Initial start on code migration

Signed-off-by: Erik Godding Boye <[email protected]>

Author: erikgb

pkg/bundle/bundle.go

@@ -23,6 +23,7 @@ import (
 	"slices"
 	"strings"
 
+	trustmanagerapi "github.com/cert-manager/trust-manager/pkg/apis/trustmanager/v1alpha2"
 	corev1 "k8s.io/api/core/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -89,7 +90,7 @@ func (b *bundle) reconcileBundle(ctx context.Context, req ctrl.Request) (statusP
 	ctx = logf.IntoContext(ctx, log)
 	log.V(2).Info("syncing bundle")
 
-	var bundle trustapi.Bundle
+	var bundle trustmanagerapi.ClusterBundle
 	err := b.client.Get(ctx, req.NamespacedName, &bundle)
 	if apierrors.IsNotFound(err) {
 		log.V(2).Info("bundle no longer exists, ignoring")
@@ -172,7 +173,7 @@ func (b *bundle) reconcileBundle(ctx context.Context, req ctrl.Request) (statusP
 
 	targetResources := map[target.Resource]struct{}{}
 
-	namespaceSelector, err := b.bundleTargetNamespaceSelector(&bundle)
+	namespaceSelector, err := metav1.LabelSelectorAsSelector((&bundle).Spec.Target.NamespaceSelector)
 	if err != nil {
 		b.recorder.Eventf(&bundle, corev1.EventTypeWarning, "NamespaceSelectorError", "Failed to build namespace match labels selector: %s", err)
 		return nil, fmt.Errorf("failed to build NamespaceSelector: %w", err)
@@ -346,16 +347,3 @@ func (b *bundle) reconcileBundle(ctx context.Context, req ctrl.Request) (statusP
 
 	return statusPatch, nil
 }
-
-func (b *bundle) bundleTargetNamespaceSelector(bundleObj *trustapi.Bundle) (labels.Selector, error) {
-	nsSelector := bundleObj.Spec.Target.NamespaceSelector
-
-	// LabelSelectorAsSelector returns a Selector selecting nothing if LabelSelector is nil,
-	// while our current default is to select everything. But this is subject to change.
-	// See https://github.com/cert-manager/trust-manager/issues/39
-	if nsSelector == nil {
-		return labels.Everything(), nil
-	}
-
-	return metav1.LabelSelectorAsSelector(nsSelector)
-}

pkg/bundle/controller.go

@@ -21,6 +21,7 @@ import (
 	"fmt"
 	"os"
 
+	trustmanagerapi "github.com/cert-manager/trust-manager/pkg/apis/trustmanager/v1alpha2"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/labels"
@@ -205,8 +206,9 @@ func addBundleController(
 		// Watch all Namespaces. Cache whole Namespaces to include Phase Status.
 		// Reconcile all Bundles on a Namespace change.
 		Watches(&corev1.Namespace{}, b.enqueueRequestsFromBundleFunc(
-			func(obj client.Object, bundle trustapi.Bundle) bool {
-				namespaceSelector, err := b.bundleTargetNamespaceSelector(&bundle)
+			func(obj client.Object, bundle trustmanagerapi.ClusterBundle) bool {
+				var r labels.Selector = metav1.LabelSelectorAsSelector((&bundle).Spec.Target.NamespaceSelector)
+				namespaceSelector, err := r
 				if err != nil {
 					// We have an invalid selector, so we can skip this Bundle.
 					return false
@@ -250,7 +252,7 @@ func addBundleController(
 // enqueueRequestsFromBundleFunc returns an event handler for watching Bundle dependants.
 // It will invoke the provided function for all Bundles and trigger a Bundle reconcile if the
 // functions returns true.
-func (b *bundle) enqueueRequestsFromBundleFunc(fn func(obj client.Object, bundle trustapi.Bundle) bool) handler.EventHandler {
+func (b *bundle) enqueueRequestsFromBundleFunc(fn func(obj client.Object, bundle trustmanagerapi.ClusterBundle) bool) handler.EventHandler {
 	return handler.EnqueueRequestsFromMapFunc(
 		func(ctx context.Context, obj client.Object) []reconcile.Request {
 			// If an error happens here, and we do nothing, we run the risk of
@@ -273,8 +275,8 @@ func (b *bundle) enqueueRequestsFromBundleFunc(fn func(obj client.Object, bundle
 
