feat(aws/acm): Add caching agent for AWS Certificate Manager #5553
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Spinnaker Managed Delivery for EC2 depends on Clouddriver to list the available SSL certificates in each AWS account. If a certificate is not in the Clouddriver cache, then Managed Delivery cannot use that certificate.
Currently, Clouddriver only caches IAM certificates, using AmazonCerificateCachingAgent. This pull request seeks to enable Clouddriver to cache certificates stored in AWS Certificate Manager as well.
I have tested this change on our development Spinnaker environment, and after deploying I have verified that Clouddriver's
/certificates/aws
API returned both ACM and IAM certificates. I was also able to use an ACM certificate in my managed delivery configuration; I set thecertificate:
value under the listener config to the domain name of the certificate I wanted to use.Spinnaker's contributing guidelines recommend avoiding creating new classes in Groovy, but in this case I don't think it's really feasible to do so. The AmazonCertificate class in the Groovy code uses the Canonical annotation to generate its constructors, and there is an issue at compile-time when referencing such a constructor from Java code in the same module. There is a proposed fix for a Maven project in the linked StackOverflow question, but I don't know if that's applicable to Gradle and I'm also not confident in making that change to Clouddriver's configuration without breaking other things.