diff --git a/.bazelrc b/.bazelrc index 81b066fdf..40f8c324e 100644 --- a/.bazelrc +++ b/.bazelrc @@ -1,5 +1,5 @@ # Include git version info -build --workspace_status_command hack/print-workspace-status.sh +build --workspace_status_command hack/build/print-workspace-status.sh # bazel including rules_docker 0.12.0 may not need the following flag build --host_force_python=PY2 diff --git a/.bazelversion b/.bazelversion deleted file mode 100644 index 83b473049..000000000 --- a/.bazelversion +++ /dev/null @@ -1 +0,0 @@ -0.27.1 diff --git a/BUILD.bazel b/BUILD.bazel index cfd36abee..69c4b6702 100644 --- a/BUILD.bazel +++ b/BUILD.bazel @@ -1,6 +1,5 @@ # gazelle:prefix github.com/jetstack/cert-manager # gazelle:proto disable_global -# gazelle:exclude hack # gazelle:exclude docs/generated/reference/generate/json_swagger load("@io_bazel_rules_docker//container:container.bzl", "container_bundle") diff --git a/WORKSPACE b/WORKSPACE index 6997cde27..8240d1a90 100644 --- a/WORKSPACE +++ b/WORKSPACE @@ -1,4 +1,4 @@ -# gazelle:repository_macro repos.bzl%go_repositories +# gazelle:repository_macro hack/build/repos.bzl%go_repositories workspace(name = "com_github_jetstack_cert_manager") load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive") @@ -31,6 +31,7 @@ go_rules_dependencies() go_register_toolchains( go_version = "1.13.1", + nogo = "@//hack/build:nogo_vet", ) ## Load gazelle and dependencies @@ -126,6 +127,6 @@ load("@brodocs_modules//:install_bazel_dependencies.bzl", "install_bazel_depende install_bazel_dependencies() -load("//:repos.bzl", "go_repositories") +load("//hack/build:repos.bzl", "go_repositories") go_repositories() diff --git a/cmd/acmesolver/BUILD.bazel b/cmd/acmesolver/BUILD.bazel index 3fa9d6ff1..b3b90a1be 100644 --- a/cmd/acmesolver/BUILD.bazel +++ b/cmd/acmesolver/BUILD.bazel @@ -1,5 +1,5 @@ load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") -load("//hack:def.bzl", "image") +load("//hack/build:docker.bzl", "image") image( name = "image", diff --git a/cmd/cainjector/BUILD.bazel b/cmd/cainjector/BUILD.bazel index 195ddfdee..8023154c2 100644 --- a/cmd/cainjector/BUILD.bazel +++ b/cmd/cainjector/BUILD.bazel @@ -1,5 +1,5 @@ load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") -load("//hack:def.bzl", "image") +load("//hack/build:docker.bzl", "image") image( name = "image", diff --git a/cmd/controller/BUILD.bazel b/cmd/controller/BUILD.bazel index d032ca7d6..c08ae7267 100644 --- a/cmd/controller/BUILD.bazel +++ b/cmd/controller/BUILD.bazel @@ -1,5 +1,5 @@ load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") -load("//hack:def.bzl", "image") +load("//hack/build:docker.bzl", "image") image( name = "image", diff --git a/cmd/webhook/BUILD.bazel b/cmd/webhook/BUILD.bazel index 7522a97a4..e76a5bfba 100644 --- a/cmd/webhook/BUILD.bazel +++ b/cmd/webhook/BUILD.bazel @@ -1,5 +1,5 @@ load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") -load("//hack:def.bzl", "image") +load("//hack/build:docker.bzl", "image") image( name = "image", diff --git a/cmd/webhook/main.go b/cmd/webhook/main.go index d2c0718ab..3fffa7f78 100644 --- a/cmd/webhook/main.go +++ b/cmd/webhook/main.go @@ -85,7 +85,7 @@ func runfilewatch(filename string) { // let the k8s scheduler restart us // TODO(dmo): figure out if there's a way to do this with clean // shutdown - klog.Info("Detected change in TLS certificate %s. Restarting to pick up new certificate", filename) + klog.Infof("Detected change in TLS certificate %s. Restarting to pick up new certificate", filename) os.Exit(0) } } diff --git a/deploy/manifests/BUILD.bazel b/deploy/manifests/BUILD.bazel index abc9fd6d6..c66b57a7d 100644 --- a/deploy/manifests/BUILD.bazel +++ b/deploy/manifests/BUILD.bazel @@ -1,9 +1,10 @@ exports_files(["00-crds.yaml"]) -load(":def.bzl", "generated_crds") +load("//hack/build:crds.bzl", "generated_crds") generated_crds( name = "00-crds", + out = "crds.yaml.generated", go_prefix = "github.com/jetstack/cert-manager", paths = [ "./pkg/apis/...", diff --git a/hack/BUILD.bazel b/hack/BUILD.bazel index 075d29ffc..6db028ad7 100644 --- a/hack/BUILD.bazel +++ b/hack/BUILD.bazel @@ -298,6 +298,7 @@ filegroup( ":package-srcs", "//hack/bin:all-srcs", "//hack/boilerplate:all-srcs", + "//hack/build:all-srcs", "//hack/release:all-srcs", ], tags = ["automanaged"], diff --git a/.kazelcfg.json b/hack/build/.kazelcfg.json similarity index 100% rename from .kazelcfg.json rename to hack/build/.kazelcfg.json diff --git a/hack/build/BUILD.bazel b/hack/build/BUILD.bazel new file mode 100644 index 000000000..7fa95038a --- /dev/null +++ b/hack/build/BUILD.bazel @@ -0,0 +1,54 @@ +load("@io_bazel_rules_go//go:def.bzl", "nogo") + +nogo( + name = "nogo_vet", + config = "nogo_config.json", + visibility = ["//visibility:public"], + deps = [ + "@org_golang_x_tools//go/analysis/passes/unusedresult:go_tool_library", + "@org_golang_x_tools//go/analysis/passes/unsafeptr:go_tool_library", + "@org_golang_x_tools//go/analysis/passes/unreachable:go_tool_library", + "@org_golang_x_tools//go/analysis/passes/unmarshal:go_tool_library", + "@org_golang_x_tools//go/analysis/passes/tests:go_tool_library", + "@org_golang_x_tools//go/analysis/passes/structtag:go_tool_library", + "@org_golang_x_tools//go/analysis/passes/stdmethods:go_tool_library", + "@org_golang_x_tools//go/analysis/passes/shift:go_tool_library", + ## Disable