Fix tests in ./pkg/controller/certificates/...

Signed-off-by: Richard Wall <richard.wall@jetstack.io>
2020-08-19 19:22:27 +01:00 · 2020-08-19 19:22:27 +01:00 · 01b5d0fa88
commit 01b5d0fa88
parent 758131ada2
8 changed files with 46 additions and 10 deletions
--- a/pkg/controller/certificates/internal/test/test.go
+++ b/pkg/controller/certificates/internal/test/test.go
@ -79,7 +79,11 @@ func MustCreateCryptoBundle(t *testing.T, crt *cmapi.Certificate, fixedClock *fa
 	return *c
 }

-func createCryptoBundle(crt *cmapi.Certificate, fixedClock *fakeclock.FakeClock) (*CryptoBundle, error) {
+func createCryptoBundle(originalCert *cmapi.Certificate, fixedClock *fakeclock.FakeClock) (*CryptoBundle, error) {
+	crt := originalCert.DeepCopy()
+	if crt.Spec.PrivateKey == nil {
+		crt.Spec.PrivateKey = &cmapi.CertificatePrivateKey{}
+	}
 	reqName, err := apiutil.ComputeCertificateRequestName(crt)
 	if err != nil {
 		return nil, err
@ -179,7 +183,7 @@ func createCryptoBundle(crt *cmapi.Certificate, fixedClock *fakeclock.FakeClock)
 	}

 	return &CryptoBundle{
-		Certificate:                            crt,
+		Certificate:                            originalCert,
 		ExpectedRequestName:                    reqName,
 		PrivateKey:                             privateKey,
 		PrivateKeyBytes:                        privateKeyBytes,
--- a/pkg/controller/certificates/issuing/issuing_controller.go
+++ b/pkg/controller/certificates/issuing/issuing_controller.go
@ -311,6 +311,11 @@ func (c *controller) failIssueCertificate(ctx context.Context, log logr.Logger,
 // certificate, and then store the certificate, CA and private key into the
 // Secret in the appropriate format type.
 func (c *controller) issueCertificate(ctx context.Context, nextRevision int, crt *cmapi.Certificate, req *cmapi.CertificateRequest, pk crypto.Signer) error {
+	crt = crt.DeepCopy()
+	if crt.Spec.PrivateKey == nil {
+		crt.Spec.PrivateKey = &cmapi.CertificatePrivateKey{}
+	}
+
 	pkData, err := utilpki.EncodePrivateKey(pk, crt.Spec.PrivateKey.Encoding)
 	if err != nil {
 		return err
@ -326,8 +331,6 @@ func (c *controller) issueCertificate(ctx context.Context, nextRevision int, crt
 		return err
 	}

-	crt = crt.DeepCopy()
-
 	//Set status.revision to revision of the CertificateRequest
 	crt.Status.Revision = &nextRevision

--- a/pkg/controller/certificates/issuing/temporary.go
+++ b/pkg/controller/certificates/issuing/temporary.go
@ -42,6 +42,11 @@ var temporaryCertificatePolicyChain = policies.Chain{
 // - If the Certificate/Key pair does not match the 'NextPrivateKey'
 // Returns true is a temporary certificate was issued
 func (c *controller) ensureTemporaryCertificate(ctx context.Context, crt *cmapi.Certificate, pk crypto.Signer) (bool, error) {
+	crt = crt.DeepCopy()
+	if crt.Spec.PrivateKey == nil {
+		crt.Spec.PrivateKey = &cmapi.CertificatePrivateKey{}
+	}
+
 	// If certificate does not have temporary certificate annotation, do nothing
 	if !certificateHasTemporaryCertificateAnnotation(crt) {
 		return false, nil
--- a/pkg/controller/certificates/requestmanager/util_test.go
+++ b/pkg/controller/certificates/requestmanager/util_test.go
@ -68,7 +68,11 @@ func mustCreateCryptoBundle(t *testing.T, crt *cmapi.Certificate) cryptoBundle {
 	return *c
 }

