Stop passing CA Secret names to Ca class

cluster-operator/src/main/java/io/strimzi/operator/cluster/model/ClusterCa.java

@@ -50,12 +50,11 @@ public class ClusterCa extends Ca {
      * @param reconciliation        Reconciliation marker
      * @param certManager           Certificate manager instance
      * @param passwordGenerator     Password generator instance
-     * @param clusterName           Name of the Kafka cluster
      * @param caCertSecret          Name of the CA public key secret
      * @param caKeySecret           Name of the CA private key secret
      */
-    public ClusterCa(Reconciliation reconciliation, CertManager certManager, PasswordGenerator passwordGenerator, String clusterName, Secret caCertSecret, Secret caKeySecret) {
-        this(reconciliation, certManager, passwordGenerator, clusterName, caCertSecret, caKeySecret, CertificateAuthority.DEFAULT_CERTS_VALIDITY_DAYS, CertificateAuthority.DEFAULT_CERTS_RENEWAL_DAYS, true, null);
+    public ClusterCa(Reconciliation reconciliation, CertManager certManager, PasswordGenerator passwordGenerator, Secret caCertSecret, Secret caKeySecret) {
+        this(reconciliation, certManager, passwordGenerator, caCertSecret, caKeySecret, CertificateAuthority.DEFAULT_CERTS_VALIDITY_DAYS, CertificateAuthority.DEFAULT_CERTS_RENEWAL_DAYS, true, null);
     }
 
     /**
@@ -64,7 +63,6 @@ public ClusterCa(Reconciliation reconciliation, CertManager certManager, Passwor
      * @param reconciliation        Reconciliation marker
      * @param certManager           Certificate manager instance
      * @param passwordGenerator     Password generator instance
-     * @param clusterName           Name of the Kafka cluster
      * @param clusterCaCert         Secret with the public key
      * @param clusterCaKey          Secret with the private key
      * @param validityDays          Validity days
@@ -74,7 +72,6 @@ public ClusterCa(Reconciliation reconciliation, CertManager certManager, Passwor
      */
     public ClusterCa(Reconciliation reconciliation, CertManager certManager,
                      PasswordGenerator passwordGenerator,
-                     String clusterName,
                      Secret clusterCaCert,
                      Secret clusterCaKey,
                      int validityDays,
@@ -83,9 +80,7 @@ public ClusterCa(Reconciliation reconciliation, CertManager certManager,
                      CertificateExpirationPolicy policy) {
         super(reconciliation, certManager, passwordGenerator,
                 "cluster-ca",
-                AbstractModel.clusterCaCertSecretName(clusterName),
                 clusterCaCert,
-                AbstractModel.clusterCaKeySecretName(clusterName),
                 clusterCaKey, validityDays, renewalDays, generateCa, policy);
     }
 

cluster-operator/src/main/java/io/strimzi/operator/cluster/operator/assembly/CaReconciler.java

@@ -259,7 +259,6 @@ Future<Void> reconcileCas(Clock clock) {
                     boolean generateClientsCa = clientsCaConfig == null || clientsCaConfig.isGenerateCertificateAuthority();
 
                     clusterCa = new ClusterCa(reconciliation, certManager, passwordGenerator,
-                            reconciliation.name(),
                             existingClusterCaCertSecret,
                             existingClusterCaKeySecret,
                             ModelUtils.getCertificateValidity(clusterCaConfig),
@@ -269,8 +268,8 @@ Future<Void> reconcileCas(Clock clock) {
 
 
                     clientsCa = new ClientsCa(reconciliation, certManager, passwordGenerator,
-                            clientsCaCertName, existingClientsCaCertSecret,
-                            clientsCaKeyName, existingClientsCaKeySecret,
+                            existingClientsCaCertSecret,
+                            existingClientsCaKeySecret,
                             ModelUtils.getCertificateValidity(clientsCaConfig),
                             ModelUtils.getRenewalDays(clientsCaConfig),
                             generateClientsCa,

cluster-operator/src/test/java/io/strimzi/operator/cluster/model/ClusterCaRenewalTest.java

@@ -41,7 +41,7 @@ public class ClusterCaRenewalTest {
 
     @Test
     public void renewalOfCertificatesWithNullCertificates() throws IOException {
-        ClusterCa mockedCa = new MockedClusterCa(Reconciliation.DUMMY_RECONCILIATION, null, null, null, null, null, 2, 1, true, null);
+        ClusterCa mockedCa = new MockedClusterCa(Reconciliation.DUMMY_RECONCILIATION, null, null, null, null, 2, 1, true, null);
 
         boolean isMaintenanceTimeWindowsSatisfied = true;
 
