weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

spelling: e.g.

Browse Source 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
This commit is contained in:
Josh Soref 2025-05-07 14:39:55 -04:00
parent 368be4bbfd
commit 5ad454a65d
56 changed files with 114 additions and 114 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.github/ISSUE_TEMPLATE/bug.md vendored
View File

@ -7,7 +7,7 @@ about: Report a bug to help us improve cert-manager
<!--
Bugs should be filed for issues encountered whilst operating cert-manager.
You should first attempt to resolve your issues through the community support
channels, e.g. Slack, in order to rule out individual configuration errors.
channels, e.g., Slack, in order to rule out individual configuration errors.
Please provide as much detail as possible.
-->
@ -34,6 +34,6 @@ gain an understanding of the problem.-->
- Kubernetes version:
- Cloud-provider/provisioner:
- cert-manager version:
- Install method: e.g. helm/static manifests
- Install method: e.g., helm/static manifests
/kind bug

2
.github/ISSUE_TEMPLATE/feature-request.md vendored
View File

@ -20,7 +20,7 @@ about: Suggest an idea to improve cert-manager
- Kubernetes version:
- Cloud-provider/provisioner:
- cert-manager version:
- Install method: e.g. helm/static manifests
- Install method: e.g., helm/static manifests
/kind feature

2
cmd/cainjector/app/cainjector.go
View File

@ -113,7 +113,7 @@ servers and webhook servers.`,
options.AddConfigFlags(cmd.Flags(), cainjectorConfig)
// explicitly set provided args in case it does not equal os.Args[:1],
// eg. when running tests
// e.g., when running tests
cmd.SetArgs(allArgs)
return cmd

2
cmd/controller/app/start.go
View File

@ -123,7 +123,7 @@ to renew certificates at an appropriate time before expiry.`,
options.AddConfigFlags(cmd.Flags(), controllerConfig)
// explicitly set provided args in case it does not equal os.Args[:1],
// eg. when running tests
// e.g., when running tests
cmd.SetArgs(allArgs)
return cmd

2
cmd/startupapicheck/pkg/check/api/api.go
View File

@ -83,7 +83,7 @@ required webhooks are reachable by the K8S API server.`,
},
}
cmd.Flags().DurationVar(&o.Wait, "wait", 0, "Wait until the cert-manager API is ready (default 0s = poll once)")
cmd.Flags().DurationVar(&o.Interval, "interval", 5*time.Second, "Time between checks when waiting, must include unit, e.g. 1m or 10m")
cmd.Flags().DurationVar(&o.Interval, "interval", 5*time.Second, "Time between checks when waiting, must include unit, e.g., 1m or 10m")
o.Factory = factory.New(cmd)

2
cmd/webhook/app/webhook.go
View File

@ -120,7 +120,7 @@ functionality for cert-manager.`,
options.AddConfigFlags(cmd.Flags(), webhookConfig)
// explicitly set provided args in case it does not equal os.Args[:1],
// eg. when running tests
// e.g., when running tests
cmd.SetArgs(allArgs)
return cmd

16
deploy/charts/cert-manager/README.template.md
View File

@ -237,13 +237,13 @@ This prevents downtime during voluntary disruptions such as during a Node upgrad
Pod is currently running.
#### **podDisruptionBudget.minAvailable** ~ `unknown`
This configures the minimum available pods for disruptions. It can either be set to an integer (e.g. 1) or a percentage value (e.g. 25%).
This configures the minimum available pods for disruptions. It can either be set to an integer (e.g., 1) or a percentage value (e.g., 25%).
It cannot be used if `maxUnavailable` is set.
#### **podDisruptionBudget.maxUnavailable** ~ `unknown`
This configures the maximum unavailable pods for disruptions. It can either be set to an integer (e.g. 1) or a percentage value (e.g. 25%). it cannot be used if `minAvailable` is set.
This configures the maximum unavailable pods for disruptions. It can either be set to an integer (e.g., 1) or a percentage value (e.g., 25%). it cannot be used if `minAvailable` is set.
#### **featureGates** ~ `string`
@ -307,7 +307,7 @@ Override the "cert-manager.fullname" value. This value is used as part of most o
#### **nameOverride** ~ `string`
Override the "cert-manager.name" value, which is used to annotate some of the resources that are created by this Chart (using "app.kubernetes.io/name"). NOTE: There are some inconsistencies in the Helm chart when it comes to these annotations (some resources use eg. "cainjector.name" which resolves to the value "cainjector").
Override the "cert-manager.name" value, which is used to annotate some of the resources that are created by this Chart (using "app.kubernetes.io/name"). NOTE: There are some inconsistencies in the Helm chart when it comes to these annotations (some resources use, e.g., "cainjector.name" which resolves to the value "cainjector").
#### **serviceAccount.create** ~ `bool`
> Default value:
@ -432,7 +432,7 @@ Option to disable cert-manager's build-in auto-approver. The auto-approver appro
> - clusterissuers.cert-manager.io/*
> ```
List of signer names that cert-manager will approve by default. CertificateRequests referencing these signer names will be auto-approved by cert-manager. Defaults to just approving the cert-manager.io Issuer and ClusterIssuer issuers. When set to an empty array, ALL issuers will be auto-approved by cert-manager. To disable the auto-approval, because eg. you are using approver-policy, you can enable 'disableAutoApproval'.
List of signer names that cert-manager will approve by default. CertificateRequests referencing these signer names will be auto-approved by cert-manager. Defaults to just approving the cert-manager.io Issuer and ClusterIssuer issuers. When set to an empty array, ALL issuers will be auto-approved by cert-manager. To disable the auto-approval, because, e.g., you are using approver-policy, you can enable 'disableAutoApproval'.
ref: https://cert-manager.io/docs/concepts/certificaterequest/#approval
#### **extraArgs** ~ `array`
@ -976,13 +976,13 @@ This prevents downtime during voluntary disruptions such as during a Node upgrad
Pod is currently running.
#### **webhook.podDisruptionBudget.minAvailable** ~ `unknown`
This property configures the minimum available pods for disruptions. Can either be set to an integer (e.g. 1) or a percentage value (e.g. 25%).
This property configures the minimum available pods for disruptions. Can either be set to an integer (e.g., 1) or a percentage value (e.g., 25%).
It cannot be used if `maxUnavailable` is set.
#### **webhook.podDisruptionBudget.maxUnavailable** ~ `unknown`
This property configures the maximum unavailable pods for disruptions. Can either be set to an integer (e.g. 1) or a percentage value (e.g. 25%).
This property configures the maximum unavailable pods for disruptions. Can either be set to an integer (e.g., 1) or a percentage value (e.g., 25%).
It cannot be used if `minAvailable` is set.
@ -1449,14 +1449,14 @@ Pod is currently running.
#### **cainjector.podDisruptionBudget.minAvailable** ~ `unknown`
`minAvailable` configures the minimum available pods for disruptions. It can either be set to
an integer (e.g. 1) or a percentage value (e.g. 25%).
an integer (e.g., 1) or a percentage value (e.g., 25%).
Cannot be used if `maxUnavailable` is set.
#### **cainjector.podDisruptionBudget.maxUnavailable** ~ `unknown`
`maxUnavailable` configures the maximum unavailable pods for disruptions. It can either be set to
an integer (e.g. 1) or a percentage value (e.g. 25%).
an integer (e.g., 1) or a percentage value (e.g., 25%).
Cannot be used if `minAvailable` is set.

