diff --git a/pkg/apis/certmanager/v1alpha1/types.go b/pkg/apis/certmanager/v1alpha1/types.go index dcc0b186d..8a50cd066 100644 --- a/pkg/apis/certmanager/v1alpha1/types.go +++ b/pkg/apis/certmanager/v1alpha1/types.go @@ -25,6 +25,7 @@ const ( CommonNameAnnotationKey = "certmanager.k8s.io/common-name" IssuerNameAnnotationKey = "certmanager.k8s.io/issuer-name" IssuerKindAnnotationKey = "certmanager.k8s.io/issuer-kind" + CertificateNameKey = "certmanager.k8s.io/certificate-name" ) // +genclient diff --git a/pkg/controller/certificates/sync.go b/pkg/controller/certificates/sync.go index 7b612ac39..aa98aa8e3 100644 --- a/pkg/controller/certificates/sync.go +++ b/pkg/controller/certificates/sync.go @@ -234,6 +234,12 @@ func (c *Controller) updateSecret(crt *v1alpha1.Certificate, namespace string, c secret.Annotations[v1alpha1.IssuerNameAnnotationKey] = crt.Spec.IssuerRef.Name secret.Annotations[v1alpha1.IssuerKindAnnotationKey] = issuerKind(crt) + if secret.Labels == nil { + secret.Labels = make(map[string]string) + } + + secret.Labels[v1alpha1.CertificateNameKey] = crt.Name + // if it is a new resource if secret.SelfLink == "" { secret, err = c.client.CoreV1().Secrets(namespace).Create(secret) diff --git a/test/e2e/framework/certificate.go b/test/e2e/framework/certificate.go index fa387da0c..f787a7424 100644 --- a/test/e2e/framework/certificate.go +++ b/test/e2e/framework/certificate.go @@ -49,4 +49,13 @@ func (f *Framework) WaitCertificateIssuedValidTimeout(c *v1alpha1.Certificate, t if expectedCN != cert.Subject.CommonName || !util.EqualUnsorted(cert.DNSNames, expectedDNSNames) { Failf("Expected certificate valid for CN %q, dnsNames %v but got a certificate valid for CN %q, dnsNames %v", expectedCN, expectedDNSNames, cert.Subject.CommonName, cert.DNSNames) } + + label, ok := secret.Labels[v1alpha1.CertificateNameKey] + if !ok { + Failf("Expected secret to have certificate-name label, but had none") + } + + if label != c.Name { + Failf("Expected secret to have certificate-name label with a value of %q, but got %q", c.Name, label) + } }