in pkg/interceptor/secret.go [50:110]
func (s *SecretService) CreateCertsSecret(
ctx context.Context,
namespace,
interceptorName string,
) (*CertData, error) {
interceptor := &triggersApi.Interceptor{}
err := s.client.Get(ctx, ctrlClient.ObjectKey{Namespace: namespace, Name: interceptorName}, interceptor)
if err != nil {
return nil, fmt.Errorf("failed to get Interceptor: %w", err)
}
serKey, serCert, cacert, err := certresources.CreateCerts(
ctx,
interceptor.Spec.ClientConfig.Service.Name,
interceptor.Spec.ClientConfig.Service.Namespace,
time.Now().Add(decade),
)
if err != nil {
return nil, fmt.Errorf("failed to create certs: %w", err)
}
certData := NewCertData(serKey, serCert, cacert)
secret := &corev1.Secret{}
err = s.client.Get(ctx, ctrlClient.ObjectKey{Namespace: namespace, Name: SecretCertsName}, secret)
if err != nil {
if k8serrors.IsNotFound(err) {
secret.ObjectMeta = metav1.ObjectMeta{
Namespace: namespace,
Name: SecretCertsName,
}
secret.Data = map[string][]byte{
secretServerKey: serKey,
secretServerCert: serCert,
secretCACert: cacert,
}
secret.Type = corev1.SecretTypeOpaque
if err = s.client.Create(ctx, secret); err != nil {
return nil, fmt.Errorf("failed to create secret: %w", err)
}
return certData, nil
}
return nil, fmt.Errorf("failed to get secret: %w", err)
}
secret.Data = map[string][]byte{
secretServerKey: serKey,
secretServerCert: serCert,
secretCACert: cacert,
}
if err = s.client.Update(ctx, secret); err != nil {
return nil, fmt.Errorf("failed to update secret: %w", err)
}
return certData, nil
}