weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #2593 from JoshVanL/encode-openapi-validation

Browse Source 
Certificate KeySize encode openapi validation
This commit is contained in:
jetstack-bot 2020-02-17 11:42:24 +00:00 committed by GitHub
commit 2862c31386
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 16 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
deploy/charts/cert-manager/crds/certificates.yaml
View File

@ -150,6 +150,8 @@ spec:
and value must be one of (256, 384, 521) when KeyAlgorithm is set
to "ecdsa".
type: integer
maximum: 8192
minimum: 0
organization:
description: Organization is the organization to be used on the Certificate
type: array
@ -389,6 +391,8 @@ spec:
and value must be one of (256, 384, 521) when KeyAlgorithm is set
to "ecdsa".
type: integer
maximum: 8192
minimum: 0
renewBefore:
description: Certificate renew before expiration duration
type: string

4
deploy/manifests/00-crds.yaml
View File

@ -356,6 +356,8 @@ spec:
and value must be one of (256, 384, 521) when KeyAlgorithm is set
to "ecdsa".
type: integer
maximum: 8192
minimum: 0
organization:
description: Organization is the organization to be used on the Certificate
type: array
@ -595,6 +597,8 @@ spec:
and value must be one of (256, 384, 521) when KeyAlgorithm is set
to "ecdsa".
type: integer
maximum: 8192
minimum: 0
renewBefore:
description: Certificate renew before expiration duration
type: string

4
pkg/apis/certmanager/v1alpha2/types_certificate.go
View File

@ -133,6 +133,10 @@ type CertificateSpec struct {
// If provided, value must be between 2048 and 8192 inclusive when KeyAlgorithm is
// empty or is set to "rsa", and value must be one of (256, 384, 521) when
// KeyAlgorithm is set to "ecdsa".
// +kubebuilder:validation:ExclusiveMaximum=false
// +kubebuilder:validation:Maximum=8192
// +kubebuilder:validation:ExclusiveMinimum=false
// +kubebuilder:validation:Minimum=0
// +optional
KeySize int `json:"keySize,omitempty"`

4
pkg/apis/certmanager/v1alpha3/types_certificate.go
View File

@ -129,6 +129,10 @@ type CertificateSpec struct {
// If provided, value must be between 2048 and 8192 inclusive when KeyAlgorithm is
// empty or is set to "rsa", and value must be one of (256, 384, 521) when
// KeyAlgorithm is set to "ecdsa".
// +kubebuilder:validation:ExclusiveMaximum=false
// +kubebuilder:validation:Maximum=8192
// +kubebuilder:validation:ExclusiveMinimum=false
// +kubebuilder:validation:Minimum=0
// +optional
KeySize int `json:"keySize,omitempty"`

8
pkg/internal/apis/certmanager/validation/certificate.go
View File

@ -52,9 +52,6 @@ func ValidateCertificateSpec(crt *cmapi.CertificateSpec, fldPath *field.Path) fi
if len(crt.IPAddresses) > 0 {
el = append(el, validateIPAddresses(crt, fldPath)...)
}
if crt.KeySize < 0 {
el = append(el, field.Invalid(fldPath.Child("keySize"), crt.KeySize, "cannot be less than zero"))
}
switch crt.KeyAlgorithm {
case cmapi.KeyAlgorithm(""):
case cmapi.RSAKeyAlgorithm:
@ -75,11 +72,6 @@ func ValidateCertificateSpec(crt *cmapi.CertificateSpec, fldPath *field.Path) fi
if len(crt.Usages) > 0 {
el = append(el, validateUsages(crt, fldPath)...)
}
switch crt.KeyEncoding {
case cmapi.KeyEncoding(""), cmapi.PKCS1, cmapi.PKCS8:
default:
el = append(el, field.Invalid(fldPath.Child("keyEncoding"), crt.KeyEncoding, "must be either empty or one of pkcs1 or pkcs8"))
}
return el
}

13
pkg/internal/apis/certmanager/validation/certificate_test.go
View File

@ -244,19 +244,6 @@ func TestValidateCertificate(t *testing.T) {
},
},
},
"certificate with keysize less than zero": {
cfg: &cmapi.Certificate{
Spec: cmapi.CertificateSpec{
CommonName: "testcn",
SecretName: "abc",
IssuerRef: validIssuerRef,
KeySize: -99,
},
},
errs: []*field.Error{
field.Invalid(fldPath.Child("keySize"), -99, "cannot be less than zero"),
},
},
"certificate with rsa keyAlgorithm specified and invalid keysize 1024": {
cfg: &cmapi.Certificate{
Spec: cmapi.CertificateSpec{