Merge pull request #1295 from mcarlett/cert-manager-refactor

tnb-software · Jan 10, 2025 · f090e7b · f090e7b
2 parents e41ada6 + 6acb667
commit f090e7b
Show file tree

Hide file tree

Showing 4 changed files with 65 additions and 77 deletions.
diff --git a/system-x/services/cert-manager/pom.xml b/system-x/services/cert-manager/pom.xml
@@ -18,17 +18,21 @@
 
     <dependencies>
         <dependency>
-            <groupId>org.apache.velocity</groupId>
-            <artifactId>velocity-engine-core</artifactId>
-            <version>${velocity.version}</version>
+            <groupId>io.fabric8</groupId>
+            <artifactId>certmanager-client</artifactId>
+            <version>${kubernetes.client.version}</version>
             <exclusions>
                 <exclusion>
-                    <groupId>org.apache.commons</groupId>
-                    <artifactId>commons-lang3</artifactId>
+                    <groupId>io.fabric8</groupId>
+                    <artifactId>certmanager-model-v1alpha2</artifactId>
                 </exclusion>
                 <exclusion>
-                    <groupId>org.slf4j</groupId>
-                    <artifactId>slf4j-api</artifactId>
+                    <groupId>io.fabric8</groupId>
+                    <artifactId>certmanager-model-v1alpha3</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>io.fabric8</groupId>
+                    <artifactId>certmanager-model-v1beta1</artifactId>
                 </exclusion>
             </exclusions>
         </dependency>

diff --git a/...m-x/services/cert-manager/src/main/java/software/tnb/certmanager/service/CertManager.java b/...m-x/services/cert-manager/src/main/java/software/tnb/certmanager/service/CertManager.java
@@ -2,17 +2,24 @@
 
 import software.tnb.certmanager.validation.CertManagerValidation;
 import software.tnb.common.account.NoAccount;
-import software.tnb.common.client.NoClient;
+import software.tnb.common.openshift.OpenshiftClient;
 import software.tnb.common.service.Service;
 
 import java.util.Optional;
 
-public abstract class CertManager extends Service<NoAccount, NoClient, CertManagerValidation> {
+import io.fabric8.certmanager.client.CertManagerClient;
+
+public abstract class CertManager extends Service<NoAccount, CertManagerClient, CertManagerValidation> {
 
     @Override
     public CertManagerValidation validation() {
         validation = Optional.ofNullable(validation)
-            .orElseGet(CertManagerValidation::new);
+            .orElseGet(() -> new CertManagerValidation(client()));
         return validation;
     }
+
+    @Override
+    protected CertManagerClient client() {
+        return OpenshiftClient.get().adapt(CertManagerClient.class);
+    }
 }
diff --git a/...cert-manager/src/main/java/software/tnb/certmanager/validation/CertManagerValidation.java b/...cert-manager/src/main/java/software/tnb/certmanager/validation/CertManagerValidation.java
@@ -3,19 +3,16 @@
 import software.tnb.common.openshift.OpenshiftClient;
 import software.tnb.common.validation.Validation;
 
-import org.apache.velocity.Template;
-import org.apache.velocity.VelocityContext;
-import org.apache.velocity.app.VelocityEngine;
-import org.apache.velocity.runtime.RuntimeConstants;
-import org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader;
-import org.yaml.snakeyaml.Yaml;
-
-import java.io.StringWriter;
+import java.text.ParseException;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
 import java.util.Map;
 
+import io.fabric8.certmanager.api.model.v1.Certificate;
+import io.fabric8.certmanager.api.model.v1.CertificateBuilder;
+import io.fabric8.certmanager.client.CertManagerClient;
+import io.fabric8.kubernetes.api.model.Duration;
 import io.fabric8.kubernetes.api.model.GenericKubernetesResourceBuilder;
 import io.fabric8.kubernetes.api.model.ServiceAccount;
 import io.fabric8.kubernetes.api.model.ServiceAccountBuilder;
@@ -31,6 +28,8 @@
 
 public class CertManagerValidation implements Validation {
 
+    private final CertManagerClient client;
+
     private static final CustomResourceDefinitionContext ISSUER_CTX = new CustomResourceDefinitionContext
         .Builder()
         .withGroup("cert-manager.io")
@@ -51,6 +50,10 @@ public class CertManagerValidation implements Validation {
         .withVersion("v1")
         .build();
 
+    public CertManagerValidation(CertManagerClient client) {
+        this.client = client;
+    }
+
     /**
      * Creates self-signed issuer in the current namespace
      */
@@ -81,33 +84,41 @@ public void createSelfSignedIssuer() {
      */
     public void createSelfSignedCertificate(String name, String secretName, String commonName, List<String> usages
         , List<String> dnsNames, String passwordSecretName) {
-        VelocityEngine engine = new VelocityEngine();
-        engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath");
-        engine.setProperty("classpath.resource.loader.class", ClasspathResourceLoader.class.getName());
-        engine.init();
-        Template template = engine.getTemplate("cert-manager/certificate-template.vm");
-        VelocityContext context = new VelocityContext();
-        context.put("name", name);
-        context.put("secretName", secretName);
-        context.put("commonName", commonName);
-        context.put("namespace", OpenshiftClient.get().getNamespace());
-        context.put("usagesList", usages);
-        context.put("dnsNameList", dnsNames);
-        context.put("passwordSecretRef", passwordSecretName);
-        StringWriter writer = new StringWriter();
-        template.merge(context, writer);
-        Map<String, Object> spec = new Yaml().load(writer.toString());
-
-        OpenshiftClient.get().genericKubernetesResources(CERTIFICATE_CTX)
-            .inNamespace(OpenshiftClient.get().getNamespace())
-            .resource(new GenericKubernetesResourceBuilder()
-                .withKind(CERTIFICATE_CTX.getKind())
+
+        try {
+            // @formatter:off
+            Certificate certificate = new CertificateBuilder()
                 .withNewMetadata()
-                .withName(name)
+                    .withName(name)
                 .endMetadata()
-                .withAdditionalProperties(spec)
-                .build()
-            ).serverSideApply();
+                .withNewSpec()
+                    .withSecretName(secretName)
+                    .withDuration(Duration.parse("2160h"))
+                    .withRenewBefore(Duration.parse("360h"))
+                    .withNewSubject()
+                        .withOrganizations(OpenshiftClient.get().getNamespace())
+                    .endSubject()
+                    .withCommonName(commonName)
+                    .withIsCA(Boolean.FALSE)
+                    .withNewPrivateKey("RSA", "PKCS1", null, 2048)
+                    .withUsages(usages)
+                    .withDnsNames(dnsNames)
+                    .withNewIssuerRef("cert-manager.io", "Issuer", "selfsigned-issuer")
+                    .withNewKeystores()
+                        .withNewJks()
+                            .withCreate(true)
+                            .withNewPasswordSecretRef("password", passwordSecretName)
+                        .endJks()
+                    .endKeystores()
+                .endSpec()
+            .build();
+            // @formatter:on
+
+            client.v1().certificates().inNamespace(OpenshiftClient.get().getNamespace())
+                .resource(certificate).create();
+        } catch (ParseException e) {
+            throw new RuntimeException(e);
+        }
     }
 
     /**

diff --git a/system-x/services/cert-manager/src/main/resources/cert-manager/certificate-template.vm b/system-x/services/cert-manager/src/main/resources/cert-manager/certificate-template.vm