diff --git a/pkg/apis/certmanager/v1alpha3/types_certificate.go b/pkg/apis/certmanager/v1alpha3/types_certificate.go index 64c457815..3c7b4b43e 100644 --- a/pkg/apis/certmanager/v1alpha3/types_certificate.go +++ b/pkg/apis/certmanager/v1alpha3/types_certificate.go @@ -82,10 +82,6 @@ type CertificateSpec struct { // +optional CommonName string `json:"commonName,omitempty"` - // Organization is the organization to be used on the Certificate - // +optional - Organization []string `json:"organization,omitempty"` - // Certificate default Duration // +optional Duration *metav1.Duration `json:"duration,omitempty"` @@ -151,6 +147,9 @@ type CertificateSpec struct { // X509Subject Full X509 name specification type X509Subject struct { + // Organizations to be used on the Certificate. + // +optional + Organizations []string `json:"organizations,omitempty"` // Countries to be used on the Certificate. // +optional Countries []string `json:"countries,omitempty"` diff --git a/pkg/apis/certmanager/v1alpha3/zz_generated.deepcopy.go b/pkg/apis/certmanager/v1alpha3/zz_generated.deepcopy.go index 093891b76..fb5b6ae23 100644 --- a/pkg/apis/certmanager/v1alpha3/zz_generated.deepcopy.go +++ b/pkg/apis/certmanager/v1alpha3/zz_generated.deepcopy.go @@ -282,11 +282,6 @@ func (in *CertificateSpec) DeepCopyInto(out *CertificateSpec) { *out = new(X509Subject) (*in).DeepCopyInto(*out) } - if in.Organization != nil { - in, out := &in.Organization, &out.Organization - *out = make([]string, len(*in)) - copy(*out, *in) - } if in.Duration != nil { in, out := &in.Duration, &out.Duration *out = new(v1.Duration) @@ -761,6 +756,11 @@ func (in *VenafiTPP) DeepCopy() *VenafiTPP { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *X509Subject) DeepCopyInto(out *X509Subject) { *out = *in + if in.Organizations != nil { + in, out := &in.Organizations, &out.Organizations + *out = make([]string, len(*in)) + copy(*out, *in) + } if in.Countries != nil { in, out := &in.Countries, &out.Countries *out = make([]string, len(*in)) diff --git a/pkg/internal/apis/certmanager/types_certificate.go b/pkg/internal/apis/certmanager/types_certificate.go index 92b2cbfb1..cd3453a7c 100644 --- a/pkg/internal/apis/certmanager/types_certificate.go +++ b/pkg/internal/apis/certmanager/types_certificate.go @@ -72,10 +72,6 @@ type CertificateSpec struct { // +optional CommonName string `json:"commonName,omitempty"` - // Organization is the organization to be used on the Certificate - // +optional - Organization []string `json:"organization,omitempty"` - // Certificate default Duration // +optional Duration *metav1.Duration `json:"duration,omitempty"` @@ -141,6 +137,9 @@ type CertificateSpec struct { // X509Subject Full X509 name specification type X509Subject struct { + // Organizations to be used on the Certificate. + // +optional + Organizations []string `json:"organizations,omitempty"` // Countries to be used on the Certificate. // +optional Countries []string `json:"countries,omitempty"` diff --git a/pkg/internal/apis/certmanager/v1alpha2/BUILD.bazel b/pkg/internal/apis/certmanager/v1alpha2/BUILD.bazel index 965acc8f2..f1f4d1d96 100644 --- a/pkg/internal/apis/certmanager/v1alpha2/BUILD.bazel +++ b/pkg/internal/apis/certmanager/v1alpha2/BUILD.bazel @@ -3,6 +3,7 @@ load("@io_bazel_rules_go//go:def.bzl", "go_library") go_library( name = "go_default_library", srcs = [ + "conversion.go", "defaults.go", "doc.go", "register.go", diff --git a/pkg/internal/apis/certmanager/v1alpha2/conversion.go b/pkg/internal/apis/certmanager/v1alpha2/conversion.go new file mode 100644 index 000000000..04945d141 --- /dev/null +++ b/pkg/internal/apis/certmanager/v1alpha2/conversion.go @@ -0,0 +1,58 @@ +/* +Copyright 2019 The Jetstack cert-manager contributors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha2 + +import ( + "k8s.io/apimachinery/pkg/conversion" + + "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1alpha2" + "github.com/jetstack/cert-manager/pkg/internal/apis/certmanager" +) + +func Convert_v1alpha2_CertificateSpec_To_certmanager_CertificateSpec(in *v1alpha2.CertificateSpec, out *certmanager.CertificateSpec, s conversion.Scope) error { + if err := autoConvert_v1alpha2_CertificateSpec_To_certmanager_CertificateSpec(in, out, s); err != nil { + return err + } + + if len(in.Organization) > 0 { + if out.Subject == nil { + out.Subject = &certmanager.X509Subject{} + } + + out.Subject.Organizations = in.Organization + } + + return nil +} + +func Convert_certmanager_CertificateSpec_To_v1alpha2_CertificateSpec(in *certmanager.CertificateSpec, out *v1alpha2.CertificateSpec, s conversion.Scope) error { + if err := autoConvert_certmanager_CertificateSpec_To_v1alpha2_CertificateSpec(in, out, s); err != nil { + return err + } + + if in.Subject != nil { + out.Organization = in.Subject.Organizations + } else { + out.Organization = nil + } + + return nil +} + +func Convert_certmanager_X509Subject_To_v1alpha2_X509Subject(in *certmanager.X509Subject, out *v1alpha2.X509Subject, s conversion.Scope) error { + return autoConvert_certmanager_X509Subject_To_v1alpha2_X509Subject(in, out, s) +} diff --git a/pkg/internal/apis/certmanager/v1alpha2/zz_generated.conversion.go b/pkg/internal/apis/certmanager/v1alpha2/zz_generated.conversion.go index bfb860c0f..51e8bdbd8 100644 --- a/pkg/internal/apis/certmanager/v1alpha2/zz_generated.conversion.go +++ b/pkg/internal/apis/certmanager/v1alpha2/zz_generated.conversion.go @@ -131,16 +131,6 @@ func RegisterConversions(s *runtime.Scheme) error { }); err != nil { return err } - if err := s.AddGeneratedConversionFunc((*v1alpha2.CertificateSpec)(nil), (*certmanager.CertificateSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha2_CertificateSpec_To_certmanager_CertificateSpec(a.(*v1alpha2.CertificateSpec), b.(*certmanager.CertificateSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*certmanager.CertificateSpec)(nil), (*v1alpha2.CertificateSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_certmanager_CertificateSpec_To_v1alpha2_CertificateSpec(a.(*certmanager.CertificateSpec), b.(*v1alpha2.CertificateSpec), scope) - }); err != nil { - return err - } if err := s.AddGeneratedConversionFunc((*v1alpha2.CertificateStatus)(nil), (*certmanager.CertificateStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { return Convert_v1alpha2_CertificateStatus_To_certmanager_CertificateStatus(a.(*v1alpha2.CertificateStatus), b.(*certmanager.CertificateStatus), scope) }); err != nil { @@ -316,11 +306,21 @@ func RegisterConversions(s *runtime.Scheme) error { }); err != nil { return err } - if err := s.AddGeneratedConversionFunc((*certmanager.X509Subject)(nil), (*v1alpha2.X509Subject)(nil), func(a, b interface{}, scope conversion.Scope) error { + if err := s.AddConversionFunc((*certmanager.CertificateSpec)(nil), (*v1alpha2.CertificateSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_certmanager_CertificateSpec_To_v1alpha2_CertificateSpec(a.