Merge pull request Azure#3929 from Azure/bvesel/refactor-clean-up

fahlmant · web-flow · commit 8a2f3dd48928 · 2024-10-30T19:57:41.000-07:00
Use constant / function names everywhere possible
diff --git a/pkg/cluster/correct_cert_issuer.go b/pkg/cluster/correct_cert_issuer.go
@@ -13,10 +13,6 @@ import (
 	"github.com/Azure/ARO-RP/pkg/util/keyvault"
 )
 
-const (
-	OneCertIssuerName = "OneCertV2-PublicCA"
-)
-
 // if the cluster is using a managed domain and has a DigiCert-issued
 // certificate, replace the certificate with one issued by OneCert. This
 // ensures that clusters upgrading to 4.16 aren't blocked due to the SHA-1
@@ -33,13 +29,13 @@ func (m *manager) correctCertificateIssuer(ctx context.Context) error {
 
 	if domain != "" {
 		apiHostname := strings.Split(strings.TrimPrefix(m.doc.OpenShiftCluster.Properties.APIServerProfile.URL, "https://"), ":")[0]
-		err := m.ensureCertificateIssuer(ctx, m.APICertName(), apiHostname, OneCertIssuerName)
+		err := m.ensureCertificateIssuer(ctx, m.APICertName(), apiHostname, OneCertPublicIssuerName)
 		if err != nil {
 			return err
 		}
 
 		ingressHostname := "*" + strings.TrimSuffix(strings.TrimPrefix(m.doc.OpenShiftCluster.Properties.ConsoleProfile.URL, "https://console-openshift-console"), "/")
-		err = m.ensureCertificateIssuer(ctx, m.IngressCertName(), ingressHostname, OneCertIssuerName)
+		err = m.ensureCertificateIssuer(ctx, m.IngressCertName(), ingressHostname, OneCertPublicIssuerName)
 		if err != nil {
 			return err
 		}
diff --git a/pkg/cluster/delete.go b/pkg/cluster/delete.go
@@ -566,13 +566,13 @@ func (m *manager) Delete(ctx context.Context) error {
 
 		if managedDomain != "" {
 			m.log.Print("deleting signed apiserver certificate")
-			err = m.env.ClusterKeyvault().EnsureCertificateDeleted(ctx, m.doc.ID+"-apiserver")
+			err = m.env.ClusterKeyvault().EnsureCertificateDeleted(ctx, m.APICertName())
 			if err != nil {
 				return err
 			}
 
 			m.log.Print("deleting signed ingress certificate")
-			err = m.env.ClusterKeyvault().EnsureCertificateDeleted(ctx, m.doc.ID+"-ingress")
+			err = m.env.ClusterKeyvault().EnsureCertificateDeleted(ctx, m.IngressCertName())
 			if err != nil {
 				return err
 			}
diff --git a/pkg/cluster/tls.go b/pkg/cluster/tls.go
@@ -17,6 +17,10 @@ import (
 	"github.com/Azure/ARO-RP/pkg/util/keyvault"
 )
 
+const (
+	OneCertPublicIssuerName = "OneCertV2-PublicCA"
+)
+
 func (m *manager) createCertificates(ctx context.Context) error {
 	if m.env.FeatureIsSet(env.FeatureDisableSignedCertificates) {
 		return nil
@@ -36,18 +40,18 @@ func (m *manager) createCertificates(ctx context.Context) error {
 		commonName      string
 	}{
 		{
-			certificateName: m.doc.ID + "-apiserver",
+			certificateName: m.APICertName(),
 			commonName:      "api." + managedDomain,
 		},
 		{
-			certificateName: m.doc.ID + "-ingress",
+			certificateName: m.IngressCertName(),
 			commonName:      "*.apps." + managedDomain,
 		},
 	}
 
 	for _, c := range certs {
 		m.log.Printf("creating certificate %s", c.certificateName)
-		err = m.env.ClusterKeyvault().CreateSignedCertificate(ctx, "OneCertV2-PublicCA", c.certificateName, c.commonName, keyvault.EkuServerAuth)
+		err = m.env.ClusterKeyvault().CreateSignedCertificate(ctx, OneCertPublicIssuerName, c.certificateName, c.commonName, keyvault.EkuServerAuth)
 		if err != nil {
 			return err
 		}
@@ -80,7 +84,7 @@ func (m *manager) configureAPIServerCertificate(ctx context.Context) error {
 	}
 
