chore(comments): Write function comments and update license header

api/v1alpha1/clusterissuer_types.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2023 The Keyfactor Command Authors.
+Copyright © 2023 Keyfactor
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

api/v1alpha1/groupversion_info.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2023 The Keyfactor Command Authors.
+Copyright © 2023 Keyfactor
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

api/v1alpha1/issuer_types.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2023 The Keyfactor Command Authors.
+Copyright © 2023 Keyfactor
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

internal/controllers/certificaterequest_controller.go

@@ -268,6 +268,8 @@ func (r *CertificateRequestReconciler) Reconcile(ctx context.Context, req ctrl.R
 	return ctrl.Result{}, nil
 }
 
+// SetupWithManager registers the CertificateRequestReconciler with the controller manager.
+// It configures controller-runtime to reconcile cert-manager CertificateRequests in the cluster.
 func (r *CertificateRequestReconciler) SetupWithManager(mgr ctrl.Manager) error {
 	return ctrl.NewControllerManagedBy(mgr).
 		For(&cmapi.CertificateRequest{}).

internal/controllers/certificaterequest_controller_test.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2023 The Keyfactor Command Authors.
+Copyright © 2023 Keyfactor
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

internal/controllers/fake_configclient_test.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2023 The Keyfactor Command Authors.
+Copyright © 2023 Keyfactor
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

internal/controllers/issuer_controller.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2023 The Keyfactor Command Authors.
+Copyright © 2023 Keyfactor
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -162,7 +162,8 @@ func (r *IssuerReconciler) Reconcile(ctx context.Context, req ctrl.Request) (res
 	return ctrl.Result{RequeueAfter: defaultHealthCheckInterval}, nil
 }
 
-// SetupWithManager sets up the controller with the Manager.
+// SetupWithManager registers the IssuerReconciler with the controller manager.
+// It configures controller-runtime to reconcile Keyfactor Command Issuers/ClusterIssuers in the cluster.
 func (r *IssuerReconciler) SetupWithManager(mgr ctrl.Manager) error {
 	issuerType, err := r.newIssuer()
 	if err != nil {

internal/controllers/issuer_controller_test.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2023 The Keyfactor Command Authors.
+Copyright © 2023 Keyfactor
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

internal/controllers/suite_test.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2023 The Keyfactor Command Authors.
+Copyright © 2023 Keyfactor
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

internal/issuer/signer/signer.go

@@ -66,6 +66,7 @@ type Signer interface {
 	Sign(context.Context, []byte, K8sMetadata) ([]byte, []byte, error)
 }
 
+// CommandHealthCheckerFromIssuerAndSecretData creates a new HealthChecker instance using the provided issuer spec and secret data
 func CommandHealthCheckerFromIssuerAndSecretData(ctx context.Context, spec *commandissuer.IssuerSpec, authSecretData map[string][]byte, caSecretData map[string][]byte) (HealthChecker, error) {
 	signer := commandSigner{}
 
@@ -79,10 +80,13 @@ func CommandHealthCheckerFromIssuerAndSecretData(ctx context.Context, spec *comm
 	return &signer, nil
 }
 
+// CommandSignerFromIssuerAndSecretData is a wrapper for commandSignerFromIssuerAndSecretData that returns a Signer interface
+// given the provided issuer spec and secret data
 func CommandSignerFromIssuerAndSecretData(ctx context.Context, spec *commandissuer.IssuerSpec, annotations map[string]string, authSecretData map[string][]byte, caSecretData map[string][]byte) (Signer, error) {
 	return commandSignerFromIssuerAndSecretData(ctx, spec, annotations, authSecretData, caSecretData)
 }
 
+// commandSignerFromIssuerAndSecretData creates a new Signer instance using the provided issuer spec and secret data
 func commandSignerFromIssuerAndSecretData(ctx context.Context, spec *commandissuer.IssuerSpec, annotations map[string]string, authSecretData map[string][]byte, caSecretData map[string][]byte) (*commandSigner, error) {
 	k8sLog := log.FromContext(ctx)
 
@@ -132,6 +136,7 @@ func commandSignerFromIssuerAndSecretData(ctx context.Context, spec *commandissu
 	return &signer, nil
 }
 
+// extractMetadataFromAnnotations extracts metadata from the provided annotations
 func extractMetadataFromAnnotations(annotations map[string]string) map[string]interface{} {
 	metadata := make(map[string]interface{})
 