@@ -72,7 +72,7 @@ public void renewalOfCertificatesWithNullCertificates() throws IOException {
 
     @Test
     public void renewalOfCertificatesWithCaRenewal() throws IOException {
-        MockedClusterCa mockedCa = new MockedClusterCa(Reconciliation.DUMMY_RECONCILIATION, null, null, null, null, null, 2, 1, true, null);
+        MockedClusterCa mockedCa = new MockedClusterCa(Reconciliation.DUMMY_RECONCILIATION, null, null, null, null, 2, 1, true, null);
         mockedCa.setCaCertGeneration(1);
 
         Map<String, CertAndKey> initialCerts = new HashMap<>();
@@ -112,7 +112,7 @@ public void renewalOfCertificatesWithCaRenewal() throws IOException {
 
     @Test
     public void renewalOfCertificatesDelayedRenewalInWindow() throws IOException {
-        MockedClusterCa mockedCa = new MockedClusterCa(Reconciliation.DUMMY_RECONCILIATION, null, null, null, null, null, 2, 1, true, null);
+        MockedClusterCa mockedCa = new MockedClusterCa(Reconciliation.DUMMY_RECONCILIATION, null, null, null, null, 2, 1, true, null);
         mockedCa.setCertExpiring(true);
 
         Map<String, CertAndKey> initialCerts = new HashMap<>();
@@ -155,7 +155,7 @@ public void renewalOfCertificatesDelayedRenewalInWindow() throws IOException {
 
     @Test
     public void renewalOfCertificatesDelayedRenewalOutsideWindow() throws IOException {
-        MockedClusterCa mockedCa = new MockedClusterCa(Reconciliation.DUMMY_RECONCILIATION, null, null, null, null, null, 2, 1, true, null);
+        MockedClusterCa mockedCa = new MockedClusterCa(Reconciliation.DUMMY_RECONCILIATION, null, null, null, null, 2, 1, true, null);
         mockedCa.setCertExpiring(true);
 
         Map<String, CertAndKey> initialCerts = new HashMap<>();
@@ -192,7 +192,7 @@ public void renewalOfCertificatesDelayedRenewalOutsideWindow() throws IOExceptio
 
     @Test
     public void renewalOfCertificatesWithNewNodesOutsideWindow() throws IOException {
-        MockedClusterCa mockedCa = new MockedClusterCa(Reconciliation.DUMMY_RECONCILIATION, null, null, null, null, null, 2, 1, true, null);
+        MockedClusterCa mockedCa = new MockedClusterCa(Reconciliation.DUMMY_RECONCILIATION, null, null, null, null, 2, 1, true, null);
         mockedCa.setCertExpiring(true);
 
         Map<String, CertAndKey> initialCerts = new HashMap<>();
@@ -222,7 +222,7 @@ public void renewalOfCertificatesWithNewNodesOutsideWindow() throws IOException
 
     @Test
     public void noRenewalOfCertificates() throws IOException {
-        MockedClusterCa mockedCa = new MockedClusterCa(Reconciliation.DUMMY_RECONCILIATION, null, null, null, null, null, 2, 1, true, null);
+        MockedClusterCa mockedCa = new MockedClusterCa(Reconciliation.DUMMY_RECONCILIATION, null, null, null, null, 2, 1, true, null);
 
         Map<String, CertAndKey> initialCerts = new HashMap<>();
         initialCerts.put("pod0", new CertAndKey("old-key".getBytes(), "old-cert".getBytes()));
@@ -250,7 +250,7 @@ public void noRenewalOfCertificates() throws IOException {
 
     @Test
     public void nosRenewalOfCertificatesWithScaleUp() throws IOException {
-        MockedClusterCa mockedCa = new MockedClusterCa(Reconciliation.DUMMY_RECONCILIATION, null, null, null, null, null, 2, 1, true, null);
+        MockedClusterCa mockedCa = new MockedClusterCa(Reconciliation.DUMMY_RECONCILIATION, null, null, null, null, 2, 1, true, null);
 
         Map<String, CertAndKey> initialCerts = new HashMap<>();
         initialCerts.put("pod0", new CertAndKey("old-key".getBytes(), "old-cert".getBytes()));
@@ -276,7 +276,7 @@ public void nosRenewalOfCertificatesWithScaleUp() throws IOException {
 
     @Test
     public void noRenewalOfCertificatesWithScaleUpInTheMiddle() throws IOException {
-        MockedClusterCa mockedCa = new MockedClusterCa(Reconciliation.DUMMY_RECONCILIATION, null, null, null, null, null, 2, 1, true, null);
+        MockedClusterCa mockedCa = new MockedClusterCa(Reconciliation.DUMMY_RECONCILIATION, null, null, null, null, 2, 1, true, null);
 