 	for _, namespace := range []string{"openshift-config", "openshift-azure-operator"} {
-		err = EnsureTLSSecretFromKeyvault(ctx, m.env.ClusterKeyvault(), m.ch, types.NamespacedName{Name: m.doc.ID + "-apiserver", Namespace: namespace}, m.doc.ID+"-apiserver")
+		err = EnsureTLSSecretFromKeyvault(ctx, m.env.ClusterKeyvault(), m.ch, types.NamespacedName{Name: m.APICertName(), Namespace: namespace}, m.APICertName())
 		if err != nil {
 			return err
 		}
@@ -98,7 +102,7 @@ func (m *manager) configureAPIServerCertificate(ctx context.Context) error {
 					"api." + managedDomain,
 				},
 				ServingCertificate: configv1.SecretNameReference{
-					Name: m.doc.ID + "-apiserver",
+					Name: m.APICertName(),
 				},
 			},
 		}
@@ -123,7 +127,7 @@ func (m *manager) configureIngressCertificate(ctx context.Context) error {
 	}
 
 	for _, namespace := range []string{"openshift-ingress", "openshift-azure-operator"} {
-		err = EnsureTLSSecretFromKeyvault(ctx, m.env.ClusterKeyvault(), m.ch, types.NamespacedName{Namespace: namespace, Name: m.doc.ID + "-ingress"}, m.doc.ID+"-ingress")
+		err = EnsureTLSSecretFromKeyvault(ctx, m.env.ClusterKeyvault(), m.ch, types.NamespacedName{Namespace: namespace, Name: m.IngressCertName()}, m.IngressCertName())
 		if err != nil {
 			return err
 		}
@@ -136,7 +140,7 @@ func (m *manager) configureIngressCertificate(ctx context.Context) error {
 		}
 
 		ic.Spec.DefaultCertificate = &corev1.LocalObjectReference{
-			Name: m.doc.ID + "-ingress",
+			Name: m.IngressCertName(),
 		}
 
 		_, err = m.operatorcli.OperatorV1().IngressControllers("openshift-ingress-operator").Update(ctx, ic, metav1.UpdateOptions{})

