updates: reviews

securesign · Sep 13, 2024 · 8dbe2e2 · 8dbe2e2
1 parent 8908399
commit 8dbe2e2
Show file tree

Hide file tree

Showing 5 changed files with 44 additions and 39 deletions.
diff --git a/internal/controller/ctlog/actions/constants.go b/internal/controller/ctlog/actions/constants.go
@@ -8,15 +8,19 @@ const (
 	RBACName           = "ctlog"
 	MonitoringRoleName = "prometheus-k8s-ctlog"
 
-	CertCondition       = "FulcioCertAvailable"
-	ServerPortName      = "http"
-	ServerPort          = 80
-	HttpsServerPortName = "https"
-	HttpsServerPort     = 443
-	ServerTargetPort    = 6962
-	MetricsPortName     = "metrics"
-	MetricsPort         = 6963
-	ServerCondition     = "ServerAvailable"
+	CertCondition             = "FulcioCertAvailable"
+	ServerPortName            = "http"
+	ServerPort                = 80
+	HttpsServerPortName       = "https"
+	HttpsServerPort           = 443
+	ServerTargetPort          = 6962
+	MetricsPortName           = "metrics"
+	MetricsPort               = 6963
+	ServerCondition           = "ServerAvailable"
+	CtlogTreeName             = "ctlog-tree"
+	CtlogTreeJobName          = "ctlog-create-tree"
+	CtlogTreeJobCondition     = "CtlogTreeJobAvailable"
+	CtlogTreeJobConfigMapName = "ctlog-tree-id-config"
 
 	CTLPubLabel = constants.LabelNamespace + "/ctfe.pub"
 )
diff --git a/internal/controller/ctlog/actions/create_tree_job.go b/internal/controller/ctlog/actions/create_tree_job.go
@@ -33,7 +33,7 @@ func (i createTreeJobAction) Name() string {
 }
 
 func (i createTreeJobAction) CanHandle(ctx context.Context, instance *rhtasv1alpha1.CTlog) bool {
-	cm, _ := kubernetes.GetConfigMap(ctx, i.Client, instance.Namespace, "ctlog-tree-id-config")
+	cm, _ := kubernetes.GetConfigMap(ctx, i.Client, instance.Namespace, CtlogTreeJobConfigMapName)
 	c := meta.FindStatusCondition(instance.Status.Conditions, constants.Ready)
 	return (c.Reason == constants.Creating || c.Reason == constants.Ready) && cm == nil && instance.Status.TreeID == nil
 }
@@ -44,8 +44,6 @@ func (i createTreeJobAction) Handle(ctx context.Context, instance *rhtasv1alpha1
 		updated bool
 	)
 
-	CtlogTreeJobName := "ctlog-create-tree"
-	configMapName := "ctlog-tree-id-config"
 	var trillUrl string
 
 	switch {
@@ -66,7 +64,7 @@ func (i createTreeJobAction) Handle(ctx context.Context, instance *rhtasv1alpha1
 			Type:    CtlogTreeJobName,
 			Status:  metav1.ConditionFalse,
 			Reason:  constants.Creating,
-			Message: "Creating ctlog tree Job",
+			Message: "Creating tree Job",
 		})
 	}
 
@@ -75,7 +73,7 @@ func (i createTreeJobAction) Handle(ctx context.Context, instance *rhtasv1alpha1
 	// Needed for configMap clean-up
 	configMap := &corev1.ConfigMap{
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      configMapName,
+			Name:      CtlogTreeJobConfigMapName,
 			Namespace: instance.Namespace,
 			Labels:    labels,
 		},
@@ -86,14 +84,14 @@ func (i createTreeJobAction) Handle(ctx context.Context, instance *rhtasv1alpha1
 	}
 	if updated, err = i.Ensure(ctx, configMap); err != nil {
 		meta.SetStatusCondition(&instance.Status.Conditions, metav1.Condition{
-			Type:    constants.Ready,
+			Type:    CtlogTreeJobName,
 			Status:  metav1.ConditionFalse,
 			Reason:  constants.Failure,
 			Message: err.Error(),
 		})
 	}
 	if updated {
-		meta.SetStatusCondition(&instance.Status.Conditions, metav1.Condition{Type: constants.Ready,
+		meta.SetStatusCondition(&instance.Status.Conditions, metav1.Condition{Type: CtlogTreeJobName,
 			Status: metav1.ConditionFalse, Reason: constants.Creating, Message: "ConfigMap created"})
 	}
 
