github.com/IBM-Blockchain/fabric-operator@v1.0.4/api/v1beta1/ibpca.go (about) 1 /* 2 * Copyright contributors to the Hyperledger Fabric Operator project 3 * 4 * SPDX-License-Identifier: Apache-2.0 5 * 6 * Licensed under the Apache License, Version 2.0 (the "License"); 7 * you may not use this file except in compliance with the License. 8 * You may obtain a copy of the License at: 9 * 10 * http://www.apache.org/licenses/LICENSE-2.0 11 * 12 * Unless required by applicable law or agreed to in writing, software 13 * distributed under the License is distributed on an "AS IS" BASIS, 14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 * See the License for the specific language governing permissions and 16 * limitations under the License. 17 */ 18 19 package v1beta1 20 21 import ( 22 "os" 23 24 "github.com/IBM-Blockchain/fabric-operator/pkg/initializer/ca/config" 25 "github.com/IBM-Blockchain/fabric-operator/pkg/util/image" 26 corev1 "k8s.io/api/core/v1" 27 ) 28 29 // +kubebuilder:object:generate=false 30 type CAConfig interface { 31 UsingPKCS11() bool 32 } 33 34 func (s *IBPCA) ResetRestart() { 35 s.Spec.Action.Restart = false 36 } 37 38 func (s *IBPCA) ResetTLSRenew() { 39 s.Spec.Action.Renew.TLSCert = false 40 } 41 42 func (s *IBPCA) UsingHSMProxy() bool { 43 if s.Spec.HSM != nil && s.Spec.HSM.PKCS11Endpoint != "" { 44 return true 45 } 46 return false 47 } 48 49 func (s *IBPCA) IsHSMEnabled() bool { 50 return s.isCAHSMEnabled() || s.isTLSCAHSMEnabled() 51 } 52 53 func (s *IBPCA) IsHSMEnabledForType(caType config.Type) bool { 54 switch caType { 55 case config.EnrollmentCA: 56 return s.isCAHSMEnabled() 57 case config.TLSCA: 58 return s.isTLSCAHSMEnabled() 59 } 60 return false 61 } 62 63 func (s *IBPCA) isCAHSMEnabled() bool { 64 configOverride, err := s.Spec.GetCAConfigOverride() 65 if err != nil { 66 return false 67 } 68 69 return configOverride.UsingPKCS11() 70 } 71 72 func (s *IBPCA) isTLSCAHSMEnabled() bool { 73 configOverride, err := s.GetTLSCAConfigOverride() 74 if err != nil { 75 return false 76 } 77 78 return configOverride.UsingPKCS11() 79 } 80 81 func (s *IBPCA) GetTLSCAConfigOverride() (CAConfig, error) { 82 if s.Spec.ConfigOverride == nil || s.Spec.ConfigOverride.TLSCA == nil { 83 return &config.Config{}, nil 84 } 85 86 configOverride, err := config.ReadFrom(&s.Spec.ConfigOverride.TLSCA.Raw) 87 if err != nil { 88 return nil, err 89 } 90 91 return configOverride, nil 92 } 93 94 func (s *IBPCA) GetNumSecondsWarningPeriod() int64 { 95 if s.Spec.NumSecondsWarningPeriod == 0 { 96 // Default to the equivalent of 30 days 97 daysToSecondsConversion := int64(24 * 60 * 60) 98 return 30 * daysToSecondsConversion 99 } 100 return s.Spec.NumSecondsWarningPeriod 101 } 102 103 func (s *IBPCA) GetPullSecrets() []corev1.LocalObjectReference { 104 pullSecrets := []corev1.LocalObjectReference{} 105 for _, ps := range s.Spec.ImagePullSecrets { 106 pullSecrets = append(pullSecrets, corev1.LocalObjectReference{Name: ps}) 107 } 108 return pullSecrets 109 } 110 111 func (s *IBPCA) GetRegistryURL() string { 112 return s.Spec.RegistryURL 113 } 114 115 func (s *IBPCA) GetArch() []string { 116 return s.Spec.Arch 117 } 118 119 func (s *IBPCA) GetLabels() map[string]string { 120 label := os.Getenv("OPERATOR_LABEL_PREFIX") 121 if label == "" { 122 label = "fabric" 123 } 124 125 return map[string]string{ 126 "app": s.GetName(), 127 "creator": label, 128 "release": "operator", 129 "helm.sh/chart": "ibm-" + label, 130 "app.kubernetes.io/name": label, 131 "app.kubernetes.io/instance": label + "ca", 132 "app.kubernetes.io/managed-by": label + "-operator", 133 } 134 } 135 136 // GetFabricVersion returns fabric version from CR spec 137 func (s *IBPCA) GetFabricVersion() string { 138 return s.Spec.FabricVersion 