Original file line number	Diff line number	Diff line change
`@@ -566,13 +566,13 @@ func (m *manager) Delete(ctx context.Context) error {`
`566`	`566`
`567`	`567`	`if managedDomain != "" {`
`568`	`568`	`m.log.Print("deleting signed apiserver certificate")`
`569`		`- err = m.env.ClusterKeyvault().EnsureCertificateDeleted(ctx, m.doc.ID+"-apiserver")`
	`569`	`+ err = m.env.ClusterKeyvault().EnsureCertificateDeleted(ctx, m.APICertName())`
`570`	`570`	`if err != nil {`
`571`	`571`	`return err`
`572`	`572`	`}`
`573`	`573`
`574`	`574`	`m.log.Print("deleting signed ingress certificate")`
`575`		`- err = m.env.ClusterKeyvault().EnsureCertificateDeleted(ctx, m.doc.ID+"-ingress")`
	`575`	`+ err = m.env.ClusterKeyvault().EnsureCertificateDeleted(ctx, m.IngressCertName())`
`576`	`576`	`if err != nil {`
`577`	`577`	`return err`
`578`	`578`	`}`
Original file line number	Diff line number	Diff line change
`@@ -17,6 +17,10 @@ import (`
`17`	`17`	`"github.com/Azure/ARO-RP/pkg/util/keyvault"`
`18`	`18`	`)`
`19`	`19`
	`20`	`+const (`
	`21`	`+ OneCertPublicIssuerName = "OneCertV2-PublicCA"`
	`22`	`+)`
	`23`	`+`
`20`	`24`	`func (m *manager) createCertificates(ctx context.Context) error {`
`21`	`25`	`if m.env.FeatureIsSet(env.FeatureDisableSignedCertificates) {`
`22`	`26`	`return nil`
`@@ -36,18 +40,18 @@ func (m *manager) createCertificates(ctx context.Context) error {`
`36`	`40`	`commonName string`
`37`	`41`	`}{`
`38`	`42`	`{`
`39`		`- certificateName: m.doc.ID + "-apiserver",`
	`43`	`+ certificateName: m.APICertName(),`
`40`	`44`	`commonName: "api." + managedDomain,`
`41`	`45`	`},`
`42`	`46`	`{`
`43`		`- certificateName: m.doc.ID + "-ingress",`
	`47`	`+ certificateName: m.IngressCertName(),`
`44`	`48`	`commonName: "*.apps." + managedDomain,`
`45`	`49`	`},`
`46`	`50`	`}`
`47`	`51`
`48`	`52`	`for _, c := range certs {`
`49`	`53`	`m.log.Printf("creating certificate %s", c.certificateName)`
`50`		`- err = m.env.ClusterKeyvault().CreateSignedCertificate(ctx, "OneCertV2-PublicCA", c.certificateName, c.commonName, keyvault.EkuServerAuth)`
	`54`	`+ err = m.env.ClusterKeyvault().CreateSignedCertificate(ctx, OneCertPublicIssuerName, c.certificateName, c.commonName, keyvault.EkuServerAuth)`
`51`	`55`	`if err != nil {`
`52`	`56`	`return err`
`53`	`57`	`}`
`@@ -80,7 +84,7 @@ func (m *manager) configureAPIServerCertificate(ctx context.Context) error {`
`80`	`84`	`}`
`81`	`85`
`82`	`86`	`for _, namespace := range []string{"openshift-config", "openshift-azure-operator"} {`
`83`		`- err = EnsureTLSSecretFromKeyvault(ctx, m.env.ClusterKeyvault(), m.ch, types.NamespacedName{Name: m.doc.ID + "-apiserver", Namespace: namespace}, m.doc.ID+"-apiserver")`
	`87`	`+ err = EnsureTLSSecretFromKeyvault(ctx, m.env.ClusterKeyvault(), m.ch, types.NamespacedName{Name: m.APICertName(), Namespace: namespace}, m.APICertName())`
`84`	`88`	`if err != nil {`
`85`	`89`	`return err`
`86`	`90`	`}`
`@@ -98,7 +102,7 @@ func (m *manager) configureAPIServerCertificate(ctx context.Context) error {`
`98`	`102`	`"api." + managedDomain,`
`99`	`103`	`},`
`100`	`104`	`ServingCertificate: configv1.SecretNameReference{`
`101`		`- Name: m.doc.ID + "-apiserver",`
	`105`	`+ Name: m.APICertName(),`
`102`	`106`	`},`
`103`	`107`	`},`
`104`	`108`	`}`
`@@ -123,7 +127,7 @@ func (m *manager) configureIngressCertificate(ctx context.Context) error {`
`123`	`127`	`}`
`124`	`128`
`125`	`129`	`for _, namespace := range []string{"openshift-ingress", "openshift-azure-operator"} {`
`126`		`- err = EnsureTLSSecretFromKeyvault(ctx, m.env.ClusterKeyvault(), m.ch, types.NamespacedName{Namespace: namespace, Name: m.doc.ID + "-ingress"}, m.doc.ID+"-ingress")`
	`130`	`+ err = EnsureTLSSecretFromKeyvault(ctx, m.env.ClusterKeyvault(), m.ch, types.NamespacedName{Namespace: namespace, Name: m.IngressCertName()}, m.IngressCertName())`
`127`	`131`	`if err != nil {`
`128`	`132`	`return err`
`129`	`133`	`}`
`@@ -136,7 +140,7 @@ func (m *manager) configureIngressCertificate(ctx context.Context) error {`
`136`	`140`	`}`
`137`	`141`
`138`	`142`	`ic.Spec.DefaultCertificate = &corev1.LocalObjectReference{`
`139`		`- Name: m.doc.ID + "-ingress",`
	`143`	`+ Name: m.IngressCertName(),`
`140`	`144`	`}`
`141`	`145`
`142`	`146`	`_, err = m.operatorcli.OperatorV1().IngressControllers("openshift-ingress-operator").Update(ctx, ic, metav1.UpdateOptions{})`