(*certmanager.CertificateSpec), b.(*v1alpha2.CertificateSpec), scope) + }); err != nil { + return err + } + if err := s.AddConversionFunc((*certmanager.X509Subject)(nil), (*v1alpha2.X509Subject)(nil), func(a, b interface{}, scope conversion.Scope) error { return Convert_certmanager_X509Subject_To_v1alpha2_X509Subject(a.(*certmanager.X509Subject), b.(*v1alpha2.X509Subject), scope) }); err != nil { return err } + if err := s.AddConversionFunc((*v1alpha2.CertificateSpec)(nil), (*certmanager.CertificateSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha2_CertificateSpec_To_certmanager_CertificateSpec(a.(*v1alpha2.CertificateSpec), b.(*certmanager.CertificateSpec), scope) + }); err != nil { + return err + } return nil } @@ -406,7 +406,17 @@ func Convert_certmanager_CertificateCondition_To_v1alpha2_CertificateCondition(i func autoConvert_v1alpha2_CertificateList_To_certmanager_CertificateList(in *v1alpha2.CertificateList, out *certmanager.CertificateList, s conversion.Scope) error { out.ListMeta = in.ListMeta - out.Items = *(*[]certmanager.Certificate)(unsafe.Pointer(&in.Items)) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]certmanager.Certificate, len(*in)) + for i := range *in { + if err := Convert_v1alpha2_Certificate_To_certmanager_Certificate(&(*in)[i], &(*out)[i], s); err != nil { + return err + } + } + } else { + out.Items = nil + } return nil } @@ -417,7 +427,17 @@ func Convert_v1alpha2_CertificateList_To_certmanager_CertificateList(in *v1alpha func autoConvert_certmanager_CertificateList_To_v1alpha2_CertificateList(in *certmanager.CertificateList, out *v1alpha2.CertificateList, s conversion.Scope) error { out.ListMeta = in.ListMeta - out.Items = *(*[]v1alpha2.Certificate)(unsafe.Pointer(&in.Items)) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]v1alpha2.Certificate, len(*in)) + for i := range *in { + if err := Convert_certmanager_Certificate_To_v1alpha2_Certificate(&(*in)[i], &(*out)[i], s); err != nil { + return err + } + } + } else { + out.Items = nil + } return nil } @@ -569,9 +589,17 @@ func Convert_certmanager_CertificateRequestStatus_To_v1alpha2_CertificateRequest } func autoConvert_v1alpha2_CertificateSpec_To_certmanager_CertificateSpec(in *v1alpha2.CertificateSpec, out *certmanager.CertificateSpec, s conversion.Scope) error { - out.Subject = (*certmanager.X509Subject)(unsafe.Pointer(in.Subject)) + if in.Subject != nil { + in, out := &in.Subject, &out.Subject + *out = new(certmanager.X509Subject) + if err := Convert_v1alpha2_X509Subject_To_certmanager_X509Subject(*in, *out, s); err != nil { + return err + } + } else { + out.Subject = nil + } out.CommonName = in.CommonName - out.Organization = *(*[]string)(unsafe.Pointer(&in.Organization)) + // WARNING: in.Organization requires manual conversion: does not exist in peer-type out.Duration = (*v1.Duration)(unsafe.Pointer(in.Duration)) out.RenewBefore = (*v1.Duration)(unsafe.Pointer(in.RenewBefore)) out.DNSNames = *(*[]string)(unsafe.Pointer(&in.DNSNames)) @@ -590,15 +618,17 @@ func autoConvert_v1alpha2_CertificateSpec_To_certmanager_CertificateSpec(in *v1a return nil } -// Convert_v1alpha2_CertificateSpec_To_certmanager_CertificateSpec is an autogenerated conversion function. -func Convert_v1alpha2_CertificateSpec_To_certmanager_CertificateSpec(in *v1alpha2.CertificateSpec, out *certmanager.CertificateSpec, s conversion.Scope) error { - return autoConvert_v1alpha2_CertificateSpec_To_certmanager_CertificateSpec(in, out, s) -} - func autoConvert_certmanager_CertificateSpec_To_v1alpha2_CertificateSpec(in *certmanager.CertificateSpec, out *v1alpha2.CertificateSpec, s conversion.Scope) error { - out.Subject = (*v1alpha2.X509Subject)(unsafe.Pointer(in.Subject)) + if in.Subject != nil { + in, out := &in.Subject, &out.Subject + *out = new(v1alpha2.X509Subject) + if err := Convert_certmanager_X509Subject_To_v1alpha2_X509Subject(*in, *out, s); err != nil { + return err + } + } else { + out.Subject = nil + } out.CommonName = in.CommonName - out.Organization = *(*[]string)(unsafe.Pointer(&in.Organization)) out.Duration = (*v1.Duration)(unsafe.Pointer(in.Duration)) out.RenewBefore = (*v1.Duration)(unsafe.Pointer(in.RenewBefore)) out.DNSNames = *(*[]string)(unsafe.Pointer(&in.DNSNames)) @@ -617,11 +647,6 @@ func autoConvert_certmanager_CertificateSpec_To_v1alpha2_CertificateSpec(in *cer return nil } -// Convert_certmanager_CertificateSpec_To_v1alpha2_CertificateSpec is an autogenerated conversion function. -func Convert_certmanager_CertificateSpec_To_v1alpha2_CertificateSpec(in *certmanager.CertificateSpec, out *v1alpha2.CertificateSpec, s conversion.Scope) error { - return autoConvert_certmanager_CertificateSpec_To_v1alpha2_CertificateSpec(in, out, s) -} - func autoConvert_v1alpha2_CertificateStatus_To_certmanager_CertificateStatus(in *v1alpha2.CertificateStatus, out *certmanager.CertificateStatus, s conversion.Scope) error { out.Conditions = *(*[]certmanager.CertificateCondition)(unsafe.Pointer(&in.Conditions)) out.LastFailureTime = (*v1.Time)(unsafe.Pointer(in.LastFailureTime)) @@ -1087,6 +1112,7 @@ func Convert_v1alpha2_X509Subject_To_certmanager_X509Subject(in *v1alpha2.X509Su } func autoConvert_certmanager_X509Subject_To_v1alpha2_X509Subject(in *certmanager.X509Subject, out *v1alpha2.X509Subject, s conversion.Scope) error { + // WARNING: in.Organizations requires manual conversion: does not exist in peer-type out.Countries = *(*[]string)(unsafe.Pointer(&in.Countries)) out.OrganizationalUnits = *(*[]string)(unsafe.Pointer(&in.OrganizationalUnits)) out.Localities = *(*[]string)(unsafe.Pointer(&in.Localities)) @@ -1096,8 +1122,3 @@ func autoConvert_certmanager_X509Subject_To_v1alpha2_X509Subject(in *certmanager out.SerialNumber = in.SerialNumber return nil } - -// Convert_certmanager_X509Subject_To_v1alpha2_X509Subject is an autogenerated conversion function. -func Convert_certmanager_X509Subject_To_v1alpha2_X509Subject(in *certmanager.X509Subject, out *v1alpha2.X509Subject, s conversion.Scope) error { - return autoConvert_certmanager_X509Subject_To_v1alpha2_X509Subject(in, out, s) -} diff --git a/pkg/internal/apis/certmanager/v1alpha3/zz_generated.conversion.go b/pkg/internal/apis/certmanager/v1alpha3/zz_generated.conversion.go index ac3fb2281..eb83852ef 100644 --- a/pkg/internal/apis/certmanager/v1alpha3/zz_generated.conversion.go +++ b/pkg/internal/apis/certmanager/v1alpha3/zz_generated.conversion.go @@ -571,7 +571,6 @@ func Convert_certmanager_CertificateRequestStatus_To_v1alpha3_CertificateRequest