         Map<String, CertAndKey> initialCerts = new HashMap<>();
         initialCerts.put("pod0", new CertAndKey("old-key".getBytes(), "old-cert".getBytes()));
@@ -303,7 +303,7 @@ public void noRenewalOfCertificatesWithScaleUpInTheMiddle() throws IOException {
 
     @Test
     public void noRenewalOfCertificatesScaleDown() throws IOException {
-        MockedClusterCa mockedCa = new MockedClusterCa(Reconciliation.DUMMY_RECONCILIATION, null, null, null, null, null, 2, 1, true, null);
+        MockedClusterCa mockedCa = new MockedClusterCa(Reconciliation.DUMMY_RECONCILIATION, null, null, null, null, 2, 1, true, null);
 
         Map<String, CertAndKey> initialCerts = new HashMap<>();
         initialCerts.put("pod0", new CertAndKey("old-key".getBytes(), "old-cert".getBytes()));
@@ -329,7 +329,7 @@ public void noRenewalOfCertificatesScaleDown() throws IOException {
 
     @Test
     public void changedSubjectOfCertificates() throws IOException {
-        MockedClusterCa mockedCa = new MockedClusterCa(Reconciliation.DUMMY_RECONCILIATION, null, null, null, null, null, 2, 1, true, null);
+        MockedClusterCa mockedCa = new MockedClusterCa(Reconciliation.DUMMY_RECONCILIATION, null, null, null, null, 2, 1, true, null);
         mockedCa.setCertExpiring(true);
 
         Map<String, CertAndKey> initialCerts = new HashMap<>();
@@ -361,7 +361,7 @@ public void changedSubjectOfCertificates() throws IOException {
 
     @Test
     public void certificatesIncludeCaChain() throws IOException {
-        MockedClusterCa mockedCa = new MockedClusterCa(Reconciliation.DUMMY_RECONCILIATION, null, null, null, null, null, 2, 1, true, null);
+        MockedClusterCa mockedCa = new MockedClusterCa(Reconciliation.DUMMY_RECONCILIATION, null, null, null, null, 2, 1, true, null);
 
         Map<String, CertAndKey> newCerts = mockedCa.maybeCopyOrGenerateServerCerts(
                 Reconciliation.DUMMY_RECONCILIATION,
@@ -379,7 +379,7 @@ public void certificatesIncludeCaChain() throws IOException {
 
     @Test
     public void caChainAddedToExistingCertificates() throws IOException {
-        MockedClusterCa mockedCa = new MockedClusterCa(Reconciliation.DUMMY_RECONCILIATION, null, null, null, null, null, 2, 1, true, null);
+        MockedClusterCa mockedCa = new MockedClusterCa(Reconciliation.DUMMY_RECONCILIATION, null, null, null, null, 2, 1, true, null);
 
         Map<String, CertAndKey> initialCerts = new HashMap<>();
         initialCerts.put("pod0", new CertAndKey("new-key0".getBytes(), "new-cert0".getBytes()));
@@ -402,7 +402,7 @@ public void caChainAddedToExistingCertificates() throws IOException {
 
     @Test
     public void testRenewalOfDeploymentCertificateWithNullCertAndKey() {
-        MockedClusterCa mockedCa = new MockedClusterCa(Reconciliation.DUMMY_RECONCILIATION, null, null, null, null, null, 2, 1, true, null);
+        MockedClusterCa mockedCa = new MockedClusterCa(Reconciliation.DUMMY_RECONCILIATION, null, null, null, null, 2, 1, true, null);
 
         CertAndKey newCert = mockedCa.maybeCopyOrGenerateClientCert(
                 Reconciliation.DUMMY_RECONCILIATION,
@@ -418,7 +418,7 @@ public void testRenewalOfDeploymentCertificateWithNullCertAndKey() {
 
     @Test
     public void testRenewalOfDeploymentCertificateWithRenewingCa() {
-        MockedClusterCa mockedCa = new MockedClusterCa(Reconciliation.DUMMY_RECONCILIATION, null, null, null, null, null, 2, 1, true, null);
+        MockedClusterCa mockedCa = new MockedClusterCa(Reconciliation.DUMMY_RECONCILIATION, null, null, null, null, 2, 1, true, null);
         mockedCa.setCaCertGeneration(1);
 
         CertAndKey initialCert = new CertAndKey("old-key".getBytes(), "old-cert".getBytes());
@@ -437,7 +437,7 @@ public void testRenewalOfDeploymentCertificateWithRenewingCa() {
 
