feat(certificate): Remove the Certificater interface in favor of a st…

…ruct. (#4536) Currently there is a Certificater interface that is used to abstract a Certificate. There are 3 identical implementations of Certificate, and some misuse between treating a certificater as either a pointer or a struct. This PR simplifies this by consolidating to a single implementation of Certificate, and removing the need for an interface all together. Signed-off-by: Sean Teeling <[email protected]>
openservicemesh · Feb 17, 2022 · 37d2e4f · 37d2e4f
1 parent cf5223c
commit 37d2e4f
Show file tree

Hide file tree

Showing 48 changed files with 391 additions and 673 deletions.
diff --git a/DESIGN.md b/DESIGN.md
@@ -474,19 +474,19 @@ package certificate
 // Manager is the interface declaring the methods for the Certificate Manager.
 type Manager interface {
 	// IssueCertificate issues a new certificate.
-	IssueCertificate(CommonName, time.Duration) (Certificater, error)
+	IssueCertificate(CommonName, time.Duration) (*Certificate, error)
 
 	// GetCertificate returns a certificate given its Common Name (CN)
-	GetCertificate(CommonName) (Certificater, error)
+	GetCertificate(CommonName) (*Certificate, error)
 
 	// RotateCertificate rotates an existing certificate.
-	RotateCertificate(CommonName) (Certificater, error)
+	RotateCertificate(CommonName) (*Certificate, error)
 
 	// GetRootCertificate returns the root certificate.
-	GetRootCertificate() (Certificater, error)
+	GetRootCertificate() (*Certificate, error)
 
 	// ListCertificates lists all certificates issued
-	ListCertificates() ([]Certificater, error)
+	ListCertificates() ([]*Certificate, error)
 
 	// ReleaseCertificate informs the underlying certificate issuer that the given cert will no longer be needed.
 	// This method could be called when a given payload is terminated. Calling this should remove certs from cache and free memory if possible.
@@ -497,34 +497,6 @@ type Manager interface {
 }
 ```
 
-
-
-Additionally we define an interface for the `Certificate` object, which requires the following methods:
-```go
-// Certificater is the interface declaring methods each Certificate object must have.
-type Certificater interface {
-
-	// GetCommonName retrieves the name of the certificate.
-	GetCommonName() CommonName
-
-	// GetCertificateChain retrieves the cert chain.
-	GetCertificateChain() []byte
-
-	// GetPrivateKey returns the private key.
-	GetPrivateKey() []byte
-
-	// GetIssuingCA returns the root certificate for the given cert.
-	GetIssuingCA() Certificater
-
-	// GetExpiration() returns the expiration of the certificate
-	GetExpiration() time.Time
-
- 	// GetSerialNumber returns the serial number of the given certificate.
- 	GetSerialNumber() string
-}
-```
-
-
 ## Appendix
 
 ### Fundamental Types

diff --git a/docs/certificate_management.md b/docs/certificate_management.md
@@ -14,19 +14,19 @@ All certificate managers implement the `Manager` interface (located in `pkg/cert
 // Manager is the interface declaring the methods for the Certificate Manager.
 type Manager interface {
 	// IssueCertificate issues a new certificate.
-	IssueCertificate(CommonName, time.Duration) (Certificater, error)
+	IssueCertificate(CommonName, time.Duration) (*Certificate, error)
 
 	// GetCertificate returns a certificate given its Common Name (CN)
-	GetCertificate(CommonName) (Certificater, error)
+	GetCertificate(CommonName) (*Certificate, error)
 
 	// RotateCertificate rotates an existing certificate.
-	RotateCertificate(CommonName) (Certificater, error)
+	RotateCertificate(CommonName) (*Certificate, error)
 
 	// GetRootCertificate returns the root certificate in PEM format and its expiration.
-	GetRootCertificate() (Certificater, error)
+	GetRootCertificate() (*Certificate, error)
 
 	// ListCertificates lists all certificates issued
-	ListCertificates() ([]Certificater, error)
+	ListCertificates() ([]*Certificate, error)
 
 	// ReleaseCertificate informs the underlying certificate issuer that the given cert will no longer be needed.
 	// This method could be called when a given payload is terminated. Calling this should remove certs from cache and free memory if possible.
@@ -159,7 +159,7 @@ cmapi.CertificateRequest{
 }
 ```
 
