diff --git a/pkg/controller/controller.go b/pkg/controller/controller.go index 7a25db2f..a545800c 100644 --- a/pkg/controller/controller.go +++ b/pkg/controller/controller.go @@ -128,7 +128,7 @@ func NewManagerForRestConfig(conf *config.Config, rc *rest.Config) (ctrl.Manager } certsReady := make(chan struct{}) - if err := webhookCfg.AddCertManager(context.Background(), m, certsReady); err != nil { + if err := webhookCfg.AddCertManager(context.Background(), m, certsReady, cl); err != nil { return nil, fmt.Errorf("adding cert manager: %w", err) } diff --git a/pkg/webhook/cert.go b/pkg/webhook/cert.go index b6910e45..a83e6dfd 100644 --- a/pkg/webhook/cert.go +++ b/pkg/webhook/cert.go @@ -30,9 +30,9 @@ type certManager struct { Ready chan struct{} } -func (c *certManager) addToManager(ctx context.Context, mgr manager.Manager, lgr logr.Logger) error { +func (c *certManager) addToManager(ctx context.Context, mgr manager.Manager, lgr logr.Logger, cl client.Client) error { lgr.Info("ensuring webhook cert secret") - if err := c.ensureSecret(ctx, mgr.GetClient()); err != nil { + if err := c.ensureSecret(ctx, cl); err != nil { return fmt.Errorf("ensuring secret: %w", err) } diff --git a/pkg/webhook/nginxingress.go b/pkg/webhook/nginxingress.go index 2863b66c..9ba46bfb 100644 --- a/pkg/webhook/nginxingress.go +++ b/pkg/webhook/nginxingress.go @@ -125,9 +125,6 @@ var sarAuthenticate = func(ctx context.Context, lgr logr.Logger, cl client.Clien lgr := lgr.WithValues("sarResource", resource.Name, "sarGroup", resource.Group, "sarVersion", resource.Version) lgr.Info("checking permissions for resource") sar := authv1.SubjectAccessReview{ - ObjectMeta: metav1.ObjectMeta{ - Name: "nginx-ingress-controller-validation", - }, Spec: authv1.SubjectAccessReviewSpec{ ResourceAttributes: &authv1.ResourceAttributes{ // TODO: add namespace check, this is a bit harder because we need to check if resource is namespaced diff --git a/pkg/webhook/webhook.go b/pkg/webhook/webhook.go index 4f45e3e9..ef5a5d01 100644 --- a/pkg/webhook/webhook.go +++ b/pkg/webhook/webhook.go @@ -137,7 +137,7 @@ func (c *config) EnsureWebhookConfigurations(ctx context.Context, cl client.Clie // AddCertManager adds cert-manager to the manager. The manager starting will result in the cert-manager // starting and generating the certificates. -func (c *config) AddCertManager(ctx context.Context, mgr manager.Manager, certsReady chan struct{}) error { +func (c *config) AddCertManager(ctx context.Context, mgr manager.Manager, certsReady chan struct{}, cl client.Client) error { lgr := log.FromContext(ctx).WithName("cert-manager") lgr.Info("calculating webhooks for cert-manager") @@ -162,7 +162,7 @@ func (c *config) AddCertManager(ctx context.Context, mgr manager.Manager, certsR CAOrganization: "Microsoft", Ready: certsReady, } - if err := cm.addToManager(ctx, mgr, lgr); err != nil { + if err := cm.addToManager(ctx, mgr, lgr, cl); err != nil { return fmt.Errorf("adding rotation: %w", err) }