Merge pull request #764 from munnerz/fix-valid-orders

Wait for ACME Orders to be in 'ready' state before attempting finalization

contrib/charts/pebble/Chart.yaml

@@ -1,4 +1,4 @@
 apiVersion: v1
 description: A Helm chart for Kubernetes
 name: pebble
-version: 0.1.0
+version: 0.1.1

contrib/charts/pebble/values.yaml

@@ -1,7 +1,7 @@
 replicaCount: 1
 image:
   repository: quay.io/munnerz/pebble
-  tag: "20180323"
+  tag: "20180725"
   pullPolicy: IfNotPresent
 service:
   type: ClusterIP

pkg/issuer/acme/issue.go

@@ -48,6 +48,18 @@ func (a *Acme) obtainCertificate(ctx context.Context, crt *v1alpha1.Certificate)
 		return nil, nil, fmt.Errorf("error getting order details: %v", err)
 	}
 
+	if order.Status != acme.StatusReady {
+		err := fmt.Errorf("expected certificate status to be %q, but it is %q", acme.StatusReady, order.Status)
+		// print a more helpful message to users when an order is marked 'valid'.
+		// this happens when all challenges have been completed successfully, but
+		// the acme server has not finished processing the order.
+		if order.Status == acme.StatusValid {
+			err = fmt.Errorf("%v. Waiting until Order transitions into %q state", err, acme.StatusReady)
+		}
+		crt.UpdateStatusCondition(v1alpha1.CertificateConditionReady, v1alpha1.ConditionFalse, errorIssueError, err.Error(), false)
+		return nil, nil, err
+	}
+
 	// get existing certificate private key
 	key, err := kube.SecretTLSKey(a.secretsLister, crt.Namespace, crt.Spec.SecretName)
 	if k8sErrors.IsNotFound(err) || errors.IsInvalidData(err) {

test/chart/.testenv

@@ -13,8 +13,8 @@ CHART_DIRS=(
 
 # Charts that should be skipped
 EXCLUDED_CHARTS=(
-    pebble
-    vault
+    contrib/charts/pebble
+    contrib/charts/vault
 )
 
 # Additional chart repos to add (<name>=<url>), separated by a space