From 003c1b12e8f5eebd40e0d406697a62c8f2ca112d Mon Sep 17 00:00:00 2001 From: Erik Godding Boye Date: Sun, 28 Apr 2024 17:29:35 +0200 Subject: [PATCH] Promote AdditionalCertificateOutputFormats feature gate to Beta and enable by default Signed-off-by: Erik Godding Boye --- deploy/crds/crd-certificates.yaml | 4 ++-- internal/apis/certmanager/types_certificate.go | 4 ++-- internal/controller/feature/features.go | 3 ++- internal/webhook/feature/features.go | 3 ++- pkg/apis/certmanager/v1/types_certificate.go | 4 ++-- pkg/controller/certificates/issuing/internal/secret_test.go | 6 ------ test/e2e/suite/certificates/additionaloutputformats.go | 2 -- test/e2e/suite/issuers/ca/certificate.go | 6 ------ test/integration/certificates/issuing_controller_test.go | 5 ----- 9 files changed, 10 insertions(+), 27 deletions(-) diff --git a/deploy/crds/crd-certificates.yaml b/deploy/crds/crd-certificates.yaml index 030921837..30ee0d85a 100644 --- a/deploy/crds/crd-certificates.yaml +++ b/deploy/crds/crd-certificates.yaml @@ -90,8 +90,8 @@ spec: to be written to this Certificate's target Secret. - This is an Alpha Feature and is only enabled with the - `--feature-gates=AdditionalCertificateOutputFormats=true` option set on both + This is a Beta Feature enabled by default. It can be disabled with the + `--feature-gates=AdditionalCertificateOutputFormats=false` option set on both the controller and webhook components. type: array items: diff --git a/internal/apis/certmanager/types_certificate.go b/internal/apis/certmanager/types_certificate.go index f966a1328..e3367d9bc 100644 --- a/internal/apis/certmanager/types_certificate.go +++ b/internal/apis/certmanager/types_certificate.go @@ -240,8 +240,8 @@ type CertificateSpec struct { // Defines extra output formats of the private key and signed certificate chain // to be written to this Certificate's target Secret. // - // This is an Alpha Feature and is only enabled with the - // `--feature-gates=AdditionalCertificateOutputFormats=true` option set on both + // This is a Beta Feature enabled by default. It can be disabled with the + // `--feature-gates=AdditionalCertificateOutputFormats=false` option set on both // the controller and webhook components. AdditionalOutputFormats []CertificateAdditionalOutputFormat diff --git a/internal/controller/feature/features.go b/internal/controller/feature/features.go index ee7d2adef..70dfbc0a2 100644 --- a/internal/controller/feature/features.go +++ b/internal/controller/feature/features.go @@ -64,6 +64,7 @@ const ( // Owner: @joshvanl // Alpha: v1.7 + // Beta: v1.15 // // AdditionalCertificateOutputFormats enable output additional format AdditionalCertificateOutputFormats featuregate.Feature = "AdditionalCertificateOutputFormats" @@ -153,7 +154,7 @@ var defaultCertManagerFeatureGates = map[featuregate.Feature]featuregate.Feature ValidateCAA: {Default: false, PreRelease: featuregate.Alpha}, ExperimentalCertificateSigningRequestControllers: {Default: false, PreRelease: featuregate.Alpha}, ExperimentalGatewayAPISupport: {Default: true, PreRelease: featuregate.Beta}, - AdditionalCertificateOutputFormats: {Default: false, PreRelease: featuregate.Alpha}, + AdditionalCertificateOutputFormats: {Default: true, PreRelease: featuregate.Beta}, ServerSideApply: {Default: false, PreRelease: featuregate.Alpha}, LiteralCertificateSubject: {Default: false, PreRelease: featuregate.Alpha}, UseCertificateRequestBasicConstraints: {Default: false, PreRelease: featuregate.Alpha}, diff --git a/internal/webhook/feature/features.go b/internal/webhook/feature/features.go index 4e8729525..04c1ae20a 100644 --- a/internal/webhook/feature/features.go +++ b/internal/webhook/feature/features.go @@ -42,6 +42,7 @@ const ( // Owner: @joshvanl // Alpha: v1.7.1 + // Beta: v1.15 // // AdditionalCertificateOutputFormats enable output additional format AdditionalCertificateOutputFormats featuregate.Feature = "AdditionalCertificateOutputFormats" @@ -94,7 +95,7 @@ func init() { var webhookFeatureGates = map[featuregate.Feature]featuregate.FeatureSpec{ DisallowInsecureCSRUsageDefinition: {Default: true, PreRelease: featuregate.GA}, - AdditionalCertificateOutputFormats: {Default: false, PreRelease: featuregate.Alpha}, + AdditionalCertificateOutputFormats: {Default: true, PreRelease: featuregate.Beta}, LiteralCertificateSubject: {Default: false, PreRelease: featuregate.Alpha}, NameConstraints: {Default: false, PreRelease: featuregate.Alpha}, OtherNames: {Default: false, PreRelease: featuregate.Alpha}, diff --git a/pkg/apis/certmanager/v1/types_certificate.go b/pkg/apis/certmanager/v1/types_certificate.go index 0d0556b76..0448cf395 100644 --- a/pkg/apis/certmanager/v1/types_certificate.go +++ b/pkg/apis/certmanager/v1/types_certificate.go @@ -265,8 +265,8 @@ type CertificateSpec struct { // Defines extra output formats of the private key and signed certificate chain // to be written to this Certificate's target Secret. // - // This is an Alpha Feature and is only enabled with the - // `--feature-gates=AdditionalCertificateOutputFormats=true` option set on both + // This is a Beta Feature enabled by default. It can be disabled with the + // `--feature-gates=AdditionalCertificateOutputFormats=false` option