From 2f942e83e7caafa71cc96bd331d36fc07a01c563 Mon Sep 17 00:00:00 2001 From: Martin Weindel Date: Tue, 6 Aug 2024 16:45:35 +0200 Subject: [PATCH] refactoring: introduce issuer key interface to simplify rewrite (#240) --- pkg/cert/legobridge/certificate.go | 2 +- pkg/cert/legobridge/delegatingprovider.go | 4 ++-- pkg/cert/legobridge/reguser.go | 6 +++--- pkg/cert/metrics/metrics.go | 12 ++++++------ pkg/cert/utils/issuerinfo.go | 8 ++++---- pkg/cert/utils/issuerkey.go | 18 ++++++++++++++++-- 6 files changed, 32 insertions(+), 18 deletions(-) diff --git a/pkg/cert/legobridge/certificate.go b/pkg/cert/legobridge/certificate.go index eff54307..8e3c7b91 100644 --- a/pkg/cert/legobridge/certificate.go +++ b/pkg/cert/legobridge/certificate.go @@ -43,7 +43,7 @@ type ObtainInput struct { // DNSSettings are the settings for the DNSController. DNSSettings *DNSControllerSettings // IssuerKey is a cluster-aware key of the issuer to use. - IssuerKey utils.IssuerKey + IssuerKey utils.IssuerKeyItf // CommonName is the CN. CommonName *string // DNSNames are optional domain names. diff --git a/pkg/cert/legobridge/delegatingprovider.go b/pkg/cert/legobridge/delegatingprovider.go index 7a0b657e..5ee7af88 100644 --- a/pkg/cert/legobridge/delegatingprovider.go +++ b/pkg/cert/legobridge/delegatingprovider.go @@ -45,7 +45,7 @@ func newDelegatingProvider( settings DNSControllerSettings, certificateName resources.ObjectName, targetClass string, - issuerKey utils.IssuerKey, + issuerKey utils.IssuerKeyItf, ) (ProviderWithCount, error) { n := atomic.AddUint32(&serial, 1) var internalPrvdr internalProvider @@ -68,7 +68,7 @@ func newDelegatingProvider( type delegatingProvider struct { logger logger.LogContext settings DNSControllerSettings - issuerKey utils.IssuerKey + issuerKey utils.IssuerKeyItf count int32 presenting map[string][]string initialWait bool diff --git a/pkg/cert/legobridge/reguser.go b/pkg/cert/legobridge/reguser.go index 8eb758fa..7e155933 100644 --- a/pkg/cert/legobridge/reguser.go +++ b/pkg/cert/legobridge/reguser.go @@ -77,7 +77,7 @@ func (u *RegistrationUser) NewConfig(caDirURL string) *lego.Config { } // NewRegistrationUserFromEmail generates a private key and requests a new registration for the user. -func NewRegistrationUserFromEmail(issuerKey utils.IssuerKey, +func NewRegistrationUserFromEmail(issuerKey utils.IssuerKeyItf, email string, caDirURL string, secretData map[string][]byte, eabKeyID, eabHmacKey string) (*RegistrationUser, error) { privateKey, err := ExtractOrGeneratePrivateKey(secretData) if err != nil { @@ -105,7 +105,7 @@ func ExtractOrGeneratePrivateKey(secretData map[string][]byte) (crypto.PrivateKe } // NewRegistrationUserFromEmailAndPrivateKey requests a user registration. -func NewRegistrationUserFromEmailAndPrivateKey(issuerKey utils.IssuerKey, +func NewRegistrationUserFromEmailAndPrivateKey(issuerKey utils.IssuerKeyItf, email string, caDirURL string, privateKey crypto.PrivateKey, eabKid, eabHmacKey string) (*RegistrationUser, error) { user := &RegistrationUser{email: email, key: privateKey, caDirURL: caDirURL, eabKeyID: eabKid, eabHmacKey: eabHmacKey} config := user.NewConfig(caDirURL) @@ -155,7 +155,7 @@ func (u *RegistrationUser) RawRegistration() ([]byte, error) { } // RegistrationUserFromSecretData restores a RegistrationUser from a secret data map. -func RegistrationUserFromSecretData(issuerKey utils.IssuerKey, +func RegistrationUserFromSecretData(issuerKey utils.IssuerKeyItf, email, caDirURL string, registrationRaw []byte, data map[string][]byte, eabKeyID, eabHmacKey string) (*RegistrationUser, error) { privkeyBytes, ok := data[KeyPrivateKey] if !ok { diff --git a/pkg/cert/metrics/metrics.go b/pkg/cert/metrics/metrics.go index 1fa8a132..a149e970 100644 --- a/pkg/cert/metrics/metrics.go +++ b/pkg/cert/metrics/metrics.go @@ -101,12 +101,12 @@ var ( ) // AddACMEAccountRegistration increments the ACMEAccountRegistrations