarkus-certificate_quarkus.certificate.private-key.rotation-policy]]`link:#quarkus-certificate_quarkus.certificate.private-key.rotation-policy[quarkus.certificate.private-key.rotation-policy]` - -[.description] --- -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_CERTIFICATE_PRIVATE_KEY_ROTATION_POLICY+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_CERTIFICATE_PRIVATE_KEY_ROTATION_POLICY+++` -endif::add-copy-button-to-env-var[] --- a| -`unset`, `never`, `always` -|`unset` - - -a|icon:lock[title=Fixed at build time] [[quarkus-certificate_quarkus.certificate.private-key.encoding]]`link:#quarkus-certificate_quarkus.certificate.private-key.encoding[quarkus.certificate.private-key.encoding]` +a|icon:lock[title=Fixed at build time] [[quarkus-certificate_quarkus.certificate.vault.auth-app-role.secret-ref.key]]`link:#quarkus-certificate_quarkus.certificate.vault.auth-app-role.secret-ref.key[quarkus.certificate.vault.auth-app-role.secret-ref.key]` [.description] -- -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_CERTIFICATE_PRIVATE_KEY_ENCODING+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_CERTIFICATE_PRIVATE_KEY_ENCODING+++` -endif::add-copy-button-to-env-var[] --- a| -`unset`, `pkcs1`, `pkcs8` -|`unset` - +The key of the entry in the Secret resource’s data field to be used. -a|icon:lock[title=Fixed at build time] [[quarkus-certificate_quarkus.certificate.private-key.algorithm]]`link:#quarkus-certificate_quarkus.certificate.private-key.algorithm[quarkus.certificate.private-key.algorithm]` - -[.description] --- ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_CERTIFICATE_PRIVATE_KEY_ALGORITHM+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_CERTIFICATE_PRIVATE_KEY_ALGORITHM+++` -endif::add-copy-button-to-env-var[] --- a| -`unset`, `rsa`, `ed25519`, `ecdsa` -|`unset` - - -a|icon:lock[title=Fixed at build time] [[quarkus-certificate_quarkus.certificate.private-key.size]]`link:#quarkus-certificate_quarkus.certificate.private-key.size[quarkus.certificate.private-key.size]` - -[.description] --- -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_CERTIFICATE_PRIVATE_KEY_SIZE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_CERTIFICATE_VAULT_AUTH_APP_ROLE_SECRET_REF_KEY+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_CERTIFICATE_PRIVATE_KEY_SIZE+++` +Environment variable: `+++QUARKUS_CERTIFICATE_VAULT_AUTH_APP_ROLE_SECRET_REF_KEY+++` endif::add-copy-button-to-env-var[] ---|int -|`-1` +--|string +|required icon:exclamation-circle[title=Configuration property is required] -h|[[quarkus-certificate_quarkus.certificate.vault.auth-app-role.secret-ref]]link:#quarkus-certificate_quarkus.certificate.vault.auth-app-role.secret-ref[] +h|[[quarkus-certificate_quarkus.certificate.vault.auth-kubernetes-the-vault-authentication-using-kubernetes-service-account]]link:#quarkus-certificate_quarkus.certificate.vault.auth-kubernetes-the-vault-authentication-using-kubernetes-service-account[The Vault authentication using Kubernetes service account] This configuration section is optional h|Type h|Default -a|icon:lock[title=Fixed at build time] [[quarkus-certificate_quarkus.certificate.vault.auth-app-role.secret-ref.name]]`link:#quarkus-certificate_quarkus.certificate.vault.auth-app-role.secret-ref.name[quarkus.certificate.vault.auth-app-role.secret-ref.name]` +a|icon:lock[title=Fixed at build time] [[quarkus-certificate_quarkus.certificate.vault.auth-kubernetes.mount-path]]`link:#quarkus-certificate_quarkus.certificate.vault.auth-kubernetes.mount-path[quarkus.certificate.vault.auth-kubernetes.mount-path]` [.description] -- +The mount path to use when authenticating with Vault. + ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_CERTIFICATE_VAULT_AUTH_APP_ROLE_SECRET_REF_NAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_CERTIFICATE_VAULT_AUTH_KUBERNETES_MOUNT_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_CERTIFICATE_VAULT_AUTH_APP_ROLE_SECRET_REF_NAME+++` +Environment variable: `+++QUARKUS_CERTIFICATE_VAULT_AUTH_KUBERNETES_MOUNT_PATH+++` endif::add-copy-button-to-env-var[] --|string |required icon:exclamation-circle[title=Configuration