Ensure that `CertificateRequest` reconciler populates `CertificateRequestStatus` with values to maintain feature-parity with cert-manager
Closed this issue · 0 comments
m8rmclaren commented
Currently, the leaf and CA chain are concatenated and returned in the CertificateRequest
reconciler:
ejbcaSigner, err := r.SignerBuilder(ctx, issuerSpec, authSecret.Data, caSecret.Data)
if err != nil {
return ctrl.Result{}, fmt.Errorf("%w: %v", errSignerBuilder, err)
}
signed, err := ejbcaSigner.Sign(ctx, certificateRequest.Spec.Request)
if err != nil {
return ctrl.Result{}, fmt.Errorf("%w: %v", errSignerSign, err)
}
certificateRequest.Status.Certificate = signed
setReadyCondition(cmmeta.ConditionTrue, cmapi.CertificateRequestReasonIssued, "Signed")
return ctrl.Result{}, nil
Change the Signer function to return the leaf and chain separately so that the CA field of CertificateRequestStatus
is updated as well.