@@ -144,6 +149,7 @@ func extractMetadataFromAnnotations(annotations map[string]string) map[string]in
 	return metadata
 }
 
+// Check checks the health of the signer by verifying that the "POST /Enrollment/CSR" endpoint exists
 func (s *commandSigner) Check() error {
 	endpoints, _, err := s.client.StatusApi.StatusGetEndpoints(context.Background()).Execute()
 	if err != nil {
@@ -169,6 +175,7 @@ func (s *commandSigner) Check() error {
 	return errors.New("missing \"POST /Enrollment/CSR\" endpoint")
 }
 
+// Sign signs the provided CSR using the Keyfactor Command API
 func (s *commandSigner) Sign(ctx context.Context, csrBytes []byte, k8sMeta K8sMetadata) ([]byte, []byte, error) {
 	k8sLog := log.FromContext(ctx)
 
@@ -255,6 +262,8 @@ func (s *commandSigner) Sign(ctx context.Context, csrBytes []byte, k8sMeta K8sMe
 	return compileCertificatesToPemBytes(certAndChain)
 }
 
+// getCertificatesFromCertificateInformation takes a keyfactor.ModelsPkcs10CertificateResponse object and
+// returns a slice of x509 certificates
 func getCertificatesFromCertificateInformation(commandResp *keyfactor.ModelsPkcs10CertificateResponse) ([]*x509.Certificate, error) {
 	var certBytes []byte
 
@@ -314,6 +323,7 @@ const (
 	CommandMetaCertificateSigningRequestNamespace = "Certificate-Signing-Request-Namespace"
 )
 
+// createCommandClientFromSecretData creates a new Keyfactor Command client using the provided issuer spec and secret data
 func createCommandClientFromSecretData(ctx context.Context, spec *commandissuer.IssuerSpec, authSecretData map[string][]byte, caSecretData map[string][]byte) (*keyfactor.APIClient, error) {
 	k8sLogger := log.FromContext(ctx)
 
@@ -383,6 +393,7 @@ func createCommandClientFromSecretData(ctx context.Context, spec *commandissuer.
 	return client, nil
 }
 
+// decodePEMBytes takes a byte array containing PEM encoded data and returns a slice of PEM blocks and a private key PEM block
 func decodePEMBytes(buf []byte) ([]*pem.Block, *pem.Block) {
 	var privKey *pem.Block
 	var certificates []*pem.Block
@@ -400,6 +411,7 @@ func decodePEMBytes(buf []byte) ([]*pem.Block, *pem.Block) {
 	return certificates, privKey
 }
 
+// parseCSR takes a byte array containing a PEM encoded CSR and returns a x509.CertificateRequest object
 func parseCSR(pemBytes []byte) (*x509.CertificateRequest, error) {
 	// extract PEM from request object
 	block, _ := pem.Decode(pemBytes)
@@ -409,6 +421,7 @@ func parseCSR(pemBytes []byte) (*x509.CertificateRequest, error) {
 	return x509.ParseCertificateRequest(block.Bytes)
 }
 
+// generateRandomString generates a random string of the specified length
 func generateRandomString(length int) string {
 	rand.Seed(time.Now().UnixNano())
 	letters := []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ")
@@ -419,6 +432,7 @@ func generateRandomString(length int) string {
 	return string(b)
 }
 
+// ptr returns a pointer to the provided value
 func ptr[T any](v T) *T {
 	return &v
 }

internal/issuer/signer/signer_test.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2023 The Keyfactor Command Authors.
+Copyright © 2023 Keyfactor
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

internal/issuer/util/configclient.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2023 The Keyfactor Command Authors.
+Copyright © 2023 Keyfactor
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -28,6 +28,7 @@ import (
 	ctrl "sigs.k8s.io/controller-runtime"
 )
 
+// ConfigClient is an interface for a K8s REST client.
 type ConfigClient interface {
 	SetContext(ctx context.Context)
 	GetConfigMap(name types.NamespacedName, out *corev1.ConfigMap) error
@@ -43,6 +44,7 @@ type configClient struct {
 	verifyAccessFunc func(apiResource string, resource types.NamespacedName) error
 }
 
+// NewConfigClient creates a new K8s REST client using the configuration from the controller-runtime.
 func NewConfigClient(ctx context.Context) (ConfigClient, error) {
 	config := ctrl.GetConfigOrDie()
 
