From 96c2899a1ed325e84c629e6e166abed900426695 Mon Sep 17 00:00:00 2001 From: Gerd Oberlechner Date: Thu, 2 Jul 2026 11:08:57 +0200 Subject: [PATCH] feat(pipelines): add manage field to CreateCertificateStep (ARO-28053) Allow disabling certificate management per environment via an optional `manage` Value field. Some environments (e.g. FPA and GA in DEV/INT) manage certificates differently, and the pipeline step needs to be skippable without removing it from the config. https://redhat.atlassian.net/browse/ARO-28053 --- pipelines/testdata/config.yaml | 2 ++ pipelines/testdata/pipeline.yaml | 2 ++ pipelines/types/common.go | 27 ++++++++++++------- pipelines/types/common_test.go | 1 + pipelines/types/pipeline.schema.v1.json | 3 +++ .../zz_fixture_TestNewPipelineFromFile.yaml | 2 ++ 6 files changed, 28 insertions(+), 9 deletions(-) diff --git a/pipelines/testdata/config.yaml b/pipelines/testdata/config.yaml index 5c12e53..2548cc7 100644 --- a/pipelines/testdata/config.yaml +++ b/pipelines/testdata/config.yaml @@ -29,6 +29,8 @@ defaults: clustersService: imageTag: abcdef replicas: 3 + certificates: + manage: Enabled parentZone: example.com childZone: child.example.com vaultBaseUrl: myvault.azure.com diff --git a/pipelines/testdata/pipeline.yaml b/pipelines/testdata/pipeline.yaml index 7446497..e595579 100644 --- a/pipelines/testdata/pipeline.yaml +++ b/pipelines/testdata/pipeline.yaml @@ -160,6 +160,8 @@ resourceGroups: value: OneCertV2-PrivateCA commonName: value: hcp-mdsd.geneva.keyvault.aro-int.azure.com + manage: + configRef: certificates.manage - name: rpRegistration action: ResourceProviderRegistration resourceProviderNamespaces: diff --git a/pipelines/types/common.go b/pipelines/types/common.go index aa61408..e1adfcd 100644 --- a/pipelines/types/common.go +++ b/pipelines/types/common.go @@ -228,17 +228,23 @@ func (s *SetCertificateIssuerStep) RequiredInputs() []StepDependency { const StepActionCreateCertificate = "CreateCertificate" +const ( + CertificateManageEnabled = "Enabled" + CertificateManageDisabled = "Disabled" +) + type CreateCertificateStep struct { StepMeta `json:",inline"` - VaultBaseUrl Value `json:"vaultBaseUrl,omitempty"` - CertificateName Value `json:"certificateName,omitempty"` - ContentType Value `json:"contentType,omitempty"` - SAN Value `json:"san,omitempty"` - Issuer Value `json:"issuer,omitempty"` - SecretKeyVault Value `json:"secretKeyVault,omitempty"` - SecretName Value `json:"secretName,omitempty"` - ApplicationId Value `json:"applicationId,omitempty"` - CommonName Value `json:"commonName,omitempty"` + VaultBaseUrl Value `json:"vaultBaseUrl,omitempty"` + CertificateName Value `json:"certificateName,omitempty"` + ContentType Value `json:"contentType,omitempty"` + SAN Value `json:"san,omitempty"` + Issuer Value `json:"issuer,omitempty"` + SecretKeyVault Value `json:"secretKeyVault,omitempty"` + SecretName Value `json:"secretName,omitempty"` + ApplicationId Value `json:"applicationId,omitempty"` + CommonName Value `json:"commonName,omitempty"` + Manage *Value `json:"manage,omitempty"` } func (s *CreateCertificateStep) Description() string { @@ -252,6 +258,9 @@ func (s *CreateCertificateStep) RequiredInputs() []StepDependency { deps = append(deps, val.Input.StepDependency) } } + if s.Manage != nil && s.Manage.Input != nil { + deps = append(deps, s.Manage.Input.StepDependency) + } slices.SortFunc(deps, SortDependencies) deps = slices.Compact(deps) return deps diff --git a/pipelines/types/common_test.go b/pipelines/types/common_test.go index b2e5e63..bdda4fd 100644 --- a/pipelines/types/common_test.go +++ b/pipelines/types/common_test.go @@ -96,6 +96,7 @@ func TestRequiredInputs(t *testing.T) { SecretName: Value{Input: &Input{StepDependency: StepDependency{ResourceGroup: "rg", Step: "step6"}}}, ApplicationId: Value{Input: &Input{StepDependency: StepDependency{ResourceGroup: "rg", Step: "step7"}}}, CommonName: Value{Input: &Input{StepDependency: StepDependency{ResourceGroup: "rg", Step: "step8"}}}, + Manage: &Value{ConfigRef: "some.config.manage"}, }, expected: []StepDependency{ {ResourceGroup: "rg", Step: "step"}, diff --git a/pipelines/types/pipeline.schema.v1.json b/pipelines/types/pipeline.schema.v1.json index 3569cb2..e1686be 100644 --- a/pipelines/types/pipeline.schema.v1.json +++ b/pipelines/types/pipeline.schema.v1.json @@ -1020,6 +1020,9 @@ }, "commonName": { "$ref": "#/definitions/value" + }, + "manage": { + "$ref": "#/definitions/value" } }, "required": [ diff --git a/pipelines/types/testdata/zz_fixture_TestNewPipelineFromFile.yaml b/pipelines/types/testdata/zz_fixture_TestNewPipelineFromFile.yaml index 001a65b..f4cc447 100644 --- a/pipelines/types/testdata/zz_fixture_TestNewPipelineFromFile.yaml +++ b/pipelines/types/testdata/zz_fixture_TestNewPipelineFromFile.yaml @@ -142,6 +142,8 @@ resourceGroups: value: x-pem-file issuer: value: OneCertV2-PrivateCA + manage: + configRef: certificates.manage name: cert san: value: hcp-mdsd.geneva.keyvault.aro-int.azure.com