func autoConvert_v1alpha3_CertificateSpec_To_certmanager_CertificateSpec(in *v1alpha3.CertificateSpec, out *certmanager.CertificateSpec, s conversion.Scope) error { out.Subject = (*certmanager.X509Subject)(unsafe.Pointer(in.Subject)) out.CommonName = in.CommonName - out.Organization = *(*[]string)(unsafe.Pointer(&in.Organization)) out.Duration = (*v1.Duration)(unsafe.Pointer(in.Duration)) out.RenewBefore = (*v1.Duration)(unsafe.Pointer(in.RenewBefore)) out.DNSNames = *(*[]string)(unsafe.Pointer(&in.DNSNames)) @@ -598,7 +597,6 @@ func Convert_v1alpha3_CertificateSpec_To_certmanager_CertificateSpec(in *v1alpha func autoConvert_certmanager_CertificateSpec_To_v1alpha3_CertificateSpec(in *certmanager.CertificateSpec, out *v1alpha3.CertificateSpec, s conversion.Scope) error { out.Subject = (*v1alpha3.X509Subject)(unsafe.Pointer(in.Subject)) out.CommonName = in.CommonName - out.Organization = *(*[]string)(unsafe.Pointer(&in.Organization)) out.Duration = (*v1.Duration)(unsafe.Pointer(in.Duration)) out.RenewBefore = (*v1.Duration)(unsafe.Pointer(in.RenewBefore)) out.DNSNames = *(*[]string)(unsafe.Pointer(&in.DNSNames)) @@ -1071,6 +1069,7 @@ func Convert_certmanager_VenafiTPP_To_v1alpha3_VenafiTPP(in *certmanager.VenafiT } func autoConvert_v1alpha3_X509Subject_To_certmanager_X509Subject(in *v1alpha3.X509Subject, out *certmanager.X509Subject, s conversion.Scope) error { + out.Organizations = *(*[]string)(unsafe.Pointer(&in.Organizations)) out.Countries = *(*[]string)(unsafe.Pointer(&in.Countries)) out.OrganizationalUnits = *(*[]string)(unsafe.Pointer(&in.OrganizationalUnits)) out.Localities = *(*[]string)(unsafe.Pointer(&in.Localities)) @@ -1087,6 +1086,7 @@ func Convert_v1alpha3_X509Subject_To_certmanager_X509Subject(in *v1alpha3.X509Su } func autoConvert_certmanager_X509Subject_To_v1alpha3_X509Subject(in *certmanager.X509Subject, out *v1alpha3.X509Subject, s conversion.Scope) error { + out.Organizations = *(*[]string)(unsafe.Pointer(&in.Organizations)) out.Countries = *(*[]string)(unsafe.Pointer(&in.Countries)) out.OrganizationalUnits = *(*[]string)(unsafe.Pointer(&in.OrganizationalUnits)) out.Localities = *(*[]string)(unsafe.Pointer(&in.Localities)) diff --git a/pkg/internal/apis/certmanager/validation/certificate_for_issuer.go b/pkg/internal/apis/certmanager/validation/certificate_for_issuer.go index b40a536de..2788d0571 100644 --- a/pkg/internal/apis/certmanager/validation/certificate_for_issuer.go +++ b/pkg/internal/apis/certmanager/validation/certificate_for_issuer.go @@ -51,8 +51,8 @@ func ValidateCertificateForACMEIssuer(crt *cmapi.CertificateSpec, issuer *cmapi. el = append(el, field.Invalid(specPath.Child("isCA"), crt.KeyAlgorithm, "ACME does not support CA certificates")) } - if len(crt.Organization) != 0 { - el = append(el, field.Invalid(specPath.Child("organization"), crt.Organization, "ACME does not support setting the organization name")) + if crt.Subject != nil && len(crt.Subject.Organizations) != 0 { + el = append(el, field.Invalid(specPath.Child("subject", "organizations"), crt.Subject.Organizations, "ACME does not support setting the organization name")) } if crt.Duration != nil { @@ -73,8 +73,8 @@ func ValidateCertificateForVaultIssuer(crt *cmapi.CertificateSpec, issuer *cmapi el = append(el, field.Invalid(specPath.Child("isCA"), crt.KeyAlgorithm, "Vault