16
deploy/charts/cert-manager/values.schema.json
View File

@ -236,7 +236,7 @@
"issuers.cert-manager.io/*",
"clusterissuers.cert-manager.io/*"
],
"description": "List of signer names that cert-manager will approve by default. CertificateRequests referencing these signer names will be auto-approved by cert-manager. Defaults to just approving the cert-manager.io Issuer and ClusterIssuer issuers. When set to an empty array, ALL issuers will be auto-approved by cert-manager. To disable the auto-approval, because eg. you are using approver-policy, you can enable 'disableAutoApproval'.\nref: https://cert-manager.io/docs/concepts/certificaterequest/#approval",
"description": "List of signer names that cert-manager will approve by default. CertificateRequests referencing these signer names will be auto-approved by cert-manager. Defaults to just approving the cert-manager.io Issuer and ClusterIssuer issuers. When set to an empty array, ALL issuers will be auto-approved by cert-manager. To disable the auto-approval, because, e.g., you are using approver-policy, you can enable 'disableAutoApproval'.\nref: https://cert-manager.io/docs/concepts/certificaterequest/#approval",
"items": {},
"type": "array"
},
@ -461,10 +461,10 @@
"type": "boolean"
},
"helm-values.cainjector.podDisruptionBudget.maxUnavailable": {
"description": "`maxUnavailable` configures the maximum unavailable pods for disruptions. It can either be set to\nan integer (e.g. 1) or a percentage value (e.g. 25%).\nCannot be used if `minAvailable` is set."
"description": "`maxUnavailable` configures the maximum unavailable pods for disruptions. It can either be set to\nan integer (e.g., 1) or a percentage value (e.g., 25%).\nCannot be used if `minAvailable` is set."
},
"helm-values.cainjector.podDisruptionBudget.minAvailable": {
"description": "`minAvailable` configures the minimum available pods for disruptions. It can either be set to\nan integer (e.g. 1) or a percentage value (e.g. 25%).\nCannot be used if `maxUnavailable` is set."
"description": "`minAvailable` configures the minimum available pods for disruptions. It can either be set to\nan integer (e.g., 1) or a percentage value (e.g., 25%).\nCannot be used if `maxUnavailable` is set."
},
"helm-values.cainjector.podLabels": {
"default": {},
@ -929,7 +929,7 @@
"type": "number"
},
"helm-values.nameOverride": {
"description": "Override the \"cert-manager.name\" value, which is used to annotate some of the resources that are created by this Chart (using \"app.kubernetes.io/name\"). NOTE: There are some inconsistencies in the Helm chart when it comes to these annotations (some resources use eg. \"cainjector.name\" which resolves to the value \"cainjector\").",
"description": "Override the \"cert-manager.name\" value, which is used to annotate some of the resources that are created by this Chart (using \"app.kubernetes.io/name\"). NOTE: There are some inconsistencies in the Helm chart when it comes to these annotations (some resources use, e.g., \"cainjector.name\" which resolves to the value \"cainjector\").",
"type": "string"
},
"helm-values.namespace": {
@ -973,10 +973,10 @@
"type": "boolean"
},
"helm-values.podDisruptionBudget.maxUnavailable": {
"description": "This configures the maximum unavailable pods for disruptions. It can either be set to an integer (e.g. 1) or a percentage value (e.g. 25%). it cannot be used if `minAvailable` is set."
"description": "This configures the maximum unavailable pods for disruptions. It can either be set to an integer (e.g., 1) or a percentage value (e.g., 25%). it cannot be used if `minAvailable` is set."
},
"helm-values.podDisruptionBudget.minAvailable": {
"description": "This configures the minimum available pods for disruptions. It can either be set to an integer (e.g. 1) or a percentage value (e.g. 25%).\nIt cannot be used if `maxUnavailable` is set."
"description": "This configures the minimum available pods for disruptions. It can either be set to an integer (e.g., 1) or a percentage value (e.g., 25%).\nIt cannot be used if `maxUnavailable` is set."
},
"helm-values.podDnsConfig": {
"description": "Pod DNS configuration. The podDnsConfig field is optional and can work with any podDnsPolicy settings. However, when a Pod's dnsPolicy is set to \"None\", the dnsConfig field has to be specified. For more information, see [Pod's DNS Config](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config).",
@ -1956,10 +1956,10 @@
"type": "boolean"
},
"helm-values.webhook.podDisruptionBudget.maxUnavailable": {
"description": "This property configures the maximum unavailable pods for disruptions. Can either be set to an integer (e.g. 1) or a percentage value (e.g. 25%).\nIt cannot be used if `minAvailable` is set."
"description": "This property configures the maximum unavailable pods for disruptions. Can either be set to an integer (e.g., 1) or a percentage value (e.g., 25%).\nIt cannot be used if `minAvailable` is set."
},
"helm-values.webhook.podDisruptionBudget.minAvailable": {
"description": "This property configures the minimum available pods for disruptions. Can either be set to an integer (e.g. 1) or a percentage value (e.g. 25%).\nIt cannot be used if `maxUnavailable` is set."
"description": "This property configures the minimum available pods for disruptions. Can either be set to an integer (e.g., 1) or a percentage value (e.g., 25%).\nIt cannot be used if `maxUnavailable` is set."
},
"helm-values.webhook.podLabels": {
"default": {},

