Description

Another refactor PR to prepare for Secured Cluster certificates refresh, following #12825 and #13023. Like these other 2 PRs, it does not change any behaviour.

Changes in this PR

Some files are moved out of the localscanner package into the more generic certrefresh package (so that they can be reused for secured cluster certificate refresh):

• cert_refresher.go
• cert_expiration.go

Because the CertificateRequester interface (used in cert_refresher.go) was tightly coupled with a gRPC call type:

type CertificateRequester interface {
	Start()
	Stop()
	RequestCertificates(ctx context.Context) (*central.IssueLocalScannerCertsResponse, error)
}

I introduced an intermediate type called IssueCertsResponse, and moved it together with CertificateRequester into their own package (to prevent cyclic dependencies).

Finally, it also moves certrefresh/localscanner/tls_issuer.go to certrefresh/localscanner_tls_issuer.go. This might go against the logical structure of the directories, but it'll make it easier to share some common testing code with securedcluster_tls_issuer (coming in a future PR), and allows me to keep some internal types unexported. It also makes instantiating this component look a bit cleaner IMO: certrefresh.NewLocalScannerTLSIssuer vs localscanner.NewLocalScannerTLSIssuer previously.

Next steps

Following the merge of this PR, the actual implementation of certificate refresh for secured clusters will be next.

User-facing documentation

• CHANGELOG is updated OR update is not needed
• documentation PR is created and is linked above OR is not needed

Testing and quality

• the change is production ready: the change is GA or otherwise the functionality is gated by a feature flag
• CI results are inspected

Automated testing

• added unit tests
• added e2e tests
• added regression tests
• added compatibility tests
• modified existing tests

How I validated my change

Did not add new functionality, existing tests should check for regressions.