     @Test
     public void testRenewalOfDeploymentCertificateDelayedRenewal() {
-        MockedClusterCa mockedCa = new MockedClusterCa(Reconciliation.DUMMY_RECONCILIATION, null, null, null, null, null, 2, 1, true, null);
+        MockedClusterCa mockedCa = new MockedClusterCa(Reconciliation.DUMMY_RECONCILIATION, null, null, null, null, 2, 1, true, null);
         mockedCa.setCertExpiring(true);
 
         CertAndKey initialCert = new CertAndKey("old-key".getBytes(), "old-cert".getBytes());
@@ -456,7 +456,7 @@ public void testRenewalOfDeploymentCertificateDelayedRenewal() {
 
     @Test
     public void testRenewalOfDeploymentCertificateDelayedRenewalOutsideOfMaintenanceWindow() throws IOException {
-        MockedClusterCa mockedCa = new MockedClusterCa(Reconciliation.DUMMY_RECONCILIATION, null, null, null, null, null, 2, 1, true, null);
+        MockedClusterCa mockedCa = new MockedClusterCa(Reconciliation.DUMMY_RECONCILIATION, null, null, null, null, 2, 1, true, null);
         mockedCa.setCertExpiring(true);
 
         CertAndKey initialCert = new CertAndKey("old-key".getBytes(), "old-cert".getBytes());
@@ -475,7 +475,7 @@ public void testRenewalOfDeploymentCertificateDelayedRenewalOutsideOfMaintenance
 
     @Test
     public void testHandlingOldSecretWithPKCS12Files() throws IOException {
-        MockedClusterCa mockedCa = new MockedClusterCa(Reconciliation.DUMMY_RECONCILIATION, null, null, null, null, null, 2, 1, true, null);
+        MockedClusterCa mockedCa = new MockedClusterCa(Reconciliation.DUMMY_RECONCILIATION, null, null, null, null, 2, 1, true, null);
 
         CertAndKey initialCert = new CertAndKey("old-key".getBytes(), "old-cert".getBytes(), null, "old-keystore".getBytes(), "old-password");
 
@@ -498,8 +498,8 @@ public static class MockedClusterCa extends ClusterCa {
         private int caCertGeneration;
         private boolean isCertExpiring;
 
-        public MockedClusterCa(Reconciliation reconciliation, CertManager certManager, PasswordGenerator passwordGenerator, String commonName, Secret caCertSecret, Secret caKeySecret, int validityDays, int renewalDays, boolean generateCa, CertificateExpirationPolicy policy) {
-            super(reconciliation, certManager, passwordGenerator, commonName, caCertSecret, caKeySecret, validityDays, renewalDays, generateCa, policy);
+        public MockedClusterCa(Reconciliation reconciliation, CertManager certManager, PasswordGenerator passwordGenerator, Secret caCertSecret, Secret caKeySecret, int validityDays, int renewalDays, boolean generateCa, CertificateExpirationPolicy policy) {
+            super(reconciliation, certManager, passwordGenerator, caCertSecret, caKeySecret, validityDays, renewalDays, generateCa, policy);
         }
 
         @Override

cluster-operator/src/test/java/io/strimzi/operator/cluster/model/ClusterCaTest.java

@@ -33,7 +33,7 @@ public void testRemoveExpiredCertificate() {
         String instantExpected = "2022-03-23T09:00:00Z";
         Clock clock = Clock.fixed(Instant.parse(instantExpected), Clock.systemUTC().getZone());
 
-        ClusterCa clusterCa = new ClusterCa(Reconciliation.DUMMY_RECONCILIATION, new OpenSslCertManager(clock), new PasswordGenerator(10, "a", "a"), cluster, null, null);
+        ClusterCa clusterCa = new ClusterCa(Reconciliation.DUMMY_RECONCILIATION, new OpenSslCertManager(clock), new PasswordGenerator(10, "a", "a"), null, null);
         clusterCa.setClock(clock);
         clusterCa.createRenewOrReplace(true, false, false);
         assertThat(clusterCa.caCertData().size(), is(3));
@@ -42,7 +42,7 @@ public void testRemoveExpiredCertificate() {
         instantExpected = "2022-03-23T11:00:00Z";
         clock = Clock.fixed(Instant.parse(instantExpected), Clock.systemUTC().getZone());
 
