From 7bf6bf93bf56e642280b87aa91033c5b774f510e Mon Sep 17 00:00:00 2001 From: Inteon <42113979+inteon@users.noreply.github.com> Date: Wed, 4 Aug 2021 15:11:30 +0200 Subject: [PATCH] cleanup test functions Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com> --- test/e2e/framework/helper/BUILD.bazel | 1 + test/e2e/framework/helper/certificates.go | 85 ++++++------ test/e2e/framework/helper/validate.go | 8 +- .../suite/conformance/certificates/tests.go | 124 +++++++++--------- .../suite/issuers/acme/certificate/http01.go | 39 +++--- .../issuers/acme/certificate/notafter.go | 6 +- test/e2e/suite/issuers/ca/certificate.go | 44 +++---- .../suite/issuers/selfsigned/certificate.go | 20 +-- .../issuers/vault/certificate/approle.go | 10 +- .../vault/certificate/approle_custom_mount.go | 6 +- .../suite/issuers/venafi/tpp/certificate.go | 10 +- test/e2e/suite/serving/cainjector.go | 4 +- test/e2e/util/BUILD.bazel | 3 - test/e2e/util/util.go | 113 ---------------- 14 files changed, 175 insertions(+), 298 deletions(-) diff --git a/test/e2e/framework/helper/BUILD.bazel b/test/e2e/framework/helper/BUILD.bazel index b5fb13184..b4bf9b3a0 100644 --- a/test/e2e/framework/helper/BUILD.bazel +++ b/test/e2e/framework/helper/BUILD.bazel @@ -32,6 +32,7 @@ go_library( "@com_github_onsi_ginkgo//:go_default_library", "@io_k8s_api//certificates/v1:go_default_library", "@io_k8s_api//core/v1:go_default_library", + "@io_k8s_apimachinery//pkg/api/errors:go_default_library", "@io_k8s_apimachinery//pkg/apis/meta/v1:go_default_library", "@io_k8s_apimachinery//pkg/util/wait:go_default_library", "@io_k8s_client_go//kubernetes:go_default_library", diff --git a/test/e2e/framework/helper/certificates.go b/test/e2e/framework/helper/certificates.go index ee472874b..6e86272ac 100644 --- a/test/e2e/framework/helper/certificates.go +++ b/test/e2e/framework/helper/certificates.go @@ -20,10 +20,10 @@ import ( "context" "crypto/x509" "fmt" - "os" "sort" "time" + errors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/wait" @@ -35,9 +35,29 @@ import ( "github.com/jetstack/cert-manager/test/e2e/framework/log" ) -func (h *Helper) waitPollImmediateCertificate(client clientset.CertificateInterface, name string, check func(*v1.Certificate) bool, interval time.Duration, timeout time.Duration) (*cmapi.Certificate, error) { +// WaitForCertificateToExist waits for the named certificate to exist and returns the certificate +func (h *Helper) WaitForCertificateToExist(namespace string, name string, timeout time.Duration) (*cmapi.Certificate, error) { + client := h.CMClient.CertmanagerV1().Certificates(namespace) var certificate *v1.Certificate = nil - pollErr := wait.PollImmediate(interval, timeout, func() (bool, error) { + pollErr := wait.PollImmediate(500*time.Millisecond, timeout, func() (bool, error) { + log.Logf("Waiting for Certificate %v to exist", name) + var err error + certificate, err = client.Get(context.TODO(), name, metav1.GetOptions{}) + if errors.IsNotFound(err) { + return false, nil + } + if err != nil { + return false, fmt.Errorf("error getting Certificate %v: %v", name, err) + } + + return true, nil + }) + return certificate, pollErr +} + +func (h *Helper) waitForCertificateCondition(client clientset.CertificateInterface, name string, check func(*v1.Certificate) bool, timeout time.Duration) (*cmapi.Certificate, error) { + var certificate *v1.Certificate = nil + pollErr := wait.PollImmediate(500*time.Millisecond, timeout, func() (bool, error) { var err error certificate, err = client.Get(context.TODO(), name, metav1.GetOptions{}) if nil != err { @@ -49,21 +69,21 @@ func (h *Helper) waitPollImmediateCertificate(client clientset.CertificateInterf }) if pollErr != nil && certificate != nil { - fmt.Fprintf(os.Stderr, "Failed waiting for certificate %v: %v\n", name, pollErr.Error()) + log.Logf("Failed waiting for certificate %v: %v\n", name, pollErr.Error()) if len(certificate.Status.Conditions) > 0 { - fmt.Fprintf(os.Stderr, "Perceived certificate conditions:\n") + log.Logf("Observed certificate conditions:\n") for _, cond := range certificate.Status.Conditions { - fmt.Fprintf(os.Stderr, "- Last Status: '%s' Reason: '%s', Message: '%s'\n", cond.Status, cond.Reason, cond.Message) + log.Logf("- Last Status: '%s' Reason: '%s', Message: '%s'\n", cond.Status, cond.Reason, cond.Message) } } - fmt.Fprintf(os.Stderr, "Certificate description:\n") + log.Logf("Certificate description:\n") h.Kubectl(certificate.Namespace).DescribeResource("certificate", name) - fmt.Fprintf(os.Stderr, "Order and challenge descriptions:\n") + log.Logf("Order and challenge descriptions:\n") h.Kubectl(certificate.Namespace).Describe("order", "challenge") - fmt.Fprintf(os.Stderr, "Certificaterequest description:\n") + log.Logf("CertificateRequest description:\n") crName, err := apiutil.ComputeName(certificate.Name, certificate.Spec) if err != nil { log.Logf("Failed to compute CertificateRequest name from certificate: %s", err) @@ -74,35 +94,9 @@ func (h *Helper) waitPollImmediateCertificate(client clientset.CertificateInterf return certificate, pollErr } -// WaitForCertificateReady waits for the certificate resource to enter a Ready state and to leave the Issuing state. -func (h *Helper) WaitForCertificateReady(ns, name string, timeout time.Duration) (*cmapi.Certificate, error) { - ready_true_condition := cmapi.CertificateCondition{ - Type: cmapi.CertificateConditionReady, - Status: cmmeta.ConditionTrue, - } - issuing_condition := cmapi.CertificateCondition{ - Type: cmapi.CertificateConditionIssuing, - } - - return h.waitPollImmediateCertificate(h.CMClient.CertmanagerV1().Certificates(ns), name, func(certificate *v1.Certificate) bool { - if !apiutil.CertificateHasCondition(certificate, ready_true_condition) { - log.Logf("Expected Certificate %v condition %v=%v but it has: %v", certificate.Name, ready_true_condition.Type, ready_true_condition.Status, certificate.Status.Conditions) - return false - } - - if apiutil.CertificateHasCondition(certificate, issuing_condition) { - log.Logf("Expected Certificate %v condition %v to be missing but it has: %v", certificate.Name, issuing_condition.Type, certificate.Status.Conditions) - return false - } - - return true - }, 500*time.Millisecond, timeout) -} - -// WaitForCertificateReadyUpdate waits for the certificate resource to enter a -// Ready state and to leave the Issuing state. If the provided cert was in a -// Ready state already, the function waits for a state transition to have happened. -func (h *Helper) WaitForCertificateReadyUpdate(cert *cmapi.Certificate, timeout time.Duration) (*cmapi.Certificate, error) { +// WaitForCertificateReadyAndDoneIssuing waits for the certificate resource to be in a Ready=True state and not be in an Issuing state. +// The Ready=True condition will be checked against the provided certificate to make sure that it is up-to-date (condition gen. >= cert gen.). +func (h *Helper) WaitForCertificateReadyAndDoneIssuing(cert *cmapi.Certificate, timeout time.Duration) (*cmapi.Certificate, error) { ready_true_condition := cmapi.CertificateCondition{ Type: cmapi.CertificateConditionReady, Status: cmmeta.ConditionTrue, @@ -111,7 +105,7 @@ func (h *Helper) WaitForCertificateReadyUpdate(cert *cmapi.Certificate, timeout issuing_condition := cmapi.CertificateCondition{ Type: cmapi.CertificateConditionIssuing, } - return h.waitPollImmediateCertificate(h.CMClient.CertmanagerV1().Certificates(cert.Namespace), cert.Name, func(certificate *v1.Certificate) bool { + return h.waitForCertificateCondition(h.CMClient.CertmanagerV1().Certificates(cert.Namespace), cert.Name, func(certificate *v1.Certificate) bool { if !apiutil.CertificateHasConditionWithObservedGeneration(certificate, ready_true_condition) { log.Logf( "Expected Certificate %v condition %v=%v (generation >= %v) but it has: %v", @@ -130,13 +124,12 @@ func (h *Helper) WaitForCertificateReadyUpdate(cert *cmapi.Certificate, timeout } return true - }, 500*time.Millisecond, timeout) + }, timeout) } -// WaitForCertificateReadyUpdate waits for the certificate resource to enter a -// Ready=False state and to leave the Issuing state. If the provided cert was -// in a Ready=False state already, the function waits for a state transition to have happened. -func (h *Helper) WaitForCertificateNotReadyUpdate(cert *cmapi.Certificate, timeout time.Duration) (*cmapi.Certificate, error) { +// WaitForCertificateNotReadyAndDoneIssuing waits for the certificate resource to be in a Ready=False state and not be in an Issuing state. +// The Ready=False condition will be checked against the provided certificate to make sure that it is up-to-date (condition gen. >= cert gen.). +func (h *Helper) WaitForCertificateNotReadyAndDoneIssuing(cert *cmapi.Certificate, timeout time.Duration) (*cmapi.Certificate, error) { ready_false_condition := cmapi.CertificateCondition{ Type: cmapi.CertificateConditionReady, Status: cmmeta.ConditionFalse, @@ -145,7 +138,7 @@ func (h *Helper) WaitForCertificateNotReadyUpdate(cert *cmapi.Certificate, timeo issuing_condition := cmapi.CertificateCondition{ Type: cmapi.CertificateConditionIssuing, } - return h.waitPollImmediateCertificate(h.CMClient.CertmanagerV1().Certificates(cert.Namespace), cert.Name, func(certificate *v1.Certificate) bool { + return h.waitForCertificateCondition(h.CMClient.CertmanagerV1().Certificates(cert.Namespace), cert.Name, func(certificate *v1.Certificate) bool { if !apiutil.CertificateHasCondition(certificate, ready_false_condition) { log.Logf( "Expected Certificate %v condition %v=%v (generation >= %v) but it has: %v", @@ -164,7 +157,7 @@ func (h *Helper) WaitForCertificateNotReadyUpdate(cert *cmapi.Certificate, timeo } return true - }, 500*time.Millisecond, timeout) + }, timeout) } func (h *Helper) deduplicateExtKeyUsages(us []x509.ExtKeyUsage) []x509.ExtKeyUsage { diff --git a/test/e2e/framework/helper/validate.go b/test/e2e/framework/helper/validate.go index 5202608e7..45b5b8e80 100644 --- a/test/e2e/framework/helper/validate.go +++ b/test/e2e/framework/helper/validate.go @@ -22,20 +22,18 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1" "github.com/jetstack/cert-manager/test/e2e/framework/helper/validation" "github.com/jetstack/cert-manager/test/e2e/framework/helper/validation/certificates" "github.com/jetstack/cert-manager/test/e2e/framework/helper/validation/certificatesigningrequests" ) // ValidateCertificate retrieves the issued certificate and runs all validation functions -func (h *Helper) ValidateCertificate(ns, name string, validations ...certificates.ValidationFunc) error { +func (h *Helper) ValidateCertificate(certificate *cmapi.Certificate, validations ...certificates.ValidationFunc) error { if len(validations) == 0 { validations = validation.DefaultCertificateSet() } - certificate, err := h.CMClient.CertmanagerV1().Certificates(ns).Get(context.TODO(), name, metav1.GetOptions{}) - if err != nil { - return err - } + secret, err := h.KubeClient.CoreV1().Secrets(certificate.Namespace).Get(context.TODO(), certificate.Spec.SecretName, metav1.GetOptions{}) if err != nil { return err diff --git a/test/e2e/suite/conformance/certificates/tests.go b/test/e2e/suite/conformance/certificates/tests.go index 1d16851dc..bd88e30f0 100644 --- a/test/e2e/suite/conformance/certificates/tests.go +++ b/test/e2e/suite/conformance/certificates/tests.go @@ -90,11 +90,11 @@ func (s *Suite) Define() { Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - _, err = f.Helper().WaitForCertificateReady(f.Namespace.Name, "testcert", time.Minute*5) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") - err = f.Helper().ValidateCertificate(f.Namespace.Name, "testcert", validation.CertificateSetForUnsupportedFeatureSet(s.UnsupportedFeatures)...) + err = f.Helper().ValidateCertificate(testCertificate, validation.CertificateSetForUnsupportedFeatureSet(s.UnsupportedFeatures)...) Expect(err).NotTo(HaveOccurred()) }, featureset.OnlySAN) @@ -116,11 +116,11 @@ func (s *Suite) Define() { Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - _, err = f.Helper().WaitForCertificateReady(f.Namespace.Name, "testcert", time.Minute*5) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") - err = f.Helper().ValidateCertificate(f.Namespace.Name, "testcert", validation.CertificateSetForUnsupportedFeatureSet(s.UnsupportedFeatures)...) + err = f.Helper().ValidateCertificate(testCertificate, validation.CertificateSetForUnsupportedFeatureSet(s.UnsupportedFeatures)...) Expect(err).NotTo(HaveOccurred()) }, featureset.IssueCAFeature) @@ -144,11 +144,11 @@ func (s *Suite) Define() { Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - _, err = f.Helper().WaitForCertificateReady(f.Namespace.Name, "testcert", time.Minute*5) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") - err = f.Helper().ValidateCertificate(f.Namespace.Name, "testcert", validation.CertificateSetForUnsupportedFeatureSet(s.UnsupportedFeatures)...) + err = f.Helper().ValidateCertificate(testCertificate, validation.CertificateSetForUnsupportedFeatureSet(s.UnsupportedFeatures)...) Expect(err).NotTo(HaveOccurred()) }, featureset.ECDSAFeature, featureset.OnlySAN) @@ -172,11 +172,11 @@ func (s *Suite) Define() { Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - _, err = f.Helper().WaitForCertificateReady(f.Namespace.Name, "testcert", time.Minute*5) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") - err = f.Helper().ValidateCertificate(f.Namespace.Name, "testcert", validation.CertificateSetForUnsupportedFeatureSet(s.UnsupportedFeatures)...) + err = f.Helper().ValidateCertificate(testCertificate, validation.CertificateSetForUnsupportedFeatureSet(s.UnsupportedFeatures)...) Expect(err).NotTo(HaveOccurred()) }, featureset.OnlySAN, featureset.Ed25519FeatureSet) @@ -201,11 +201,11 @@ func (s *Suite) Define() { Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - _, err = f.Helper().WaitForCertificateReady(f.Namespace.Name, "testcert", time.Minute*5) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") - err = f.Helper().ValidateCertificate(f.Namespace.Name, "testcert", validation.CertificateSetForUnsupportedFeatureSet(s.UnsupportedFeatures)...) + err = f.Helper().ValidateCertificate(testCertificate, validation.CertificateSetForUnsupportedFeatureSet(s.UnsupportedFeatures)...) Expect(err).NotTo(HaveOccurred()) }, featureset.CommonNameFeature) @@ -233,11 +233,11 @@ func (s *Suite) Define() { Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - _, err = f.Helper().WaitForCertificateReady(f.Namespace.Name, "testcert", time.Minute*5) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") - err = f.Helper().ValidateCertificate(f.Namespace.Name, "testcert", validation.CertificateSetForUnsupportedFeatureSet(s.UnsupportedFeatures)...) + err = f.Helper().ValidateCertificate(testCertificate, validation.CertificateSetForUnsupportedFeatureSet(s.UnsupportedFeatures)...) Expect(err).NotTo(HaveOccurred()) }, featureset.ECDSAFeature, featureset.CommonNameFeature) @@ -265,11 +265,11 @@ func (s *Suite) Define() { Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - _, err = f.Helper().WaitForCertificateReady(f.Namespace.Name, "testcert", time.Minute*5) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") - err = f.Helper().ValidateCertificate(f.Namespace.Name, "testcert", validation.CertificateSetForUnsupportedFeatureSet(s.UnsupportedFeatures)...) + err = f.Helper().ValidateCertificate(testCertificate, validation.CertificateSetForUnsupportedFeatureSet(s.UnsupportedFeatures)...) Expect(err).NotTo(HaveOccurred()) }, featureset.Ed25519FeatureSet, featureset.CommonNameFeature) @@ -290,11 +290,11 @@ func (s *Suite) Define() { Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - _, err = f.Helper().WaitForCertificateReady(f.Namespace.Name, "testcert", time.Minute*5) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") - err = f.Helper().ValidateCertificate(f.Namespace.Name, "testcert", validation.CertificateSetForUnsupportedFeatureSet(s.UnsupportedFeatures)...) + err = f.Helper().ValidateCertificate(testCertificate, validation.CertificateSetForUnsupportedFeatureSet(s.UnsupportedFeatures)...) Expect(err).NotTo(HaveOccurred()) }, featureset.IPAddressFeature) @@ -316,11 +316,11 @@ func (s *Suite) Define() { Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - _, err = f.Helper().WaitForCertificateReady(f.Namespace.Name, "testcert", time.Minute*5) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") - err = f.Helper().ValidateCertificate(f.Namespace.Name, "testcert", validation.CertificateSetForUnsupportedFeatureSet(s.UnsupportedFeatures)...) + err = f.Helper().ValidateCertificate(testCertificate, validation.CertificateSetForUnsupportedFeatureSet(s.UnsupportedFeatures)...) Expect(err).NotTo(HaveOccurred()) }, featureset.OnlySAN, featureset.IPAddressFeature) @@ -346,11 +346,11 @@ func (s *Suite) Define() { Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - _, err = f.Helper().WaitForCertificateReady(f.Namespace.Name, "testcert", time.Minute*5) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") - err = f.Helper().ValidateCertificate(f.Namespace.Name, "testcert", validation.CertificateSetForUnsupportedFeatureSet(s.UnsupportedFeatures)...) + err = f.Helper().ValidateCertificate(testCertificate, validation.CertificateSetForUnsupportedFeatureSet(s.UnsupportedFeatures)...) Expect(err).NotTo(HaveOccurred()) }, featureset.CommonNameFeature, featureset.IPAddressFeature) @@ -371,11 +371,11 @@ func (s *Suite) Define() { Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - _, err = f.Helper().WaitForCertificateReady(f.Namespace.Name, "testcert", time.Minute*5) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") - err = f.Helper().ValidateCertificate(f.Namespace.Name, "testcert", validation.CertificateSetForUnsupportedFeatureSet(s.UnsupportedFeatures)...) + err = f.Helper().ValidateCertificate(testCertificate, validation.CertificateSetForUnsupportedFeatureSet(s.UnsupportedFeatures)...) Expect(err).NotTo(HaveOccurred()) }, featureset.EmailSANsFeature, featureset.OnlySAN) @@ -401,11 +401,11 @@ func (s *Suite) Define() { Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - _, err = f.Helper().WaitForCertificateReady(f.Namespace.Name, "testcert", time.Minute*5) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") - err = f.Helper().ValidateCertificate(f.Namespace.Name, "testcert", validation.CertificateSetForUnsupportedFeatureSet(s.UnsupportedFeatures)...) + err = f.Helper().ValidateCertificate(testCertificate, validation.CertificateSetForUnsupportedFeatureSet(s.UnsupportedFeatures)...) Expect(err).NotTo(HaveOccurred()) }, featureset.URISANsFeature, featureset.CommonNameFeature) @@ -430,11 +430,11 @@ func (s *Suite) Define() { Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - _, err = f.Helper().WaitForCertificateReady(f.Namespace.Name, "testcert", time.Minute*5) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") - err = f.Helper().ValidateCertificate(f.Namespace.Name, "testcert", validation.CertificateSetForUnsupportedFeatureSet(s.UnsupportedFeatures)...) + err = f.Helper().ValidateCertificate(testCertificate, validation.CertificateSetForUnsupportedFeatureSet(s.UnsupportedFeatures)...) Expect(err).NotTo(HaveOccurred()) }, featureset.CommonNameFeature) @@ -457,11 +457,11 @@ func (s *Suite) Define() { Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - _, err = f.Helper().WaitForCertificateReady(f.Namespace.Name, "testcert", time.Minute*5) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") - err = f.Helper().ValidateCertificate(f.Namespace.Name, "testcert", validation.CertificateSetForUnsupportedFeatureSet(s.UnsupportedFeatures)...) + err = f.Helper().ValidateCertificate(testCertificate, validation.CertificateSetForUnsupportedFeatureSet(s.UnsupportedFeatures)...) Expect(err).NotTo(HaveOccurred()) }, featureset.CommonNameFeature) @@ -485,11 +485,11 @@ func (s *Suite) Define() { Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - _, err = f.Helper().WaitForCertificateReady(f.Namespace.Name, "testcert", time.Minute*5) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") - err = f.Helper().ValidateCertificate(f.Namespace.Name, "testcert", validation.CertificateSetForUnsupportedFeatureSet(s.UnsupportedFeatures)...) + err = f.Helper().ValidateCertificate(testCertificate, validation.CertificateSetForUnsupportedFeatureSet(s.UnsupportedFeatures)...) Expect(err).NotTo(HaveOccurred()) // We set a weird time here as the duration with should never be used as @@ -517,11 +517,11 @@ func (s *Suite) Define() { Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - _, err = f.Helper().WaitForCertificateReady(f.Namespace.Name, "testcert", time.Minute*5) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") - err = f.Helper().ValidateCertificate(f.Namespace.Name, "testcert", validation.CertificateSetForUnsupportedFeatureSet(s.UnsupportedFeatures)...) + err = f.Helper().ValidateCertificate(testCertificate, validation.CertificateSetForUnsupportedFeatureSet(s.UnsupportedFeatures)...) Expect(err).NotTo(HaveOccurred()) }, featureset.WildcardsFeature, featureset.OnlySAN) @@ -544,11 +544,11 @@ func (s *Suite) Define() { Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - _, err = f.Helper().WaitForCertificateReady(f.Namespace.Name, "testcert", time.Minute*5) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") - err = f.Helper().ValidateCertificate(f.Namespace.Name, "testcert", validation.CertificateSetForUnsupportedFeatureSet(s.UnsupportedFeatures)...) + err = f.Helper().ValidateCertificate(testCertificate, validation.CertificateSetForUnsupportedFeatureSet(s.UnsupportedFeatures)...) Expect(err).NotTo(HaveOccurred()) }, featureset.URISANsFeature, featureset.OnlySAN) @@ -575,7 +575,7 @@ func (s *Suite) Define() { Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - _, err = f.Helper().WaitForCertificateReady(f.Namespace.Name, "testcert", time.Minute*5) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -588,7 +588,7 @@ func (s *Suite) Define() { } validations = append(validations, validation.CertificateSetForUnsupportedFeatureSet(s.UnsupportedFeatures)...) - err = f.Helper().ValidateCertificate(f.Namespace.Name, "testcert", validations...) + err = f.Helper().ValidateCertificate(testCertificate, validations...) Expect(err).NotTo(HaveOccurred()) }, featureset.KeyUsagesFeature, featureset.OnlySAN) @@ -609,11 +609,11 @@ func (s *Suite) Define() { Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - _, err = f.Helper().WaitForCertificateReady(f.Namespace.Name, "testcert", time.Minute*5) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") - err = f.Helper().ValidateCertificate(f.Namespace.Name, "testcert", validation.CertificateSetForUnsupportedFeatureSet(s.UnsupportedFeatures)...) + err = f.Helper().ValidateCertificate(testCertificate, validation.CertificateSetForUnsupportedFeatureSet(s.UnsupportedFeatures)...) Expect(err).NotTo(HaveOccurred()) By("Deleting existing certificate data in Secret") @@ -683,16 +683,15 @@ func (s *Suite) Define() { } By("Waiting for the Certificate to exist...") - Expect(e2eutil.WaitForCertificateToExist( - f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name), certName, time.Minute, - )).NotTo(HaveOccurred()) + cert, err := f.Helper().WaitForCertificateToExist(f.Namespace.Name, certName, time.Minute) + Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - _, err := f.Helper().WaitForCertificateReady(f.Namespace.Name, certName, time.Minute*5) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") - err = f.Helper().ValidateCertificate(f.Namespace.Name, certName, validation.CertificateSetForUnsupportedFeatureSet(s.UnsupportedFeatures)...) + err = f.Helper().ValidateCertificate(cert, validation.CertificateSetForUnsupportedFeatureSet(s.UnsupportedFeatures)...) Expect(err).NotTo(HaveOccurred()) }, featureset.OnlySAN) @@ -744,19 +743,18 @@ func (s *Suite) Define() { } By("Waiting for the Certificate to exist...") - Expect(e2eutil.WaitForCertificateToExist( - f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name), certName, time.Minute, - )).NotTo(HaveOccurred()) + cert, err := f.Helper().WaitForCertificateToExist(f.Namespace.Name, certName, time.Minute) + Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - _, err := f.Helper().WaitForCertificateReady(f.Namespace.Name, certName, time.Minute*5) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) // Verify that the ingres-shim has translated all the supplied // annotations into equivalent Certificate field values By("Validating the created Certificate") err = f.Helper().ValidateCertificate( - f.Namespace.Name, certName, + cert, func(certificate *cmapi.Certificate, _ *corev1.Secret) error { Expect(certificate.Spec.DNSNames).To(ConsistOf(domain)) Expect(certificate.Spec.CommonName).To(Equal(domain)) @@ -770,7 +768,7 @@ func (s *Suite) Define() { // Verify that the issuer has preserved all the Certificate values // in the signed certificate By("Validating the issued Certificate...") - err = f.Helper().ValidateCertificate(f.Namespace.Name, certName, validation.CertificateSetForUnsupportedFeatureSet(s.UnsupportedFeatures)...) + err = f.Helper().ValidateCertificate(cert, validation.CertificateSetForUnsupportedFeatureSet(s.UnsupportedFeatures)...) Expect(err).NotTo(HaveOccurred()) }) @@ -802,16 +800,16 @@ func (s *Suite) Define() { certName := gw.Spec.Listeners[0].TLS.CertificateRef.Name By("Waiting for the Certificate to exist...") - Expect(e2eutil.WaitForCertificateToExist( - f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name), certName, time.Minute, - )).NotTo(HaveOccurred()) + cert, err := f.Helper().WaitForCertificateToExist(f.Namespace.Name, certName, time.Minute) + Expect(err).NotTo(HaveOccurred()) + + By("Waiting for the Certificate to be issued...") + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) + Expect(err).NotTo(HaveOccurred()) // Verify that the ingres-shim has translated all the supplied // annotations into equivalent Certificate field values By("Validating the created Certificate") - cert, err := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Get(context.TODO(), certName, metav1.GetOptions{}) - Expect(err).NotTo(HaveOccurred()) - Expect(cert.Spec.DNSNames).To(ConsistOf(domain)) Expect(cert.Spec.CommonName).To(Equal(domain)) Expect(cert.Spec.Duration.Duration).To(Equal(duration)) @@ -840,11 +838,11 @@ func (s *Suite) Define() { Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - _, err = f.Helper().WaitForCertificateReady(f.Namespace.Name, "testcert", time.Minute*5) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Sanity-check the issued Certificate") - err = f.Helper().ValidateCertificate(f.Namespace.Name, "testcert", validations...) + err = f.Helper().ValidateCertificate(testCertificate, validations...) Expect(err).NotTo(HaveOccurred()) }, featureset.OnlySAN, featureset.LongDomainFeatureSet) @@ -867,11 +865,11 @@ func (s *Suite) Define() { Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be ready") - _, err = f.Helper().WaitForCertificateReady(f.Namespace.Name, "testcert", time.Minute*5) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Sanity-check the issued Certificate") - err = f.Helper().ValidateCertificate(f.Namespace.Name, "testcert", validations...) + err = f.Helper().ValidateCertificate(testCertificate, validations...) Expect(err).NotTo(HaveOccurred()) By("Getting the latest version of the Certificate") @@ -893,11 +891,11 @@ func (s *Suite) Define() { Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate Ready condition to be updated") - _, err = f.Helper().WaitForCertificateReadyUpdate(cert, time.Minute*5) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Sanity-check the issued Certificate") - err = f.Helper().ValidateCertificate(f.Namespace.Name, "testcert", validations...) + err = f.Helper().ValidateCertificate(testCertificate, validations...) Expect(err).NotTo(HaveOccurred()) }, featureset.OnlySAN) @@ -920,11 +918,11 @@ func (s *Suite) Define() { // use a longer timeout for this, as it requires performing 2 dns validations in serial By("Waiting for the Certificate to be issued...") - _, err = f.Helper().WaitForCertificateReady(f.Namespace.Name, "testcert", time.Minute*10) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*10) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") - err = f.Helper().ValidateCertificate(f.Namespace.Name, "testcert", validation.CertificateSetForUnsupportedFeatureSet(s.UnsupportedFeatures)...) + err = f.Helper().ValidateCertificate(testCertificate, validation.CertificateSetForUnsupportedFeatureSet(s.UnsupportedFeatures)...) Expect(err).NotTo(HaveOccurred()) }, featureset.WildcardsFeature, featureset.OnlySAN) }) diff --git a/test/e2e/suite/issuers/acme/certificate/http01.go b/test/e2e/suite/issuers/acme/certificate/http01.go index 1354377ea..9c02411bd 100644 --- a/test/e2e/suite/issuers/acme/certificate/http01.go +++ b/test/e2e/suite/issuers/acme/certificate/http01.go @@ -148,7 +148,7 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() { ) cert.Namespace = f.Namespace.Name - _, err := certClient.Create(context.TODO(), cert, metav1.CreateOptions{}) + cert, err := certClient.Create(context.TODO(), cert, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Making sure the Order failed with a 400 since google.com is invalid") @@ -174,7 +174,7 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() { Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be not ready") - _, err = f.Helper().WaitForCertificateNotReadyUpdate(cert, 30*time.Second) + cert, err = f.Helper().WaitForCertificateNotReadyAndDoneIssuing(cert, 30*time.Second) Expect(err).NotTo(HaveOccurred()) err = retry.RetryOnConflict(retry.DefaultRetry, func() error { @@ -196,15 +196,15 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() { Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to have the Ready=True condition") - _, err = f.Helper().WaitForCertificateReadyUpdate(cert, time.Minute*5) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Sanity checking the issued Certificate") - err = f.Helper().ValidateCertificate(f.Namespace.Name, certificateName, validations...) + err = f.Helper().ValidateCertificate(cert, validations...) Expect(err).NotTo(HaveOccurred()) By("Checking that the secret contains this dns name") - err = f.Helper().ValidateCertificate(f.Namespace.Name, certificateName, func(cert *v1.Certificate, secret *corev1.Secret) error { + err = f.Helper().ValidateCertificate(cert, func(cert *v1.Certificate, secret *corev1.Secret) error { dnsnames, err := findDNSNames(secret) if err != nil { return err @@ -258,17 +258,16 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() { Fail("Neither " + networkingv1.SchemeGroupVersion.String() + " nor " + networkingv1beta1.SchemeGroupVersion.String() + " were discovered in the API server") } - certClient := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name) By("Waiting for Certificate to exist") - err := util.WaitForCertificateToExist(certClient, certificateSecretName, foreverTestTimeout) + cert, err := f.Helper().WaitForCertificateToExist(f.Namespace.Name, certificateSecretName, foreverTestTimeout) Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - _, err = f.Helper().WaitForCertificateReady(f.Namespace.Name, certificateName, time.Minute*5) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") - err = f.Helper().ValidateCertificate(f.Namespace.Name, certificateName, validations...) + err = f.Helper().ValidateCertificate(cert, validations...) Expect(err).NotTo(HaveOccurred()) }) @@ -298,15 +297,15 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() { const secretname = "dummy-tls-secret" selfcert := util.NewCertManagerBasicCertificate("dummy-tls", secretname, "selfsign", v1.IssuerKind, nil, nil, acmeIngressDomain) - _, err = certClient.Create(context.TODO(), selfcert, metav1.CreateOptions{}) + selfcert, err = certClient.Create(context.TODO(), selfcert, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - _, err = f.Helper().WaitForCertificateReady(f.Namespace.Name, dummycert, time.Minute*5) + selfcert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(selfcert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") - err = f.Helper().ValidateCertificate(f.Namespace.Name, dummycert, validations...) + err = f.Helper().ValidateCertificate(selfcert, validations...) Expect(err).NotTo(HaveOccurred()) // create an ingress that points at nothing, but has the TLS redirect annotation set @@ -411,15 +410,15 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() { "testing.cert-manager.io/fixed-ingress": "true", } - _, err = certClient.Create(context.TODO(), cert, metav1.CreateOptions{}) + cert, err = certClient.Create(context.TODO(), cert, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - _, err = f.Helper().WaitForCertificateReady(f.Namespace.Name, certificateName, time.Minute*5) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") - err = f.Helper().ValidateCertificate(f.Namespace.Name, certificateName, validations...) + err = f.Helper().ValidateCertificate(cert, validations...) Expect(err).NotTo(HaveOccurred()) }) @@ -433,7 +432,7 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() { gen.SetCertificateDNSNames(acmeIngressDomain), ) cert.Namespace = f.Namespace.Name - _, err := certClient.Create(context.TODO(), cert, metav1.CreateOptions{}) + cert, err := certClient.Create(context.TODO(), cert, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("killing the solver pod") @@ -464,16 +463,20 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() { err = podClient.Delete(context.TODO(), pod.Name, metav1.DeleteOptions{}) Expect(err).NotTo(HaveOccurred()) + By("Waiting for Certificate to exist") + cert, err = f.Helper().WaitForCertificateToExist(f.Namespace.Name, certificateSecretName, foreverTestTimeout) + Expect(err).NotTo(HaveOccurred()) + // The pod should get remade and the certificate should be made valid. // Killing the pod could potentially make the validation invalid if pebble // were to ask us for the challenge after the pod was killed, but because // we kill it so early, we should always be in the self-check phase By("Waiting for the Certificate to be issued...") - _, err = f.Helper().WaitForCertificateReady(f.Namespace.Name, certificateName, time.Minute*5) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") - err = f.Helper().ValidateCertificate(f.Namespace.Name, certificateName, validations...) + err = f.Helper().ValidateCertificate(cert, validations...) Expect(err).NotTo(HaveOccurred()) }) }) diff --git a/test/e2e/suite/issuers/acme/certificate/notafter.go b/test/e2e/suite/issuers/acme/certificate/notafter.go index 89ae4e15a..13737e0fe 100644 --- a/test/e2e/suite/issuers/acme/certificate/notafter.go +++ b/test/e2e/suite/issuers/acme/certificate/notafter.go @@ -139,15 +139,15 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01 + Not After)", f ) cert.Namespace = f.Namespace.Name - _, err := certClient.Create(context.TODO(), cert, metav1.CreateOptions{}) + cert, err := certClient.Create(context.TODO(), cert, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - _, err = f.Helper().WaitForCertificateReady(f.Namespace.Name, certificateName, time.Minute*5) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") - err = f.Helper().ValidateCertificate(f.Namespace.Name, certificateName, validations...) + err = f.Helper().ValidateCertificate(cert, validations...) Expect(err).NotTo(HaveOccurred()) sec, err := f.Helper().WaitForSecretCertificateData(f.Namespace.Name, certificateSecretName, time.Minute*5) diff --git a/test/e2e/suite/issuers/ca/certificate.go b/test/e2e/suite/issuers/ca/certificate.go index 080ab6728..f7abb756a 100644 --- a/test/e2e/suite/issuers/ca/certificate.go +++ b/test/e2e/suite/issuers/ca/certificate.go @@ -73,54 +73,54 @@ var _ = framework.CertManagerDescribe("CA Certificate", func() { certClient := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name) By("Creating a Certificate") - _, err := certClient.Create(context.TODO(), util.NewCertManagerBasicCertificate(certificateName, certificateSecretName, issuerName, v1.IssuerKind, nil, nil), metav1.CreateOptions{}) + cert, err := certClient.Create(context.TODO(), util.NewCertManagerBasicCertificate(certificateName, certificateSecretName, issuerName, v1.IssuerKind, nil, nil), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Verifying the Certificate is valid") By("Waiting for the Certificate to be issued...") - _, err = f.Helper().WaitForCertificateReady(f.Namespace.Name, certificateName, time.Minute*5) + _, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") - err = f.Helper().ValidateCertificate(f.Namespace.Name, certificateName) + err = f.Helper().ValidateCertificate(cert) Expect(err).NotTo(HaveOccurred()) }) It("should be able to obtain an ECDSA key from a RSA backed issuer", func() { certClient := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name) - crt := util.NewCertManagerBasicCertificate(certificateName, certificateSecretName, issuerName, v1.IssuerKind, nil, nil) - crt.Spec.PrivateKey.Algorithm = v1.ECDSAKeyAlgorithm - crt.Spec.PrivateKey.Size = 521 + cert := util.NewCertManagerBasicCertificate(certificateName, certificateSecretName, issuerName, v1.IssuerKind, nil, nil) + cert.Spec.PrivateKey.Algorithm = v1.ECDSAKeyAlgorithm + cert.Spec.PrivateKey.Size = 521 By("Creating a Certificate") - _, err := certClient.Create(context.TODO(), crt, metav1.CreateOptions{}) + cert, err := certClient.Create(context.TODO(), cert, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - _, err = f.Helper().WaitForCertificateReady(f.Namespace.Name, certificateName, time.Minute*5) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") - err = f.Helper().ValidateCertificate(f.Namespace.Name, certificateName) + err = f.Helper().ValidateCertificate(cert) Expect(err).NotTo(HaveOccurred()) }) It("should be able to obtain an Ed25519 key from a RSA backed issuer", func() { certClient := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name) - crt := util.NewCertManagerBasicCertificate(certificateName, certificateSecretName, issuerName, v1.IssuerKind, nil, nil) - crt.Spec.PrivateKey.Algorithm = v1.Ed25519KeyAlgorithm + cert := util.NewCertManagerBasicCertificate(certificateName, certificateSecretName, issuerName, v1.IssuerKind, nil, nil) + cert.Spec.PrivateKey.Algorithm = v1.Ed25519KeyAlgorithm By("Creating a Certificate") - _, err := certClient.Create(context.TODO(), crt, metav1.CreateOptions{}) + cert, err := certClient.Create(context.TODO(), cert, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - _, err = f.Helper().WaitForCertificateReady(f.Namespace.Name, certificateName, time.Minute*5) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") - err = f.Helper().ValidateCertificate(f.Namespace.Name, certificateName) + err = f.Helper().ValidateCertificate(cert) Expect(err).NotTo(HaveOccurred()) }) @@ -152,11 +152,11 @@ var _ = framework.CertManagerDescribe("CA Certificate", func() { cert, err := certClient.Create(context.TODO(), util.NewCertManagerBasicCertificate(certificateName, certificateSecretName, issuerName, v1.IssuerKind, v.inputDuration, v.inputRenewBefore), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - _, err = f.Helper().WaitForCertificateReady(f.Namespace.Name, certificateName, time.Minute*5) + _, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") - err = f.Helper().ValidateCertificate(f.Namespace.Name, certificateName) + err = f.Helper().ValidateCertificate(cert) Expect(err).NotTo(HaveOccurred()) f.CertificateDurationValid(cert, v.expectedDuration, 0) @@ -175,14 +175,14 @@ var _ = framework.CertManagerDescribe("CA Certificate", func() { certClient := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name) By("Creating a Certificate") - _, err := certClient.Create(context.TODO(), util.NewCertManagerBasicCertificate(certificateName, certificateSecretName, issuerName, v1.IssuerKind, nil, nil), metav1.CreateOptions{}) + cert, err := certClient.Create(context.TODO(), util.NewCertManagerBasicCertificate(certificateName, certificateSecretName, issuerName, v1.IssuerKind, nil, nil), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - _, err = f.Helper().WaitForCertificateReady(f.Namespace.Name, certificateName, time.Minute*5) + _, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") - err = f.Helper().ValidateCertificate(f.Namespace.Name, certificateName) + err = f.Helper().ValidateCertificate(cert) Expect(err).NotTo(HaveOccurred()) }) }) @@ -198,14 +198,14 @@ var _ = framework.CertManagerDescribe("CA Certificate", func() { certClient := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name) By("Creating a Certificate with Usages") - _, err := certClient.Create(context.TODO(), gen.Certificate(certificateName, gen.SetCertificateNamespace(f.Namespace.Name), gen.SetCertificateCommonName("test.domain.com"), gen.SetCertificateSecretName(certificateSecretName), gen.SetCertificateIssuer(cmmeta.ObjectReference{Name: issuerName, Kind: v1.IssuerKind}), gen.SetCertificateKeyUsages(v1.UsageServerAuth, v1.UsageClientAuth)), metav1.CreateOptions{}) + cert, err := certClient.Create(context.TODO(), gen.Certificate(certificateName, gen.SetCertificateNamespace(f.Namespace.Name), gen.SetCertificateCommonName("test.domain.com"), gen.SetCertificateSecretName(certificateSecretName), gen.SetCertificateIssuer(cmmeta.ObjectReference{Name: issuerName, Kind: v1.IssuerKind}), gen.SetCertificateKeyUsages(v1.UsageServerAuth, v1.UsageClientAuth)), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - _, err = f.Helper().WaitForCertificateReady(f.Namespace.Name, certificateName, time.Minute*5) + _, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") - err = f.Helper().ValidateCertificate(f.Namespace.Name, certificateName) + err = f.Helper().ValidateCertificate(cert) Expect(err).NotTo(HaveOccurred()) }) }) diff --git a/test/e2e/suite/issuers/selfsigned/certificate.go b/test/e2e/suite/issuers/selfsigned/certificate.go index bb568be0a..82fa0e45f 100644 --- a/test/e2e/suite/issuers/selfsigned/certificate.go +++ b/test/e2e/suite/issuers/selfsigned/certificate.go @@ -58,14 +58,14 @@ var _ = framework.CertManagerDescribe("Self Signed Certificate", func() { }) Expect(err).NotTo(HaveOccurred()) By("Creating a Certificate") - _, err = certClient.Create(context.TODO(), util.NewCertManagerBasicCertificate(certificateName, certificateSecretName, issuerName, v1.IssuerKind, nil, nil), metav1.CreateOptions{}) + cert, err := certClient.Create(context.TODO(), util.NewCertManagerBasicCertificate(certificateName, certificateSecretName, issuerName, v1.IssuerKind, nil, nil), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - _, err = f.Helper().WaitForCertificateReady(f.Namespace.Name, certificateName, time.Minute*5) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") - err = f.Helper().ValidateCertificate(f.Namespace.Name, certificateName) + err = f.Helper().ValidateCertificate(cert) Expect(err).NotTo(HaveOccurred()) }) @@ -113,11 +113,11 @@ var _ = framework.CertManagerDescribe("Self Signed Certificate", func() { cert, err := certClient.Create(context.TODO(), util.NewCertManagerBasicCertificate(certificateName, certificateSecretName, issuerDurationName, v1.IssuerKind, v.inputDuration, v.inputRenewBefore), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - _, err = f.Helper().WaitForCertificateReady(f.Namespace.Name, certificateName, time.Minute*5) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") - err = f.Helper().ValidateCertificate(f.Namespace.Name, certificateName) + err = f.Helper().ValidateCertificate(cert) Expect(err).NotTo(HaveOccurred()) f.CertificateDurationValid(cert, v.expectedDuration, 0) @@ -135,19 +135,19 @@ var _ = framework.CertManagerDescribe("Self Signed Certificate", func() { _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) - crt := util.NewCertManagerBasicCertificate(certificateName, certificateSecretName, issuerName, v1.IssuerKind, nil, nil) - crt.Spec.PrivateKey.Encoding = v1.PKCS8 + cert := util.NewCertManagerBasicCertificate(certificateName, certificateSecretName, issuerName, v1.IssuerKind, nil, nil) + cert.Spec.PrivateKey.Encoding = v1.PKCS8 By("Creating a Certificate") - _, err = certClient.Create(context.TODO(), crt, metav1.CreateOptions{}) + cert, err = certClient.Create(context.TODO(), cert, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - _, err = f.Helper().WaitForCertificateReady(f.Namespace.Name, certificateName, time.Minute*5) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") - err = f.Helper().ValidateCertificate(f.Namespace.Name, certificateName) + err = f.Helper().ValidateCertificate(cert) Expect(err).NotTo(HaveOccurred()) }) }) diff --git a/test/e2e/suite/issuers/vault/certificate/approle.go b/test/e2e/suite/issuers/vault/certificate/approle.go index fa476d62e..6154cac13 100644 --- a/test/e2e/suite/issuers/vault/certificate/approle.go +++ b/test/e2e/suite/issuers/vault/certificate/approle.go @@ -176,15 +176,15 @@ func runVaultAppRoleTests(issuerKind string, testWithRoot bool, unsupportedFeatu Expect(err).NotTo(HaveOccurred()) By("Creating a Certificate") - _, err = certClient.Create(context.TODO(), util.NewCertManagerVaultCertificate(certificateName, certificateSecretName, vaultIssuerName, issuerKind, nil, nil), metav1.CreateOptions{}) + cert, err := certClient.Create(context.TODO(), util.NewCertManagerVaultCertificate(certificateName, certificateSecretName, vaultIssuerName, issuerKind, nil, nil), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - _, err = f.Helper().WaitForCertificateReady(f.Namespace.Name, certificateName, time.Minute*5) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") - err = f.Helper().ValidateCertificate(f.Namespace.Name, certificateName, validation.CertificateSetForUnsupportedFeatureSet(unsupportedFeatures)...) + err = f.Helper().ValidateCertificate(cert, validation.CertificateSetForUnsupportedFeatureSet(unsupportedFeatures)...) Expect(err).NotTo(HaveOccurred()) }) @@ -275,11 +275,11 @@ func runVaultAppRoleTests(issuerKind string, testWithRoot bool, unsupportedFeatu Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - _, err = f.Helper().WaitForCertificateReady(f.Namespace.Name, certificateName, time.Minute*5) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") - err = f.Helper().ValidateCertificate(f.Namespace.Name, certificateName, validation.CertificateSetForUnsupportedFeatureSet(unsupportedFeatures)...) + err = f.Helper().ValidateCertificate(cert, validation.CertificateSetForUnsupportedFeatureSet(unsupportedFeatures)...) Expect(err).NotTo(HaveOccurred()) // Vault subtract 30 seconds to the NotBefore date. diff --git a/test/e2e/suite/issuers/vault/certificate/approle_custom_mount.go b/test/e2e/suite/issuers/vault/certificate/approle_custom_mount.go index d472b02a5..9b39e59d3 100644 --- a/test/e2e/suite/issuers/vault/certificate/approle_custom_mount.go +++ b/test/e2e/suite/issuers/vault/certificate/approle_custom_mount.go @@ -174,15 +174,15 @@ func runVaultCustomAppRoleTests(issuerKind string, testWithRoot bool, unsupporte Expect(err).NotTo(HaveOccurred()) By("Creating a Certificate") - _, err = certClient.Create(context.TODO(), util.NewCertManagerVaultCertificate(certificateName, certificateSecretName, vaultIssuerName, issuerKind, nil, nil), metav1.CreateOptions{}) + cert, err := certClient.Create(context.TODO(), util.NewCertManagerVaultCertificate(certificateName, certificateSecretName, vaultIssuerName, issuerKind, nil, nil), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - _, err = f.Helper().WaitForCertificateReady(f.Namespace.Name, certificateName, time.Minute*5) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") - err = f.Helper().ValidateCertificate(f.Namespace.Name, certificateName, validation.CertificateSetForUnsupportedFeatureSet(unsupportedFeatures)...) + err = f.Helper().ValidateCertificate(cert, validation.CertificateSetForUnsupportedFeatureSet(unsupportedFeatures)...) Expect(err).NotTo(HaveOccurred()) }) } diff --git a/test/e2e/suite/issuers/venafi/tpp/certificate.go b/test/e2e/suite/issuers/venafi/tpp/certificate.go index a58f8b1d1..71f3f12b5 100644 --- a/test/e2e/suite/issuers/venafi/tpp/certificate.go +++ b/test/e2e/suite/issuers/venafi/tpp/certificate.go @@ -75,19 +75,19 @@ var _ = TPPDescribe("Certificate with a properly configured Issuer", func() { It("should obtain a signed certificate for a single domain", func() { certClient := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name) - crt := util.NewCertManagerBasicCertificate(certificateName, certificateSecretName, issuer.Name, cmapi.IssuerKind, nil, nil) - crt.Spec.CommonName = cmutil.RandStringRunes(10) + ".venafi-e2e.example" + cert := util.NewCertManagerBasicCertificate(certificateName, certificateSecretName, issuer.Name, cmapi.IssuerKind, nil, nil) + cert.Spec.CommonName = cmutil.RandStringRunes(10) + ".venafi-e2e.example" By("Creating a Certificate") - _, err := certClient.Create(context.TODO(), crt, metav1.CreateOptions{}) + cert, err := certClient.Create(context.TODO(), cert, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - _, err = f.Helper().WaitForCertificateReady(f.Namespace.Name, certificateName, time.Minute*5) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") - err = f.Helper().ValidateCertificate(f.Namespace.Name, certificateName) + err = f.Helper().ValidateCertificate(cert) Expect(err).NotTo(HaveOccurred()) }) }) diff --git a/test/e2e/suite/serving/cainjector.go b/test/e2e/suite/serving/cainjector.go index 700b18829..a6688ac02 100644 --- a/test/e2e/suite/serving/cainjector.go +++ b/test/e2e/suite/serving/cainjector.go @@ -91,7 +91,7 @@ var _ = framework.CertManagerDescribe("CA Injector", func() { cert.Namespace = f.Namespace.Name Expect(f.CRClient.Create(context.Background(), cert)).To(Succeed()) - _, err := f.Helper().WaitForCertificateReady(f.Namespace.Name, "serving-certs", time.Second*30) + cert, err := f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Second*30) Expect(err).NotTo(HaveOccurred(), "failed to wait for Certificate to become Ready") By("grabbing the corresponding secret") @@ -160,7 +160,7 @@ var _ = framework.CertManagerDescribe("CA Injector", func() { cert.Spec.DNSNames = append(cert.Spec.DNSNames, "something.com") Expect(f.CRClient.Update(context.Background(), &cert)).To(Succeed()) - _, err := f.Helper().WaitForCertificateReadyUpdate(&cert, time.Second*30) + _, err := f.Helper().WaitForCertificateReadyAndDoneIssuing(&cert, time.Second*30) Expect(err).NotTo(HaveOccurred(), "failed