139 } 140 141 // SetFabricVersion sets fabric version on spec 142 func (s *IBPCA) SetFabricVersion(version string) { 143 s.Spec.FabricVersion = version 144 } 145 146 // ImagesSet returns true if the spec has images defined 147 func (s *IBPCA) ImagesSet() bool { 148 return s.Spec.Images != nil 149 } 150 151 // GetResource returns resources defined in spec for request component, if no resources 152 // defined returns blank but initialized instance of resources 153 func (s *IBPCA) GetResource(comp Component) corev1.ResourceRequirements { 154 if s.Spec.Resources != nil { 155 switch comp { 156 case INIT: 157 if s.Spec.Resources.Init != nil { 158 return *s.Spec.Resources.Init 159 } 160 case CA: 161 if s.Spec.Resources.CA != nil { 162 return *s.Spec.Resources.CA 163 } 164 case ENROLLER: 165 if s.Spec.Resources.EnrollJob != nil { 166 return *s.Spec.Resources.EnrollJob 167 } 168 case HSMDAEMON: 169 if s.Spec.Resources.HSMDaemon != nil { 170 return *s.Spec.Resources.HSMDaemon 171 } 172 } 173 } 174 175 return corev1.ResourceRequirements{} 176 } 177 178 // PVCName returns pvc name associated with instance 179 func (s *IBPCA) PVCName() string { 180 name := s.Name + "-pvc" 181 if s.Spec.CustomNames.PVC.CA != "" { 182 name = s.Spec.CustomNames.PVC.CA 183 } 184 return name 185 } 186 187 // GetMSPID returns empty string as we don't currently store 188 // the orgname/MSPID of the CA in its spec 189 func (s *IBPCA) GetMSPID() string { 190 // no-op 191 return "" 192 } 193 194 func (s *IBPCASpec) HSMSet() bool { 195 if s.HSM != nil && s.HSM.PKCS11Endpoint != "" { 196 return true 197 } 198 199 return false 200 } 201 202 func (s *IBPCASpec) DomainSet() bool { 203 if s.Domain != "" { 204 return true 205 } 206 207 return false 208 } 209 210 func (s *IBPCASpec) CAResourcesSet() bool { 211 if s.Resources != nil { 212 if s.Resources.CA != nil { 213 return true 214 } 215 } 216 217 return false 218 } 219 220 func (s *IBPCASpec) InitResourcesSet() bool { 221 if s.Resources != nil { 222 if s.Resources.Init != nil { 223 return true 224 } 225 } 226 227 return false 228 } 229 230 func (s *IBPCASpec) GetCAConfigOverride() (CAConfig, error) { 231 if s.ConfigOverride == nil || s.ConfigOverride.CA == nil { 232 return &config.Config{}, nil 233 } 234 235 configOverride, err := config.ReadFrom(&s.ConfigOverride.CA.Raw) 236 if err != nil { 237 return nil, err 238 } 239 return configOverride, nil 240 } 241 242 func (c *IBPCAStatus) HasType() bool { 243 if c.CRStatus.Type != "" { 244 return true 245 } 246 return false 247 } 248 249 // Override will look at requested images and use those to override default image 250 // values. Override also format the image tag to include arch for non-sha based 251 // tags. 252 func (i *CAImages) Override(requested *CAImages, registryURL string, arch string) { 253 // If requested is nil, we are only interested in properly prepending registry 254 // URL to the image and with overriding default values so a empty struct is initialized. 255 if requested == nil { 256 requested = &CAImages{} 257 } 258 259 // Images 260 i.CAInitImage = image.GetImage(registryURL, i.CAInitImage, requested.CAInitImage) 261 i.CAImage = image.GetImage(registryURL, i.CAImage, requested.CAImage) 262 i.HSMImage = image.GetImage(registryURL, i.HSMImage, requested.HSMImage) 263 i.EnrollerImage = image.GetImage(registryURL, i.EnrollerImage, requested.EnrollerImage) 264 265 // Tags 266 i.CAInitTag = image.GetTag(arch, i.CAInitTag, requested.CAInitTag) 267 i.CATag = image.GetTag(arch, i.CATag, requested.CATag) 268 i.HSMTag = image.GetTag(arch, i.HSMTag, requested.HSMTag) 269 i.EnrollerTag = image.GetTag(arch, i.EnrollerTag, requested.EnrollerTag) 270 } 271 272 func init() { 273 SchemeBuilder.Register(&IBPCA{}, &IBPCAList{}) 274 }