Skip to content

Commit 68de773

Browse files
dviejokfsdviejokfs
committed
Use External params for peer and orderer
Signed-off-by: dviejokfs <[email protected]>
1 parent 67b9f1e commit 68de773

File tree

3 files changed

+83
-7
lines changed

3 files changed

+83
-7
lines changed

api/hlf.kungfusoftware.es/v1alpha1/hlf_types.go

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -317,9 +317,11 @@ type Component struct {
317317
External *ExternalCertificate `json:"external"`
318318
}
319319
type ExternalCertificate struct {
320-
SecretName string `json:"secretName"`
321-
CertificateKey string `json:"certificateKey"`
322-
PrivateKeyKey string `json:"privateKeyKey"`
320+
SecretName string `json:"secretName"`
321+
SecretNamespace string `json:"secretNamespace"`
322+
RootCertificateKey string `json:"rootCertificateKey"`
323+
CertificateKey string `json:"certificateKey"`
324+
PrivateKeyKey string `json:"privateKeyKey"`
323325
}
324326

325327
func (c *Component) CAUrl() string {
@@ -341,6 +343,10 @@ type TLS struct {
341343
Csr Csr `json:"csr"`
342344
Enrollid string `json:"enrollid"`
343345
Enrollsecret string `json:"enrollsecret"`
346+
347+
// +optional
348+
// +nullable
349+
External *ExternalCertificate `json:"external"`
344350
}
345351
type Enrollment struct {
346352
Component Component `json:"component"`

controllers/ordnode/ordnode_controller.go

Lines changed: 37 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -774,7 +774,25 @@ func getConfig(
774774
var tlsCert, tlsRootCert, adminCert, adminRootCert, adminClientRootCert, signCert, signRootCert *x509.Certificate
775775
var tlsKey, adminKey, signKey *ecdsa.PrivateKey
776776
var err error
777-
if refreshCerts {
777+
ctx := context.Background()
778+
if tlsParams.External != nil {
779+
secret, err := client.CoreV1().Secrets(tlsParams.External.SecretNamespace).Get(ctx, tlsParams.External.SecretName, v1.GetOptions{})
780+
if err != nil {
781+
return nil, errors.Wrapf(err, "failed to get secret %s", tlsParams.External.SecretName)
782+
}
783+
tlsCert, err = utils.ParseX509Certificate(secret.Data[tlsParams.External.CertificateKey])
784+
if err != nil {
785+
return nil, errors.Wrapf(err, "failed to parse tls certificate")
786+
}
787+
tlsRootCert, err = utils.ParseX509Certificate(secret.Data[tlsParams.External.RootCertificateKey])
788+
if err != nil {
789+
return nil, errors.Wrapf(err, "failed to parse tls root certificate")
790+
}
791+
tlsKey, err = utils.ParseECDSAPrivateKey(secret.Data[tlsParams.External.PrivateKeyKey])
792+
if err != nil {
793+
return nil, errors.Wrapf(err, "failed to parse tls private key")
794+
}
795+
} else if refreshCerts {
778796
cacert, err := base64.StdEncoding.DecodeString(tlsParams.Catls.Cacert)
779797
if err != nil {
780798
return nil, errors.Wrapf(err, "failed to decode tls ca cert")
@@ -865,7 +883,24 @@ func getConfig(
865883
}
866884
signParams := conf.Spec.Secret.Enrollment.Component
867885
caUrl := fmt.Sprintf("https://%s:%d", signParams.Cahost, signParams.Caport)
868-
if refreshCerts {
886+
if signParams.External != nil {
887+
secret, err := client.CoreV1().Secrets(signParams.External.SecretNamespace).Get(ctx, signParams.External.SecretName, v1.GetOptions{})
888+
if err != nil {
889+
return nil, errors.Wrapf(err, "failed to get secret %s", signParams.External.SecretName)
890+
}
891+
signCert, err = utils.ParseX509Certificate(secret.Data[signParams.External.CertificateKey])
892+
if err != nil {
893+
return nil, errors.Wrapf(err, "failed to parse sign certificate")
894+
}
895+
signRootCert, err = utils.ParseX509Certificate(secret.Data[signParams.External.RootCertificateKey])
896+
if err != nil {
897+
return nil, errors.Wrapf(err, "failed to parse sign root certificate")
898+
}
899+
signKey, err = utils.ParseECDSAPrivateKey(secret.Data[signParams.External.PrivateKeyKey])
900+
if err != nil {
901+
return nil, errors.Wrapf(err, "failed to parse sign private key")
902+
}
903+
} else if refreshCerts {
869904
cacert, err := base64.StdEncoding.DecodeString(signParams.Catls.Cacert)
870905
if err != nil {
871906
return nil, errors.Wrapf(err, "failed to decode sign ca cert")