16
deploy/charts/cert-manager/values.yaml
View File

@ -120,14 +120,14 @@ podDisruptionBudget:
enabled: false
# This configures the minimum available pods for disruptions. It can either be set to
# an integer (e.g. 1) or a percentage value (e.g. 25%).
# an integer (e.g., 1) or a percentage value (e.g., 25%).
# It cannot be used if `maxUnavailable` is set.
# +docs:property
# +docs:type=unknown
# minAvailable: 1
# This configures the maximum unavailable pods for disruptions. It can either be set to
# an integer (e.g. 1) or a percentage value (e.g. 25%).
# an integer (e.g., 1) or a percentage value (e.g., 25%).
# it cannot be used if `minAvailable` is set.
# +docs:property
# +docs:type=unknown
@ -179,7 +179,7 @@ namespace: ""
# Override the "cert-manager.name" value, which is used to annotate some of
# the resources that are created by this Chart (using "app.kubernetes.io/name").
# NOTE: There are some inconsistencies in the Helm chart when it comes to
# these annotations (some resources use eg. "cainjector.name" which resolves
# these annotations (some resources use, e.g., "cainjector.name" which resolves
# to the value "cainjector").
# +docs:property
# nameOverride: "my-cert-manager"
@ -281,7 +281,7 @@ disableAutoApproval: false
# referencing these signer names will be auto-approved by cert-manager. Defaults to just
# approving the cert-manager.io Issuer and ClusterIssuer issuers. When set to an empty
# array, ALL issuers will be auto-approved by cert-manager. To disable the auto-approval,
# because eg. you are using approver-policy, you can enable 'disableAutoApproval'.
# because, e.g., you are using approver-policy, you can enable 'disableAutoApproval'.
# ref: https://cert-manager.io/docs/concepts/certificaterequest/#approval
# +docs:property
approveSignerNames:
@ -709,14 +709,14 @@ webhook:
enabled: false
# This property configures the minimum available pods for disruptions. Can either be set to
# an integer (e.g. 1) or a percentage value (e.g. 25%).
# an integer (e.g., 1) or a percentage value (e.g., 25%).
# It cannot be used if `maxUnavailable` is set.
# +docs:property
# +docs:type=unknown
# minAvailable: 1
# This property configures the maximum unavailable pods for disruptions. Can either be set to
# an integer (e.g. 1) or a percentage value (e.g. 25%).
# an integer (e.g., 1) or a percentage value (e.g., 25%).
# It cannot be used if `minAvailable` is set.
# +docs:property
# +docs:type=unknown
@ -1076,14 +1076,14 @@ cainjector:
enabled: false
# `minAvailable` configures the minimum available pods for disruptions. It can either be set to
# an integer (e.g. 1) or a percentage value (e.g. 25%).
# an integer (e.g., 1) or a percentage value (e.g., 25%).
# Cannot be used if `maxUnavailable` is set.
# +docs:property
# +docs:type=unknown
# minAvailable: 1
# `maxUnavailable` configures the maximum unavailable pods for disruptions. It can either be set to
# an integer (e.g. 1) or a percentage value (e.g. 25%).
# an integer (e.g., 1) or a percentage value (e.g., 25%).
# Cannot be used if `minAvailable` is set.
# +docs:property
# +docs:type=unknown

2
deploy/crds/crd-certificates.yaml
View File

@ -294,7 +294,7 @@ spec:
`LegacyRC2`: Deprecated. Not supported by default in OpenSSL 3 or Java 20.
`LegacyDES`: Less secure algorithm. Use this option for maximal compatibility.
`Modern2023`: Secure algorithm. Use this option in case you have to always use secure algorithms
(eg. because of company policy). Please note that the security of the algorithm is not that important
(e.g., because of company policy). Please note that the security of the algorithm is not that important
in reality, because the unencrypted certificate and private key are also stored in the Secret.
type: string
enum:

10
deploy/crds/crd-challenges.yaml
View File

@ -84,9 +84,9 @@ spec:
type: string
dnsName:
description: |-
dnsName is the identifier that this challenge is for, e.g. example.com.
dnsName is the identifier that this challenge is for, e.g., example.com.
If the requested DNSName is a 'wildcard', this field MUST be set to the
non-wildcard domain, e.g. for `*.example.com`, it must be `example.com`.
non-wildcard domain, e.g., for `*.example.com`, it must be `example.com`.
type: string
issuerRef:
description: |-
@ -597,7 +597,7 @@ spec:
when challenges are processed.
This can contain arbitrary JSON data.
Secret values should not be specified in this stanza.
If secret values are needed (e.g. credentials for a DNS service), you
If secret values are needed (e.g., credentials for a DNS service), you
should use a SecretKeySelector to reference a Secret resource.
For details on the schema of this field, consult the webhook provider
implementation's documentation.
@ -613,14 +613,14 @@ spec:
description: |-
The name of the solver to use, as defined in the webhook provider
implementation.
This will typically be the name of the provider, e.g. 'cloudflare'.
This will typically be the name of the provider, e.g., 'cloudflare'.
type: string
http01:
description: |-
Configures cert-manager to attempt to complete authorizations by
performing the HTTP01 challenge flow.
It is not possible to obtain certificates for wildcard domain names
(e.g. `*.example.com`) using the HTTP01 challenge mechanism.
(e.g., `*.example.com`) using the HTTP01 challenge mechanism.
type: object
properties:
gatewayHTTPRoute:

6
deploy/crds/crd-clusterissuers.yaml
View File

@ -706,7 +706,7 @@ spec:
when challenges are processed.
This can contain arbitrary JSON data.
Secret values should not be specified in this stanza.
If secret values are needed (e.g. credentials for a DNS service), you
If secret values are needed (e.g., credentials for a DNS service), you
should use a SecretKeySelector to reference a Secret resource.
For details on the schema of this field, consult the webhook provider
implementation's documentation.
@ -722,14 +722,14 @@ spec:
description: |-
The name of the solver to use, as defined in the webhook provider
implementation.
This will typically be the name of the provider, e.g. 'cloudflare'.
This will typically be the name of the provider, e.g., 'cloudflare'.
type: string
http01:
description: |-
Configures cert-manager to attempt to complete authorizations by
performing the HTTP01 challenge flow.
It is not possible to obtain certificates for wildcard domain names
(e.g. `*.example.com`) using the HTTP01 challenge mechanism.
(e.g., `*.example.com`) using the HTTP01 challenge mechanism.
type: object
properties:
gatewayHTTPRoute:

6
deploy/crds/crd-issuers.yaml
View File

@ -706,7 +706,7 @@ spec:
when challenges are processed.
This can contain arbitrary JSON data.
Secret values should not be specified in this stanza.
If secret values are needed (e.g. credentials for a DNS service), you
If secret values are needed (e.g., credentials for a DNS service), you
should use a SecretKeySelector to reference a Secret resource.
For details on the schema of this field, consult the webhook provider
implementation's documentation.
@ -722,14 +722,14 @@ spec:
description: |-
The name of the solver to use, as defined in the webhook provider
implementation.
This will typically be the name of the provider, e.g. 'cloudflare'.
This will typically be the name of the provider, e.g., 'cloudflare'.
type: string
http01:
description: |-
Configures cert-manager to attempt to complete authorizations by
performing the HTTP01 challenge flow.
It is not possible to obtain certificates for wildcard domain names
(e.g. `*.example.com`) using the HTTP01 challenge mechanism.
(e.g., `*.example.com`) using the HTTP01 challenge mechanism.
type: object
properties:
gatewayHTTPRoute:

