Alias name

README.md

@@ -60,7 +60,13 @@ A such annotated secret looks like the following:
 
 ![keystore](media/keystore.png)
 
-The default password for these keystores is `changeme`. The password can be changed by adding the following optional annotation: `cert-utils-operator.redhat-cop.io/java-keystore-password: <password>`. The alias of the certificate inside the keystore is `alias`.
+The default password for these keystores is `changeme`. The password can be changed by adding the following optional annotation: `cert-utils-operator.redhat-cop.io/java-keystore-password: <password>`. The alias of the certificate inside the keystore is `alias`, but can be changed by adding the following optional annotation: `cert-utils-operator.redhat-cop.io/java-keystore-alias: <alias>`.
+
+| Annotation  | Default  | Description  |
+|:-|:-:|---|
+| `cert-utils-operator.redhat-cop.io/java-keystore-password` | changeit | The password to use when consuming the JKS trust store |
+| `cert-utils-operator.redhat-cop.io/generate-java-keystores` | false | Should the JKS keystore and truststore files be generated and attached to the secret |
+| `cert-utils-operator.redhat-cop.io/java-keystore-alias` | alias | The alias to use when consuming the JKS trust store |
 
 ### ConfigMaps
 
@@ -72,12 +78,13 @@ When this annotation is the following entry is added to the configmap as binaryD
 
 Note that Java Keystore require the key to be in [PKCS#8](https://en.wikipedia.org/wiki/PKCS_8) format. It is a responsibility of the certificate provisioner to make sure the key is in this format. No validation is currently performed by the cert-utils operator.
 
-The default password for these keystores is `changeit`. The password can be changed by adding the following optional annotation: `cert-utils-operator.redhat-cop.io/java-keystore-password: <password>`. The alias of the certificate inside the keystore is `alias`.
+The default password for these keystores is `changeit`. The password can be changed by adding the following optional annotation: `cert-utils-operator.redhat-cop.io/java-keystore-password: <password>`. The alias of the certificate inside the keystore is `alias`, but can be changed by adding the following optional annotation: `cert-utils-operator.redhat-cop.io/java-keystore-alias: <alias>`.
 
 | Annotation  | Default  | Description  |
 |:-|:-:|---|
 | `cert-utils-operator.redhat-cop.io/java-keystore-password` | changeit | The password to use when consuming the JKS trust store |
 | `cert-utils-operator.redhat-cop.io/generate-java-truststore` | false | Should the JKS file be generated and attached to the configmap |
+| `cert-utils-operator.redhat-cop.io/java-keystore-alias` | alias | The alias to use when consuming the JKS trust store |
 | `cert-utils-operator.redhat-cop.io/source-ca-key` | ca-bundle.crt | The key in the configmap which will be read to generate the truststore.jks |
 
 ## Showing info on the certificates

controllers/configmaptokeystore/configmap_to_keystore_controller.go

@@ -26,8 +26,10 @@ import (
 const javaTrustStoreAnnotation = util.AnnotationBase + "/generate-java-truststore"
 const javaTrustStoreSourceAnnotation = util.AnnotationBase + "/source-ca-key"
 const keystorepasswordAnnotation = util.AnnotationBase + "/java-keystore-password"
+const javeKeyStoreAliasName = util.AnnotationBase + "/java-keystore-alias"
 const defaultpassword = "changeme"
 const truststoreName = "truststore.jks"
+const defaultAlias = "alias"
 
 // ConfigMapToKeystoreReconciler reconciles a Namespace object
 type ConfigMapToKeystoreReconciler struct {
@@ -134,7 +136,7 @@ func (r *ConfigMapToKeystoreReconciler) getTrustStoreFromConfigMap(configMap *co
 	}
 	i := 0
 	for p, rest := pem.Decode([]byte(ca)); p != nil; p, rest = pem.Decode(rest) {
-		keyStore["alias"+strconv.Itoa(i)] = &keystore.TrustedCertificateEntry{
+		keyStore[getAlias(configMap)+strconv.Itoa(i)] = &keystore.TrustedCertificateEntry{
 			Entry: keystore.Entry{
 				CreationDate: time.Now(),
 			},
@@ -161,6 +163,13 @@ func getPassword(configMap *corev1.ConfigMap) string {
 	return defaultpassword
 }
 