@@ -106,7 +104,7 @@ func (i createTreeJobAction) Handle(ctx context.Context, instance *rhtasv1alpha1
 	caPath, err := utils.CAPath(ctx, i.Client, instance)
 	if err != nil {
 		meta.SetStatusCondition(&instance.Status.Conditions, metav1.Condition{
-			Type:    constants.Ready,
+			Type:    CtlogTreeJobName,
 			Status:  metav1.ConditionFalse,
 			Reason:  constants.Failure,
 			Message: err.Error(),
@@ -120,11 +118,11 @@ func (i createTreeJobAction) Handle(ctx context.Context, instance *rhtasv1alpha1
 	cmd := ""
 	switch {
 	case trustedCAAnnotation != nil:
-		cmd = fmt.Sprintf("/createtree --admin_server=%s --display_name=ctlog-tree --tls_cert_file=%s", trillUrl, caPath)
+		cmd = fmt.Sprintf("/createtree --admin_server=%s --display_name=%s --tls_cert_file=%s", trillUrl, CtlogTreeName, caPath)
 	case kubernetes.IsOpenShift():
-		cmd = fmt.Sprintf("/createtree --admin_server=%s --display_name=ctlog-tree --tls_cert_file=/var/run/secrets/tas/tls.crt", trillUrl)
+		cmd = fmt.Sprintf("/createtree --admin_server=%s --display_name=%s --tls_cert_file=/var/run/secrets/tas/tls.crt", trillUrl, CtlogTreeName)
 	default:
-		cmd = fmt.Sprintf("/createtree --admin_server=%s --display_name=ctlog-tree", trillUrl)
+		cmd = fmt.Sprintf("/createtree --admin_server=%s --display_name=%s", trillUrl, CtlogTreeName)
 	}
 	command := []string{
 		"/bin/sh",
@@ -152,7 +150,7 @@ func (i createTreeJobAction) Handle(ctx context.Context, instance *rhtasv1alpha1
 			echo "Failed to create tree" >&2
 			exit 1
 		fi
-		`, cmd, configMapName),
+		`, cmd, CtlogTreeJobConfigMapName),
 	}
 	env := []corev1.EnvVar{}
 
@@ -193,7 +191,7 @@ func (i createTreeJobAction) Handle(ctx context.Context, instance *rhtasv1alpha1
 		Type:    CtlogTreeJobName,
 		Status:  metav1.ConditionTrue,
 		Reason:  constants.Creating,
-		Message: "ctlog tree Job Created",
+		Message: "tree Job Created",
 	})
 
 	return i.Continue()

diff --git a/internal/controller/rekor/actions/constants.go b/internal/controller/rekor/actions/constants.go
@@ -23,4 +23,8 @@ const (
 	ServerCondition            = "ServerAvailable"
 	RedisCondition             = "RedisAvailable"
 	SignerCondition            = "SignerAvailable"
+	RekorTreeName              = "rekor-tree"
+	RekorTreeJobName           = "rekor-create-tree"
+	RekorTreeJobCondition      = "RekorTreeJobAvailable"
+	RekorTreeJobConfigMapName  = "rekor-tree-id-config"
 )
diff --git a/internal/controller/rekor/actions/server/create_tree_job.go b/internal/controller/rekor/actions/server/create_tree_job.go
@@ -34,7 +34,7 @@ func (i createTreeJobAction) Name() string {
 }
 
 func (i createTreeJobAction) CanHandle(ctx context.Context, instance *rhtasv1alpha1.Rekor) bool {
-	cm, _ := kubernetes.GetConfigMap(ctx, i.Client, instance.Namespace, "rekor-tree-id-config")
+	cm, _ := kubernetes.GetConfigMap(ctx, i.Client, instance.Namespace, actions.RekorTreeJobConfigMapName)
 	c := meta.FindStatusCondition(instance.Status.Conditions, constants.Ready)
 	return (c.Reason == constants.Creating || c.Reason == constants.Ready) && cm == nil && instance.Status.TreeID == nil
 }
@@ -45,8 +45,6 @@ func (i createTreeJobAction) Handle(ctx context.Context, instance *rhtasv1alpha1
 		updated bool
 	)
 
-	RekorTreeJobName := "rekor-create-tree"
-	configMapName := "rekor-tree-id-config"
 	var trillUrl string
 
 	switch {
@@ -62,12 +60,12 @@ func (i createTreeJobAction) Handle(ctx context.Context, instance *rhtasv1alpha1
 	}
 	i.Logger.V(1).Info("trillian logserver", "address", trillUrl)
 
-	if c := meta.FindStatusCondition(instance.Status.Conditions, RekorTreeJobName); c == nil {
+	if c := meta.FindStatusCondition(instance.Status.Conditions, actions.RekorTreeJobName); c == nil {
 		instance.SetCondition(metav1.Condition{
-			Type:    RekorTreeJobName,
+			Type:    actions.RekorTreeJobName,
 			Status:  metav1.ConditionFalse,
 			Reason:  constants.Creating,
-			Message: "Creating rekor tree Job",
+			Message: "Creating tree Job",
 		})
 	}
 