checking for variable declarations that shadow others + # "@org_golang_x_tools//go/analysis/passes/shadow:go_tool_library", + "@org_golang_x_tools//go/analysis/passes/printf:go_tool_library", + "@org_golang_x_tools//go/analysis/passes/pkgfact:go_tool_library", + "@org_golang_x_tools//go/analysis/passes/nilness:go_tool_library", + "@org_golang_x_tools//go/analysis/passes/nilfunc:go_tool_library", + "@org_golang_x_tools//go/analysis/passes/lostcancel:go_tool_library", + "@org_golang_x_tools//go/analysis/passes/loopclosure:go_tool_library", + "@org_golang_x_tools//go/analysis/passes/httpresponse:go_tool_library", + "@org_golang_x_tools//go/analysis/passes/findcall:go_tool_library", + "@org_golang_x_tools//go/analysis/passes/deepequalerrors:go_tool_library", + "@org_golang_x_tools//go/analysis/passes/ctrlflow:go_tool_library", + "@org_golang_x_tools//go/analysis/passes/copylock:go_tool_library", + "@org_golang_x_tools//go/analysis/passes/composite:go_tool_library", + "@org_golang_x_tools//go/analysis/passes/cgocall:go_tool_library", + "@org_golang_x_tools//go/analysis/passes/buildtag:go_tool_library", + "@org_golang_x_tools//go/analysis/passes/buildssa:go_tool_library", + "@org_golang_x_tools//go/analysis/passes/bools:go_tool_library", + "@org_golang_x_tools//go/analysis/passes/atomicalign:go_tool_library", + "@org_golang_x_tools//go/analysis/passes/atomic:go_tool_library", + "@org_golang_x_tools//go/analysis/passes/assign:go_tool_library", + "@org_golang_x_tools//go/analysis/passes/inspect:go_tool_library", + "@org_golang_x_tools//go/analysis/passes/asmdecl:go_tool_library", + ], +) + +filegroup( + name = "package-srcs", + srcs = glob(["**"]), + tags = ["automanaged"], + visibility = ["//visibility:private"], +) + +filegroup( + name = "all-srcs", + srcs = [":package-srcs"], + tags = ["automanaged"], + visibility = ["//visibility:public"], +) diff --git a/deploy/manifests/def.bzl b/hack/build/crds.bzl similarity index 84% rename from deploy/manifests/def.bzl rename to hack/build/crds.bzl index 1ef2eebec..def0ba118 100644 --- a/deploy/manifests/def.bzl +++ b/hack/build/crds.bzl @@ -14,7 +14,7 @@ load("@io_k8s_repo_infra//defs:go.bzl", "go_genrule") -def generated_crds(name, go_prefix, paths, visibility = [], deps = []): +def generated_crds(name, go_prefix, paths, out, visibility = [], deps = []): go_genrule( name = name, tools = [ @@ -33,7 +33,7 @@ def generated_crds(name, go_prefix, paths, visibility = [], deps = []): "export GOCACHE=$$(mktemp -d);", # create an output directory to store each CRD file "output_dir=$$(mktemp -d);", - "out=$$(pwd)/$(location :crds.yaml.generated);", + "out=$$(pwd)/$(location :%s);" % out, # obtain absolute path to controller-gen "cg=\"$$(pwd)/$(location @io_k8s_sigs_controller_tools//cmd/controller-gen)\";", "cd \"$$GOPATH/src/" + go_prefix + "\";", @@ -47,11 +47,7 @@ def generated_crds(name, go_prefix, paths, visibility = [], deps = []): " echo \"---\" >> \"$$out\";", "done;", ]), - outs = ["crds.yaml.generated"], - go_deps = [ - "//pkg/apis/certmanager/v1alpha2:go_default_library", - "//pkg/apis/acme/v1alpha2:go_default_library", - "//pkg/apis/meta/v1:go_default_library", - ], + outs = [out], + go_deps = deps, visibility = visibility, ) diff --git a/hack/def.bzl b/hack/build/docker.bzl similarity index 100% rename from hack/def.bzl rename to hack/build/docker.bzl diff --git a/hack/build/nogo_config.json b/hack/build/nogo_config.json new file mode 100644 index 000000000..9c0275089 --- /dev/null +++ b/hack/build/nogo_config.json @@ -0,0 +1,107 @@ +{ + "structtag": { + "exclude_files": { + "external/": "external tools don't pass vet" + } + }, + "asmdecl": { + "exclude_files": { + "external/": "external tools don't pass vet" + } + }, + "assign": { + "exclude_files": { + "external/": "external tools don't pass vet" + } + }, + "atomic": { + "exclude_files": { + "external/": "external tools don't pass vet" + } + }, + "bools": { + "exclude_files": { + "external/": "external tools don't pass vet" + } + }, + "buildtag": { + "exclude_files": { + "external/": "external tools don't pass vet" + } + }, + "cgocall": { + "exclude_files": { + "external/": "external tools don't pass vet" + } + }, + "composites": { + "exclude_files": { + "external/": "external tools don't pass vet" + } + }, + "copylocks": { + "exclude_files": { + "external/": "external tools don't pass vet" + } + }, + "httpresponse": { + "exclude_files": { + "external/": "external tools don't pass vet" + } + }, + "loopclosure": { + "exclude_files": { + "external/": "external tools don't pass vet" + } + }, + "lostcancel": { + "exclude_files": { + "external/": "external tools don't pass vet" + } + }, + "nilness": { + "exclude_files": { + "external/": "external tools don't pass vet" + } + }, + "nilfunc": { + "exclude_files": { + "external/": "external tools don't pass