2
deploy/crds/crd-orders.yaml
View File

@ -172,7 +172,7 @@ spec:
type: string
type:
description: |-
Type is the type of challenge being offered, e.g. 'http-01', 'dns-01',
Type is the type of challenge being offered, e.g., 'http-01', 'dns-01',
'tls-sni-01', etc.
This is the raw value retrieved from the ACME server.
Only 'http-01' and 'dns-01' are supported by cert-manager, other values

4
design/20200326.extensible-certificate-controller.md
View File

@ -63,7 +63,7 @@ We have outstanding feature requests that are currently difficult to implement w
design:
* Allow private key rotation when renewing certificates [#2402](https://github.com/cert-manager/cert-manager/issues/2402)
* Allowing alternative Secret output formats (e.g. single .pem file priv/cert output) [#843](https://github.com/cert-manager/cert-manager/issues/843)
* Allowing alternative Secret output formats (e.g., single .pem file priv/cert output) [#843](https://github.com/cert-manager/cert-manager/issues/843)
* Add support for JKS, PKCS12 and PEM files [#586](https://github.com/cert-manager/cert-manager/issues/586)
* Make certificate renewal easier to test [#2578](https://github.com/cert-manager/cert-manager/issues/2578)
@ -74,7 +74,7 @@ areas of the controller over time and continue to make improvements.
* Make it easier to maintain the Certificates controller
* Make it easier to *extend* the Certificates controller
* Make it possible to 'hook in' to the state of the controller (e.g. manually triggering renewal)
* Make it possible to 'hook in' to the state of the controller (e.g., manually triggering renewal)
### Non-goals

6
design/20210209.certificates.k8s.io-adoption.md
View File

@ -227,16 +227,16 @@ conflicts with other external signer projects.
```yaml
# Namespaced issuer reference
# e.g. `issuers.cert-manager.io/my-namespace.my-issuer
# e.g., `issuers.cert-manager.io/my-namespace.my-issuer
signerName: issuers.cert-manager.io/<namespace>.<issuer-name>
# Cluster scoped issuer reference
# e.g. `clusterissuers.cert-manager.io/my-issuer
# e.g., `clusterissuers.cert-manager.io/my-issuer
signerName: clusterissuers.cert-manager.io/<clusterissuer-name>
```
Using the same approach of referencing by _just_ name, rather than issuer type
(e.g. CA, Vault etc.), keeps the behaviour of this resource in line with
(e.g., CA, Vault etc.), keeps the behaviour of this resource in line with
`CertificateRequests` for end users.
Each `CertificateSigningRequest` controller will behave in the same way as the

14
design/20230302.gomod.md
View File

@ -30,7 +30,7 @@ The intention here is to describe what we did and what we discovered, with an ey
- For example, consider updating Helm before go module proliferation
- Updating the Helm version alone won't affect anything which doesn't import Helm
- **But:** Updating Helm also brings in Helm's updated dependencies which _would_ affect other binaries
- E.g. we and Helm depend on the k8s libraries
- E.g., we and Helm depend on the k8s libraries
- That means that bumping Helm forces a bump of all k8s APIs for _all_ binaries
- With proliferation, bumping Helm would still bump the k8s libraries - but _only_ for cmctl!
- This includes forking a dependency or needing to `replace` one
@ -54,10 +54,10 @@ The intention here is to describe what we did and what we discovered, with an ey
- We assume this won't be too destructive in most cases (since we don't see many importers of those binaries)
- If we need to make binaries importable again, we can change them to use regular import statements
- That would require two PRs in the event that we need to change the secondary module and the core module at the same time
- If the secondary module would've ended up in a separate repo anyway (e.g. cmctl) we'd have done this eventually
- If the secondary module would've ended up in a separate repo anyway (e.g., cmctl) we'd have done this eventually
- Increased complexity in working with the codebase
- E.g. `go test ./...` no longer tests _everything_, since it won't recurse into modules
- E.g., `go test ./...` no longer tests _everything_, since it won't recurse into modules
- This can be alleviated with some Makefile work - `make test` can still test everything
- Go Workspaces (`go.work`) can also help in development environments to make things simpler
@ -106,7 +106,7 @@ We can create several new Go modules so that each binary we build can have disti
`cmctl` having a dependency on Helm would only affect `cmctl` and wouldn't force us to change any of the other
components we build in order to patch a Helm vulnerability.
Plus, where we have testing-only dependencies (e.g. for integration or end-to-end tests) we could create a test module
Plus, where we have testing-only dependencies (e.g., for integration or end-to-end tests) we could create a test module
so that those test dependencies don't pollute the main `go.mod`.
### Terminology
@ -165,7 +165,7 @@ NB: See `Importing cert-manager / Development Experience` below for an explorati
behind the proposed solution.
As an example of the kind of change being discussed, imagine adding a new field to our CRDs along with a feature gate. This
would require changes both to at least one secondary module (e.g. the controller) and to the core cert-manager module.
would require changes both to at least one secondary module (e.g., the controller) and to the core cert-manager module.
In order to avoid having to make two PRs for this kind of change we propose to explicitly state that any external import of
the new modules under `cmd` is not supported. By breaking this kind of external import, we can use the `replace` directive
@ -296,11 +296,11 @@ and doesn't reduce the attack surface of any of our components.
### Aggressively Reducing Dependencies
Rather than isolating dependencies, we could remove them by e.g. vendoring subsets of their code into our repo. This
Rather than isolating dependencies, we could remove them by, e.g., vendoring subsets of their code into our repo. This
gives us a huge amount of control and allows us to preserve backwards compatibility very easily.
It also creates a huge burden for us to maintain that vendored code, which is a drawback. We'd still have to track
e.g. Helm to see if there are any relevant vulnerabilities reported, and then we'd have to go and actually fix them
e.g., Helm to see if there are any relevant vulnerabilities reported, and then we'd have to go and actually fix them
ourselves. If upstream code diverged significantly we might be left on our own trying to work out how to fix bugs - or
even trying to work out if we even have a bug.