issuer does not currently support CA certificates")) } - if len(crt.Organization) != 0 { - el = append(el, field.Invalid(specPath.Child("organization"), crt.Organization, "Vault issuer does not currently support setting the organization name")) + if crt.Subject != nil && len(crt.Subject.Organizations) != 0 { + el = append(el, field.Invalid(specPath.Child("subject", "organizations"), crt.Subject.Organizations, "Vault issuer does not currently support setting the organization name")) } return el diff --git a/pkg/internal/apis/certmanager/validation/certificate_for_issuer_test.go b/pkg/internal/apis/certmanager/validation/certificate_for_issuer_test.go index 1b53a6e82..34310759d 100644 --- a/pkg/internal/apis/certmanager/validation/certificate_for_issuer_test.go +++ b/pkg/internal/apis/certmanager/validation/certificate_for_issuer_test.go @@ -82,13 +82,15 @@ func TestValidateCertificateForIssuer(t *testing.T) { "acme certificate with organization set": { crt: &cmapi.Certificate{ Spec: cmapi.CertificateSpec{ - Organization: []string{"shouldfailorg"}, - IssuerRef: validIssuerRef, + Subject: &cmapi.X509Subject{ + Organizations: []string{"shouldfailorg"}, + }, + IssuerRef: validIssuerRef, }, }, issuer: acmeIssuer, errs: []*field.Error{ - field.Invalid(fldPath.Child("organization"), []string{"shouldfailorg"}, "ACME does not support setting the organization name"), + field.Invalid(fldPath.Child("subject", "organizations"), []string{"shouldfailorg"}, "ACME does not support setting the organization name"), }, }, "acme certificate with duration set": { diff --git a/pkg/internal/apis/certmanager/validation/certificate_test.go b/pkg/internal/apis/certmanager/validation/certificate_test.go index 2e026f54d..65c7cfca8 100644 --- a/pkg/internal/apis/certmanager/validation/certificate_test.go +++ b/pkg/internal/apis/certmanager/validation/certificate_test.go @@ -82,10 +82,12 @@ func TestValidateCertificate(t *testing.T) { "valid with org set": { cfg: &cmapi.Certificate{ Spec: cmapi.CertificateSpec{ - CommonName: "testcn", - SecretName: "abc", - Organization: []string{"testorg"}, - IssuerRef: validIssuerRef, + CommonName: "testcn", + SecretName: "abc", + Subject: &cmapi.X509Subject{ + Organizations: []string{"testorg"}, + }, + IssuerRef: validIssuerRef, }, }, }, diff --git a/pkg/internal/apis/certmanager/zz_generated.deepcopy.go b/pkg/internal/apis/certmanager/zz_generated.deepcopy.go index 91fbdd141..c61b8c754 100644 --- a/pkg/internal/apis/certmanager/zz_generated.deepcopy.go +++ b/pkg/internal/apis/certmanager/zz_generated.deepcopy.go @@ -282,11 +282,6 @@ func (in *CertificateSpec) DeepCopyInto(out *CertificateSpec) { *out = new(X509Subject) (*in).DeepCopyInto(*out) } - if in.Organization != nil { - in, out := &in.Organization, &out.Organization - *out = make([]string, len(*in)) - copy(*out, *in) - } if in.Duration != nil { in, out := &in.Duration, &out.Duration *out = new(v1.Duration) @@ -761,6 +756,11 @@ func (in *VenafiTPP) DeepCopy() *VenafiTPP { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *X509Subject) DeepCopyInto(out *X509Subject) { *out = *in + if in.Organizations != nil { + in, out := &in.Organizations, &out.Organizations + *out = make([]string, len(*in)) + copy(*out, *in) + } if in.Countries != nil { in, out := &in.Countries, &out.Countries *out = make([]string, len(*in))