+func getAlias(configMap *corev1.ConfigMap) string {
+	if alias, ok := configMap.GetAnnotations()[javeKeyStoreAliasName]; ok && alias != "" {
+		return alias
+	}
+	return defaultAlias
+}
+
 func getSourceKey(annotations map[string]string) string {
 	sourceKey, err := annotations[javaTrustStoreSourceAnnotation]
 

controllers/secrettokeystore/secret_to_keystore_controller.go

@@ -27,8 +27,10 @@ import (
 
 const javaKeyStoresAnnotation = util.AnnotationBase + "/generate-java-keystores"
 const keystorepasswordAnnotation = util.AnnotationBase + "/java-keystore-password"
-const storesCreationTiemstamp = util.AnnotationBase + "/java-keystores-creation-timestamp"
+const storesCreationTimestamp = util.AnnotationBase + "/java-keystores-creation-timestamp"
+const javeKeyStoreAliasName = util.AnnotationBase + "/java-keystore-alias"
 const defaultpassword = "changeme"
+const defaultAlias = "alias"
 const keystoreName = "keystore.jks"
 const truststoreName = "truststore.jks"
 
@@ -258,7 +260,7 @@ func (r *SecretToKeyStoreReconciler) getKeyStoreFromSecret(secret *corev1.Secret
 	}
 	r.Log.Info("retrieved", "creation time", creationTime)
 
-	err = keyStore.SetPrivateKeyEntry("alias", keystore.PrivateKeyEntry{
+	err = keyStore.SetPrivateKeyEntry(getAlias(secret), keystore.PrivateKeyEntry{
 		CreationTime:     creationTime,
 		PrivateKey:       p.Bytes,
 		CertificateChain: certs,
@@ -292,7 +294,7 @@ func (r *SecretToKeyStoreReconciler) getTrustStoreFromSecret(secret *corev1.Secr
 	r.Log.Info("retrieved", "creation time", creationTime)
 	i := 0
 	for p, rest := pem.Decode(ca); p != nil; p, rest = pem.Decode(rest) {
-		err := keyStore.SetTrustedCertificateEntry("alias"+strconv.Itoa(i), keystore.TrustedCertificateEntry{
+		err := keyStore.SetTrustedCertificateEntry(getAlias(secret)+strconv.Itoa(i), keystore.TrustedCertificateEntry{
 			CreationTime: creationTime,
 			Certificate: keystore.Certificate{
 				Type:    "X.509",
@@ -322,9 +324,16 @@ func getPassword(secret *corev1.Secret) string {
 	return defaultpassword
 }
 
+func getAlias(secret *corev1.Secret) string {
+	if alias, ok := secret.GetAnnotations()[javeKeyStoreAliasName]; ok && alias != "" {
+		return alias
+	}
+	return defaultAlias
+}
+
 func (r *SecretToKeyStoreReconciler) getCreationTimestamp(secret *corev1.Secret) (time.Time, error) {
 
-	if timeStr, ok := secret.GetAnnotations()[storesCreationTiemstamp]; ok {
+	if timeStr, ok := secret.GetAnnotations()[storesCreationTimestamp]; ok {
 		creationTime, err := time.Parse(time.RFC3339, timeStr)
 		if err != nil {
 			r.Log.Error(err, "unable to parse creation time")
@@ -333,7 +342,7 @@ func (r *SecretToKeyStoreReconciler) getCreationTimestamp(secret *corev1.Secret)
 		return creationTime, nil
 	} else {
 		now := time.Now()
-		secret.GetAnnotations()[storesCreationTiemstamp] = now.Format(time.RFC3339)
+		secret.GetAnnotations()[storesCreationTimestamp] = now.Format(time.RFC3339)
 		return now, nil
 	}
 }