Merge pull request #719 from kragniz/secret-certificate-name-label

Add certificate-name label to created secrets

pkg/apis/certmanager/v1alpha1/types.go

@@ -25,6 +25,7 @@ const (
 	CommonNameAnnotationKey = "certmanager.k8s.io/common-name"
 	IssuerNameAnnotationKey = "certmanager.k8s.io/issuer-name"
 	IssuerKindAnnotationKey = "certmanager.k8s.io/issuer-kind"
+	CertificateNameKey      = "certmanager.k8s.io/certificate-name"
 )
 
 // +genclient

pkg/controller/certificates/sync.go

@@ -234,6 +234,12 @@ func (c *Controller) updateSecret(crt *v1alpha1.Certificate, namespace string, c
 	secret.Annotations[v1alpha1.IssuerNameAnnotationKey] = crt.Spec.IssuerRef.Name
 	secret.Annotations[v1alpha1.IssuerKindAnnotationKey] = issuerKind(crt)
 
+	if secret.Labels == nil {
+		secret.Labels = make(map[string]string)
+	}
+
+	secret.Labels[v1alpha1.CertificateNameKey] = crt.Name
+
 	// if it is a new resource
 	if secret.SelfLink == "" {
 		secret, err = c.client.CoreV1().Secrets(namespace).Create(secret)

test/e2e/framework/certificate.go

@@ -49,4 +49,13 @@ func (f *Framework) WaitCertificateIssuedValidTimeout(c *v1alpha1.Certificate, t
 	if expectedCN != cert.Subject.CommonName || !util.EqualUnsorted(cert.DNSNames, expectedDNSNames) {
 		Failf("Expected certificate valid for CN %q, dnsNames %v but got a certificate valid for CN %q, dnsNames %v", expectedCN, expectedDNSNames, cert.Subject.CommonName, cert.DNSNames)
 	}
+
+	label, ok := secret.Labels[v1alpha1.CertificateNameKey]
+	if !ok {
+		Failf("Expected secret to have certificate-name label, but had none")
+	}
+
+	if label != c.Name {
+		Failf("Expected secret to have certificate-name label with a value of %q, but got %q", c.Name, label)
+	}
 }