-        clusterCa = new ClusterCa(Reconciliation.DUMMY_RECONCILIATION, new OpenSslCertManager(clock), new PasswordGenerator(10, "a", "a"), cluster, buildCertSecret(clusterCa), buildKeySecret(clusterCa));
+        clusterCa = new ClusterCa(Reconciliation.DUMMY_RECONCILIATION, new OpenSslCertManager(clock), new PasswordGenerator(10, "a", "a"), buildCertSecret(clusterCa), buildKeySecret(clusterCa));
         clusterCa.setClock(clock);
         // force key replacement so certificate renewal ...
         clusterCa.createRenewOrReplace(true, true, false);
@@ -53,7 +53,7 @@ public void testRemoveExpiredCertificate() {
         instantExpected = "2023-03-23T10:00:00Z";
         clock = Clock.fixed(Instant.parse(instantExpected), Clock.systemUTC().getZone());
 
-        clusterCa = new ClusterCa(Reconciliation.DUMMY_RECONCILIATION, new OpenSslCertManager(), new PasswordGenerator(10, "a", "a"), cluster, buildCertSecret(clusterCa), buildKeySecret(clusterCa));
+        clusterCa = new ClusterCa(Reconciliation.DUMMY_RECONCILIATION, new OpenSslCertManager(), new PasswordGenerator(10, "a", "a"), buildCertSecret(clusterCa), buildKeySecret(clusterCa));
         clusterCa.setClock(clock);
         clusterCa.createRenewOrReplace(true, false, false);
         assertThat(clusterCa.caCertData().size(), is(3));
@@ -66,7 +66,7 @@ public void testIsExpiringCertificate() {
         String instantExpected = "2022-03-30T09:00:00Z";
         Clock clock = Clock.fixed(Instant.parse(instantExpected), Clock.systemUTC().getZone());
 
-        ClusterCa clusterCa = new ClusterCa(Reconciliation.DUMMY_RECONCILIATION, new OpenSslCertManager(clock), new PasswordGenerator(10, "a", "a"), cluster, null, null);
+        ClusterCa clusterCa = new ClusterCa(Reconciliation.DUMMY_RECONCILIATION, new OpenSslCertManager(clock), new PasswordGenerator(10, "a", "a"), null, null);
         clusterCa.setClock(clock);
         clusterCa.createRenewOrReplace(true, false, false);
 
@@ -89,7 +89,7 @@ public void testRemoveOldCertificate() {
         String instantExpected = "2022-03-23T09:00:00Z";
         Clock clock = Clock.fixed(Instant.parse(instantExpected), Clock.systemUTC().getZone());
 
-        ClusterCa clusterCa = new ClusterCa(Reconciliation.DUMMY_RECONCILIATION, new OpenSslCertManager(clock), new PasswordGenerator(10, "a", "a"), cluster, null, null);
+        ClusterCa clusterCa = new ClusterCa(Reconciliation.DUMMY_RECONCILIATION, new OpenSslCertManager(clock), new PasswordGenerator(10, "a", "a"), null, null);
         clusterCa.setClock(clock);
         clusterCa.createRenewOrReplace(true, false, false);
         assertThat(clusterCa.caCertData().size(), is(3));
@@ -98,7 +98,7 @@ public void testRemoveOldCertificate() {
         instantExpected = "2022-03-23T11:00:00Z";
         clock = Clock.fixed(Instant.parse(instantExpected), Clock.systemUTC().getZone());
 
-        clusterCa = new ClusterCa(Reconciliation.DUMMY_RECONCILIATION, new OpenSslCertManager(clock), new PasswordGenerator(10, "a", "a"), cluster, buildCertSecret(clusterCa), buildKeySecret(clusterCa));
+        clusterCa = new ClusterCa(Reconciliation.DUMMY_RECONCILIATION, new OpenSslCertManager(clock), new PasswordGenerator(10, "a", "a"), buildCertSecret(clusterCa), buildKeySecret(clusterCa));
         clusterCa.setClock(clock);
         // force key replacement so certificate renewal ...
         clusterCa.createRenewOrReplace(true, true, false);
@@ -186,7 +186,7 @@ public void testNotRemoveOldCertificateWithCustomCa() {
                 .withData(clusterCaKeyData)
                 .build();
 
-        ClusterCa clusterCa = new ClusterCa(Reconciliation.DUMMY_RECONCILIATION, new OpenSslCertManager(), new PasswordGenerator(10, "a", "a"), cluster, clusterCaCert, clusterCaKey, 0, 0, false, CertificateExpirationPolicy.RENEW_CERTIFICATE);
+        ClusterCa clusterCa = new ClusterCa(Reconciliation.DUMMY_RECONCILIATION, new OpenSslCertManager(), new PasswordGenerator(10, "a", "a"), clusterCaCert, clusterCaKey, 0, 0, false, CertificateExpirationPolicy.RENEW_CERTIFICATE);
 
         clusterCa.maybeDeleteOldCerts();