-The certificate will be retrieved by making a request directly to cert-manager by `(*CertManager).certificaterFromCertificateRequest`. Here is an example issuer for OSM:
+The certificate will be retrieved by making a request directly to cert-manager by `(*CertManager).certificateFromCertificateRequest`. Here is an example issuer for OSM:
 
 ```
 $ kubectl get issuer -n osm-system osm-ca -o yaml

diff --git a/mockspec/rules b/mockspec/rules
@@ -30,7 +30,7 @@ service; pkg/service/mock_service_provider_generated.go; github.com/openservicem
 configurator; pkg/configurator/mock_client_generated.go; github.com/openservicemesh/osm/pkg/configurator; Configurator
 
 # pkg/certificate
-certificate; pkg/certificate/mock_certificate_generated.go; github.com/openservicemesh/osm/pkg/certificate; Certificater,Manager
+certificate; pkg/certificate/mock_certificate_generated.go; github.com/openservicemesh/osm/pkg/certificate; Manager
 
 # pkg/config
 config; pkg/config/mock_client_generated.go; github.com/openservicemesh/osm/pkg/config; Controller
diff --git a/pkg/certificate/README.md b/pkg/certificate/README.md
@@ -7,11 +7,7 @@ For design and details on mTLS and certificate issuance please see [docs/pattern
 
 ## Interfaces
 
-In `types.go` we define 2 interfaces:
-
-  1. `certificate.Manager` - is the interface exposing a particular certificate provider. The certificate manager is responsible for issuing and renewing certificates. It abstracts away the particular methods of signing, renewing, and storing certificates away from the rest of the service mesh components.
-  2. `certificate.Certificater` - an abstraction over an actual certificate, which is signed by our CA, has an expiration, and certain properties common to all PEM encoded certificates issued by any certificate provider implemented.
-
+In `types.go` we define a single interface, `certificate.Manager`, the interface exposing a particular certificate provider. The certificate manager is responsible for issuing and renewing certificates. It abstracts away the particular methods of signing, renewing, and storing certificates away from the rest of the service mesh components.
 
 ## Providers
 The directory `providers` contains implementations of certificate issuers (`certificate.Manager`s):

diff --git a/pkg/certificate/certificate.go b/pkg/certificate/certificate.go
@@ -0,0 +1,37 @@
+package certificate
+
+import (
+	time "time"
+
+	"github.com/openservicemesh/osm/pkg/certificate/pem"
+)
+
+// GetCommonName returns the Common Name of the certificate
+func (c *Certificate) GetCommonName() CommonName {
+	return c.CommonName
+}
+
+// GetSerialNumber returns the serial number of the certificate
+func (c *Certificate) GetSerialNumber() SerialNumber {
+	return c.SerialNumber
+}
+
+// GetExpiration returns the expiration time of the certificate
+func (c *Certificate) GetExpiration() time.Time {
+	return c.Expiration
+}
+
+// GetCertificateChain returns the certificate chain of the certificate
+func (c *Certificate) GetCertificateChain() pem.Certificate {
+	return c.CertChain
+}
+
+// GetPrivateKey returns the private key of the certificate
+func (c *Certificate) GetPrivateKey() pem.PrivateKey {
+	return c.PrivateKey
+}
+
+// GetIssuingCA returns the issuing CA of the certificate
+func (c *Certificate) GetIssuingCA() pem.RootCertificate {
+	return c.IssuingCA
+}
diff --git a/pkg/certificate/mock_certificate_generated.go b/pkg/certificate/mock_certificate_generated.go
diff --git a/pkg/certificate/providers/certmanager/certificate.go b/pkg/certificate/providers/certmanager/certificate.go