4
design/20230601.gateway-route-hostnames.md
View File

@ -36,7 +36,7 @@ This checklist contains actions which must be completed before a PR implementing
## Summary
For generating Gateway API certificates, use hostnames present in e.g. `GRPCRoute`, `HTTPRoute`, and `TLSRoute` resources in addition to the `Gateway` listener hostnames.
For generating Gateway API certificates, use hostnames present in, e.g., `GRPCRoute`, `HTTPRoute`, and `TLSRoute` resources in addition to the `Gateway` listener hostnames.
This reduces configuration duplication, and allows the cluster owner to delegate permission to site owners to add hostnames.
## Motivation
@ -55,7 +55,7 @@ This adds yet another source of duplication.
### Goals
* To be compliant with the intention of the Gateway API.
* To treat resources the same way as current Gateway API implementations, e.g. [Envoy Gateway](https://gateway.envoyproxy.io/).
* To treat resources the same way as current Gateway API implementations, e.g., [Envoy Gateway](https://gateway.envoyproxy.io/).
* To remove duplicated configuration.
### Non-Goals

2
design/20240122.scarf.md
View File

@ -40,7 +40,7 @@ The open-source Scarf Gateway is the power behind the Scarf platform. The Scarf
- Obtain a new custom "download" domain through the CNCF to be used for fronting all binary downloads.
- The creation of a free (OSS tier) Scarf account will be configured and managed by the cert-manager maintainers.
- Update documentation referencing "jetstack" binary paths e.g. quay.io/jetstack/cert-manager-controller, and replace with the new download domain.
- Update documentation referencing "jetstack" binary paths, e.g., quay.io/jetstack/cert-manager-controller, and replace with the new download domain.
- Update helm charts referencing "jetstack" binary paths, replacing with the new download domain.
- Update code referencing "jetstack" binary paths, replacing with the new download domain.
- Add Scarf pixels to selective documentation pages, giving us insight into which pages are most useful or areas to focus on for improvement.

2
design/20240206.helm-resource-policy.md
View File

@ -133,5 +133,5 @@ not need to be as detailed as the proposal, but should include enough
information to express the idea and why it was not acceptable.
-->
Install CRDs separately (eg. using `kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.1/cert-manager.crds.yaml` or using a separate Helm chart) and manage them separately from the Helm chart.
Install CRDs separately (e.g., using `kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.1/cert-manager.crds.yaml` or using a separate Helm chart) and manage them separately from the Helm chart.
This would require us to publish a separate Helm chart for the CRDs or a static manifest for the CRDs.

2
design/20240625.push-charts-to-oci.md
View File

@ -249,7 +249,7 @@ information to express the idea and why it was not acceptable.
-->
A reasonable alternative to using OCI registries would be for the cert-manager project to host its own
Helm chart repository (e.g. `charts.cert-manager.io`).
Helm chart repository (e.g., `charts.cert-manager.io`).
This would require running additional infrastructure (similar to what `charts.jetstack.io` does), and would
not be satisfactory for those users who've been asking for an OCI registry for compatibility reasons.

6
design/acme-orders-challenges-crd.md
View File

@ -224,7 +224,7 @@ type ChallengeSpec struct {
// challenge is a part of.
AuthzURL string `json:"authzURL"`
// Type is the type of ACME challenge this resource represents, e.g. "dns01"
// Type is the type of ACME challenge this resource represents, e.g., "dns01"
// or "http01"
Type string `json:"type"`
@ -232,7 +232,7 @@ type ChallengeSpec struct {
// This can be used to lookup details about the status of this challenge.
URL string `json:"url"`
// DNSName is the identifier that this challenge is for, e.g. example.com.
// DNSName is the identifier that this challenge is for, e.g., example.com.
DNSName string `json:"dnsName"`
// Token is the ACME challenge token for this challenge.
@ -451,7 +451,7 @@ Order & Challenge.
* The 'order' controller can aggregate failure reasons from the 'challenge'
resources it is managing in a similar way.
* We can also include debugging information on the Certificate resource itself,
e.g. storing messages such as `You can get more information about why this order
e.g., storing messages such as `You can get more information about why this order
failed by running 'kubectl describe order -n <namespace> <order-name>'
## Alternatives considered

4
internal/apis/acme/types_challenge.go
View File

@ -52,9 +52,9 @@ type ChallengeSpec struct {
// challenge is a part of.
AuthorizationURL string
// dnsName is the identifier that this challenge is for, e.g. example.com.
// dnsName is the identifier that this challenge is for, e.g., example.com.
// If the requested DNSName is a 'wildcard', this field MUST be set to the
// non-wildcard domain, e.g. for `*.example.com`, it must be `example.com`.
// non-wildcard domain, e.g., for `*.example.com`, it must be `example.com`.
DNSName string
// wildcard will be true if this challenge is for a wildcard identifier,

6
internal/apis/acme/types_issuer.go
View File

@ -148,7 +148,7 @@ type ACMEChallengeSolver struct {
// Configures cert-manager to attempt to complete authorizations by
// performing the HTTP01 challenge flow.
// It is not possible to obtain certificates for wildcard domain names
// (e.g. `*.example.com`) using the HTTP01 challenge mechanism.
// (e.g., `*.example.com`) using the HTTP01 challenge mechanism.
HTTP01 *ACMEChallengeSolverHTTP01
// Configures cert-manager to attempt to complete authorizations by
@ -650,14 +650,14 @@ type ACMEIssuerDNS01ProviderWebhook struct {
// The name of the solver to use, as defined in the webhook provider
// implementation.
// This will typically be the name of the provider, e.g. 'cloudflare'.
// This will typically be the name of the provider, e.g., 'cloudflare'.
SolverName string
// Additional configuration that should be passed to the webhook apiserver
// when challenges are processed.
// This can contain arbitrary JSON data.
// Secret values should not be specified in this stanza.
// If secret values are needed (e.g. credentials for a DNS service), you
// If secret values are needed (e.g., credentials for a DNS service), you
// should use a SecretKeySelector to reference a Secret resource.
// For details on the schema of this field, consult the webhook provider
// implementation's documentation.

2
internal/apis/acme/types_order.go
View File

@ -158,7 +158,7 @@ type ACMEChallenge struct {
// This is used to compute the 'key' that must also be presented.
Token string
// Type is the type of challenge being offered, e.g. 'http-01', 'dns-01',
// Type is the type of challenge being offered, e.g., 'http-01', 'dns-01',
// 'tls-sni-01', etc.
// This is the raw value retrieved from the ACME server.
// Only 'http-01' and 'dns-01' are supported by cert-manager, other values

2
internal/apis/certmanager/types_certificate.go
View File

@ -467,7 +467,7 @@ type PKCS12Keystore struct {
// `LegacyRC2`: Deprecated. Not supported by default in OpenSSL 3 or Java 20.
// `LegacyDES`: Less secure algorithm. Use this option for maximal compatibility.
// `Modern2023`: Secure algorithm. Use this option in case you have to always use secure algorithms
// (eg. because of company policy). Please note that the security of the algorithm is not that important
// (e.g., because of company policy). Please note that the security of the algorithm is not that important
// in reality, because the unencrypted certificate and private key are also stored in the Secret.
Profile PKCS12Profile

2
internal/apis/certmanager/validation/certificate.go
View File

@ -272,7 +272,7 @@ func validateIssuerRef(issuerRef cmmeta.ObjectReference, fldPath *field.Path) fi
errMsg := "must be one of Issuer or ClusterIssuer"
if issuerRef.Group == "" {
// Sometimes the user sets a kind for an external issuer (e.g. "AWSPCAClusterIssuer" or "VenafiIssuer") but forgets
// Sometimes the user sets a kind for an external issuer (e.g., "AWSPCAClusterIssuer" or "VenafiIssuer") but forgets
// to set the group (an easy mistake to make - see https://github.com/cert-manager/csi-driver/issues/197).
// If the users forgets the group but otherwise has a correct Kind set for an external issuer, we can give a hint
// as to what they need to do to fix.