to wait for Certificate to become updated") By("grabbing the new secret") diff --git a/test/e2e/util/BUILD.bazel b/test/e2e/util/BUILD.bazel index aa5ebaf51..dea89c4e3 100644 --- a/test/e2e/util/BUILD.bazel +++ b/test/e2e/util/BUILD.bazel @@ -12,12 +12,10 @@ go_library( "//pkg/api/util:go_default_library", "//pkg/apis/certmanager/v1:go_default_library", "//pkg/apis/meta/v1:go_default_library", - "//pkg/client/clientset/versioned/scheme:go_default_library", "//pkg/client/clientset/versioned/typed/certmanager/v1:go_default_library", "//pkg/util:go_default_library", "//pkg/util/pki:go_default_library", "//test/e2e/framework/log:go_default_library", - "@io_k8s_api//core/v1:go_default_library", "@io_k8s_api//networking/v1:go_default_library", "@io_k8s_api//networking/v1beta1:go_default_library", "@io_k8s_apiextensions_apiserver//pkg/client/clientset/clientset/typed/apiextensions/v1:go_default_library", @@ -26,7 +24,6 @@ go_library( "@io_k8s_apimachinery//pkg/util/intstr:go_default_library", "@io_k8s_apimachinery//pkg/util/wait:go_default_library", "@io_k8s_client_go//discovery:go_default_library", - "@io_k8s_client_go//kubernetes:go_default_library", "@io_k8s_sigs_gateway_api//apis/v1alpha1:go_default_library", ], ) diff --git a/test/e2e/util/util.go b/test/e2e/util/util.go index 3509b991a..2d414ffb5 100644 --- a/test/e2e/util/util.go +++ b/test/e2e/util/util.go @@ -29,7 +29,6 @@ import ( "net/url" "time" - corev1 "k8s.io/api/core/v1" networkingv1 "k8s.io/api/networking/v1" networkingv1beta1 "k8s.io/api/networking/v1beta1" apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1" @@ -38,14 +37,12 @@ import ( "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/apimachinery/pkg/util/wait" "k8s.io/client-go/discovery" - "k8s.io/client-go/kubernetes" "sigs.k8s.io/gateway-api/apis/v1alpha1" gwapiv1alpha1 "sigs.k8s.io/gateway-api/apis/v1alpha1" apiutil "github.com/jetstack/cert-manager/pkg/api/util" v1 "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1" cmmeta "github.com/jetstack/cert-manager/pkg/apis/meta/v1" - intscheme "github.com/jetstack/cert-manager/pkg/client/clientset/versioned/scheme" clientset "github.com/jetstack/cert-manager/pkg/client/clientset/versioned/typed/certmanager/v1" "github.com/jetstack/cert-manager/pkg/util" "github.com/jetstack/cert-manager/pkg/util/pki" @@ -146,116 +143,6 @@ func wrapErrorWithClusterIssuerStatusCondition(client clientset.ClusterIssuerInt return pollErr } -// WaitForCertificateCondition waits for the status of the named Certificate to contain -// a condition whose type and status matches the supplied one. -// Deprecated: this function is not used anymore -func WaitForCertificateCondition(client clientset.CertificateInterface, name string, condition v1.CertificateCondition, timeout time.Duration) (*v1.Certificate, error) { - var certificate *v1.Certificate = nil - pollErr := wait.PollImmediate(500*time.Millisecond, timeout, - func() (bool, error) { - log.Logf("Waiting for Certificate %v condition %v=%v", name, condition.Type, condition.Status) - certificate, err := client.Get(context.TODO(), name, metav1.GetOptions{}) - if nil != err { - return false, fmt.Errorf("error getting Certificate %v: %v", name, err) - } - if !apiutil.CertificateHasCondition(certificate, condition) { - log.Logf("Expected Certificate %v condition %v=%v but it has: %v", name, condition.Type, condition.Status, certificate.Status.Conditions) - return false, nil - } - return true, nil - }, - ) - return certificate, wrapErrorWithCertificateStatusCondition(client, pollErr, name, condition.Type) -} - -// WaitForCertificateConditionWithObservedGeneration waits for the status of the named Certificate to contain -// a condition whose type and status matches the supplied one. -// Deprecated: this function is not used anymore -func WaitForCertificateConditionWithObservedGeneration(client clientset.CertificateInterface, name string, condition v1.CertificateCondition, timeout time.Duration) (*v1.Certificate, error) { - var certificate *v1.Certificate = nil - pollErr := wait.PollImmediate(500*time.Millisecond, timeout, - func() (bool, error) { - log.Logf("Waiting for Certificate %v condition %v=%v", name, condition.Type, condition.Status) - certificate, err := client.Get(context.TODO(), name, metav1.GetOptions{}) - if nil != err { - return false, fmt.Errorf("error getting Certificate %v: %v", name, err) - } - if !apiutil.CertificateHasConditionWithObservedGeneration(certificate, condition) { - log.Logf("Expected Certificate %v condition %v=%v (generation >= %v) but it has: %v", name, condition.Type, condition.Status, condition.ObservedGeneration, certificate.Status.Conditions) - return false, nil - } - return true, nil - }, - ) - return certificate, wrapErrorWithCertificateStatusCondition(client, pollErr, name, condition.Type) -} - -// WaitForCertificateEvent waits for an event on the named Certificate to contain -// an event reason matches the supplied one. -// Deprecated: this function is not used anymore -func WaitForCertificateEvent(client kubernetes.Interface, cert *v1.Certificate, reason string, timeout time.Duration) error { - return wait.PollImmediate(500*time.Millisecond, timeout, - func() (bool, error) { - log.Logf("Waiting for Certificate event %v reason %#v", cert.Name, reason) - evts, err := client.CoreV1().Events(cert.Namespace).Search(intscheme.Scheme, cert) - if err != nil { - return false, fmt.Errorf("error getting Certificate %v: %v", cert.Name, err) - } - - return hasEvent(evts, reason), nil - }, - ) -} - -// Deprecated: this function is not used anymore -func hasEvent(events *corev1.EventList, reason string) bool { - for _, evt := range events.Items { - if evt.Reason == reason { - return true - } - } - return false -} - -// try to retrieve last condition to help diagnose tests. -// Deprecated: this function is not used anymore -func wrapErrorWithCertificateStatusCondition(client clientset.CertificateInterface, pollErr error, name string, conditionType v1.CertificateConditionType) error { - if pollErr == nil { - return nil - } - - certificate, err := client.Get(context.TODO(), name, metav1.GetOptions{}) - if err != nil { - return pollErr - } - - for _, cond := range certificate.Status.Conditions { - if cond.Type == conditionType { - return fmt.Errorf("%s: Last Status: '%s' Reason: '%s', Message: '%s'", pollErr.Error(), cond.Status, cond.Reason, cond.Message) - } - } - - return pollErr -} - -// WaitForCertificateToExist waits for the named certificate to exist -func WaitForCertificateToExist(client clientset.CertificateInterface, name string, timeout time.Duration) error { - return wait.PollImmediate(500*time.Millisecond, timeout, - func() (bool, error) { - log.Logf("Waiting for Certificate %v to exist", name) - _, err := client.Get(context.TODO(), name, metav1.GetOptions{}) - if errors.IsNotFound(err) { - return false, nil - } - if err != nil { - return false, fmt.Errorf("error getting Certificate %v: %v", name, err) - } - - return true, nil - }, - ) -} - // WaitForCRDToNotExist waits for the CRD with the given name to no // longer exist. func WaitForCRDToNotExist(client apiextensionsv1.CustomResourceDefinitionInterface, name string) error {