Merge pull request #113 from jetstack-experimental/dnsname

Rename altNames field to dnsNames
2017-10-13 14:12:08 +01:00 · 2017-10-13 14:12:08 +01:00 · 0d4acf7af3
commit 0d4acf7af3
parent 45a67dc748 2600cb8e14
9 changed files with 18 additions and 12 deletions
--- a/README.md
+++ b/README.md
@ -131,7 +131,7 @@ spec:
  issuerRef:
    name: letsencrypt-staging
  # A list of domains to include on the TLS certificate
-  domains:
+  dnsNames:
  - example.com
  - www.example.com
  - example2.com
--- a/docs/examples/acme-cert.yaml
+++ b/docs/examples/acme-cert.yaml
@ -8,7 +8,7 @@ spec:
  secretName: cm-http-nginx-k8s-group
  issuerRef:
    name: letsencrypt-staging
-  domains:
+  dnsNames:
  - cm-http-nginx.k8s.group
  - cm-http-nginx2.k8s.group
  - cm-http-gce.k8s.group
--- a/docs/examples/ca-cert.yaml
+++ b/docs/examples/ca-cert.yaml
@ -11,5 +11,5 @@ spec:
    # We can reference ClusterIssuers by changing the kind here.
    # The default value is Issuer (i.e. a locally namespaced Issuer)
    kind: Issuer
-  domains:
+  dnsNames:
  - cert-manager.k8s.io
--- a/pkg/apis/certmanager/v1alpha1/types.go
+++ b/pkg/apis/certmanager/v1alpha1/types.go
@ -224,8 +224,8 @@ type CertificateList struct {
 type CertificateSpec struct {
 	// CommonName is a common name to be used on the Certificate
 	CommonName string `json:"commonName"`
-	// AltNames is a list of subject alt names to be used on the Certificate
-	AltNames []string `json:"altNames"`
+	// DNSNames is a list of subject alt names to be used on the Certificate
+	DNSNames []string `json:"dnsNames"`
 	// SecretName is the name of the secret resource to store this secret in
 	SecretName string `json:"secretName"`
 	// IssuerRef is a reference to the issuer for this certificate. If the
--- a/pkg/apis/certmanager/v1alpha1/zz_generated.deepcopy.go
+++ b/pkg/apis/certmanager/v1alpha1/zz_generated.deepcopy.go
@ -557,8 +557,8 @@ func (in *CertificateList) DeepCopyObject() runtime.Object {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *CertificateSpec) DeepCopyInto(out *CertificateSpec) {
 	*out = *in
-	if in.AltNames != nil {
-		in, out := &in.AltNames, &out.AltNames
+	if in.DNSNames != nil {
+		in, out := &in.DNSNames, &out.DNSNames
 		*out = make([]string, len(*in))
 		copy(*out, *in)
 	}
--- a/pkg/controller/certificates/sync.go
+++ b/pkg/controller/certificates/sync.go
@ -119,9 +119,15 @@ func (c *Controller) Sync(ctx context.Context, crt *v1alpha1.Certificate) (err e
 		return c.issue(ctx, i, crt)
 	}

+	expectedCN := crt.Spec.CommonName
+	if len(expectedCN) == 0 {
+		if len(crt.Spec.DNSNames) > 0 {
+			expectedCN = crt.Spec.DNSNames[0]
+		}
+	}
 	// if the certificate is valid for a list of domains other than those
 	// listed in the certificate spec, we should re-issue the certificate
-	if !util.EqualUnsorted(crt.Spec.AltNames, cert.DNSNames) {
+	if expectedCN != cert.Subject.CommonName || !util.EqualUnsorted(crt.Spec.DNSNames, cert.DNSNames) {
 		return c.issue(ctx, i, crt)
 	}

--- a/pkg/issuer/acme/issue.go
+++ b/pkg/issuer/acme/issue.go
@ -28,7 +28,7 @@ const (

 func (a *Acme) obtainCertificate(ctx context.Context, crt *v1alpha1.Certificate) ([]byte, []byte, error) {
 	commonName := crt.Spec.CommonName
-	altNames := crt.Spec.AltNames
+	altNames := crt.Spec.DNSNames
 	if len(commonName) == 0 && len(altNames) == 0 {
 		return nil, nil, fmt.Errorf("no domains specified on certificate")
 	}
--- a/pkg/issuer/acme/prepare.go
+++ b/pkg/issuer/acme/prepare.go
@ -217,7 +217,7 @@ func authorizationsToObtain(ctx context.Context, cl *acme.Client, crt v1alpha1.C
 			return false, nil
 		}
 		return checkAuthorization(ctx, cl, auth.URI)
-	}, append(crt.Spec.AltNames, crt.Spec.CommonName)...)
+	}, append(crt.Spec.DNSNames, crt.Spec.CommonName)...)

 	domains := make([]string, len(toAuthorize))
 	for i, v := range toAuthorize {
--- a/pkg/issuer/ca/issue.go
+++ b/pkg/issuer/ca/issue.go
@ -65,7 +65,7 @@ func (c *CA) Issue(ctx context.Context, crt *v1alpha1.Certificate) (v1alpha1.Cer

 func (c *CA) obtainCertificate(crt *v1alpha1.Certificate, signeeKey interface{}) ([]byte, error) {
 	commonName := crt.Spec.CommonName
-	altNames := crt.Spec.AltNames
+	altNames := crt.Spec.DNSNames
 	if len(commonName) == 0 && len(altNames) == 0 {
 		return nil, fmt.Errorf("no domains specified on certificate")
 	}
@ -121,7 +121,7 @@ func createCertificateTemplate(publicKey interface{}, commonName string, altName
 // publicKey is the public key of the signee, and signerKey is the private
 // key of the signer.
 func signCertificate(crt *v1alpha1.Certificate, issuerCert *x509.Certificate, publicKey interface{}, signerKey interface{}) ([]byte, *x509.Certificate, error) {
-	template, err := createCertificateTemplate(publicKey, crt.Spec.CommonName, crt.Spec.AltNames...)
+	template, err := createCertificateTemplate(publicKey, crt.Spec.CommonName, crt.Spec.DNSNames...)
 	if err != nil {
 		return nil, nil, fmt.Errorf("error creating x509 certificate template: %s", err.Error())
 	}