4
internal/apis/meta/types.go
View File

@ -23,7 +23,7 @@ type ConditionStatus string
// the condition; "ConditionFalse" means a resource is not in the condition;
// "ConditionUnknown" means kubernetes can't decide if a resource is in the
// condition or not. In the future, we could add other intermediate
// conditions, e.g. ConditionDegraded.
// conditions, e.g., ConditionDegraded.
const (
// ConditionTrue represents the fact that a given condition is true
ConditionTrue ConditionStatus = "True"
@ -36,7 +36,7 @@ const (
)
// A reference to an object in the same namespace as the referent.
// If the referent is a cluster-scoped resource (e.g. a ClusterIssuer),
// If the referent is a cluster-scoped resource (e.g., a ClusterIssuer),
// the reference instead refers to the resource with the given name in the
// configured 'cluster resource namespace', which is set as a flag on the
// controller component (and defaults to the namespace that cert-manager

2
internal/pem/decode.go
View File

@ -46,7 +46,7 @@ const (
// The value is based on how large a "realistic" (but still very large) self-signed 16k-bit RSA certificate might be.
// 16k-bit RSA keys are impractical on most on modern hardware due to how slow they can be,
// so we can reasonably assume that no real-world PEM-encoded X.509 cert will be this large.
// Note that X.509 certificates can contain extra arbitrary data (e.g. DNS names, policy names, etc) whose size is hard to predict.
// Note that X.509 certificates can contain extra arbitrary data (e.g., DNS names, policy names, etc) whose size is hard to predict.
// So we guess at how much of that data we'll allow in very large certs and allow about 1kB of such data.
maxCertificatePEMSize = 6500

2
internal/test/paths/paths.go
View File

@ -46,7 +46,7 @@ var (
// PathForCRD attempts to find a path to the named CRD.
// The 'name' is the name of the resource contained within the CRD as denoted
// by the filename, e.g. 'foobar' would find a CRD with a filename containing
// by the filename, e.g., 'foobar' would find a CRD with a filename containing
// the word 'foobar'.
func PathForCRD(t *testing.T, name string) string {
dir, err := CRDDirectory()

4
make/cluster.sh
View File

@ -44,7 +44,7 @@ Flags:
# TODO: do we need this flag? It's not used anywhere.
--k8s-version VERSION
The Kubernetes version to spin up with kind. It should be either a
minor version e.g. 1.23 or a full version e.g. 1.23.3. You can also
minor version, e.g., 1.23 or a full version, e.g., 1.23.3. You can also
use K8S_VERSION to do the same.
--show-image
Show the image that will be used for the cluster and exit with 0. The
@ -70,7 +70,7 @@ while [ $# -ne 0 ]; do
;;
# This block of code will create the variable associated the flags,
# $mode, $name, and $k8s_version and then set them to the value provided.
# E.g. "--name pinto" will create the variable named "name" set to the
# E.g., "--name pinto" will create the variable named "name" set to the
# value "pinto"--equivalent to name="pinto"
--mode | --name | --k8s-version)
if [ $# -lt 2 ]; then

2
make/scan.mk
View File

@ -16,7 +16,7 @@
## trivy-scan-all runs a scan using Trivy (https://github.com/aquasecurity/trivy)
## against all containers that cert-manager builds. If one of the containers
## fails a scan, then all scans will be aborted; if you need to check a specific
## container, use "trivy-scan-<name>", e.g. "make trivy-scan-controller"
## container, use "trivy-scan-<name>", e.g., "make trivy-scan-controller"
##
## @category Development
trivy-scan-all: trivy-scan-controller trivy-scan-acmesolver trivy-scan-webhook trivy-scan-cainjector trivy-scan-startupapicheck

2
make/test.mk
View File

@ -171,7 +171,7 @@ $(bin_dir)/test/e2e.test: FORCE | $(NEEDS_GINKGO) $(bin_dir)/test
e2e-build: $(bin_dir)/test/e2e.test
## Sets the search prefix for finding the "latest" release in test-upgrade
## To find the latest release for e.g. cert-manager v1.12, use "v1.12*"
## To find the latest release for, e.g., cert-manager v1.12, use "v1.12*"
UPGRADE_TEST_INITIAL_RELEASE_PREFIX ?=
## Can be set to choose a different starting point for the upgrade test,

2
pkg/acme/accounts/client.go
View File

@ -35,7 +35,7 @@ import (
const (
// defaultACMEHTTPTimeout sets the default maximum time that an individual HTTP request can take when doing ACME operations.
// Note that there may be other timeouts - e.g. dial timeouts or TLS handshake timeouts - which will be smaller than this. This
// Note that there may be other timeouts - e.g., dial timeouts or TLS handshake timeouts - which will be smaller than this. This
// timeout is the overall timeout for the entire request.
defaultACMEHTTPTimeout = time.Second * 90
)

4
pkg/acme/accounts/registry.go
View File

@ -60,7 +60,7 @@ type Getter interface {
// ListClients will return a full list of all ACME clients by their UIDs.
// This can be used to enumerate all registered clients and call RemoveClient
// on any clients that should no longer be registered, e.g. because their
// on any clients that should no longer be registered, e.g., because their
// corresponding Issuer resource has been deleted.
ListClients() map[string]acmecl.Interface
}
@ -180,7 +180,7 @@ func (r *registry) RemoveClient(uid string) {
// ListClients will return a full list of all ACME clients by their UIDs.
// This can be used to enumerate all registered clients and call RemoveClient
// on any clients that should no longer be registered, e.g. because their
// on any clients that should no longer be registered, e.g., because their
// corresponding Issuer resource has been deleted.
func (r *registry) ListClients() map[string]acmecl.Interface {
r.lock.RLock()

2
pkg/api/util/names.go
View File

@ -75,7 +75,7 @@ func ComputeSecureUniqueDeterministicNameFromData(fullName string, maxNameLength
// Although fullName is already a DNS subdomain, we can't just cut it
// at N characters and expect another DNS subdomain. That's because
// we might cut it right after a ".", which would give an invalid DNS
// subdomain (eg. test.-<hash>). So we make sure the last character
// subdomain (e.g., test.-<hash>). So we make sure the last character
// is an alpha-numeric character.
prefix := DNSSafeShortenToNCharacters(fullName, maxNameLength-hashLength-1)
hashResult := hash.Sum(nil)