property is required] -a|icon:lock[title=Fixed at build time] [[quarkus-certificate_quarkus.certificate.vault.auth-app-role.secret-ref.key]]`link:#quarkus-certificate_quarkus.certificate.vault.auth-app-role.secret-ref.key[quarkus.certificate.vault.auth-app-role.secret-ref.key]` +a|icon:lock[title=Fixed at build time] [[quarkus-certificate_quarkus.certificate.vault.auth-kubernetes.role]]`link:#quarkus-certificate_quarkus.certificate.vault.auth-kubernetes.role[quarkus.certificate.vault.auth-kubernetes.role]` [.description] -- +The required Secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. + ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_CERTIFICATE_VAULT_AUTH_APP_ROLE_SECRET_REF_KEY+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_CERTIFICATE_VAULT_AUTH_KUBERNETES_ROLE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_CERTIFICATE_VAULT_AUTH_APP_ROLE_SECRET_REF_KEY+++` +Environment variable: `+++QUARKUS_CERTIFICATE_VAULT_AUTH_KUBERNETES_ROLE+++` endif::add-copy-button-to-env-var[] --|string |required icon:exclamation-circle[title=Configuration property is required] +h|[[quarkus-certificate_quarkus.certificate.vault.auth-kubernetes.secret-ref-the-reference-to-a-key-in-a-secret-that-contains-the-app-role-secret-used-to-authenticate-with-vault]]link:#quarkus-certificate_quarkus.certificate.vault.auth-kubernetes.secret-ref-the-reference-to-a-key-in-a-secret-that-contains-the-app-role-secret-used-to-authenticate-with-vault[The reference to a key in a Secret that contains the App Role secret used to authenticate with Vault] +This configuration section is optional +h|Type +h|Default + a|icon:lock[title=Fixed at build time] [[quarkus-certificate_quarkus.certificate.vault.auth-kubernetes.secret-ref.name]]`link:#quarkus-certificate_quarkus.certificate.vault.auth-kubernetes.secret-ref.name[quarkus.certificate.vault.auth-kubernetes.secret-ref.name]` [.description] -- +The name of the resource being referred to. + ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_CERTIFICATE_VAULT_AUTH_KUBERNETES_SECRET_REF_NAME+++[] endif::add-copy-button-to-env-var[] @@ -569,6 +559,8 @@ a|icon:lock[title=Fixed at build time] [[quarkus-certificate_quarkus.certificate [.description] -- +The key of the entry in the Secret resource’s data field to be used. + ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_CERTIFICATE_VAULT_AUTH_KUBERNETES_SECRET_REF_KEY+++[] endif::add-copy-button-to-env-var[] @@ -588,6 +580,8 @@ a|icon:lock[title=Fixed at build time] [[quarkus-certificate_quarkus.certificate [.description] -- +If the self-signed issuer should be generated. + ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_CERTIFICATE_SELF_SIGNED_ENABLED+++[] endif::add-copy-button-to-env-var[] @@ -602,6 +596,8 @@ a|icon:lock[title=Fixed at build time] [[quarkus-certificate_quarkus.certificate [.description] -- +The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. + ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_CERTIFICATE_SELF_SIGNED_CRL_DISTRIBUTION_POINTS+++[] endif::add-copy-button-to-env-var[] @@ -621,6 +617,8 @@ a|icon:lock[title=Fixed at build time] [[quarkus-certificate_quarkus.certificate [.description] -- +The organizations to be used on the Certificate. + ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_CERTIFICATE_SUBJECT_ORGANIZATIONS+++[] endif::add-copy-button-to-env-var[] @@ -635,6 +633,8 @@ a|icon:lock[title=Fixed at build time] [[quarkus-certificate_quarkus.certificate [.description] -- +The countries to be used on the Certificate. + ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_CERTIFICATE_SUBJECT_COUNTRIES+++[] endif::add-copy-button-to-env-var[] @@ -649,6 +649,8 @@ a|icon:lock[title=Fixed at build time] [[quarkus-certificate_quarkus.certificate [.description] -- +The organizational Units to be used on the Certificate. + ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_CERTIFICATE_SUBJECT_ORGANIZATIONAL_UNITS+++[] endif::add-copy-button-to-env-var[] @@ -663,6 +665,8 @@ a|icon:lock[title=Fixed at build time] [[quarkus-certificate_quarkus.certificate [.description] -- +The cities to be used on the