set on both // the controller and webhook components. // +optional AdditionalOutputFormats []CertificateAdditionalOutputFormat `json:"additionalOutputFormats,omitempty"` diff --git a/pkg/controller/certificates/issuing/internal/secret_test.go b/pkg/controller/certificates/issuing/internal/secret_test.go index 0d8c4fc99..4e0ae829a 100644 --- a/pkg/controller/certificates/issuing/internal/secret_test.go +++ b/pkg/controller/certificates/issuing/internal/secret_test.go @@ -24,9 +24,7 @@ import ( "testing" "time" - "github.com/cert-manager/cert-manager/internal/controller/feature" testpkg "github.com/cert-manager/cert-manager/pkg/controller/test" - utilfeature "github.com/cert-manager/cert-manager/pkg/util/feature" "github.com/stretchr/testify/assert" corev1 "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" @@ -34,7 +32,6 @@ import ( apitypes "k8s.io/apimachinery/pkg/types" applycorev1 "k8s.io/client-go/applyconfigurations/core/v1" applymetav1 "k8s.io/client-go/applyconfigurations/meta/v1" - featuregatetesting "k8s.io/component-base/featuregate/testing" fakeclock "k8s.io/utils/clock/testing" "k8s.io/utils/ptr" @@ -58,9 +55,6 @@ var ( // SecretsManager. // See: https://github.com/kubernetes/client-go/issues/970 func Test_SecretsManager(t *testing.T) { - // Enable feature gate additional private key for this test - defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultMutableFeatureGate, feature.AdditionalCertificateOutputFormats, true)() - baseCert := gen.Certificate("test", gen.SetCertificateIssuer(cmmeta.ObjectReference{Name: "ca-issuer", Kind: "Issuer", Group: "foo.io"}), gen.SetCertificateSecretName("output"), diff --git a/test/e2e/suite/certificates/additionaloutputformats.go b/test/e2e/suite/certificates/additionaloutputformats.go index 3d2938980..84edbfb0d 100644 --- a/test/e2e/suite/certificates/additionaloutputformats.go +++ b/test/e2e/suite/certificates/additionaloutputformats.go @@ -50,8 +50,6 @@ var _ = framework.CertManagerDescribe("Certificate AdditionalCertificateOutputFo ) createCertificate := func(f *framework.Framework, aof []cmapi.CertificateAdditionalOutputFormat) (string, *cmapi.Certificate) { - framework.RequireFeatureGate(f, utilfeature.DefaultFeatureGate, feature.AdditionalCertificateOutputFormats) - crt := &cmapi.Certificate{ ObjectMeta: metav1.ObjectMeta{ GenerateName: "test-additional-output-formats-", diff --git a/test/e2e/suite/issuers/ca/certificate.go b/test/e2e/suite/issuers/ca/certificate.go index 17e72b60b..a247173b3 100644 --- a/test/e2e/suite/issuers/ca/certificate.go +++ b/test/e2e/suite/issuers/ca/certificate.go @@ -26,10 +26,8 @@ import ( "github.com/cert-manager/cert-manager/e2e-tests/framework" "github.com/cert-manager/cert-manager/e2e-tests/util" - "github.com/cert-manager/cert-manager/internal/controller/feature" v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" - utilfeature "github.com/cert-manager/cert-manager/pkg/util/feature" "github.com/cert-manager/cert-manager/test/unit/gen" ) @@ -153,10 +151,6 @@ var _ = framework.CertManagerDescribe("CA Certificate", func() { }) It("should be able to create a certificate with additional output formats", func() { - // Output formats is only enabled via this feature gate being enabled. - // Don't run test if the gate isn't enabled. - framework.RequireFeatureGate(f, utilfeature.DefaultFeatureGate, feature.AdditionalCertificateOutputFormats) - certClient := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name) By("Creating a Certificate") diff --git a/test/integration/certificates/issuing_controller_test.go b/test/integration/certificates/issuing_controller_test.go index 1a51377e5..52a75a5d4 100644 --- a/test/integration/certificates/issuing_controller_test.go +++ b/test/integration/certificates/issuing_controller_test.go @@ -37,7 +37,6 @@ import ( "k8s.io/utils/ptr" "github.com/cert-manager/cert-manager/integration-tests/framework" - "github.com/cert-manager/cert-manager/internal/webhook/feature" apiutil "github.com/cert-manager/cert-manager/pkg/api/util" cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" @@ -45,11 +44,9 @@ import ( "github.com/cert-manager/cert-manager/pkg/controller/certificates/issuing" logf "github.com/cert-manager/cert-manager/pkg/logs" "github.com/cert-manager/cert-manager/pkg/metrics" - utilfeature "github.com/cert-manager/cert-manager/pkg/util/feature" utilpki "github.com/cert-manager/cert-manager/pkg/util/pki" testcrypto "github.com/cert-manager/cert-manager/test/unit/crypto" "github.com/cert-manager/cert-manager/test/unit/gen" - featuregatetesting "k8s.io/component-base/featuregate/testing" ) // TestIssuingController performs a basic test to ensure that the issuing @@ -748,8 +745,6 @@ func Test_IssuingController_SecretTemplate(t *testing.T) { // ensure that values in a Certificate's AddiationOutputFormats will be copied // to the target Secret- when they are both added and deleted. func Test_IssuingController_AdditionalOutputFormats(t *testing.T) { - defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, feature.AdditionalCertificateOutputFormats, true)() - ctx, cancel := context.WithTimeout(context.Background(), time.Second*40) defer cancel()