@@ -64,11 +66,15 @@ func NewConfigClient(ctx context.Context) (ConfigClient, error) {
 	return client, nil
 }
 
+// SetContext sets the context for the client.
 func (c *configClient) SetContext(ctx context.Context) {
 	c.ctx = ctx
 	c.logger = klog.FromContext(ctx)
 }
 
+// verifyAccessToResource verifies that the client has access to a given resource in a given namespace
+// by creating a SelfSubjectAccessReview. This is done to avoid errors when the client does not have
+// access to the resource.
 func (c *configClient) verifyAccessToResource(apiResource string, resource types.NamespacedName) error {
 	verbs := []string{"get", "list", "watch"}
 
@@ -101,13 +107,16 @@ func (c *configClient) verifyAccessToResource(apiResource string, resource types
 	return nil
 }
 
+// GetConfigMap gets the configmap with the given name and namespace and copies it into the out parameter.
 func (c *configClient) GetConfigMap(name types.NamespacedName, out *corev1.ConfigMap) error {
 	if c == nil {
 		return fmt.Errorf("config client is nil")
 	}
 
 	// Check if the client has access to the configmap resource
 	if _, ok := c.accessCache[name.String()]; !ok {
+		// If this is the first time the client is accessing the resource and it does have
+		// permission, add it to the access cache so that it does not need to be checked again.
 		err := c.verifyAccessFunc("configmaps", name)
 		if err != nil {
 			return err
@@ -126,13 +135,16 @@ func (c *configClient) GetConfigMap(name types.NamespacedName, out *corev1.Confi
 	return nil
 }
 
+// GetSecret gets the secret with the given name and namespace and copies it into the out parameter.
 func (c *configClient) GetSecret(name types.NamespacedName, out *corev1.Secret) error {
 	if c == nil {
 		return fmt.Errorf("config client is nil")
 	}
 
 	// Check if the client has access to the secret resource
 	if _, ok := c.accessCache[name.String()]; !ok {
+		// If this is the first time the client is accessing the resource and it does have
+		// permission, add it to the access cache so that it does not need to be checked again.
 		err := c.verifyAccessFunc("secrets", name)
 		if err != nil {
 			return err

internal/issuer/util/configclient_test.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2023 The Keyfactor Command Authors.
+Copyright © 2023 Keyfactor
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

internal/issuer/util/util.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2023 The Keyfactor Command Authors.
+Copyright © 2023 Keyfactor
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -29,6 +29,7 @@ import (
 
 const inClusterNamespacePath = "/var/run/secrets/kubernetes.io/serviceaccount/namespace"
 
+// GetSpecAndStatus is a helper function that returns the Spec and Status of an Issuer object.
 func GetSpecAndStatus(issuer client.Object) (*commandissuer.IssuerSpec, *commandissuer.IssuerStatus, error) {
 	switch t := issuer.(type) {
 	case *commandissuer.Issuer:
@@ -40,6 +41,7 @@ func GetSpecAndStatus(issuer client.Object) (*commandissuer.IssuerSpec, *command
 	}
 }
 
+// SetReadyCondition is a helper function that sets the Ready condition on an IssuerStatus.
 func SetReadyCondition(status *commandissuer.IssuerStatus, conditionStatus commandissuer.ConditionStatus, reason, message string) {
 	ready := GetReadyCondition(status)
 	if ready == nil {
@@ -64,6 +66,7 @@ func SetReadyCondition(status *commandissuer.IssuerStatus, conditionStatus comma
 	}
 }
 
+// GetReadyCondition is a helper function that returns the Ready condition from an IssuerStatus.
 func GetReadyCondition(status *commandissuer.IssuerStatus) *commandissuer.IssuerCondition {
 	for _, c := range status.Conditions {
 		if c.Type == commandissuer.IssuerConditionReady {
@@ -73,6 +76,7 @@ func GetReadyCondition(status *commandissuer.IssuerStatus) *commandissuer.Issuer
 	return nil
 }
 
+// IsReady is a helper function that returns true if the Ready condition is set to True.
 func IsReady(status *commandissuer.IssuerStatus) bool {
 	if c := GetReadyCondition(status); c != nil {
 		return c.Status == commandissuer.ConditionTrue

main.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2023 The Keyfactor Command Authors.
+Copyright © 2023 Keyfactor
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.