4
pkg/apis/acme/v1/types_challenge.go
View File

@ -62,9 +62,9 @@ type ChallengeSpec struct {
// challenge is a part of.
AuthorizationURL string `json:"authorizationURL"`
// dnsName is the identifier that this challenge is for, e.g. example.com.
// dnsName is the identifier that this challenge is for, e.g., example.com.
// If the requested DNSName is a 'wildcard', this field MUST be set to the
// non-wildcard domain, e.g. for `*.example.com`, it must be `example.com`.
// non-wildcard domain, e.g., for `*.example.com`, it must be `example.com`.
DNSName string `json:"dnsName"`
// wildcard will be true if this challenge is for a wildcard identifier,

6
pkg/apis/acme/v1/types_issuer.go
View File

@ -163,7 +163,7 @@ type ACMEChallengeSolver struct {
// Configures cert-manager to attempt to complete authorizations by
// performing the HTTP01 challenge flow.
// It is not possible to obtain certificates for wildcard domain names
// (e.g. `*.example.com`) using the HTTP01 challenge mechanism.
// (e.g., `*.example.com`) using the HTTP01 challenge mechanism.
// +optional
HTTP01 *ACMEChallengeSolverHTTP01 `json:"http01,omitempty"`
@ -772,14 +772,14 @@ type ACMEIssuerDNS01ProviderWebhook struct {
// The name of the solver to use, as defined in the webhook provider
// implementation.
// This will typically be the name of the provider, e.g. 'cloudflare'.
// This will typically be the name of the provider, e.g., 'cloudflare'.
SolverName string `json:"solverName"`
// Additional configuration that should be passed to the webhook apiserver
// when challenges are processed.
// This can contain arbitrary JSON data.
// Secret values should not be specified in this stanza.
// If secret values are needed (e.g. credentials for a DNS service), you
// If secret values are needed (e.g., credentials for a DNS service), you
// should use a SecretKeySelector to reference a Secret resource.
// For details on the schema of this field, consult the webhook provider
// implementation's documentation.

2
pkg/apis/acme/v1/types_order.go
View File

@ -176,7 +176,7 @@ type ACMEChallenge struct {
// This is used to compute the 'key' that must also be presented.
Token string `json:"token"`
// Type is the type of challenge being offered, e.g. 'http-01', 'dns-01',
// Type is the type of challenge being offered, e.g., 'http-01', 'dns-01',
// 'tls-sni-01', etc.
// This is the raw value retrieved from the ACME server.
// Only 'http-01' and 'dns-01' are supported by cert-manager, other values

2
pkg/apis/certmanager/v1/types_certificate.go
View File

@ -532,7 +532,7 @@ type PKCS12Keystore struct {
// `LegacyRC2`: Deprecated. Not supported by default in OpenSSL 3 or Java 20.
// `LegacyDES`: Less secure algorithm. Use this option for maximal compatibility.
// `Modern2023`: Secure algorithm. Use this option in case you have to always use secure algorithms
// (eg. because of company policy). Please note that the security of the algorithm is not that important
// (e.g., because of company policy). Please note that the security of the algorithm is not that important
// in reality, because the unencrypted certificate and private key are also stored in the Secret.
// +optional
Profile PKCS12Profile `json:"profile,omitempty"`

4
pkg/apis/meta/v1/types.go
View File

@ -24,7 +24,7 @@ type ConditionStatus string
// the condition; "ConditionFalse" means a resource is not in the condition;
// "ConditionUnknown" means kubernetes can't decide if a resource is in the
// condition or not. In the future, we could add other intermediate
// conditions, e.g. ConditionDegraded.
// conditions, e.g., ConditionDegraded.
const (
// ConditionTrue represents the fact that a given condition is true
ConditionTrue ConditionStatus = "True"
@ -37,7 +37,7 @@ const (
)
// A reference to an object in the same namespace as the referent.
// If the referent is a cluster-scoped resource (e.g. a ClusterIssuer),
// If the referent is a cluster-scoped resource (e.g., a ClusterIssuer),
// the reference instead refers to the resource with the given name in the
// configured 'cluster resource namespace', which is set as a flag on the
// controller component (and defaults to the namespace that cert-manager

2
pkg/controller/acmechallenges/sync.go
View File

@ -58,7 +58,7 @@ type solver interface {
Check(ctx context.Context, issuer cmapi.GenericIssuer, ch *cmacme.Challenge) error
// CleanUp will remove challenge records for a given solver.
// This may involve deleting resources in the Kubernetes API Server, or
// communicating with other external components (e.g. DNS providers).
// communicating with other external components (e.g., DNS providers).
CleanUp(ctx context.Context, ch *cmacme.Challenge) error
}

2
pkg/controller/acmechallenges/sync_test.go
View File

@ -54,7 +54,7 @@ func (f *fakeSolver) Check(ctx context.Context, issuer v1.GenericIssuer, ch *cma
// CleanUp will remove challenge records for a given solver.
// This may involve deleting resources in the Kubernetes API Server, or
// communicating with other external components (e.g. DNS providers).
// communicating with other external components (e.g., DNS providers).
func (f *fakeSolver) CleanUp(ctx context.Context, ch *cmacme.Challenge) error {
return f.fakeCleanUp(ctx, ch)
}

2
pkg/controller/cainjector/sources.go
View File

@ -35,7 +35,7 @@ import (
// caDataSource knows how to extract CA data given a provided InjectTarget.
// This allows adaptable implementations of fetching CA data based on
// configuration given on the injection target (e.g. annotations).
// configuration given on the injection target (e.g., annotations).
type caDataSource interface {
// Configured returns true if this data source should be used for the given

2
pkg/controller/certificate-shim/gateways/controller.go
View File

@ -129,7 +129,7 @@ func certificateHandler(queue workqueue.TypedRateLimitingInterface[types.Namespa
return
}
// We don't check the apiVersion e.g. "networking.x-k8s.io/v1alpha1"
// We don't check the apiVersion, e.g., "networking.x-k8s.io/v1alpha1"
// because there is no chance that another object called "Gateway" be
// the controller of a Certificate.
if ref.Kind != "Gateway" {

2
pkg/controller/clusterissuers/controller.go
View File

@ -57,7 +57,7 @@ type controller struct {
issuerFactory issuer.Factory
// clusterResourceNamespace is the namespace used to store resources
// referenced by ClusterIssuer resources, e.g. acme account secrets
// referenced by ClusterIssuer resources, e.g., acme account secrets
clusterResourceNamespace string
// fieldManager is the manager name used for the Apply operations.

