From 12363f91e2b64737fe9d1c592ea5d811dc0d8458 Mon Sep 17 00:00:00 2001
From: Jonathan Prates <jonathan.prates@farfetch.com>
Date: Fri, 30 Jul 2021 12:49:20 +0100
Subject: [PATCH] fix: move secretTemplate validations to validation package

Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
---
 .../internal/secretsmanager/BUILD.bazel       |  3 ---
 .../internal/secretsmanager/secret.go         | 13 -------------
 .../apis/certmanager/validation/BUILD.bazel   |  2 ++
 .../certmanager/validation/certificate.go     | 19 +++++++++++++++++++
 4 files changed, 21 insertions(+), 16 deletions(-)

diff --git a/pkg/controller/certificates/internal/secretsmanager/BUILD.bazel b/pkg/controller/certificates/internal/secretsmanager/BUILD.bazel
index 9c2491c21..66941f4b0 100644
--- a/pkg/controller/certificates/internal/secretsmanager/BUILD.bazel
+++ b/pkg/controller/certificates/internal/secretsmanager/BUILD.bazel
@@ -17,10 +17,7 @@ go_library(
         "@com_sslmate_software_src_go_pkcs12//:go_default_library",
         "@io_k8s_api//core/v1:go_default_library",
         "@io_k8s_apimachinery//pkg/api/errors:go_default_library",
-        "@io_k8s_apimachinery//pkg/api/validation:go_default_library",
         "@io_k8s_apimachinery//pkg/apis/meta/v1:go_default_library",
-        "@io_k8s_apimachinery//pkg/apis/meta/v1/validation:go_default_library",
-        "@io_k8s_apimachinery//pkg/util/validation/field:go_default_library",
         "@io_k8s_client_go//kubernetes:go_default_library",
         "@io_k8s_client_go//listers/core/v1:go_default_library",
     ],
diff --git a/pkg/controller/certificates/internal/secretsmanager/secret.go b/pkg/controller/certificates/internal/secretsmanager/secret.go
index dfe611ae5..286ea2585 100644
--- a/pkg/controller/certificates/internal/secretsmanager/secret.go
+++ b/pkg/controller/certificates/internal/secretsmanager/secret.go
@@ -25,13 +25,9 @@ import (
 	corev1 "k8s.io/api/core/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/util/validation/field"
 	"k8s.io/client-go/kubernetes"
 	corelisters "k8s.io/client-go/listers/core/v1"
 
-	metavalidation "k8s.io/apimachinery/pkg/api/validation"
-	v1validation "k8s.io/apimachinery/pkg/apis/meta/v1/validation"
-
 	apiutil "github.com/jetstack/cert-manager/pkg/api/util"
 	cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
 	cmmeta "github.com/jetstack/cert-manager/pkg/apis/meta/v1"
@@ -225,15 +221,6 @@ func (s *SecretsManager) setValues(crt *cmapi.Certificate, secret *corev1.Secret
 	}
 
 	if crt.Spec.SecretTemplate != nil {
-		if err := v1validation.ValidateLabels(
-			crt.Spec.SecretTemplate.Labels, field.NewPath("spec", "SecretTemplate", "labels")); len(err) > 0 {
-			return fmt.Errorf("secretTemplate has invalid labels: %v", err)
-		}
-		if err := metavalidation.ValidateAnnotations(
-			crt.Spec.SecretTemplate.Annotations, field.NewPath("spec", "SecretTemplate", "annotations")); len(err) > 0 {
-			return fmt.Errorf("secretTemplate has invalid annotations: %v", err)
-		}
-
 		for k, v := range crt.Spec.SecretTemplate.Labels {
 			secret.Labels[k] = v
 		}
diff --git a/pkg/internal/apis/certmanager/validation/BUILD.bazel b/pkg/internal/apis/certmanager/validation/BUILD.bazel
index aee38a363..0f6af108b 100644
--- a/pkg/internal/apis/certmanager/validation/BUILD.bazel
+++ b/pkg/internal/apis/certmanager/validation/BUILD.bazel
@@ -32,7 +32,9 @@ go_library(
         "@com_github_kr_pretty//:go_default_library",
         "@io_k8s_api//admission/v1:go_default_library",
         "@io_k8s_api//core/v1:go_default_library",
+        "@io_k8s_apimachinery//pkg/api/validation:go_default_library",
         "@io_k8s_apimachinery//pkg/apis/meta/v1:go_default_library",
+        "@io_k8s_apimachinery//pkg/apis/meta/v1/validation:go_default_library",
         "@io_k8s_apimachinery//pkg/runtime:go_default_library",
         "@io_k8s_apimachinery//pkg/runtime/schema:go_default_library",
         "@io_k8s_apimachinery//pkg/util/validation/field:go_default_library",
diff --git a/pkg/internal/apis/certmanager/validation/certificate.go b/pkg/internal/apis/certmanager/validation/certificate.go
index 941db4b52..e5777fa50 100644
--- a/pkg/internal/apis/certmanager/validation/certificate.go
+++ b/pkg/internal/apis/certmanager/validation/certificate.go
@@ -22,6 +22,8 @@ import (
 	"net/mail"
 
 	admissionv1 "k8s.io/api/admission/v1"
+	apivalidation "k8s.io/apimachinery/pkg/api/validation"
+	metavalidation "k8s.io/apimachinery/pkg/apis/meta/v1/validation"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/util/validation/field"
 
@@ -86,6 +88,15 @@ func ValidateCertificateSpec(crt *internalcmapi.CertificateSpec, fldPath *field.
 		el = append(el, field.Invalid(fldPath.Child("revisionHistoryLimit"), *crt.RevisionHistoryLimit, "must not be less than 1"))
 	}
 
+	if crt.SecretTemplate != nil {
+		if len(crt.SecretTemplate.Labels) > 0 {
+			el = append(el, validateSecretTemplateLabels(crt, fldPath)...)
+		}
+		if len(crt.SecretTemplate.Annotations) > 0 {
+			el = append(el, validateSecretTemplateAnnotations(crt, fldPath)...)
+		}
+	}
+
 	return el
 }
 
@@ -165,6 +176,14 @@ func validateUsages(a *internalcmapi.CertificateSpec, fldPath *field.Path) field
 	return el
 }
 
+func validateSecretTemplateLabels(crt *internalcmapi.CertificateSpec, fldPath *field.Path) field.ErrorList {
+	return metavalidation.ValidateLabels(crt.SecretTemplate.Labels, fldPath.Child("secretTemplate", "labels"))
+}
+
+func validateSecretTemplateAnnotations(crt *internalcmapi.CertificateSpec, fldPath *field.Path) field.ErrorList {
+	return apivalidation.ValidateAnnotations(crt.SecretTemplate.Annotations, fldPath.Child("secretTemplate", "annotations"))
+}
+
 func ValidateDuration(crt *internalcmapi.CertificateSpec, fldPath *field.Path) field.ErrorList {
 	el := field.ErrorList{}