vet" + } + }, + "printf": { + "exclude_files": { + "external/": "external tools don't pass vet" + } + }, + "shift": { + "exclude_files": { + "external/": "external tools don't pass vet" + } + }, + "stdmethods": { + "exclude_files": { + "external/": "external tools don't pass vet" + } + }, + "tests": { + "exclude_files": { + "external/": "external tools don't pass vet" + } + }, + "unreachable": { + "exclude_files": { + "external/": "external tools don't pass vet" + } + }, + "unsafeptr": { + "exclude_files": { + "external/": "external tools don't pass vet" + } + }, + "unusedresult": { + "exclude_files": { + "external/": "external tools don't pass vet" + } + } +} diff --git a/hack/print-workspace-status.sh b/hack/build/print-workspace-status.sh similarity index 97% rename from hack/print-workspace-status.sh rename to hack/build/print-workspace-status.sh index f9441bb8a..e1dbb7177 100755 --- a/hack/print-workspace-status.sh +++ b/hack/build/print-workspace-status.sh @@ -20,8 +20,6 @@ set -o errexit set -o nounset set -o pipefail -SCRIPT_ROOT=$(dirname ${BASH_SOURCE})/../.. - # AppVersion is set as the AppVersion to be compiled into the controller binary. # It's used as the default version of the 'acmesolver' image to use for ACME # challenge requests, and any other future provider that requires additional diff --git a/repos.bzl b/hack/build/repos.bzl similarity index 99% rename from repos.bzl rename to hack/build/repos.bzl index 07e343b09..4505af5d9 100644 --- a/repos.bzl +++ b/hack/build/repos.bzl @@ -12,6 +12,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +# This file is automatically updated by hack/update-deps.sh + load("@bazel_gazelle//:deps.bzl", "go_repository") def go_repositories(): diff --git a/hack/cherry-pick-pull.sh b/hack/cherry-pick-pull.sh deleted file mode 100755 index 7cbfd5197..000000000 --- a/hack/cherry-pick-pull.sh +++ /dev/null @@ -1,243 +0,0 @@ -#!/bin/bash - -# +skip_license_check - -# Copyright 2015 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Checkout a PR from GitHub. (Yes, this is sitting in a Git tree. How -# meta.) Assumes you care about pulls from remote "upstream" and -# checks thems out to a branch named: -# automated-cherry-pick-of--- - -set -o errexit -set -o nounset -set -o pipefail - -declare -r KUBE_ROOT="$(dirname "${BASH_SOURCE}")/.." -cd "${KUBE_ROOT}" - -declare -r STARTINGBRANCH=$(git symbolic-ref --short HEAD) -declare -r REBASEMAGIC="${KUBE_ROOT}/.git/rebase-apply" -DRY_RUN=${DRY_RUN:-""} -REGENERATE_DOCS=${REGENERATE_DOCS:-""} -UPSTREAM_REMOTE=${UPSTREAM_REMOTE:-upstream} -FORK_REMOTE=${FORK_REMOTE:-origin} - -if [[ -z ${GITHUB_USER:-} ]]; then - echo "Please export GITHUB_USER= (or GH organization, if that's where your fork lives)" - exit 1 -fi - -if ! which hub > /dev/null; then - echo "Can't find 'hub' tool in PATH, please install from https://github.com/github/hub" - exit 1 -fi - -if [[ "$#" -lt 2 ]]; then - echo "${0} ...: cherry pick one or more onto and leave instructions for proposing pull request" - echo - echo " Checks out and handles the cherry-pick of (possibly multiple) for you." - echo " Examples:" - echo " $0 upstream/release-3.14 12345 # Cherry-picks PR 12345 onto upstream/release-3.14 and proposes that as a PR." - echo " $0 upstream/release-3.14 12345 56789 # Cherry-picks PR 12345, then 56789 and proposes the combination as a single PR." - echo - echo " Set the DRY_RUN environment var to skip git push and creating PR." - echo " This is useful for creating patches to a release branch without making a PR." - echo " When DRY_RUN is set the script will leave you in a branch containing the commits you cherry-picked." - echo - echo " Set the REGENERATE_DOCS environment var to regenerate documentation for the target branch after picking the specified commits." - echo " This is useful when picking commits containing changes to API documentation." - echo - echo " Set UPSTREAM_REMOTE (default: upstream) and FORK_REMOTE (default: origin)" - echo " To override the default remote names to what you have locally." - exit 2 -fi - -if git_status=$(git status --porcelain --untracked=no 2>/dev/null) && [[ -n "${git_status}" ]]; then - echo "!!! Dirty tree. Clean up and try again." - exit 1 -fi - -if [[ -e "${REBASEMAGIC}" ]]; then - echo "!!! 'git rebase' or 'git am' in progress. Clean up and try again." - exit 1 -fi - -declare -r BRANCH="$1" -shift 1 -declare -r PULLS=( "$@" ) - -function join { local IFS="$1"; shift; echo "$*"; } -declare -r PULLDASH=$(join - "${PULLS[@]/#/#}") # Generates something like "#12345-#56789" -declare -r PULLSUBJ=$(join " " "${PULLS[@]/#/#}") # Generates something like "#12345 #56789" - -echo "+++ Updating remotes..." -git remote update "${UPSTREAM_REMOTE}" "${FORK_REMOTE}" - -if ! git log -n1 --format=%H "${BRANCH}" >/dev/null 2>&1; then - echo "!!! '${BRANCH}' not found. The second argument should be something like ${UPSTREAM_REMOTE}/release-0.21." - echo " (In particular, it needs to be a valid, existing remote branch that I can 'git checkout'.)" - exit 1 -fi - -declare -r NEWBRANCHREQ="automated-cherry-pick-of-${PULLDASH}" # "Required" portion