 // mustBundleList will return a BundleList of all Bundles in the cluster. If an
 // error occurs, will exit error the program.
-func (b *bundle) mustBundleList(ctx context.Context) *trustapi.BundleList {
-	var bundleList trustapi.BundleList
+func (b *bundle) mustBundleList(ctx context.Context) *trustmanagerapi.ClusterBundleList {
+	var bundleList trustmanagerapi.ClusterBundleList
 	if err := b.client.List(ctx, &bundleList); err != nil {
 		logf.FromContext(ctx).Error(err, "failed to list all Bundles, exiting error")
 		os.Exit(-1)

pkg/bundle/controller/bundle_controller.go

@@ -41,7 +41,7 @@ type BundleReconciler struct {
 // SetupWithManager sets up the controller with the Manager.
 func (r *BundleReconciler) SetupWithManager(mgr ctrl.Manager) error {
 	return ctrl.NewControllerManagedBy(mgr).
-		For(&trustapi.Bundle{}).
+		For(&trustapi.Bundle{}). //lint:ignore SA1019
 		Owns(&trustmanagerapi.ClusterBundle{}).
 		Complete(r)
 }

pkg/bundle/internal/source/source.go

@@ -20,9 +20,11 @@ import (
 	"context"
 	"fmt"
 
+	trustmanagerapi "github.com/cert-manager/trust-manager/pkg/apis/trustmanager/v1alpha2"
 	corev1 "k8s.io/api/core/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/utils/ptr"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	logf "sigs.k8s.io/controller-runtime/pkg/log"
 
@@ -66,32 +68,38 @@ func (b *BundleBuilder) BuildBundle(ctx context.Context, sources []trustapi.Bund
 		util.WithLogger(logf.FromContext(ctx).WithName("cert-pool")),
 	)
 
-	for _, source := range sources {
+	for _, source := range spec.Sources {
 		var certSource bundleSource
 
-		switch {
-		case source.ConfigMap != nil:
-			certSource = &configMapBundleSource{b.Reader, b.Namespace, source.ConfigMap}
+		switch source.Kind {
+		case "ConfigMap":
+			certSource = &configMapBundleSource{b.Reader, b.Namespace, source}
 
-		case source.Secret != nil:
-			certSource = &secretBundleSource{b.Reader, b.Namespace, source.Secret}
+		case "Secret":
+			certSource = &secretBundleSource{b.Reader, b.Namespace, source}
 
-		case source.InLine != nil:
-			certSource = &inlineBundleSource{*source.InLine}
-
-		case source.UseDefaultCAs != nil:
-			if !*source.UseDefaultCAs {
-				continue
-			}
-			if b.DefaultPackage == nil {
-				return BundleData{}, NotFoundError{fmt.Errorf("no default package was specified when trust-manager was started; default CAs not available")}
-			}
-			certSource = &defaultCAsBundleSource{b.DefaultPackage.Bundle}
-			resolvedBundle.DefaultCAPackageStringID = b.DefaultPackage.StringID()
 		default:
-			panic(fmt.Sprintf("don't know how to process source: %+v", source))
+			panic(fmt.Sprintf("don't know how to process source of kind: %q", source.Kind))
+		}
+
+		if err := certSource.addToCertPool(ctx, certPool); err != nil {
+			return BundleData{}, err
 		}
+	}
+
+	if spec.InLineCAs != nil {
+		certSource := &inlineBundleSource{*spec.InLineCAs}
+		if err := certSource.addToCertPool(ctx, certPool); err != nil {
+			return BundleData{}, err
+		}
+	}
 
+	if ptr.Deref(spec.IncludeDefaultCAs, false) {
+		if b.DefaultPackage == nil {
+			return BundleData{}, NotFoundError{fmt.Errorf("no default package was specified when trust-manager was started; default CAs not available")}
+		}
+		certSource := &defaultCAsBundleSource{b.DefaultPackage.Bundle}
+		resolvedBundle.DefaultCAPackageStringID = b.DefaultPackage.StringID()
 		if err := certSource.addToCertPool(ctx, resolvedBundle.CertPool); err != nil {
 			return BundleData{}, err
 		}
@@ -134,7 +142,7 @@ func (s defaultCAsBundleSource) addToCertPool(_ context.Context, pool *util.Cert
 type configMapBundleSource struct {
 	client.Reader
 	Namespace string
-	ref       *trustapi.SourceObjectKeySelector
+	ref       trustmanagerapi.BundleSource
 }
 
 func (b configMapBundleSource) addToCertPool(ctx context.Context, pool *util.CertPool) error {
@@ -197,7 +205,7 @@ func (b configMapBundleSource) addToCertPool(ctx context.Context, pool *util.Cer
 type secretBundleSource struct {
 	client.Reader
 	Namespace string
-	ref       *trustapi.SourceObjectKeySelector
+	ref       trustmanagerapi.BundleSource
 }
 
 func (b secretBundleSource) addToCertPool(ctx context.Context, pool *util.CertPool) error {