2
pkg/controller/context.go
View File

@ -160,7 +160,7 @@ type ConfigOptions struct {
type IssuerOptions struct {
// ClusterResourceNamespace is the namespace to store resources created by
// non-namespaced resources (e.g. ClusterIssuer) in.
// non-namespaced resources (e.g., ClusterIssuer) in.
ClusterResourceNamespace string
// ClusterIssuerAmbientCredentials controls whether a cluster issuer should

4
pkg/controller/helper.go
View File

@ -47,7 +47,7 @@ func (o IssuerOptions) ResourceNamespaceRef(ref cmmeta.ObjectReference, challeng
}
// CanUseAmbientCredentials returns whether `iss` will attempt to configure itself
// from ambient credentials (e.g. from a cloud metadata service).
// from ambient credentials (e.g., from a cloud metadata service).
func (o IssuerOptions) CanUseAmbientCredentials(iss cmapi.GenericIssuer) bool {
switch iss.(type) {
case *cmapi.ClusterIssuer:
@ -59,7 +59,7 @@ func (o IssuerOptions) CanUseAmbientCredentials(iss cmapi.GenericIssuer) bool {
}
// CanUseAmbientCredentialsFromRef returns whether the referenced issuer will attempt
// to configure itself from ambient credentials (e.g. from a cloud metadata service).
// to configure itself from ambient credentials (e.g., from a cloud metadata service).
// This function is identical to CanUseAmbientCredentials, but takes a reference to
// the issuer instead of the issuer itself (which means we don't need to fetch the
// issuer from the API server).

6
pkg/healthz/clock_health.go
View File

@ -36,10 +36,10 @@ const maxClockSkew = 5 * time.Minute
//
// A clock skew can be caused by:
// 1. The system clock being adjusted
// -> this eg. happens when ntp adjusts the system clock
// 2. Pausing the process (e.g. with SIGSTOP)
// -> this, e.g., happens when ntp adjusts the system clock
// 2. Pausing the process (e.g., with SIGSTOP)
// -> the monotonic clock will stop, but the system clock will continue
// -> this eg. happens when you pause a VM/ hibernate a laptop
// -> this, e.g., happens when you pause a VM/ hibernate a laptop
//
// Small clock skews of < 5m are allowed, because they can happen when the system clock is
// adjusted. However, we do compound the clock skew over time, so that if the clock skew

2
pkg/healthz/healthz_test.go
View File

@ -343,7 +343,7 @@ func (o *fakeResourceLock) Describe() string {
// This aspect of the LeaderElectionRecord API is documented as follows:
// > LeaderElectionRecord is the record that is stored in the leader election annotation.
// > This information should be used for observational purposes only and could be replaced
// > with a random string (e.g. UUID) with only slight modification of this code.
// > with a random string (e.g., UUID) with only slight modification of this code.
// > -- https://github.com/kubernetes/kubernetes/blob/7e25f1232a9f89875641431ae011c916f0376c57/staging/src/k8s.io/client-go/tools/leaderelection/resourcelock/interface.go#L107-L110
func (o *fakeResourceLock) Get(ctx context.Context) (*resourcelock.LeaderElectionRecord, []byte, error) {
o.lock.Lock()

2
pkg/issuer/acme/dns/akamai/akamai_test.go
View File

@ -80,7 +80,7 @@ func TestNewDNSProvider(t *testing.T) {
}
// TestPresentBasicFlow tests basic flow, e.g. no record exists.
// TestPresentBasicFlow tests basic flow, e.g., no record exists.
func TestPresentBasicFlow(t *testing.T) {
akamai, err := NewDNSProvider("akamai.example.com", "token", "secret", "access-token", util.RecursiveNameservers)
assert.NoError(t, err)

2
test/e2e/framework/addon/globals.go
View File

@ -127,7 +127,7 @@ func SetupGlobalsNonPrimary(cfg *config.Config, transferred []AddonTransferableD
// This should be called by the test suite in a SynchronizedBeforeSuite block
// after the Setup data has been transferred to all ginkgo processes, so that
// not all processes have to wait for the addons to be provisioned. Instead,
// the individual test has to check that the addon is provisioned (eg. by querying
// the individual test has to check that the addon is provisioned (e.g., by querying
// the API server for a resource that the addon creates or by checking that an
// HTTP endpoint is available)
// This function should be run only on ginkgo process #1.

2
test/e2e/framework/addon/internal/globals.go
View File

@ -45,7 +45,7 @@ type Addon interface {
// process #1 that should be copied to all other ginkgo processes. This is used to setup these
// processes with the same data as ginkgo process #1. The data has to be json serializable.
//
// eg. The process #1 Setup function generates a private key and certificate and transfers
// e.g., The process #1 Setup function generates a private key and certificate and transfers
// it to all other ginkgo processes. Process #1 then starts a shared server that trusts the
// certificate. All other ginkgo processes can authenticate to this server using the private
// key and certificate that was transferred to them.

4
test/e2e/suite/conformance/certificates/suite.go
View File

@ -31,7 +31,7 @@ import (
// Suite defines a reusable conformance test suite that can be used against any
// Issuer implementation.
type Suite struct {
// Name is the name of the issuer being tested, e.g. SelfSigned, CA, ACME
// Name is the name of the issuer being tested, e.g., SelfSigned, CA, ACME
// This field must be provided.
Name string
@ -42,7 +42,7 @@ type Suite struct {
CreateIssuerFunc func(context.Context, *framework.Framework) cmmeta.ObjectReference
// DeleteIssuerFunc is a function that is run after the test has completed
// in order to clean up resources created for a test (e.g. the resources
// in order to clean up resources created for a test (e.g., the resources
// created in CreateIssuerFunc).
// This function will be run regardless whether the test passes or fails.
// If not specified, this function will be skipped.

4
test/e2e/suite/conformance/certificatesigningrequests/suite.go
View File

@ -33,7 +33,7 @@ import (
// Suite defines a reusable conformance test suite that can be used against any
// Issuer implementation.
type Suite struct {
// Name is the name of the issuer being tested, e.g. SelfSigned, CA, ACME
// Name is the name of the issuer being tested, e.g., SelfSigned, CA, ACME
// This field must be provided.
Name string
@ -44,7 +44,7 @@ type Suite struct {
CreateIssuerFunc func(context.Context, *framework.Framework) string
// DeleteIssuerFunc is a function that is run after the test has completed
// in order to clean up resources created for a test (e.g. the resources
// in order to clean up resources created for a test (e.g., the resources
// created in CreateIssuerFunc).
// This function will be run regardless whether the test passes or fails.
// If not specified, this function will be skipped.

4
test/e2e/util/domains.go
View File

@ -23,14 +23,14 @@ import (
)
// RandomSubdomain returns a new subdomain domain of the domain suffix.
// e.g. abcd.example.com.
// e.g., abcd.example.com.
func RandomSubdomain(domain string) string {
return RandomSubdomainLength(domain, 5)
}
// RandomSubdomainLength returns a new subdomain domain of the domain suffix, where the
// subdomain has `length` number of characters.
// e.g. abcdefghij.example.com.
// e.g., abcdefghij.example.com.
func RandomSubdomainLength(domain string, length int) string {
return fmt.Sprintf("%s.%s", rand.String(length), domain)
}