@@ -76,7 +74,7 @@ func (i createTreeJobAction) Handle(ctx context.Context, instance *rhtasv1alpha1
 	// Needed for configMap clean-up
 	configMap := &corev1.ConfigMap{
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      configMapName,
+			Name:      actions.RekorTreeJobConfigMapName,
 			Namespace: instance.Namespace,
 			Labels:    labels,
 		},
@@ -87,7 +85,7 @@ func (i createTreeJobAction) Handle(ctx context.Context, instance *rhtasv1alpha1
 	}
 	if updated, err = i.Ensure(ctx, configMap); err != nil {
 		meta.SetStatusCondition(&instance.Status.Conditions, metav1.Condition{
-			Type:    constants.Ready,
+			Type:    actions.RekorTreeJobName,
 			Status:  metav1.ConditionFalse,
 			Reason:  constants.Failure,
 			Message: err.Error(),
@@ -107,7 +105,7 @@ func (i createTreeJobAction) Handle(ctx context.Context, instance *rhtasv1alpha1
 	caPath, err := utils.CAPath(ctx, i.Client, instance)
 	if err != nil {
 		meta.SetStatusCondition(&instance.Status.Conditions, metav1.Condition{
-			Type:    constants.Ready,
+			Type:    actions.RekorTreeJobName,
 			Status:  metav1.ConditionFalse,
 			Reason:  constants.Failure,
 			Message: err.Error(),
@@ -121,11 +119,11 @@ func (i createTreeJobAction) Handle(ctx context.Context, instance *rhtasv1alpha1
 	cmd := ""
 	switch {
 	case trustedCAAnnotation != nil:
-		cmd = fmt.Sprintf("/createtree --admin_server=%s --display_name=rekor-tree --tls_cert_file=%s", trillUrl, caPath)
+		cmd = fmt.Sprintf("/createtree --admin_server=%s --display_name=%s --tls_cert_file=%s", trillUrl, actions.RekorTreeName, caPath)
 	case kubernetes.IsOpenShift():
-		cmd = fmt.Sprintf("/createtree --admin_server=%s --display_name=rekor-tree --tls_cert_file=/var/run/secrets/tas/tls.crt", trillUrl)
+		cmd = fmt.Sprintf("/createtree --admin_server=%s --display_name=%s --tls_cert_file=/var/run/secrets/tas/tls.crt", trillUrl, actions.RekorTreeName)
 	default:
-		cmd = fmt.Sprintf("/createtree --admin_server=%s --display_name=rekor-tree", trillUrl)
+		cmd = fmt.Sprintf("/createtree --admin_server=%s --display_name=%s", trillUrl, actions.RekorTreeName)
 	}
 	command := []string{
 		"/bin/sh",
@@ -153,11 +151,11 @@ func (i createTreeJobAction) Handle(ctx context.Context, instance *rhtasv1alpha1
 			echo "Failed to create tree" >&2
 			exit 1
 		fi
-		`, cmd, configMapName),
+		`, cmd, actions.RekorTreeJobConfigMapName),
 	}
 	env := []corev1.EnvVar{}
 
-	job := job.CreateJob(instance.Namespace, RekorTreeJobName, labels, constants.CreateTreeImage, actions.RBACName, parallelism, completions, activeDeadlineSeconds, backoffLimit, command, env)
+	job := job.CreateJob(instance.Namespace, actions.RekorTreeJobName, labels, constants.CreateTreeImage, actions.RBACName, parallelism, completions, activeDeadlineSeconds, backoffLimit, command, env)
 	if err = ctrl.SetControllerReference(instance, job, i.Client.Scheme()); err != nil {
 		return i.Failed(fmt.Errorf("could not set controller reference for Job: %w", err))
 	}
@@ -191,10 +189,10 @@ func (i createTreeJobAction) Handle(ctx context.Context, instance *rhtasv1alpha1
 	}
 
 	meta.SetStatusCondition(&instance.Status.Conditions, metav1.Condition{
-		Type:    RekorTreeJobName,
+		Type:    actions.RekorTreeJobName,
 		Status:  metav1.ConditionTrue,
 		Reason:  constants.Creating,
-		Message: "rekor tree Job Created",
+		Message: "tree Job Created",
 	})
 
 	return i.Continue()

diff --git a/internal/controller/trillian/trillian_controller.go b/internal/controller/trillian/trillian_controller.go
@@ -28,6 +28,7 @@ import (
 	"github.com/securesign/operator/internal/controller/common/action/transitions"
 
 	"github.com/securesign/operator/internal/controller/common/action"
+	actions2 "github.com/securesign/operator/internal/controller/ctlog/actions"
 	"github.com/securesign/operator/internal/controller/trillian/actions"
 	"github.com/securesign/operator/internal/controller/trillian/actions/db"
 	"github.com/securesign/operator/internal/controller/trillian/actions/logserver"
@@ -89,7 +90,7 @@ func (r *TrillianReconciler) Reconcile(ctx context.Context, req ctrl.Request) (c
 	target := instance.DeepCopy()
 	actions := []action.Action[*rhtasv1alpha1.Trillian]{
 		transitions.NewToPendingPhaseAction[*rhtasv1alpha1.Trillian](func(t *rhtasv1alpha1.Trillian) []string {
-			components := []string{actions.ServerCondition, actions.SignerCondition}
+			components := []string{actions.ServerCondition, actions.SignerCondition, actions2.CtlogTreeJobCondition}
 			if utils.IsEnabled(t.Spec.Db.Create) {
 				components = append(components, actions.DbCondition)
 			}