for tools. -declare -r NEWBRANCH="$(echo "${NEWBRANCHREQ}-${BRANCH}" | sed 's/\//-/g')" -declare -r NEWBRANCHUNIQ="${NEWBRANCH}-$(date +%s)" -echo "+++ Creating local branch ${NEWBRANCHUNIQ}" - -cleanbranch="" -prtext="" -gitamcleanup=false -function return_to_kansas { - if [[ "${gitamcleanup}" == "true" ]]; then - echo - echo "+++ Aborting in-progress git am." - git am --abort >/dev/null 2>&1 || true - fi - - # return to the starting branch and delete the PR text file - if [[ -z "${DRY_RUN}" ]]; then - echo - echo "+++ Returning you to the ${STARTINGBRANCH} branch and cleaning up." - git checkout -f "${STARTINGBRANCH}" >/dev/null 2>&1 || true - if [[ -n "${cleanbranch}" ]]; then - git branch -D "${cleanbranch}" >/dev/null 2>&1 || true - fi - if [[ -n "${prtext}" ]]; then - rm "${prtext}" - fi - fi -} -trap return_to_kansas EXIT - -SUBJECTS=() -function make-a-pr() { - local rel="$(basename "${BRANCH}")" - echo - echo "+++ Creating a pull request on GitHub at ${GITHUB_USER}:${NEWBRANCH}" - - # This looks like an unnecessary use of a tmpfile, but it avoids - # https://github.com/github/hub/issues/976 Otherwise stdin is stolen - # when we shove the heredoc at hub directly, tickling the ioctl - # crash. - prtext="$(mktemp -t prtext.XXXX)" # cleaned in return_to_kansas - cat >"${prtext}" <&2 - exit 1 - fi - done - - if [[ "${conflicts}" != "true" ]]; then - echo "!!! git am failed, likely because of an in-progress 'git am' or 'git rebase'" - exit 1 - fi - } - - # set the subject - subject=$(grep -m 1 "^Subject" "/tmp/${pull}.patch" | sed -e 's/Subject: \[PATCH//g' | sed 's/.*] //') - SUBJECTS+=("#${pull}: ${subject}") - - # remove the patch file from /tmp - rm -f "/tmp/${pull}.patch" -done -gitamcleanup=false - -# Re-generate docs (if needed) -if [[ -n "${REGENERATE_DOCS}" ]]; then - echo - echo "Regenerating docs..." - if ! hack/generate-docs.sh; then - echo - echo "hack/generate-docs.sh FAILED to complete." - exit 1 - fi -fi - -if [[ -n "${DRY_RUN}" ]]; then - echo "!!! Skipping git push and PR creation because you set DRY_RUN." - echo "To return to the branch you were in when you invoked this script:" - echo - echo " git checkout ${STARTINGBRANCH}" - echo - echo "To delete this branch:" - echo - echo " git branch -D ${NEWBRANCHUNIQ}" - exit 0 -fi - -if git remote -v | grep ^${FORK_REMOTE} | grep kubernetes/kubernetes.git; then - echo "!!! You have ${FORK_REMOTE} configured as your kubernetes/kubernetes.git" - echo "This isn't normal. Leaving you with push instructions:" - echo - echo "+++ First manually push the branch this script created:" - echo - echo " git push REMOTE ${NEWBRANCHUNIQ}:${NEWBRANCH}" - echo - echo "where REMOTE is your personal fork (maybe ${UPSTREAM_REMOTE}? Consider swapping those.)." - echo "OR consider setting UPSTREAM_REMOTE and FORK_REMOTE to different values." - echo - make-a-pr - cleanbranch="" - exit 0 -fi - -echo -echo "+++ I'm about to do the following to push to GitHub (and I'm assuming ${FORK_REMOTE} is your personal fork):" -echo -echo " git push ${FORK_REMOTE} ${NEWBRANCHUNIQ}:${NEWBRANCH}" -echo -read -p "+++ Proceed (anything but 'y' aborts the cherry-pick)? [y/n] " -r -if ! [[ "${REPLY}" =~ ^[yY]$ ]]; then - echo "Aborting." >&2 - exit 1 -fi - -git push "${FORK_REMOTE}" -f "${NEWBRANCHUNIQ}:${NEWBRANCH}" -make-a-pr \ No newline at end of file diff --git a/hack/deprecated.sh b/hack/deprecated.sh deleted file mode 100755 index 74f3943a3..000000000 --- a/hack/deprecated.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/usr/bin/env bash - -# Copyright 2019 The Jetstack cert-manager contributors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -o errexit -set -o nounset -set -o pipefail - -TARGET="${1:-}" - -if [ -z "${TARGET}" ]; then - echo "This script has been removed - please use an alternative." -else - echo "This script has been removed. Please use '${TARGET}' instead." -fi - -exit 1 diff --git a/hack/pin-dependency.sh b/hack/pin-dependency.sh deleted file mode 100755 index 0662f3faa..000000000 --- a/hack/pin-dependency.sh +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/bin/env bash - -# +skip_license_check - -# Copyright 2019 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -o errexit -set -o nounset -set -o pipefail - -REPO_ROOT=$(dirname "${BASH_SOURCE[0]}")/.. - -# Usage: -# hack/pin-dependency.sh $MODULE $SHA-OR-TAG -# -# Example: -# hack/pin-dependency.sh github.com/docker/docker 501cb131a7b7 - -# Explicitly opt into go modules, even though we're inside a GOPATH directory -export GO111MODULE=on -# Explicitly clear GOPATH, to ensure nothing this script calls makes use of that path info -export GOPATH= -# Explicitly clear GOFLAGS, since GOFLAGS=-mod=vendor breaks dependency resolution while rebuilding vendor -export GOFLAGS= -# Detect problematic GOPROXY settings that prevent lookup of dependencies -if [[ "${GOPROXY:-}" == "off" ]]; then - echo "Cannot run hack/pin-dependency.sh with \$GOPROXY=off" - exit 1 -fi - -dep="${1:-}" -sha="${2:-}" -if [[ -z "${dep}" || -z "${sha}" ]]; then - echo "Usage:" - echo " hack/pin-dependency.sh \$MODULE \$SHA-OR-TAG" - echo "" - echo "Example:" - echo " hack/pin-dependency.sh github.com/docker/docker 501cb131a7b7" - echo "" - exit 1 -fi - -# Add the require directive -echo "Running: go get ${dep}@${sha}" -bazel run //hack/bin:go -- get -d "${dep}@${sha}" - -# Find the resolved version -rev=$(go mod edit -json | jq -r ".Require[] | select(.Path == \"${dep}\") | .Version") -echo "Resolved to ${dep}@${rev}" - -# Add the replace directive -echo "Running: go mod edit -replace ${dep}=${dep}@${rev}" -bazel run //hack/bin:go -- mod edit -replace "${dep}=${dep}@${rev}" - -echo "" -echo "Run hack/update-vendor.sh to rebuild the vendor directory" diff --git a/hack/release.sh b/hack/release.sh deleted file mode 100755 index 35d0ab9a9..000000000 --- a/hack/release.sh +++ /dev/null @@ -1,102 +0,0 @@ -#!/usr/bin/env bash - -# Copyright 2019 The Jetstack cert-manager contributors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -o errexit -set -o nounset -set -o pipefail -set -o xtrace - -function usage() { - cat <<'EOF' -This script is entrypoint to release images automatically. -Note that this script expected -Usage: hack/release.sh - -h show this message and exit -Environments: - REGISTRY container registry without repo name (default: quay.io/external_storage) - VERSION if set, use given version as image tag - CONFIRM set this to skip confirmation - ALLOW_DIRTY by default, git repo must be clean, set this to skip this check (debug only) - ALLOW_OVERWRITE by default, if an existing image exists with the same tag then pushing will be aborted, set this to skip this check - SKIP_REF_TAG skip creating a commit ref docker tag - CHART_PATH custom path to the Helm chart within the cert-manager repository (debug only) (default: deploy/charts/cert-manager) - CHART_BUCKET GCS bucket where the Helm chart should be published (default: jetstack-chart-museum) - CHART_SERVICE_ACCOUNT optional path to a JSON formatted Google Cloud service account used by gsutil to publish the chart - SKIP_CHART skip publishing the Helm chart -Examples: -1) Release to your own registry for testing - git tag v2.2.3 - REGISTRY=quay.io/ SKIP_CHART=1 ./hack/release.sh -2) Release canary version - REGISTRY=quay.io/ VERSION=canary SKIP_CHART=1 ./hack/release.sh -EOF -} - -while getopts "h?" opt; do - case "$opt" in - h|\?) - usage - exit 0 - ;; - esac -done - -export CONFIRM=${CONFIRM:-} -export VERSION=${VERSION:-} -DOCKER_REPO=${REGISTRY:-quay.io/jetstack} -# remove trailing `/` if present -export DOCKER_REPO=${DOCKER_REPO%/} - -# TODO: implement -export ALLOW_OVERWRITE=${ALLOW_OVERWRITE:-} - -# Helm chart packaging vars -export CHART_PATH=${CHART_PATH:-deploy/charts/cert-manager} -export CHART_BUCKET=${CHART_BUCKET:-jetstack-chart-museum} -export CHART_SERVICE_ACCOUNT=${CHART_SERVICE_ACCOUNT:-} -export SKIP_CHART="${SKIP_CHART:-}" -export SKIP_MANIFESTS="${SKIP_MANIFESTS:-}" - -if [[ ! -z "${CONFIRM}" ]]; then - PUBLISH="--publish" -fi - -if [[ ! -z "${CHART_SERVICE_ACCOUNT}" ]]; then - export GOOGLE_APPLICATION_CREDENTIALS="${CHART_SERVICE_ACCOUNT}" - gcloud auth activate-service-account --key-file "${CHART_SERVICE_ACCOUNT}" -fi - -if [[ -z "${SKIP_CHART}" ]]; then - CHART="--chart" -fi - -if [[ -z "${SKIP_MANIFESTS}" ]]; then - MANIFESTS="--manifests" -fi - -# TODO: enable --manifests too -bazel run //hack/release -- \ - --images \ - "${CHART:-}" \ - "${MANIFESTS:-}" \ - --docker-repo="${DOCKER_REPO}" \ - --helm.path="$(bazel info bazel-genfiles)/hack/bin/helm" \ - --chart.path="${CHART_PATH}" \ - --chart.bucket="${CHART_BUCKET}" \ - --app-version="${VERSION}" \ - --docker-repo="${DOCKER_REPO}" \ - --v=4 \ - "${PUBLISH:-}" diff --git a/hack/update-bazel.sh b/hack/update-bazel.sh index 787639937..44dd0a914 100755 --- a/hack/update-bazel.sh +++ b/hack/update-bazel.sh @@ -42,4 +42,4 @@ fi set -o xtrace "$gazelle" fix --external=external -"$kazel" --cfg-path=./.kazelcfg.json +"$kazel" --cfg-path=./hack/build/.kazelcfg.json diff --git a/hack/update-deps.sh b/hack/update-deps.sh index b021ac330..4b84d23fb 100755 --- a/hack/update-deps.sh +++ b/hack/update-deps.sh @@ -89,7 +89,7 @@ esac rm -rf vendor "$go" mod tidy "$gazelle" update-repos \ - --from_file=go.mod --to_macro=repos.bzl%go_repositories \ + --from_file=go.mod --to_macro=hack/build/repos.bzl%go_repositories \ --build_file_generation=on --build_file_proto_mode=disable "${update_bazel[@]}" # TODO(fejta): do we still need to do this? "${update_deps_licenses[@]}" diff --git a/hack/verify-bazel.sh b/hack/verify-bazel.sh index 33afb4b0f..0144b4f65 100755 --- a/hack/verify-bazel.sh +++ b/hack/verify-bazel.sh @@ -47,7 +47,7 @@ export GO111MODULE=on echo "Running gazelle..." gazelle_diff=$("$gazelle" fix --mode=diff --external=external || true) echo "Running kazel..." -kazel_diff=$("$kazel" --dry-run --print-diff --cfg-path=./.kazelcfg.json) +kazel_diff=$("$kazel" --dry-run --print-diff --cfg-path=./hack/build/.kazelcfg.json) if [[ -n "${gazelle_diff}${kazel_diff}" ]]; then echo "Current rules (-) do not match expected (+):" >&2 diff --git a/pkg/apis/acme/v1alpha2/types_order.go