Certificate. + ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_CERTIFICATE_SUBJECT_LOCALITIES+++[] endif::add-copy-button-to-env-var[] @@ -677,6 +681,8 @@ a|icon:lock[title=Fixed at build time] [[quarkus-certificate_quarkus.certificate [.description] -- +The State/Provinces to be used on the Certificate. + ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_CERTIFICATE_SUBJECT_PROVINCES+++[] endif::add-copy-button-to-env-var[] @@ -691,6 +697,8 @@ a|icon:lock[title=Fixed at build time] [[quarkus-certificate_quarkus.certificate [.description] -- +The street addresses to be used on the Certificate. + ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_CERTIFICATE_SUBJECT_STREET_ADDRESSES+++[] endif::add-copy-button-to-env-var[] @@ -705,6 +713,8 @@ a|icon:lock[title=Fixed at build time] [[quarkus-certificate_quarkus.certificate [.description] -- +The postal codes to be used on the Certificate. + ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_CERTIFICATE_SUBJECT_POSTAL_CODES+++[] endif::add-copy-button-to-env-var[] @@ -719,6 +729,8 @@ a|icon:lock[title=Fixed at build time] [[quarkus-certificate_quarkus.certificate [.description] -- +The serial number to be used on the Certificate. + ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_CERTIFICATE_SUBJECT_SERIAL_NUMBER+++[] endif::add-copy-button-to-env-var[] @@ -734,7 +746,7 @@ This configuration section is optional h|Type h|Default -h|[[quarkus-certificate_quarkus.certificate.keystores.jks]]link:#quarkus-certificate_quarkus.certificate.keystores.jks[] +h|[[quarkus-certificate_quarkus.certificate.keystores.jks-jks-configures-options-for-storing-a-jks-keystore-in-the-spec]]link:#quarkus-certificate_quarkus.certificate.keystores.jks-jks-configures-options-for-storing-a-jks-keystore-in-the-spec[JKS configures options for storing a JKS keystore in the spec] This configuration section is optional h|Type h|Default @@ -743,6 +755,8 @@ a|icon:lock[title=Fixed at build time] [[quarkus-certificate_quarkus.certificate [.description] -- +Create enables keystore creation for the Certificate. + ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_CERTIFICATE_KEYSTORES_JKS_CREATE+++[] endif::add-copy-button-to-env-var[] @@ -757,6 +771,8 @@ a|icon:lock[title=Fixed at build time] [[quarkus-certificate_quarkus.certificate [.description] -- +The name of the resource being referred to. + ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_CERTIFICATE_KEYSTORES_JKS_PASSWORD_SECRET_REF_NAME+++[] endif::add-copy-button-to-env-var[] @@ -771,6 +787,8 @@ a|icon:lock[title=Fixed at build time] [[quarkus-certificate_quarkus.certificate [.description] -- +The key of the entry in the Secret resource’s data field to be used. + ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_CERTIFICATE_KEYSTORES_JKS_PASSWORD_SECRET_REF_KEY+++[] endif::add-copy-button-to-env-var[] @@ -781,10 +799,17 @@ endif::add-copy-button-to-env-var[] |required icon:exclamation-circle[title=Configuration property is required] +h|[[quarkus-certificate_quarkus.certificate.keystores.pkcs12-pkcs12-configures-options-for-storing-a-pkcs12-keystore-in-the-spec]]link:#quarkus-certificate_quarkus.certificate.keystores.pkcs12-pkcs12-configures-options-for-storing-a-pkcs12-keystore-in-the-spec[PKCS12 configures options for storing a PKCS12 keystore in the spec] +This configuration section is optional +h|Type +h|Default + a|icon:lock[title=Fixed at build time] [[quarkus-certificate_quarkus.certificate.keystores.pkcs12.create]]`link:#quarkus-certificate_quarkus.certificate.keystores.pkcs12.create[quarkus.certificate.keystores.pkcs12.create]` [.description] -- +Create enables keystore creation for the Certificate. + ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_CERTIFICATE_KEYSTORES_PKCS12_CREATE+++[] endif::add-copy-button-to-env-var[] @@ -799,6 +824,8 @@ a|icon:lock[title=Fixed at build time] [[quarkus-certificate_quarkus.certificate [.description] -- +The name of the resource being referred to. + ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_CERTIFICATE_KEYSTORES_PKCS12_PASSWORD_SECRET_REF_NAME+++[] endif::add-copy-button-to-env-var[] @@ -813,6 +840,8 @@ a|icon:lock[title=Fixed at build time] [[quarkus-certificate_quarkus.certificate [.description] -- +The key of the entry in the Secret resource’s data field to be used. + ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_CERTIFICATE_KEYSTORES_PKCS12_PASSWORD_SECRET_REF_KEY+++[] endif::add-copy-button-to-env-var[] @@ -822,4 +851,70 @@ endif::add-copy-button-to-env-var[] --|string |required icon:exclamation-circle[title=Configuration property is required] + +h|[[quarkus-certificate_quarkus.certificate.private-key]]link:#quarkus-certificate_quarkus.certificate.private-key[] +This configuration section is optional +h|Type +h|Default + +a|icon:lock[title=Fixed at build time] [[quarkus-certificate_quarkus.certificate.private-key.rotation-policy]]`link:#quarkus-certificate_quarkus.certificate.private-key.rotation-policy[quarkus.certificate.private-key.rotation-policy]` + +[.description] +-- +RotationPolicy controls how private keys should be regenerated when a re-issuance is being processed. + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_CERTIFICATE_PRIVATE_KEY_ROTATION_POLICY+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_CERTIFICATE_PRIVATE_KEY_ROTATION_POLICY+++` +endif::add-copy-button-to-env-var[] +-- a| +`unset`, `never`, `always` +|`unset` + + +a|icon:lock[title=Fixed at build time] [[quarkus-certificate_quarkus.certificate.private-key.encoding]]`link:#quarkus-certificate_quarkus.certificate.private-key.encoding[quarkus.certificate.private-key.encoding]` + +[.description] +-- +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_CERTIFICATE_PRIVATE_KEY_ENCODING+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_CERTIFICATE_PRIVATE_KEY_ENCODING+++` +endif::add-copy-button-to-env-var[] +-- a| +`unset`, `pkcs1`, `pkcs8` +|`unset` + + +a|icon:lock[title=Fixed at build time] [[quarkus-certificate_quarkus.certificate.private-key.algorithm]]`link:#quarkus-certificate_quarkus.certificate.private-key.algorithm[quarkus.certificate.private-key.algorithm]` + +[.description] +-- +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_CERTIFICATE_PRIVATE_KEY_ALGORITHM+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_CERTIFICATE_PRIVATE_KEY_ALGORITHM+++` +endif::add-copy-button-to-env-var[] +-- a| +`unset`, `rsa`, `ed25519`, `ecdsa` +|`unset` + + +a|icon:lock[title=Fixed at build time] [[quarkus-certificate_quarkus.certificate.private-key.size]]`link:#quarkus-certificate_quarkus.certificate.private-key.size[quarkus.certificate.private-key.size]` + +[.description] +-- +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_CERTIFICATE_PRIVATE_KEY_SIZE+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_CERTIFICATE_PRIVATE_KEY_SIZE+++` +endif::add-copy-button-to-env-var[] +--|int +|`-1` + |=== \ No newline at end of file diff --git a/docs/modules/ROOT/pages/index.adoc b/docs/modules/ROOT/pages/index.adoc index da71727..ea78270 100644 --- a/docs/modules/ROOT/pages/index.adoc +++ b/docs/modules/ROOT/pages/index.adoc @@ -14,6 +14,7 @@ Before getting started, make sure you're using the right Quarkus Helm version th [%header,format=csv] |=== Quarkus Cert-Manager Version,Quarkus Version +0.1.0,Quarkus 3+ 0.0.2,Quarkus 2.12+ 0.0.1,Quarkus 2.12+ |=== @@ -210,7 +211,7 @@ spec: service: name: kubernetes-example port: - number: 8080 + name: http tls: - hosts: - foo.bar.com diff --git a/integration-tests/kubernetes-certmanager-ssl/src/main/java/io/quarkiverse/certmanager/tests/Endpoint.java b/integration-tests/kubernetes-certmanager-ssl/src/main/java/io/quarkiverse/certmanager/tests/Endpoint.java index eca7f9d..5620e08 100644 --- a/integration-tests/kubernetes-certmanager-ssl/src/main/java/io/quarkiverse/certmanager/tests/Endpoint.java +++ b/integration-tests/kubernetes-certmanager-ssl/src/main/java/io/quarkiverse/certmanager/tests/Endpoint.java @@ -1,7 +1,7 @@ package io.quarkiverse.certmanager.tests; -import javax.ws.rs.GET; -import javax.ws.rs.Path; +import jakarta.ws.rs.GET; +import jakarta.ws.rs.Path; @Path("") public class Endpoint { diff --git a/integration-tests/kubernetes-certmanager-ssl/src/test/java/io/quarkiverse/certmanager/tests/EndpointIT.java