Fix vault duration panic + util.CertDuration to default

Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>

pkg/apis/certmanager/validation/certificate.go

@@ -23,6 +23,7 @@ import (
 	"k8s.io/apimachinery/pkg/util/validation/field"
 
 	"github.com/jetstack/cert-manager/pkg/apis/certmanager/v1alpha1"
+	"github.com/jetstack/cert-manager/pkg/util/pki"
 )
 
 // Validation functions for cert-manager v1alpha1 Certificate types
@@ -200,10 +201,7 @@ func ValidateHTTP01SolverConfig(a *v1alpha1.HTTP01SolverConfig, fldPath *field.P
 func ValidateDuration(crt *v1alpha1.CertificateSpec, fldPath *field.Path) field.ErrorList {
 	el := field.ErrorList{}
 
-	duration := v1alpha1.DefaultCertificateDuration
-	if crt.Duration != nil {
-		duration = crt.Duration.Duration
-	}
+	duration := pki.CertDuration(crt.Duration)
 	renewBefore := v1alpha1.DefaultRenewBefore
 	if crt.RenewBefore != nil {
 		renewBefore = crt.RenewBefore.Duration

pkg/controller/certificaterequests/vault/vault.go

@@ -50,7 +50,7 @@ type Vault struct {
 }
 
 func init() {
-	// create certificate request controller for ca issuer
+	// create certificate request controller for vault issuer
 	controllerpkg.Register(CRControllerName, func(ctx *controllerpkg.Context) (controllerpkg.Interface, error) {
 		vault := NewVault(ctx)
 
@@ -126,7 +126,8 @@ func (v *Vault) Sign(ctx context.Context, cr *v1alpha1.CertificateRequest) (*iss
 		return nil, nil
 	}
 
-	certPem, caPem, err := client.Sign(cr.Spec.CSRPEM, cr.Spec.Duration.Duration)
+	certDuration := pki.CertDuration(cr.Spec.Duration)
+	certPem, caPem, err := client.Sign(cr.Spec.CSRPEM, certDuration)
 	if err != nil {
 		reporter.Failed(err, "ErrorSigning",
 			fmt.Sprintf("Vault failed to sign certificate: %s", err))

pkg/issuer/vault/issue.go

@@ -82,10 +82,7 @@ func (v *Vault) Issue(ctx context.Context, crt *v1alpha1.Certificate) (*issuer.I
 	/// END building CSR
 
 	/// BEGIN requesting certificate
-	certDuration := v1alpha1.DefaultCertificateDuration
-	if crt.Spec.Duration != nil {
-		certDuration = crt.Spec.Duration.Duration
-	}
+	certDuration := pki.CertDuration(crt.Spec.Duration)
 
 	vaultClient, err := vaultinternal.New(v.resourceNamespace, v.secretsLister, v.issuer)
 	if err != nil {

pkg/util/pki/BUILD.bazel

@@ -12,6 +12,7 @@ go_library(
     deps = [
         "//pkg/apis/certmanager/v1alpha1:go_default_library",
         "//pkg/util/errors:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
     ],
 )
 

pkg/util/pki/csr.go

@@ -29,6 +29,8 @@ import (
 	"net"
 	"time"
 
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
 	"github.com/jetstack/cert-manager/pkg/apis/certmanager/v1alpha1"
 )
 
@@ -161,10 +163,7 @@ func GenerateTemplate(crt *v1alpha1.Certificate) (*x509.Certificate, error) {
 		return nil, fmt.Errorf("failed to generate serial number: %s", err.Error())
 	}
 
-	certDuration := v1alpha1.DefaultCertificateDuration
-	if crt.Spec.Duration != nil {
-		certDuration = crt.Spec.Duration.Duration
-	}
+	certDuration := CertDuration(crt.Spec.Duration)
 
 	pubKeyAlgo, _, err := SignatureAlgorithm(crt)
 	if err != nil {
@@ -190,6 +189,15 @@ func GenerateTemplate(crt *v1alpha1.Certificate) (*x509.Certificate, error) {
 	}, nil
 }
 
+func CertDuration(d *metav1.Duration) time.Duration {
+	certDuration := v1alpha1.DefaultCertificateDuration
+	if d != nil {
+		certDuration = d.Duration
+	}
+
+	return certDuration
+}
+
 func keyUsage(isCA bool) x509.KeyUsage {
 	keyUsages := x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment
 	if isCA {
@@ -222,10 +230,7 @@ func GenerateTemplateFromCertificateRequest(cr *v1alpha1.CertificateRequest) (*x
 		return nil, fmt.Errorf("failed to generate serial number: %s", err.Error())
 	}
 
-	certDuration := v1alpha1.DefaultCertificateDuration
-	if cr.Spec.Duration != nil {
-		certDuration = cr.Spec.Duration.Duration
-	}
+	certDuration := CertDuration(cr.Spec.Duration)
 
 	return &x509.Certificate{
 		Version:               csr.Version,