Add more helpers

factory/ca.go

@@ -59,16 +59,7 @@ func loadCA() (*x509.Certificate, crypto.Signer, error) {
 	return LoadCerts("./certs/ca.pem", "./certs/ca.key")
 }
 
-func LoadCerts(certFile, keyFile string) (*x509.Certificate, crypto.Signer, error) {
-	caPem, err := ioutil.ReadFile(certFile)
-	if err != nil {
-		return nil, nil, err
-	}
-	caKey, err := ioutil.ReadFile(keyFile)
-	if err != nil {
-		return nil, nil, err
-	}
-
+func LoadCA(caPem, caKey []byte) (*x509.Certificate, crypto.Signer, error) {
 	key, err := cert.ParsePrivateKeyPEM(caKey)
 	if err != nil {
 		return nil, nil, err
@@ -85,3 +76,16 @@ func LoadCerts(certFile, keyFile string) (*x509.Certificate, crypto.Signer, erro
 
 	return cert, signer, nil
 }
+
+func LoadCerts(certFile, keyFile string) (*x509.Certificate, crypto.Signer, error) {
+	caPem, err := ioutil.ReadFile(certFile)
+	if err != nil {
+		return nil, nil, err
+	}
+	caKey, err := ioutil.ReadFile(keyFile)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	return LoadCA(caPem, caKey)
+}

factory/gen.go

@@ -31,6 +31,9 @@ type TLS struct {
 }
 
 func cns(secret *v1.Secret) (cns []string) {
+	if secret == nil {
+		return nil
+	}
 	for k, v := range secret.Annotations {
 		if strings.HasPrefix(k, cnPrefix) {
 			cns = append(cns, v)
@@ -65,6 +68,14 @@ func (t *TLS) Merge(secret, other *v1.Secret) (*v1.Secret, bool, error) {
 	return t.AddCN(secret, cns(other)...)
 }
 
+func (t *TLS) Refresh(secret *v1.Secret) (*v1.Secret, error) {
+	cns := cns(secret)
+	secret = secret.DeepCopy()
+	secret.Annotations = map[string]string{}
+	secret, _, err := t.AddCN(secret, cns...)
+	return secret, err
+}
+
 func (t *TLS) AddCN(secret *v1.Secret, cn ...string) (*v1.Secret, bool, error) {
 	var (
 		err error