From 8b9ab1884943749de4e0ed768c800677f6957da1 Mon Sep 17 00:00:00 2001
From: James Munnelly <james@munnelly.eu>
Date: Mon, 6 Jul 2020 16:33:25 +0100
Subject: [PATCH] Add test for unknown challenge types

Signed-off-by: James Munnelly <james@munnelly.eu>
---
 pkg/controller/acmeorders/sync_test.go | 31 ++++++++++++++++++++++++++
 pkg/controller/acmeorders/util.go      |  3 +++
 2 files changed, 34 insertions(+)

diff --git a/pkg/controller/acmeorders/sync_test.go b/pkg/controller/acmeorders/sync_test.go
index b1fc2b6bf..d63f1590f 100644
--- a/pkg/controller/acmeorders/sync_test.go
+++ b/pkg/controller/acmeorders/sync_test.go
@@ -199,6 +199,37 @@ dGVzdA==
 				},
 			},
 		},
+		"should refuse to create a challenge if only an unknown challenge type is offered": {
+			order: gen.OrderFrom(testOrderPending, gen.SetOrderStatus(cmacme.OrderStatus{
+				State:       cmacme.Pending,
+				URL:         "http://testurl.com/abcde",
+				FinalizeURL: "http://testurl.com/abcde/finalize",
+				Authorizations: []cmacme.ACMEAuthorization{
+					{
+						URL:        "http://authzurl",
+						Identifier: "test.com",
+						Challenges: []cmacme.ACMEChallenge{
+							{
+								URL:   "http://chalurl",
+								Token: "token",
+								Type:  "unknown-type",
+							},
+						},
+					},
+				},
+			})),
+			builder: &testpkg.Builder{
+				CertManagerObjects: []runtime.Object{
+					testIssuerHTTP01TestCom,
+				},
+				ExpectedEvents: []string{
+					// the 'unsupported challenge type' text is not printed here as the code that 'selects'
+					// a solver to use for a challenge filters out unsupported challenge types earlier
+					// in its selection routine.
+					`Warning Solver Failed to determine a valid solver configuration for the set of domains on the Order: no configured challenge solvers can be used for this challenge`,
+				},
+			},
+		},
 		// TODO: we should improve this behaviour as this is the 'stuck order' problem described in:
 		//  https://github.com/jetstack/cert-manager/issues/2868
 		"skip creating a Challenge for an already valid authorization, and do nothing if the order is pending": {
diff --git a/pkg/controller/acmeorders/util.go b/pkg/controller/acmeorders/util.go
index fd74ab2fa..99cbf1e97 100644
--- a/pkg/controller/acmeorders/util.go
+++ b/pkg/controller/acmeorders/util.go
@@ -276,6 +276,9 @@ func challengeSpecForAuthorization(ctx context.Context, cl acmecl.Interface, iss
 		return nil, fmt.Errorf("no configured challenge solvers can be used for this challenge")
 	}
 
+	// It should never be possible for this case to be hit as earlier in this
+	// method we already assert that the challenge type is one of 'http-01'
+	// or 'dns-01'.
 	chType, err := challengeType(selectedChallenge.Type)
 	if err != nil {
 		return nil, err