Correct private key size input for Certificates and remove minor version support

In cert-manager v1 API, the private key size "keySize" was updated to "size"
under "privateKey".
Support of minor (less than v1) API version is also removed for certificates.

Change-Id: If3fa0e296b8a1c2ab473e67b24d4465fe42a5268

helm-toolkit/Chart.yaml

@@ -15,7 +15,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Helm-Toolkit
 name: helm-toolkit
-version: 0.2.26
+version: 0.2.27
 home: https://docs.openstack.org/openstack-helm
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/OpenStack-Helm/OpenStack_Project_OpenStackHelm_vertical.png
 sources:

helm-toolkit/templates/manifests/_certificates.tpl

@@ -30,7 +30,8 @@ examples:
                   organization:
                     - ACME
                   commonName: keystone-api.openstack.svc.cluster.local
-                  keySize: 2048
+                  privateKey:
+                    size: 2048
                   usages:
                     - server auth
                     - client auth
@@ -55,55 +56,8 @@ examples:
         duration: 2160h
         issuerRef:
           name: ca-issuer
-        keySize: 2048
+        privateKey:
-        organization:
+          size: 2048
-        - ACME
-        secretName: keystone-tls-api
-        usages:
-        - server auth
-        - client auth
-
-  - values: |
-      cert_manager_version: v0.15.0
-      endpoints:
-        dashboard:
-          host_fqdn_override:
-            default:
-              host: null
-              tls:
-                secretName: keystone-tls-api
-                issuerRef:
-                  name: ca-issuer
-                  duration: 2160h
-                  organization:
-                    - ACME
-                  commonName: keystone-api.openstack.svc.cluster.local
-                  keySize: 2048
-                  usages:
-                    - server auth
-                    - client auth
-                  dnsNames:
-                    - cluster.local
-                  issuerRef:
-                    name: ca-issuer
-    usage: |
-      {{- $opts := dict "envAll" . "service" "dashboard" "type" "internal" -}}
-      {{ $opts | include "helm-toolkit.manifests.certificates" }}
-    return: |
-      ---
-      apiVersion: cert-manager.io/v1alpha3
-      kind: Certificate
-      metadata:
-        name: keystone-tls-api
-        namespace: NAMESPACE
-      spec:
-        commonName: keystone-api.openstack.svc.cluster.local
-        dnsNames:
-        - cluster.local
-        duration: 2160h
-        issuerRef:
-          name: ca-issuer
-        keySize: 2048
         organization:
         - ACME
         secretName: keystone-tls-api
@@ -125,11 +79,13 @@ examples:
 {{- $dnsNames := list $hostName (printf "%s.%s" $hostName $envAll.Release.Namespace) (printf "%s.%s.svc.%s" $hostName $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix) -}}
 {{- $_ := $dnsNames | set (index $envAll.Values.endpoints $service "host_fqdn_override" "default" "tls") "dnsNames" -}}
 {{- end -}}
-{{/* Default keySize to 4096. This can be overridden. */}}
+{{/* Default privateKey size to 4096. This can be overridden. */}}
-{{- if not (hasKey $slice "keySize") -}}
+{{- if not (hasKey $slice "privateKey") -}}
-{{- $_ := ( printf "%d" 4096 | atoi ) | set (index $envAll.Values.endpoints $service "host_fqdn_override" "default" "tls") "keySize" -}}
+{{- $_ := dict "size" ( printf "%d" 4096 | atoi ) | set (index $envAll.Values.endpoints $service "host_fqdn_override" "default" "tls") "privateKey" -}}
+{{- else if empty (index $envAll.Values.endpoints $service "host_fqdn_override" "default" "tls" "privateKey" "size") -}}
+{{- $_ := ( printf "%d" 4096 | atoi ) | set (index $envAll.Values.endpoints $service "host_fqdn_override" "default" "tls" "privateKey") "size" -}}
 {{- end -}}
-{{/* Default keySize to 3 months. Note the min is 720h. This can be overridden. */}}
+{{/* Default duration to 3 months. Note the min is 720h. This can be overridden. */}}
 {{- if not (hasKey $slice "duration") -}}
 {{- $_ := printf "%s" "2190h" | set (index $envAll.Values.endpoints $service "host_fqdn_override" "default" "tls") "duration" -}}
 {{- end -}}
@@ -141,16 +97,8 @@ examples:
 {{- if not (hasKey $slice "usages") -}}
 {{- $_ := (list "server auth" "client auth") | set (index $envAll.Values.endpoints $service "host_fqdn_override" "default" "tls") "usages" -}}
 {{- end -}}
-{{- $cert_manager_version := "v1.0.0" -}}
-{{- if $envAll.Values.cert_manager_version -}}
-{{- $cert_manager_version = $envAll.Values.cert_manager_version -}}
-{{- end -}}
 ---
-{{- if semverCompare "< v1.0.0"  $cert_manager_version }}
-apiVersion: cert-manager.io/v1alpha3
-{{- else }}
 apiVersion: cert-manager.io/v1
-{{- end }}
 kind: Certificate
 metadata:
   name: {{ index $envAll.Values.endpoints $service "host_fqdn_override" "default" "tls" "secretName" }}

releasenotes/notes/helm-toolkit.yaml

@@ -33,4 +33,5 @@ helm-toolkit:
   - 0.2.24 Migrate Ingress resources to networking.k8s.io/v1
   - 0.2.25 Set Security Context to ks-user job
   - 0.2.26 Revert Set Security Context to ks-user job
+  - 0.2.27 Correct private key size input for Certificates and remove minor version support
 ...