Set default CredentialStore to "kubernetes" in multiple controllers

- Updated the Reconcile functions in the CA, identity, ordnode, and peer controllers to set the CredentialStore to "kubernetes" if it is not already specified.
- This change ensures a consistent default configuration across different components, enhancing usability and reducing potential misconfigurations.

Signed-off-by: dviejokfs <[email protected]>

Author: dviejokfs

controllers/ca/ca_controller.go

@@ -1108,7 +1108,9 @@ func Reconcile(
 	if err != nil {
 		return ctrl.Result{}, err
 	}
-
+	if hlf.Spec.CredentialStore == "" {
+		hlf.Spec.CredentialStore = "kubernetes"
+	}
 	if exists {
 		// update
 		log.Debugf("Release %s exists, updating", releaseName)

controllers/identity/identity_controller.go

@@ -121,6 +121,9 @@ func (r *FabricIdentityReconciler) Reconcile(ctx context.Context, req ctrl.Reque
 			return ctrl.Result{}, err
 		}
 	}
+	if fabricIdentity.Spec.CredentialStore == "" {
+		fabricIdentity.Spec.CredentialStore = "kubernetes"
+	}
 	clientSet, err := utils.GetClientKubeWithConf(r.Config)
 	if err != nil {
 		r.setConditionStatus(ctx, fabricIdentity, hlfv1alpha1.FailedStatus, false, err, false)

controllers/ordnode/ordnode_controller.go

@@ -144,6 +144,9 @@ func (r *FabricOrdererNodeReconciler) Reconcile(ctx context.Context, req ctrl.Re
 			return ctrl.Result{}, err
 		}
 	}
+	if fabricOrdererNode.Spec.CredentialStore == "" {
+		fabricOrdererNode.Spec.CredentialStore = "kubernetes"
+	}
 	cmdStatus := action.NewStatus(cfg)
 	exists := true
 	helmStatus, err := cmdStatus.Run(releaseName)
@@ -757,7 +760,7 @@ func ReenrollTLSCryptoMaterial(
 			return nil, nil, nil, err
 		}
 		return tlsCert, tlsKey, tlsRootCert, nil
-	} else if conf.Spec.CredentialStore == hlfv1alpha1.CredentialStoreKubernetes {
+	} else {
 		reenrollRequest, err := getReenrollRequestForFabricCATLS(client, enrollment, &conf.Spec, "tls")
 		if err != nil {
 			return nil, nil, nil, err
@@ -771,8 +774,6 @@ func ReenrollTLSCryptoMaterial(
 			return nil, nil, nil, err
 		}
 		return tlsCert, tlsKey, tlsRootCert, nil
-	} else {
-		return nil, nil, nil, errors.New(fmt.Sprintf("not implemented for credential store %s", conf.Spec.CredentialStore))
 	}
 }
 

controllers/peer/peer_controller.go

@@ -359,7 +359,9 @@ func (r *FabricPeerReconciler) Reconcile(ctx context.Context, req ctrl.Request)
 			return r.updateCRStatusOrFailReconcile(ctx, r.Log, fabricPeer)
 		}
 	}
-
+	if fabricPeer.Spec.CredentialStore == "" {
+		fabricPeer.Spec.CredentialStore = "kubernetes"
+	}
 	cmdStatus := action.NewStatus(cfg)
 	exists := true
 	helmStatus, err := cmdStatus.Run(releaseName)
@@ -921,17 +923,7 @@ func getEnrollRequestForVaultTLS(tls *hlfv1alpha1.TLSComponent, conf *hlfv1alpha
 }
 
