Ensure that `CertificateRequest` reconciler populates `CertificateRequestStatus` with values to maintain feature-parity with cert-manager

Question

Ensure that `CertificateRequest` reconciler populates `CertificateRequestStatus` with values to maintain feature-parity with cert-manager

Closed this issue 3 months ago · 0 comments

Currently, the leaf and CA chain are concatenated and returned in the CertificateRequest reconciler:

ejbcaSigner, err := r.SignerBuilder(ctx, issuerSpec, authSecret.Data, caSecret.Data)
if err != nil {
return ctrl.Result{}, fmt.Errorf("%w: %v", errSignerBuilder, err)
}

signed, err := ejbcaSigner.Sign(ctx, certificateRequest.Spec.Request)
if err != nil {
return ctrl.Result{}, fmt.Errorf("%w: %v", errSignerSign, err)
}
certificateRequest.Status.Certificate = signed

setReadyCondition(cmmeta.ConditionTrue, cmapi.CertificateRequestReasonIssued, "Signed")
return ctrl.Result{}, nil

Change the Signer function to return the leaf and chain separately so that the CA field of CertificateRequestStatus is updated as well.