-func createCryptoBundle(crt *cmapi.Certificate) (*cryptoBundle, error) {
+func createCryptoBundle(originalCert *cmapi.Certificate) (*cryptoBundle, error) {
+	crt := originalCert.DeepCopy()
+	if crt.Spec.PrivateKey == nil {
+		crt.Spec.PrivateKey = &cmapi.CertificatePrivateKey{}
+	}
 	reqName, err := apiutil.ComputeCertificateRequestName(crt)
 	if err != nil {
 		return nil, err
@ -160,7 +164,7 @@ func createCryptoBundle(crt *cmapi.Certificate) (*cryptoBundle, error) {
 	)

 	return &cryptoBundle{
-		certificate:                            crt,
+		certificate:                            originalCert,
 		expectedRequestName:                    reqName,
 		privateKey:                             privateKey,
 		privateKeyBytes:                        privateKeyBytes,
--- a/pkg/controller/certificates/util.go
+++ b/pkg/controller/certificates/util.go
@ -29,11 +29,16 @@ import (
 	"k8s.io/apimachinery/pkg/util/sets"

 	cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
+	v1 "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
 	"github.com/jetstack/cert-manager/pkg/util"
 	"github.com/jetstack/cert-manager/pkg/util/pki"
 )

 func PrivateKeyMatchesSpec(pk crypto.PrivateKey, spec cmapi.CertificateSpec) ([]string, error) {
+	spec = *spec.DeepCopy()
+	if spec.PrivateKey == nil {
+		spec.PrivateKey = &v1.CertificatePrivateKey{}
+	}
 	switch spec.PrivateKey.Algorithm {
 	case "", cmapi.RSAKeyAlgorithm:
 		return rsaPrivateKeyMatchesSpec(pk, spec)
--- a/pkg/util/pki/csr.go
+++ b/pkg/util/pki/csr.go
@ -32,7 +32,7 @@ import (
 	"time"

 	apiutil "github.com/jetstack/cert-manager/pkg/api/util"
-	"github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
+	v1 "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
 )

 func IPAddressesForCertificate(crt *v1.Certificate) []net.IP {
@ -127,6 +127,9 @@ const defaultOrganization = "cert-manager"
 // Certificate resource.
 // If an Organization is not specifically set, a default will be used.
 func OrganizationForCertificate(crt *v1.Certificate) []string {
+	if crt.Spec.Subject == nil {
+		return nil
+	}
 	return crt.Spec.Subject.Organizations
 }

@ -445,7 +448,11 @@ func EncodeX509Chain(certs []*x509.Certificate) ([]byte, error) {
 func SignatureAlgorithm(crt *v1.Certificate) (x509.PublicKeyAlgorithm, x509.SignatureAlgorithm, error) {
 	var sigAlgo x509.SignatureAlgorithm
 	var pubKeyAlgo x509.PublicKeyAlgorithm
-	switch crt.Spec.PrivateKey.Algorithm {
+	var specAlgorithm v1.PrivateKeyAlgorithm
+	if crt.Spec.PrivateKey != nil {
+		specAlgorithm = crt.Spec.PrivateKey.Algorithm
+	}
+	switch specAlgorithm {
 	case v1.PrivateKeyAlgorithm(""):
 		// If keyAlgorithm is not specified, we default to rsa with keysize 2048
 		pubKeyAlgo = x509.RSA
--- a/pkg/util/pki/generate.go
+++ b/pkg/util/pki/generate.go
@ -25,7 +25,8 @@ import (
 	"crypto/x509"
 	"encoding/pem"
 	"fmt"
-	"github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
+
+	v1 "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
 )

 const (
@ -50,6 +51,10 @@ const (
 // parameters on the provided resource.
 // The returned key will either be RSA or ECDSA.
 func GeneratePrivateKeyForCertificate(crt *v1.Certificate) (crypto.Signer, error) {
+	crt = crt.DeepCopy()
+	if crt.Spec.PrivateKey == nil {
+		crt.Spec.PrivateKey = &v1.CertificatePrivateKey{}
+	}
 	switch crt.Spec.PrivateKey.Algorithm {
 	case v1.PrivateKeyAlgorithm(""), v1.RSAKeyAlgorithm:
 		keySize := MinRSAKeySize
--- a/test/unit/gen/certificate.go
+++ b/test/unit/gen/certificate.go
@ -22,7 +22,7 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"

-	"github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
+	v1 "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
 	cmmeta "github.com/jetstack/cert-manager/pkg/apis/meta/v1"
 )

@ -31,6 +31,9 @@ type CertificateModifier func(*v1.Certificate)
 func Certificate(name string, mods ...CertificateModifier) *v1.Certificate {
 	c := &v1.Certificate{
 		ObjectMeta: ObjectMeta(name),
+		Spec: v1.CertificateSpec{
+			PrivateKey: &v1.CertificatePrivateKey{},
+		},
 	}
 	for _, mod := range mods {
 		mod(c)