b/integration-tests/kubernetes-certmanager-ssl/src/test/java/io/quarkiverse/certmanager/tests/EndpointIT.java index 85e9ad0..0c45177 100644 --- a/integration-tests/kubernetes-certmanager-ssl/src/test/java/io/quarkiverse/certmanager/tests/EndpointIT.java +++ b/integration-tests/kubernetes-certmanager-ssl/src/test/java/io/quarkiverse/certmanager/tests/EndpointIT.java @@ -9,16 +9,19 @@ import org.junit.jupiter.api.Test; import org.junit.jupiter.api.condition.EnabledIfSystemProperty; -import io.fabric8.kubernetes.client.DefaultKubernetesClient; import io.fabric8.kubernetes.client.KubernetesClient; +import io.fabric8.kubernetes.client.KubernetesClientBuilder; import io.fabric8.kubernetes.client.LocalPortForward; +import io.fabric8.kubernetes.client.okhttp.OkHttpClientFactory; @EnabledIfSystemProperty(named = "run-endpoint-test-in-kubernetes", matches = "true") public class EndpointIT { @Test public void shouldHttpsWork() throws IOException { - KubernetesClient kubernetesClient = new DefaultKubernetesClient(); + KubernetesClient kubernetesClient = new KubernetesClientBuilder() + .withHttpClientFactory(new OkHttpClientFactory()) + .build(); try (LocalPortForward port = kubernetesClient.services() .withName("quarkus-hello-world") .portForward(8443)) { diff --git a/integration-tests/openshift-certmanager-ssl/src/main/java/io/quarkiverse/certmanager/tests/Endpoint.java b/integration-tests/openshift-certmanager-ssl/src/main/java/io/quarkiverse/certmanager/tests/Endpoint.java index eca7f9d..5620e08 100644 --- a/integration-tests/openshift-certmanager-ssl/src/main/java/io/quarkiverse/certmanager/tests/Endpoint.java +++ b/integration-tests/openshift-certmanager-ssl/src/main/java/io/quarkiverse/certmanager/tests/Endpoint.java @@ -1,7 +1,7 @@ package io.quarkiverse.certmanager.tests; -import javax.ws.rs.GET; -import javax.ws.rs.Path; +import jakarta.ws.rs.GET; +import jakarta.ws.rs.Path; @Path("") public class Endpoint { diff --git a/integration-tests/openshift-certmanager-ssl/src/main/resources/application.properties b/integration-tests/openshift-certmanager-ssl/src/main/resources/application.properties index 8a1bf12..5d89f3f 100644 --- a/integration-tests/openshift-certmanager-ssl/src/main/resources/application.properties +++ b/integration-tests/openshift-certmanager-ssl/src/main/resources/application.properties @@ -16,4 +16,5 @@ quarkus.certificate.encode-usages-in-request=true # Enable route exposing quarkus.openshift.name=quarkus-hello-world +quarkus.openshift.namespace=my-namespace quarkus.openshift.route.expose=true \ No newline at end of file diff --git a/integration-tests/openshift-certmanager-ssl/src/test/java/io/quarkiverse/certmanager/tests/OpenShiftIT.java b/integration-tests/openshift-certmanager-ssl/src/test/java/io/quarkiverse/certmanager/tests/OpenShiftIT.java index a057f30..c3f7180 100644 --- a/integration-tests/openshift-certmanager-ssl/src/test/java/io/quarkiverse/certmanager/tests/OpenShiftIT.java +++ b/integration-tests/openshift-certmanager-ssl/src/test/java/io/quarkiverse/certmanager/tests/OpenShiftIT.java @@ -30,6 +30,8 @@ public void shouldCertificateAndIssuerBeGenerated() throws IOException { .unmarshalAsList(new FileInputStream(Paths.get("target", "kubernetes", "openshift.yml").toFile())); // Certificate expected data: Certificate certificate = find(resources, Certificate.class); + assertEquals(NAME, certificate.getMetadata().getName()); + assertEquals("my-namespace", certificate.getMetadata().getNamespace()); assertEquals("tls-secret", certificate.getSpec().getSecretName()); assertEquals(Arrays.asList("kubernetes-example.com", "localhost"), certificate.getSpec().getDnsNames()); assertTrue(certificate.getSpec().getEncodeUsagesInRequest()); diff --git a/pom.xml b/pom.xml index c308685..c7c7bf1 100644 --- a/pom.xml +++ b/pom.xml @@ -24,7 +24,7 @@ 11 UTF-8 UTF-8 - 2.16.6.Final + 3.0.0.Final diff --git a/runtime/pom.xml b/runtime/pom.xml index ad78f94..a1e217b 100644 --- a/runtime/pom.xml +++ b/runtime/pom.xml @@ -22,7 +22,7 @@ io.quarkus - quarkus-bootstrap-maven-plugin + quarkus-extension-maven-plugin ${quarkus.version}