fixup! Inject certificate to http client from a configmap referenced in the config

Signed-off-by: ivinokur <[email protected]>

Author: vinokurig

controllers/workspace/devworkspace_controller.go

@@ -18,7 +18,6 @@ package controllers
 import (
 	"context"
 	"fmt"
-	"net/http"
 	"strconv"
 	"strings"
 	"time"
@@ -28,7 +27,6 @@ import (
 	"github.com/devfile/devworkspace-operator/controllers/workspace/metrics"
 	"github.com/devfile/devworkspace-operator/pkg/common"
 	"github.com/devfile/devworkspace-operator/pkg/conditions"
-	"github.com/devfile/devworkspace-operator/pkg/config"
 	wkspConfig "github.com/devfile/devworkspace-operator/pkg/config"
 	"github.com/devfile/devworkspace-operator/pkg/constants"
 	"github.com/devfile/devworkspace-operator/pkg/dwerrors"
@@ -144,12 +142,8 @@ func (r *DevWorkspaceReconciler) Reconcile(ctx context.Context, req ctrl.Request
 	reqLogger = reqLogger.WithValues(constants.DevWorkspaceIDLoggerKey, workspace.Status.DevWorkspaceId)
 	reqLogger.Info("Reconciling Workspace", "resolvedConfig", configString)
 
-	// Inject ca certificates to the http clint if the certificates configmap is created and defined in the config.
-	if certs, ok := readCertificates(r.Client, config, r.Log); ok {
-		for _, certsPem := range certs {
-			injectCertificates([]byte(certsPem), httpClient.Transport.(*http.Transport))
-		}
-	}
+	// Inject ca certificates to the http client, if the certificates configmap is created and defined in the config.
+	InjectCertificates(r.Client, r.Log)
 
 	// Check if the DevWorkspaceRouting instance is marked to be deleted, which is
 	// indicated by the deletion timestamp being set.
@@ -677,7 +671,7 @@ func (r *DevWorkspaceReconciler) getWorkspaceId(ctx context.Context, workspace *
 }
 
 func (r *DevWorkspaceReconciler) SetupWithManager(mgr ctrl.Manager) error {
-	setupHttpClients(mgr.GetClient(), config.GetGlobalConfig(), mgr.GetLogger())
+	setupHttpClients(mgr.GetClient(), mgr.GetLogger())
 
 	maxConcurrentReconciles, err := wkspConfig.GetMaxConcurrentReconciles()
 	if err != nil {

controllers/workspace/http.go

@@ -21,9 +21,9 @@ import (
 	"net/url"
 	"time"
 
-	"k8s.io/apimachinery/pkg/types"
+	"github.com/devfile/devworkspace-operator/pkg/config"
 
-	controller "github.com/devfile/devworkspace-operator/apis/controller/v1alpha1"
+	"k8s.io/apimachinery/pkg/types"
 
 	"github.com/go-logr/logr"
 	corev1 "k8s.io/api/core/v1"
@@ -37,28 +37,25 @@ var (
 	healthCheckHttpClient *http.Client
 )
 
-func setupHttpClients(k8s client.Client, config *controller.OperatorConfiguration, logger logr.Logger) {
+func setupHttpClients(k8s client.Client, logger logr.Logger) {
 	transport := http.DefaultTransport.(*http.Transport).Clone()
-	if certs, ok := readCertificates(k8s, config, logger); ok {
-		for _, certsPem := range certs {
-			injectCertificates([]byte(certsPem), transport)
-		}
-	}
 	healthCheckTransport := http.DefaultTransport.(*http.Transport).Clone()
 	healthCheckTransport.TLSClientConfig = &tls.Config{
 		InsecureSkipVerify: true,
 	}
 
-	if config.Routing != nil && config.Routing.ProxyConfig != nil {
+	globalConfig := config.GetGlobalConfig()
+
+	if globalConfig.Routing != nil && globalConfig.Routing.ProxyConfig != nil {
 		proxyConf := httpproxy.Config{}
-		if config.Routing.ProxyConfig.HttpProxy != nil {
-			proxyConf.HTTPProxy = *config.Routing.ProxyConfig.HttpProxy
+		if globalConfig.Routing.ProxyConfig.HttpProxy != nil {
+			proxyConf.HTTPProxy = *globalConfig.Routing.ProxyConfig.HttpProxy
 		}
-		if config.Routing.ProxyConfig.HttpsProxy != nil {
-			proxyConf.HTTPSProxy = *config.Routing.ProxyConfig.HttpsProxy
+		if globalConfig.Routing.ProxyConfig.HttpsProxy != nil {
+			proxyConf.HTTPSProxy = *globalConfig.Routing.ProxyConfig.HttpsProxy
 		}
-		if config.Routing.ProxyConfig.NoProxy != nil {
-			proxyConf.NoProxy = *config.Routing.ProxyConfig.NoProxy
+		if globalConfig.Routing.ProxyConfig.NoProxy != nil {
+			proxyConf.NoProxy = *globalConfig.Routing.ProxyConfig.NoProxy
 		}
 
 		proxyFunc := func(req *http.Request) (*url.URL, error) {
@@ -75,10 +72,19 @@ func setupHttpClients(k8s client.Client, config *controller.OperatorConfiguratio
 		Transport: healthCheckTransport,
 		Timeout:   500 * time.Millisecond,
 	}
+	InjectCertificates(k8s, logger)
+}
+
+func InjectCertificates(k8s client.Client, logger logr.Logger) {
+	if certs, ok := readCertificates(k8s, logger); ok {
+		for _, certsPem := range certs {
+			injectCertificates([]byte(certsPem), httpClient.Transport.(*http.Transport))
+		}
+	}
 }
 
-func readCertificates(k8s client.Client, config *controller.OperatorConfiguration, logger logr.Logger) (map[string]string, bool) {
-	configmapRef := config.Routing.TLSCertificateConfigmapRef
+func readCertificates(k8s client.Client, logger logr.Logger) (map[string]string, bool) {
+	configmapRef := config.GetGlobalConfig().Routing.TLSCertificateConfigmapRef
 	if configmapRef == nil {
 		return nil, false
 	}