controllers/peer/peer_controller.go

Lines changed: 37 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -902,7 +902,25 @@ func GetConfig(
902902
var tlsCert, tlsRootCert, tlsOpsCert, signCert, signRootCert *x509.Certificate
903903
var tlsKey, tlsOpsKey, signKey *ecdsa.PrivateKey
904904
var err error
905-
if refreshCerts {
905+
ctx := context.Background()
906+
if tlsParams.External != nil {
907+
secret, err := client.CoreV1().Secrets(tlsParams.External.SecretNamespace).Get(ctx, tlsParams.External.SecretName, v1.GetOptions{})
908+
if err != nil {
909+
return nil, errors.Wrapf(err, "failed to get secret %s", tlsParams.External.SecretName)
910+
}
911+
tlsCert, err = utils.ParseX509Certificate(secret.Data[tlsParams.External.CertificateKey])
912+
if err != nil {
913+
return nil, errors.Wrapf(err, "failed to parse tls certificate")
914+
}
915+
tlsRootCert, err = utils.ParseX509Certificate(secret.Data[tlsParams.External.RootCertificateKey])
916+
if err != nil {
917+
return nil, errors.Wrapf(err, "failed to parse tls root certificate")
918+
}
919+
tlsKey, err = utils.ParseECDSAPrivateKey(secret.Data[tlsParams.External.PrivateKeyKey])
920+
if err != nil {
921+
return nil, errors.Wrapf(err, "failed to parse tls private key")
922+
}
923+
} else if refreshCerts {
906924
cacert, err := base64.StdEncoding.DecodeString(tlsParams.Catls.Cacert)
907925
if err != nil {
908926
return nil, errors.Wrapf(err, "failed to decode tls ca cert")
@@ -986,7 +1004,24 @@ func GetConfig(
9861004
}
9871005
signParams := conf.Spec.Secret.Enrollment.Component
9881006
caUrl := fmt.Sprintf("https://%s:%d", signParams.Cahost, signParams.Caport)
989-
if refreshCerts {
1007+
if signParams.External != nil {
1008+
secret, err := client.CoreV1().Secrets(signParams.External.SecretNamespace).Get(ctx, signParams.External.SecretName, v1.GetOptions{})
1009+
if err != nil {
1010+
return nil, errors.Wrapf(err, "failed to get secret %s", signParams.External.SecretName)
1011+
}
1012+
signCert, err = utils.ParseX509Certificate(secret.Data[signParams.External.CertificateKey])
1013+
if err != nil {
1014+
return nil, errors.Wrapf(err, "failed to parse sign certificate")
1015+
}
1016+
signRootCert, err = utils.ParseX509Certificate(secret.Data[signParams.External.RootCertificateKey])
1017+
if err != nil {
1018+
return nil, errors.Wrapf(err, "failed to parse sign root certificate")
1019+
}
1020+
signKey, err = utils.ParseECDSAPrivateKey(secret.Data[signParams.External.PrivateKeyKey])
1021+
if err != nil {
1022+
return nil, errors.Wrapf(err, "failed to parse sign private key")
1023+
}
1024+
} else if refreshCerts {
9901025
cacert, err := base64.StdEncoding.DecodeString(signParams.Catls.Cacert)
9911026
if err != nil {
9921027
return nil, errors.Wrapf(err, "failed to decode sign ca cert")

0 commit comments

Comments
 (0)