 func CreateTLSCryptoMaterial(client *kubernetes.Clientset, conf *hlfv1alpha1.FabricPeer, enrollment *hlfv1alpha1.TLSComponent) (*x509.Certificate, *ecdsa.PrivateKey, *x509.Certificate, error) {
-	if conf.Spec.CredentialStore == hlfv1alpha1.CredentialStoreKubernetes {
-		enrollRequest, err := getEnrollRequestForFabricCATLS(client, enrollment, conf, "tls")
-		if err != nil {
-			return nil, nil, nil, err
-		}
-		tlsCert, tlsKey, tlsRootCert, err := certs.EnrollUser(enrollRequest)
-		if err != nil {
-			return nil, nil, nil, err
-		}
-		return tlsCert, tlsKey, tlsRootCert, nil
-	} else if conf.Spec.CredentialStore == hlfv1alpha1.CredentialStoreVault {
+	if conf.Spec.CredentialStore == hlfv1alpha1.CredentialStoreVault {
 		enrollRequest, err := getEnrollRequestForVaultTLS(enrollment, conf, "tls")
 		if err != nil {
 			return nil, nil, nil, err
@@ -947,12 +939,6 @@ func CreateTLSCryptoMaterial(client *kubernetes.Clientset, conf *hlfv1alpha1.Fab
 		}
 		return tlsCert, tlsKey, tlsRootCert, nil
 	} else {
-		return nil, nil, nil, errors.New("not implemented")
-	}
-}
-
-func CreateTLSOPSCryptoMaterial(client *kubernetes.Clientset, conf *hlfv1alpha1.FabricPeer, enrollment *hlfv1alpha1.TLSComponent) (*x509.Certificate, *ecdsa.PrivateKey, *x509.Certificate, error) {
-	if conf.Spec.CredentialStore == hlfv1alpha1.CredentialStoreKubernetes {
 		enrollRequest, err := getEnrollRequestForFabricCATLS(client, enrollment, conf, "tls")
 		if err != nil {
 			return nil, nil, nil, err
@@ -962,7 +948,11 @@ func CreateTLSOPSCryptoMaterial(client *kubernetes.Clientset, conf *hlfv1alpha1.
 			return nil, nil, nil, err
 		}
 		return tlsCert, tlsKey, tlsRootCert, nil
-	} else if conf.Spec.CredentialStore == hlfv1alpha1.CredentialStoreVault {
+	}
+}
+
+func CreateTLSOPSCryptoMaterial(client *kubernetes.Clientset, conf *hlfv1alpha1.FabricPeer, enrollment *hlfv1alpha1.TLSComponent) (*x509.Certificate, *ecdsa.PrivateKey, *x509.Certificate, error) {
+	if conf.Spec.CredentialStore == hlfv1alpha1.CredentialStoreVault {
 		enrollRequest, err := getEnrollRequestForVaultTLS(enrollment, conf, "tls")
 		if err != nil {
 			return nil, nil, nil, err
@@ -978,14 +968,7 @@ func CreateTLSOPSCryptoMaterial(client *kubernetes.Clientset, conf *hlfv1alpha1.
 		}
 		return tlsCert, tlsKey, tlsRootCert, nil
 	} else {
-		return nil, nil, nil, errors.New(fmt.Sprintf("not implemented for credential store %s", conf.Spec.CredentialStore))
-	}
-}
-
-func CreateSignCryptoMaterial(client *kubernetes.Clientset, conf *hlfv1alpha1.FabricPeer, enrollment *hlfv1alpha1.Component) (*x509.Certificate, *ecdsa.PrivateKey, *x509.Certificate, error) {
-	switch conf.Spec.CredentialStore {
-	case hlfv1alpha1.CredentialStoreKubernetes:
-		enrollRequest, err := getEnrollRequestForFabricCA(client, enrollment, conf, "tls")
+		enrollRequest, err := getEnrollRequestForFabricCATLS(client, enrollment, conf, "tls")
 		if err != nil {
 			return nil, nil, nil, err
 		}
@@ -994,6 +977,12 @@ func CreateSignCryptoMaterial(client *kubernetes.Clientset, conf *hlfv1alpha1.Fa
 			return nil, nil, nil, err
 		}
 		return tlsCert, tlsKey, tlsRootCert, nil
+	}
+}
+
+func CreateSignCryptoMaterial(client *kubernetes.Clientset, conf *hlfv1alpha1.FabricPeer, enrollment *hlfv1alpha1.Component) (*x509.Certificate, *ecdsa.PrivateKey, *x509.Certificate, error) {
+	switch conf.Spec.CredentialStore {
+
 	case hlfv1alpha1.CredentialStoreVault:
 		enrollRequest, err := getEnrollRequestForVault(enrollment, conf, "tls")
 		if err != nil {
@@ -1010,7 +999,15 @@ func CreateSignCryptoMaterial(client *kubernetes.Clientset, conf *hlfv1alpha1.Fa
 		}
 		return tlsCert, tlsKey, tlsRootCert, nil
 	default:
-		return nil, nil, nil, errors.New(fmt.Sprintf("not implemented for credential store %s", conf.Spec.CredentialStore))
+		enrollRequest, err := getEnrollRequestForFabricCA(client, enrollment, conf, "tls")
+		if err != nil {
+			return nil, nil, nil, err
+		}
+		tlsCert, tlsKey, tlsRootCert, err := certs.EnrollUser(enrollRequest)
+		if err != nil {
+			return nil, nil, nil, err
+		}
+		return tlsCert, tlsKey, tlsRootCert, nil
 	}
 }
 
@@ -1100,7 +1097,7 @@ func ReenrollSignCryptoMaterial(
 			return nil, nil, nil, err
 		}
 		return signCert, privateKey, signRootCert, nil
-	} else if conf.Spec.CredentialStore == hlfv1alpha1.CredentialStoreKubernetes {
+	} else {
 		reenrollRequest, err := getReenrollRequestForFabricCA(client, enrollment, &conf.Spec, "tls")
 		if err != nil {
 			return nil, nil, nil, err
@@ -1114,8 +1111,6 @@ func ReenrollSignCryptoMaterial(
 			return nil, nil, nil, err
 		}
 		return signCert, privateKey, signRootCert, nil
-	} else {
-		return nil, nil, nil, errors.New(fmt.Sprintf("not implemented for credential store %s", conf.Spec.CredentialStore))
 	}
 }
 
@@ -1143,7 +1138,7 @@ func ReenrollTLSCryptoMaterial(
 			return nil, nil, nil, err
 		}
 		return tlsCert, tlsKey, tlsRootCert, nil
-	} else if conf.Spec.CredentialStore == hlfv1alpha1.CredentialStoreKubernetes {
+	} else {
 		reenrollRequest, err := getReenrollRequestForFabricCATLS(client, enrollment, &conf.Spec, "tls")
 		if err != nil {
 			return nil, nil, nil, err
@@ -1157,8 +1152,6 @@ func ReenrollTLSCryptoMaterial(
 			return nil, nil, nil, err
 		}
 		return tlsCert, tlsKey, tlsRootCert, nil
-	} else {
-		return nil, nil, nil, errors.New(fmt.Sprintf("not implemented for credential store %s", conf.Spec.CredentialStore))
 	}
 }