counter. -func AddACMEAccountRegistration(issuerKey utils.IssuerKey, uri, email string) { +func AddACMEAccountRegistration(issuerKey utils.IssuerKeyItf, uri, email string) { ACMEAccountRegistrations.WithLabelValues(uri, email, issuerKey.String()).Set(1) } // AddACMEOrder increments the ACMETotalOrders counter. -func AddACMEOrder(issuerKey utils.IssuerKey, success bool, count int, renew bool) { +func AddACMEOrder(issuerKey utils.IssuerKeyItf, success bool, count int, renew bool) { if count > 0 { name := issuerKey.String() ACMETotalOrders.WithLabelValues(name, strconv.FormatBool(success), strconv.FormatInt(int64(count), 10), strconv.FormatBool(renew)).Inc() @@ -114,23 +114,23 @@ func AddACMEOrder(issuerKey utils.IssuerKey, success bool, count int, renew bool } // AddActiveACMEDNSChallenge increments the ACMEActiveDNSChallenges gauge. -func AddActiveACMEDNSChallenge(issuerKey utils.IssuerKey) { +func AddActiveACMEDNSChallenge(issuerKey utils.IssuerKeyItf) { name := issuerKey.String() ACMEActiveDNSChallenges.WithLabelValues(name).Inc() } // RemoveActiveACMEDNSChallenge decrements the ACMEActiveDNSChallenges gauge. -func RemoveActiveACMEDNSChallenge(issuerKey utils.IssuerKey) { +func RemoveActiveACMEDNSChallenge(issuerKey utils.IssuerKeyItf) { ACMEActiveDNSChallenges.WithLabelValues(issuerKey.String()).Dec() } // ReportCertEntries sets the CertEntries gauge -func ReportCertEntries(issuertype string, issuerKey utils.IssuerKey, count int) { +func ReportCertEntries(issuertype string, issuerKey utils.IssuerKeyItf, count int) { CertEntries.WithLabelValues(issuertype, issuerKey.String()).Set(float64(count)) } // DeleteCertEntries deletes a CertEntries gauge entry. -func DeleteCertEntries(issuertype string, issuerKey utils.IssuerKey) { +func DeleteCertEntries(issuertype string, issuerKey utils.IssuerKeyItf) { CertEntries.DeleteLabelValues(issuertype, issuerKey.String()) } diff --git a/pkg/cert/utils/issuerinfo.go b/pkg/cert/utils/issuerinfo.go index e201ba97..3496e980 100644 --- a/pkg/cert/utils/issuerinfo.go +++ b/pkg/cert/utils/issuerinfo.go @@ -15,22 +15,22 @@ const ( // IssuerInfo provides name and type of an issuer type IssuerInfo struct { - key IssuerKey + key IssuerKeyItf issuertype string } // NewACMEIssuerInfo creates info for an ACME issuer -func NewACMEIssuerInfo(key IssuerKey) IssuerInfo { +func NewACMEIssuerInfo(key IssuerKeyItf) IssuerInfo { return IssuerInfo{key: key, issuertype: IssuerTypeACME} } // NewCAIssuerInfo creates info for an CA issuer -func NewCAIssuerInfo(key IssuerKey) IssuerInfo { +func NewCAIssuerInfo(key IssuerKeyItf) IssuerInfo { return IssuerInfo{key: key, issuertype: IssuerTypeCA} } // Key returns the issuer key -func (i *IssuerInfo) Key() IssuerKey { +func (i *IssuerInfo) Key() IssuerKeyItf { return i.key } diff --git a/pkg/cert/utils/issuerkey.go b/pkg/cert/utils/issuerkey.go index 59fae43b..78254816 100644 --- a/pkg/cert/utils/issuerkey.go +++ b/pkg/cert/utils/issuerkey.go @@ -16,12 +16,21 @@ import ( type Cluster int const ( - // ClusterDefault is the default cluster + // ClusterDefault is the default cluster (= secondary) ClusterDefault Cluster = iota - // ClusterTarget is the target cluster + // ClusterTarget is the target cluster (= primary) ClusterTarget ) +// IssuerKeyItf abstracts IssuerKey to simplify code reuse. +type IssuerKeyItf interface { + Name() string + Namespace() string + Cluster() Cluster + Secondary() bool + String() string +} + // IssuerKey provides cluster, name and namespace of an issuer type IssuerKey struct { cluster Cluster @@ -66,6 +75,11 @@ func (k IssuerKey) Cluster() Cluster { return k.cluster } +// Secondary returns true if it is a provided issuer from the default cluster ("secondary" cluster in the new wording). +func (k IssuerKey) Secondary() bool { + return k.cluster == ClusterDefault +} + // ClusterName returns the cluster name func (k IssuerKey) ClusterName() string { switch k.cluster {