b/pkg/apis/acme/v1alpha2/types_order.go index fdee17a0f..00c9eb9be 100644 --- a/pkg/apis/acme/v1alpha2/types_order.go +++ b/pkg/apis/acme/v1alpha2/types_order.go @@ -163,7 +163,7 @@ type ACMEChallenge struct { // Token is the token that must be presented for this challenge. // This is used to compute the 'key' that must also be presented. - Token string `json:"token""` + Token string `json:"token"` // Type is the type of challenge being offered, e.g. http-01, dns-01 Type ACMEChallengeType `json:"type"` diff --git a/pkg/controller/certificaterequests/vault/vault_test.go b/pkg/controller/certificaterequests/vault/vault_test.go index 3bfbfea82..6845ab97a 100644 --- a/pkg/controller/certificaterequests/vault/vault_test.go +++ b/pkg/controller/certificaterequests/vault/vault_test.go @@ -182,7 +182,7 @@ func TestSign(t *testing.T) { TokenSecretRef: &cmmeta.SecretKeySelector{ Key: "secret-key", LocalObjectReference: cmmeta.LocalObjectReference{ - "non-existing-secret", + Name: "non-existing-secret", }, }, }, @@ -220,7 +220,7 @@ func TestSign(t *testing.T) { SecretRef: cmmeta.SecretKeySelector{ Key: "secret-key", LocalObjectReference: cmmeta.LocalObjectReference{ - "non-existing-secret", + Name: "non-existing-secret", }, }, }, @@ -257,7 +257,7 @@ func TestSign(t *testing.T) { TokenSecretRef: &cmmeta.SecretKeySelector{ Key: "my-token-key", LocalObjectReference: cmmeta.LocalObjectReference{ - "token-secret", + Name: "token-secret", }, }, }, @@ -296,7 +296,7 @@ func TestSign(t *testing.T) { RoleId: "my-role-id", SecretRef: cmmeta.SecretKeySelector{ LocalObjectReference: cmmeta.LocalObjectReference{ - "role-secret", + Name: "role-secret", }, Key: "my-role-key", }, @@ -336,7 +336,7 @@ func TestSign(t *testing.T) { TokenSecretRef: &cmmeta.SecretKeySelector{ Key: "my-token-key", LocalObjectReference: cmmeta.LocalObjectReference{ - "token-secret", + Name: "token-secret", }, }, }, @@ -376,7 +376,7 @@ func TestSign(t *testing.T) { RoleId: "my-role-id", SecretRef: cmmeta.SecretKeySelector{ LocalObjectReference: cmmeta.LocalObjectReference{ - "role-secret", + Name: "role-secret", }, Key: "my-role-key", }, diff --git a/pkg/controller/helper_test.go b/pkg/controller/helper_test.go index f1ffc3974..ba5a81335 100644 --- a/pkg/controller/helper_test.go +++ b/pkg/controller/helper_test.go @@ -46,7 +46,7 @@ func TestCalculateDurationUntilRenew(t *testing.T) { desc: "generate an event if certificate duration is lower than requested duration", notBefore: now(), notAfter: now().Add(time.Hour * 24 * 90), - duration: &metav1.Duration{time.Hour * 24 * 120}, + duration: &metav1.Duration{Duration: time.Hour * 24 * 120}, renewBefore: nil, expectedExpiry: time.Hour * 24 * 60, }, @@ -70,24 +70,24 @@ func TestCalculateDurationUntilRenew(t *testing.T) { desc: "expiry of 2/3 of certificate duration when duration < 30 minutes", notBefore: now(), notAfter: now().Add(time.Hour), - duration: &metav1.Duration{time.Hour}, - renewBefore: &metav1.Duration{time.Hour / 3}, + duration: &metav1.Duration{Duration: time.Hour}, + renewBefore: &metav1.Duration{Duration: time.Hour / 3}, expectedExpiry: time.Hour * 2 / 3, }, { desc: "expiry of 60 days of certificate duration", notBefore: now(), notAfter: now().Add(time.Hour * 24 * 365), - duration: &metav1.Duration{time.Hour * 24 * 365}, - renewBefore: &metav1.Duration{time.Hour * 24 * 60}, + duration: &metav1.Duration{Duration: time.Hour * 24 * 365}, + renewBefore: &metav1.Duration{Duration: time.Hour * 24 * 60}, expectedExpiry: (time.Hour * 24 * 365) - (time.Hour * 24 * 60), }, { desc: "expiry of 2/3 of certificate duration when renewBefore greater than certificate duration", notBefore: now(), notAfter: now().Add(time.Hour * 24 * 35), - duration: &metav1.Duration{time.Hour * 24 * 35}, - renewBefore: &metav1.Duration{time.Hour * 24 * 40}, + duration: &metav1.Duration{Duration: time.Hour * 24 * 35}, + renewBefore: &metav1.Duration{Duration: time.Hour * 24 * 40}, expectedExpiry: time.Hour * 24 * 35 * 2 / 3, }, { @@ -96,7 +96,7 @@ func TestCalculateDurationUntilRenew(t *testing.T) { notBefore: now().Add(-time.Hour), notAfter: now().Add(-time.Hour).Add(time.Hour * 24 * 90), duration: nil, - renewBefore: &metav1.Duration{time.Hour*2159 + time.Minute*50}, + renewBefore: &metav1.Duration{Duration: time.Hour*2159 + time.Minute*50}, expectedExpiry: -time.Minute * 50, }, } diff --git a/pkg/internal/apis/acme/types_order.go b/pkg/internal/apis/acme/types_order.go index 1a8c89cb4..37c932a97 100644 --- a/pkg/internal/apis/acme/types_order.go +++ b/pkg/internal/apis/acme/types_order.go @@ -156,7 +156,7 @@ type ACMEChallenge struct { // Token is the token that must be presented for this challenge. // This is used to compute the 'key' that must also be presented. - Token string `json:"token""` + Token string `json:"token"` // Type is the type of challenge being offered, e.g. http-01, dns-01 Type ACMEChallengeType `json:"type"` diff --git a/pkg/internal/vault/vault.go b/pkg/internal/vault/vault.go index f2cc53ced..66a1e97dc 100644 --- a/pkg/internal/vault/vault.go +++ b/pkg/internal/vault/vault.go @@ -273,8 +273,7 @@ func (v *Vault) requestTokenWithAppRoleRef(client Client, appRole *v1alpha2.Vaul defer resp.Body.Close() vaultResult := vault.Secret{} - resp.DecodeJSON(&vaultResult) - if err != nil { + if err := resp.DecodeJSON(&vaultResult); err != nil { return "", fmt.Errorf("unable to decode JSON payload: %s", err.Error()) } diff --git a/pkg/internal/vault/vault_test.go b/pkg/internal/vault/vault_test.go index ea5cdf336..cb40fd9d9 100644 --- a/pkg/internal/vault/vault_test.go +++ b/pkg/internal/vault/vault_test.go @@ -29,7 +29,6 @@ import ( "fmt" "io/ioutil" "net/http" - "reflect" "strings" "testing" "time" @@ -168,7 +167,9 @@ func TestSign(t *testing.T) { } cert, _, err := v.Sign(test.csrPEM, time.Minute) - if !reflect.DeepEqual(test.expectedErr, err) { + if ((test.expectedErr == nil) != (err == nil)) && + test.expectedErr != nil && + test.expectedErr.Error() != err.Error() { t.Errorf("%s: unexpected error, exp=%v got=%v", name, test.expectedErr, err) } @@ -471,7 +472,9 @@ func TestSetToken(t *testing.T) { } err := v.setToken(test.fakeClient) - if !reflect.DeepEqual(test.expectedErr, err) { + if ((test.expectedErr == nil) != (err == nil)) && + test.expectedErr != nil && + test.expectedErr.Error() != err.Error() { t.Errorf("unexpected error, exp=%v got=%v", test.expectedErr, err) } @@ -569,7 +572,9 @@ func TestAppRoleRef(t *testing.T) { } roleID, secretID, err := v.appRoleRef(test.appRole) - if !reflect.DeepEqual(test.expectedErr, err) { + if ((test.expectedErr == nil) != (err == nil)) && + test.expectedErr != nil && + test.expectedErr.Error() != err.Error() { t.Errorf("unexpected error, exp=%v got=%v", test.expectedErr, err) } @@ -665,7 +670,9 @@ func TestTokenRef(t *testing.T) { } token, err := v.tokenRef("test-name", "test-namespace", test.key) - if !reflect.DeepEqual(test.expectedErr, err) { + if ((test.expectedErr == nil) != (err == nil)) && + test.expectedErr != nil && + test.expectedErr.Error() != err.Error() { t.Errorf("unexpected error, exp=%v got=%v", test.expectedErr, err) } @@ -741,7 +748,9 @@ func TestNewConfig(t *testing.T) { } cfg, err := v.newConfig() - if !reflect.DeepEqual(test.expectedErr, err) { + if ((test.expectedErr == nil) != (err == nil)) && + test.expectedErr != nil && + test.expectedErr.Error() != err.Error() { t.Errorf("unexpected error, exp=%v got=%v", test.expectedErr, err) } @@ -866,7 +875,9 @@ func TestRequestTokenWithAppRoleRef(t *testing.T) { } token, err := v.requestTokenWithAppRoleRef(test.client, test.appRole) - if !reflect.DeepEqual(test.expectedErr, err) { + if ((test.expectedErr == nil) != (err == nil)) && + test.expectedErr != nil && + test.expectedErr.Error() != err.Error() { t.Errorf("unexpected error, exp=%v got=%v", test.expectedErr, err) } diff --git a/pkg/issuer/acme/dns/dns_test.go b/pkg/issuer/acme/dns/dns_test.go index 25af557b1..42bed011b 100644 --- a/pkg/issuer/acme/dns/dns_test.go +++ b/pkg/issuer/acme/dns/dns_test.go @@ -388,7 +388,7 @@ func TestRoute53AmbientCreds(t *testing.T) { defer f.Finish(t) s := f.Solver _, _, err := s.solverForChallenge(context.Background(), f.Issuer, f.Challenge) - if !reflect.DeepEqual(tt.out.expectedErr, err) { + if tt.out.expectedErr != err { t.Fatalf("expected error %v, got error %v", tt.out.expectedErr, err) } @@ -480,7 +480,7 @@ func TestRoute53AssumeRole(t *testing.T) { defer f.Finish(t) s := f.Solver _, _, err := s.solverForChallenge(context.Background(), f.Issuer, f.Challenge) - if !reflect.DeepEqual(tt.out.expectedErr, err) { + if tt.out.expectedErr != err { t.Fatalf("expected error %v, got error %v", tt.out.expectedErr, err) } diff --git a/test/e2e/suite/issuers/acme/certificate/http01.go b/test/e2e/suite/issuers/acme/certificate/http01.go index 1df90495d..4d2dda5ac 100644 --- a/test/e2e/suite/issuers/acme/certificate/http01.go +++ b/test/e2e/suite/issuers/acme/certificate/http01.go @@ -72,7 +72,6 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() { f.RequireAddon(pebble) var acmeIngressDomain string - var acmeIngressClass string issuerName := "test-acme-issuer" certificateName := "test-acme-certificate" certificateSecretName := "test-acme-certificate" @@ -136,7 +135,6 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() { JustBeforeEach(func() { acmeIngressDomain = addon.NginxIngress.Details().NewTestDomain() - acmeIngressClass = addon.NginxIngress.Details().IngressClass }) AfterEach(func() { diff --git a/test/e2e/suite/issuers/acme/certificaterequest/http01.go b/test/e2e/suite/issuers/acme/certificaterequest/http01.go index 38c8c0a83..270c1d3f9 100644 --- a/test/e2e/suite/issuers/acme/certificaterequest/http01.go +++ b/test/e2e/suite/issuers/acme/certificaterequest/http01.go @@ -66,7 +66,6 @@ var _ = framework.CertManagerDescribe("ACME CertificateRequest (HTTP01)", func() f.RequireAddon(pebble) var acmeIngressDomain string - var acmeIngressClass string issuerName := "test-acme-issuer" certificateRequestName := "test-acme-certificate-request" // fixedIngressName is the name of an ingress resource that is configured @@ -129,7 +128,6 @@ var _ = framework.CertManagerDescribe("ACME CertificateRequest (HTTP01)", func() JustBeforeEach(func() { acmeIngressDomain = addon.NginxIngress.Details().NewTestDomain() - acmeIngressClass = addon.NginxIngress.Details().IngressClass }) AfterEach(func() { diff --git a/test/e2e/suite/issuers/ca/certificate.go b/test/e2e/suite/issuers/ca/certificate.go index ef57f1af7..f952f3745 100644 --- a/test/e2e/suite/issuers/ca/certificate.go +++ b/test/e2e/suite/issuers/ca/certificate.go @@ -100,7 +100,7 @@ var _ = framework.CertManagerDescribe("CA Certificate", func() { label string }{ { - inputDuration: &metav1.Duration{time.Hour * 24 * 35}, + inputDuration: &metav1.Duration{Duration: time.Hour * 24 * 35}, inputRenewBefore: nil, expectedDuration: time.Hour * 24 * 35, label: "35 days", diff --git a/test/e2e/suite/issuers/ca/certificaterequest.go b/test/e2e/suite/issuers/ca/certificaterequest.go index 82a12b182..ff62ac52c 100644 --- a/test/e2e/suite/issuers/ca/certificaterequest.go +++ b/test/e2e/suite/issuers/ca/certificaterequest.go @@ -122,7 +122,7 @@ var _ = framework.CertManagerDescribe("CA CertificateRequest", func() { label string }{ { - inputDuration: &metav1.Duration{time.Hour * 24 * 35}, + inputDuration: &metav1.Duration{Duration: time.Hour * 24 * 35}, expectedDuration: time.Hour * 24 * 35, label: "35 days", }, diff --git a/test/e2e/suite/issuers/selfsigned/certificate.go b/test/e2e/suite/issuers/selfsigned/certificate.go index 9c02f504a..ae0f86bc8 100644 --- a/test/e2e/suite/issuers/selfsigned/certificate.go +++ b/test/e2e/suite/issuers/selfsigned/certificate.go @@ -67,7 +67,7 @@ var _ = framework.CertManagerDescribe("Self Signed Certificate", func() { label string }{ { - inputDuration: &metav1.Duration{time.Hour * 24 * 35}, + inputDuration: &metav1.Duration{Duration: time.Hour * 24 * 35}, inputRenewBefore: nil, expectedDuration: time.Hour * 24 * 35, label: "35 days", diff --git a/test/e2e/suite/issuers/selfsigned/certificaterequest.go b/test/e2e/suite/issuers/selfsigned/certificaterequest.go index e67378b1c..c8342a637 100644 --- a/test/e2e/suite/issuers/selfsigned/certificaterequest.go +++ b/test/e2e/suite/issuers/selfsigned/certificaterequest.go @@ -127,7 +127,7 @@ var _ = framework.CertManagerDescribe("SelfSigned CertificateRequest", func() { label string }{ { - inputDuration: &metav1.Duration{time.Hour * 24 * 35}, + inputDuration: &metav1.Duration{Duration: time.Hour * 24 * 35}, expectedDuration: time.Hour * 24 * 35, label: "35 days", }, diff --git a/test/e2e/suite/issuers/vault/certificate/approle.go b/test/e2e/suite/issuers/vault/certificate/approle.go index 252ee4abd..768a43d02 100644 --- a/test/e2e/suite/issuers/vault/certificate/approle.go +++ b/test/e2e/suite/issuers/vault/certificate/approle.go @@ -129,7 +129,7 @@ var _ = framework.CertManagerDescribe("Vault Certificate (AppRole)", func() { event string }{ { - inputDuration: &metav1.Duration{time.Hour * 24 * 35}, + inputDuration: &metav1.Duration{Duration: time.Hour * 24 * 35}, inputRenewBefore: nil, expectedDuration: time.Hour * 24 * 35, label: "valid for 35 days", @@ -141,14 +141,14 @@ var _ = framework.CertManagerDescribe("Vault Certificate (AppRole)", func() { label: "valid for the default value (90 days)", }, { - inputDuration: &metav1.Duration{time.Hour * 24 * 365}, + inputDuration: &metav1.Duration{Duration: time.Hour * 24 * 365}, inputRenewBefore: nil, expectedDuration: time.Hour * 24 * 90, label: "with Vault configured maximum TTL duration (90 days) when requested duration is greater than TTL", }, { - inputDuration: &metav1.Duration{time.Hour * 24 * 240}, - inputRenewBefore: &metav1.Duration{time.Hour * 24 * 120}, + inputDuration: &metav1.Duration{Duration: time.Hour * 24 * 240}, + inputRenewBefore: &metav1.Duration{Duration: time.Hour * 24 * 120}, expectedDuration: time.Hour * 24 * 90, label: "with a warning event when renewBefore is bigger than the duration", }, diff --git a/test/e2e/suite/issuers/vault/certificaterequest/approle.go b/test/e2e/suite/issuers/vault/certificaterequest/approle.go index ec569859e..bbe64d122 100644 --- a/test/e2e/suite/issuers/vault/certificaterequest/approle.go +++ b/test/e2e/suite/issuers/vault/certificaterequest/approle.go @@ -141,7 +141,7 @@ var _ = framework.CertManagerDescribe("Vault CertificateRequest (AppRole)", func event string }{ { - inputDuration: &metav1.Duration{time.Hour * 24 * 35}, + inputDuration: &metav1.Duration{Duration: time.Hour * 24 * 35}, expectedDuration: time.Hour * 24 * 35, label: "valid for 35 days", }, @@ -151,12 +151,12 @@ var _ = framework.CertManagerDescribe("Vault CertificateRequest (AppRole)", func label: "valid for the default value (90 days)", }, { - inputDuration: &metav1.Duration{time.Hour * 24 * 365}, + inputDuration: &metav1.Duration{Duration: time.Hour * 24 * 365}, expectedDuration: time.Hour * 24 * 90, label: "with Vault configured maximum TTL duration (90 days) when requested duration is greater than TTL", }, { - inputDuration: &metav1.Duration{time.Hour * 24 * 240}, + inputDuration: &metav1.Duration{Duration: time.Hour * 24 * 240}, expectedDuration: time.Hour * 24 * 90, label: "with a warning event when renewBefore is bigger than the duration", },