Delete NCP created certificate in cleanup

Signed-off-by: Yun-Tang Hsu <hsuy@vmware.com>

pkg/nsx/client.go

@@ -15,14 +15,15 @@ import (
 	mpsearch "github.com/vmware/vsphere-automation-sdk-go/services/nsxt-mp/nsx/search"
 	"github.com/vmware/vsphere-automation-sdk-go/services/nsxt-mp/nsx/trust_management"
 	"github.com/vmware/vsphere-automation-sdk-go/services/nsxt-mp/nsx/trust_management/principal_identities"
+	"github.com/vmware/vsphere-automation-sdk-go/services/nsxt/infra"
 	"github.com/vmware/vsphere-automation-sdk-go/services/nsxt/infra/domains"
 	"github.com/vmware/vsphere-automation-sdk-go/services/nsxt/infra/domains/security_policies"
 	"github.com/vmware/vsphere-automation-sdk-go/services/nsxt/infra/sites/enforcement_points"
-	projects "github.com/vmware/vsphere-automation-sdk-go/services/nsxt/orgs/projects"
-	infra "github.com/vmware/vsphere-automation-sdk-go/services/nsxt/orgs/projects/infra"
+	"github.com/vmware/vsphere-automation-sdk-go/services/nsxt/orgs/projects"
+	project_infra "github.com/vmware/vsphere-automation-sdk-go/services/nsxt/orgs/projects/infra"
 	"github.com/vmware/vsphere-automation-sdk-go/services/nsxt/orgs/projects/infra/realized_state"
 	"github.com/vmware/vsphere-automation-sdk-go/services/nsxt/orgs/projects/vpcs"
-	nat "github.com/vmware/vsphere-automation-sdk-go/services/nsxt/orgs/projects/vpcs/nat"
+	"github.com/vmware/vsphere-automation-sdk-go/services/nsxt/orgs/projects/vpcs/nat"
 	vpc_sp "github.com/vmware/vsphere-automation-sdk-go/services/nsxt/orgs/projects/vpcs/security_policies"
 	"github.com/vmware/vsphere-automation-sdk-go/services/nsxt/orgs/projects/vpcs/subnets"
 	"github.com/vmware/vsphere-automation-sdk-go/services/nsxt/orgs/projects/vpcs/subnets/ip_pools"
@@ -74,7 +75,8 @@ type Client struct {
 	OrgRootClient       nsx_policy.OrgRootClient
 	ProjectInfraClient  projects.InfraClient
 	VPCClient           projects.VpcsClient
-	IPBlockClient       infra.IpBlocksClient
+	IPBlockClient       project_infra.IpBlocksClient
+	CertificateClient   infra.CertificatesClient
 	StaticRouteClient   vpcs.StaticRoutesClient
 	NATRuleClient       nat.NatRulesClient
 	VpcGroupClient      vpcs.GroupsClient
@@ -152,7 +154,7 @@ func GetClient(cf *config.NSXOperatorConfig) *Client {
 	orgRootClient := nsx_policy.NewOrgRootClient(restConnector(cluster))
 	projectInfraClient := projects.NewInfraClient(restConnector(cluster))
 	vpcClient := projects.NewVpcsClient(restConnector(cluster))
-	ipBlockClient := infra.NewIpBlocksClient(restConnector(cluster))
+	ipBlockClient := project_infra.NewIpBlocksClient(restConnector(cluster))
 	staticRouteClient := vpcs.NewStaticRoutesClient(restConnector(cluster))
 	natRulesClient := nat.NewNatRulesClient(restConnector(cluster))
 	vpcGroupClient := vpcs.NewGroupsClient(restConnector(cluster))

pkg/nsx/services/common/types.go

@@ -28,6 +28,8 @@ const (
 	TagScopeNCPVIFProjectUID           string = "ncp/vif_project_uid"
 	TagScopeNCPPod                     string = "ncp/pod"
 	TagScopeNCPVNETInterface           string = "ncp/vnet_interface"
+	TagScopeNCPDefaultLBCert           string = "ncp/lb_default_cert"
+	TagScopeNCPSecret                  string = "ncp/secret"
 	TagScopeVersion                    string = "nsx-op/version"
 	TagScopeCluster                    string = "nsx-op/cluster"
 	TagScopeNamespace                  string = "nsx-op/namespace"
@@ -152,6 +154,7 @@ var (
 	ResourceTypeChildGroup             = "ChildGroup"
 	ResourceTypeChildSecurityPolicy    = "ChildSecurityPolicy"
 	ResourceTypeChildResourceReference = "ChildResourceReference"
+	ResourceTypeTlsCertificate         = "TlsCertificate"
 
 	// ResourceTypeClusterControlPlane is used by NSXServiceAccountController
 	ResourceTypeClusterControlPlane = "clustercontrolplane"

pkg/nsx/services/vpc/store.go

@@ -137,6 +137,15 @@ func (vs *VPCStore) GetByKey(key string) *model.Vpc {
 	return nil
 }
 
+// CertStore is a store to query certificate
+type CertStore struct {
+	common.ResourceStore
+}
+
+func (certStore *CertStore) Apply(i interface{}) error {
+	return nil
+}
+
 func (is *IPBlockStore) GetByIndex(index string, value string) *model.IpAddressBlock {
 	indexResults, err := is.ResourceStore.Indexer.ByIndex(index, value)
 	if err != nil || len(indexResults) == 0 {

pkg/nsx/services/vpc/vpc.go

@@ -173,11 +173,11 @@ func InitializeVPC(service common.Service) (*VPCService, error) {
 	VPCService.VPCNSNetworkConfigStore = VPCNsNetworkConfigStore{
 		VPCNSNetworkConfigMap: make(map[string]string),
 	}
-	//initialize vpc store and ip blocks store
+	// initialize vpc store and ip blocks store
 	go VPCService.InitializeResourceStore(&wg, fatalErrors, common.ResourceTypeVpc, nil, VPCService.VpcStore)
 	go VPCService.InitializeResourceStore(&wg, fatalErrors, common.ResourceTypeIPBlock, nil, VPCService.IpblockStore)
 
-	//initalize avi rule related store
+	// initialize avi rule related store
 	if enableAviAllowRule {
 		VPCService.RuleStore = &AviRuleStore{ResourceStore: common.ResourceStore{
 			Indexer:     cache.NewIndexer(keyFuncAVI, nil),
@@ -259,6 +259,44 @@ func (s *VPCService) DeleteVPC(path string) error {
 	return nil
 }
 
+func (s *VPCService) ListCert() []model.TlsCertificate {
+	certStore := &CertStore{ResourceStore: common.ResourceStore{
+		Indexer:     cache.NewIndexer(keyFunc, cache.Indexers{}),
+		BindingType: model.TlsCertificateBindingType(),
+	}}
+	query := fmt.Sprintf("%s:%s", common.ResourceType, common.ResourceTypeTlsCertificate)
+	count, searcherr := s.SearchResource(common.ResourceTypeTlsCertificate, query, certStore, nil)
+	if searcherr != nil {
+		log.Error(searcherr, "failed to query certificate", "query", query)
+	} else {
+		log.V(1).Info("query certificate", "count", count)
+	}
+	certs := certStore.List()
+	certsSet := []model.TlsCertificate{}
+	for _, cert := range certs {
+		certsSet = append(certsSet, *cert.(*model.TlsCertificate))
+	}
+	return certsSet
+}
+
+func (s *VPCService) DeleteCert(id string) error {
+	certClient := s.NSXClient.CertificateClient
+	if err := certClient.Delete(id); err