Certificate-requests controller does not process invalid certificaterequests

Signed-off-by: irbekrm <irbekrm@gmail.com>

pkg/controller/certificaterequests/sync.go

@@ -63,6 +63,12 @@ func (c *Controller) Sync(ctx context.Context, cr *cmapi.CertificateRequest) (er
 		return nil
 	}
 
+	// If CertificateRequest is invalid, do not process it
+	if apiutil.CertificateRequestHasInvalidRequest(cr) {
+		dbg.Info("certificate request is invalid and will not be further processed")
+		return nil
+	}
+
 	// If CertificateRequest has not been approved, exit early.
 	if !apiutil.CertificateRequestIsApproved(cr) {
 		dbg.Info("certificate request has not been approved")

pkg/controller/certificaterequests/sync_test.go

@@ -372,6 +372,21 @@ func TestSync(t *testing.T) {
 				ExpectedActions: []testpkg.Action{},
 			},
 		},
+		"should return nil (no action) if certificate request invalidrequest is set to true": {
+			certificateRequest: gen.CertificateRequestFrom(baseCRNotApproved,
+				gen.SetCertificateRequestStatusCondition(cmapi.CertificateRequestCondition{
+					Type:               cmapi.CertificateRequestConditionInvalidRequest,
+					Status:             cmmeta.ConditionTrue,
+					Reason:             "InvalidRequest",
+					Message:            "Certificate request is invalid",
+					LastTransitionTime: &nowMetaTime,
+				}),
+			),
+			builder: &testpkg.Builder{
+				CertManagerObjects: []runtime.Object{baseIssuer, baseCR},
+				ExpectedActions:    []testpkg.Action{},
+			},
+		},
 		"should return nil (no action) if certificate request is ready and reason Issued": {
 			certificateRequest: gen.CertificateRequestFrom(baseCR,
 				gen.SetCertificateRequestStatusCondition(cmapi.CertificateRequestCondition{