review comments

Azure · Aug 5, 2024 · 5aefdaf · 5aefdaf
1 parent 939f5af
commit 5aefdaf
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 9 deletions.
diff --git a/pkg/cluster/apply.go b/pkg/cluster/apply.go
@@ -12,13 +12,13 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 
-	"github.com/Azure/ARO-RP/pkg/env"
 	"github.com/Azure/ARO-RP/pkg/util/clienthelper"
+	"github.com/Azure/ARO-RP/pkg/util/keyvault"
 	utilpem "github.com/Azure/ARO-RP/pkg/util/pem"
 )
 
-func EnsureTLSSecretFromKeyvault(ctx context.Context, env env.Interface, ch clienthelper.Interface, target types.NamespacedName, certificateName string) error {
-	bundle, err := env.ClusterKeyvault().GetSecret(ctx, certificateName)
+func EnsureTLSSecretFromKeyvault(ctx context.Context, kv keyvault.Manager, ch clienthelper.Writer, target types.NamespacedName, certificateName string) error {
+	bundle, err := kv.GetSecret(ctx, certificateName)
 	if err != nil {
 		return err
 	}
@@ -38,14 +38,16 @@ func EnsureTLSSecretFromKeyvault(ctx context.Context, env env.Interface, ch clie
 		cb = append(cb, pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw})...)
 	}
 
+	privateKey := pem.EncodeToMemory(&pem.Block{Type: "PRIVATE KEY", Bytes: b})
+
 	secret := &corev1.Secret{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      target.Name,
 			Namespace: target.Namespace,
 		},
 		Data: map[string][]byte{
 			corev1.TLSCertKey:       cb,
-			corev1.TLSPrivateKeyKey: pem.EncodeToMemory(&pem.Block{Type: "PRIVATE KEY", Bytes: b}),
+			corev1.TLSPrivateKeyKey: privateKey,
 		},
 		Type: corev1.SecretTypeTLS,
 	}

diff --git a/pkg/cluster/tls.go b/pkg/cluster/tls.go
@@ -80,7 +80,7 @@ func (m *manager) configureAPIServerCertificate(ctx context.Context) error {
 	}
 
 	for _, namespace := range []string{"openshift-config", "openshift-azure-operator"} {
-		err = EnsureTLSSecretFromKeyvault(ctx, m.env, m.ch, types.NamespacedName{Name: m.doc.ID + "-apiserver", Namespace: namespace}, m.doc.ID+"-apiserver")
+		err = EnsureTLSSecretFromKeyvault(ctx, m.env.ClusterKeyvault(), m.ch, types.NamespacedName{Name: m.doc.ID + "-apiserver", Namespace: namespace}, m.doc.ID+"-apiserver")
 		if err != nil {
 			return err
 		}
@@ -123,7 +123,7 @@ func (m *manager) configureIngressCertificate(ctx context.Context) error {
 	}
 
 	for _, namespace := range []string{"openshift-ingress", "openshift-azure-operator"} {
-		err = EnsureTLSSecretFromKeyvault(ctx, m.env, m.ch, types.NamespacedName{Namespace: namespace, Name: m.doc.ID + "-ingress"}, m.doc.ID+"-ingress")
+		err = EnsureTLSSecretFromKeyvault(ctx, m.env.ClusterKeyvault(), m.ch, types.NamespacedName{Namespace: namespace, Name: m.doc.ID + "-ingress"}, m.doc.ID+"-ingress")
 		if err != nil {
 			return err
 		}

diff --git a/pkg/util/clienthelper/clienthelper.go b/pkg/util/clienthelper/clienthelper.go
@@ -34,14 +34,24 @@ import (
 	_ "github.com/Azure/ARO-RP/pkg/util/scheme"
 )
 
-type Interface interface {
-	client.Reader
+type Writer interface {
 	client.Writer
-	EnsureDeleted(ctx context.Context, gvk schema.GroupVersionKind, key types.NamespacedName) error
+	// Ensure applies self-contained objects to a Kubernetes API, merging
+	// client-side if required.
 	Ensure(ctx context.Context, objs ...kruntime.Object) error
+	EnsureDeleted(ctx context.Context, gvk schema.GroupVersionKind, key types.NamespacedName) error
+}
+
+type Reader interface {
+	client.Reader
 	GetOne(ctx context.Context, key types.NamespacedName, obj kruntime.Object) error
 }
 
+type Interface interface {
+	Reader
+	Writer
+}
+
 type clientHelper struct {
 	client.Client