From 9f999048eb10ce9e2ca7e9d8850c05fb9c423a45 Mon Sep 17 00:00:00 2001
From: ivinokur <ivinokur@redhat.com>
Date: Wed, 22 May 2024 09:41:08 +0300
Subject: [PATCH] fixup! Inject certificate to http client from a configmap
 referenced in the config

Signed-off-by: ivinokur <ivinokur@redhat.com>
---
 .../workspace/devworkspace_controller.go      | 12 ++-----
 controllers/workspace/http.go                 | 36 ++++++++++++-------
 2 files changed, 26 insertions(+), 22 deletions(-)

diff --git a/controllers/workspace/devworkspace_controller.go b/controllers/workspace/devworkspace_controller.go
index 9573e741c..f0c8600ed 100644
--- a/controllers/workspace/devworkspace_controller.go
+++ b/controllers/workspace/devworkspace_controller.go
@@ -18,7 +18,6 @@ package controllers
 import (
 	"context"
 	"fmt"
-	"net/http"
 	"strconv"
 	"strings"
 	"time"
@@ -28,7 +27,6 @@ import (
 	"github.com/devfile/devworkspace-operator/controllers/workspace/metrics"
 	"github.com/devfile/devworkspace-operator/pkg/common"
 	"github.com/devfile/devworkspace-operator/pkg/conditions"
-	"github.com/devfile/devworkspace-operator/pkg/config"
 	wkspConfig "github.com/devfile/devworkspace-operator/pkg/config"
 	"github.com/devfile/devworkspace-operator/pkg/constants"
 	"github.com/devfile/devworkspace-operator/pkg/dwerrors"
@@ -144,12 +142,8 @@ func (r *DevWorkspaceReconciler) Reconcile(ctx context.Context, req ctrl.Request
 	reqLogger = reqLogger.WithValues(constants.DevWorkspaceIDLoggerKey, workspace.Status.DevWorkspaceId)
 	reqLogger.Info("Reconciling Workspace", "resolvedConfig", configString)
 
-	// Inject ca certificates to the http clint if the certificates configmap is created and defined in the config.
-	if certs, ok := readCertificates(r.Client, config, r.Log); ok {
-		for _, certsPem := range certs {
-			injectCertificates([]byte(certsPem), httpClient.Transport.(*http.Transport))
-		}
-	}
+	// Inject ca certificates to the http client, if the certificates configmap is created and defined in the config.
+	InjectCertificates(r.Client, r.Log)
 
 	// Check if the DevWorkspaceRouting instance is marked to be deleted, which is
 	// indicated by the deletion timestamp being set.
@@ -677,7 +671,7 @@ func (r *DevWorkspaceReconciler) getWorkspaceId(ctx context.Context, workspace *
 }
 
 func (r *DevWorkspaceReconciler) SetupWithManager(mgr ctrl.Manager) error {
-	setupHttpClients(mgr.GetClient(), config.GetGlobalConfig(), mgr.GetLogger())
+	setupHttpClients(mgr.GetClient(), mgr.GetLogger())
 
 	maxConcurrentReconciles, err := wkspConfig.GetMaxConcurrentReconciles()
 	if err != nil {
diff --git a/controllers/workspace/http.go b/controllers/workspace/http.go
index 4736905ae..bf580e1a6 100644
--- a/controllers/workspace/http.go
+++ b/controllers/workspace/http.go
@@ -21,9 +21,9 @@ import (
 	"net/url"
 	"time"
 
-	"k8s.io/apimachinery/pkg/types"
+	"github.com/devfile/devworkspace-operator/pkg/config"
 
-	controller "github.com/devfile/devworkspace-operator/apis/controller/v1alpha1"
+	"k8s.io/apimachinery/pkg/types"
 
 	"github.com/go-logr/logr"
 	corev1 "k8s.io/api/core/v1"
@@ -37,9 +37,9 @@ var (
 	healthCheckHttpClient *http.Client
 )
 
-func setupHttpClients(k8s client.Client, config *controller.OperatorConfiguration, logger logr.Logger) {
+func setupHttpClients(k8s client.Client, logger logr.Logger) {
 	transport := http.DefaultTransport.(*http.Transport).Clone()
-	if certs, ok := readCertificates(k8s, config, logger); ok {
+	if certs, ok := readCertificates(k8s, logger); ok {
 		for _, certsPem := range certs {
 			injectCertificates([]byte(certsPem), transport)
 		}
@@ -49,16 +49,18 @@ func setupHttpClients(k8s client.Client, config *controller.OperatorConfiguratio
 		InsecureSkipVerify: true,
 	}
 
-	if config.Routing != nil && config.Routing.ProxyConfig != nil {
+	globalConfig := config.GetGlobalConfig()
+
+	if globalConfig.Routing != nil && globalConfig.Routing.ProxyConfig != nil {
 		proxyConf := httpproxy.Config{}
-		if config.Routing.ProxyConfig.HttpProxy != nil {
-			proxyConf.HTTPProxy = *config.Routing.ProxyConfig.HttpProxy
+		if globalConfig.Routing.ProxyConfig.HttpProxy != nil {
+			proxyConf.HTTPProxy = *globalConfig.Routing.ProxyConfig.HttpProxy
 		}
-		if config.Routing.ProxyConfig.HttpsProxy != nil {
-			proxyConf.HTTPSProxy = *config.Routing.ProxyConfig.HttpsProxy
+		if globalConfig.Routing.ProxyConfig.HttpsProxy != nil {
+			proxyConf.HTTPSProxy = *globalConfig.Routing.ProxyConfig.HttpsProxy
 		}
-		if config.Routing.ProxyConfig.NoProxy != nil {
-			proxyConf.NoProxy = *config.Routing.ProxyConfig.NoProxy
+		if globalConfig.Routing.ProxyConfig.NoProxy != nil {
+			proxyConf.NoProxy = *globalConfig.Routing.ProxyConfig.NoProxy
 		}
 
 		proxyFunc := func(req *http.Request) (*url.URL, error) {
@@ -77,8 +79,16 @@ func setupHttpClients(k8s client.Client, config *controller.OperatorConfiguratio
 	}
 }
 
-func readCertificates(k8s client.Client, config *controller.OperatorConfiguration, logger logr.Logger) (map[string]string, bool) {
-	configmapRef := config.Routing.TLSCertificateConfigmapRef
+func InjectCertificates(k8s client.Client, logger logr.Logger) {
+	if certs, ok := readCertificates(k8s, logger); ok {
+		for _, certsPem := range certs {
+			injectCertificates([]byte(certsPem), httpClient.Transport.(*http.Transport))
+		}
+	}
+}
+
+func readCertificates(k8s client.Client, logger logr.Logger) (map[string]string, bool) {
+	configmapRef := config.GetGlobalConfig().Routing.TLSCertificateConfigmapRef
 	if configmapRef == nil {
 		return nil, false
 	}