diff --git a/deploy/charts/cert-manager/crds/clusterissuers.yaml b/deploy/charts/cert-manager/crds/clusterissuers.yaml index e0a137067..95e613e83 100644 --- a/deploy/charts/cert-manager/crds/clusterissuers.yaml +++ b/deploy/charts/cert-manager/crds/clusterissuers.yaml @@ -1673,7 +1673,7 @@ spec: - url properties: caBundle: - description: CABundle is a PEM encoded TLS certifiate to use + description: CABundle is a PEM encoded TLS certificate to use to verify connections to the TPP instance. If specified, system roots will not be used and the issuing CA for the TPP instance must be verifiable using the provided root. If not specified, diff --git a/deploy/charts/cert-manager/crds/issuers.yaml b/deploy/charts/cert-manager/crds/issuers.yaml index 2e9fef0ee..664a86fc2 100644 --- a/deploy/charts/cert-manager/crds/issuers.yaml +++ b/deploy/charts/cert-manager/crds/issuers.yaml @@ -1673,7 +1673,7 @@ spec: - url properties: caBundle: - description: CABundle is a PEM encoded TLS certifiate to use + description: CABundle is a PEM encoded TLS certificate to use to verify connections to the TPP instance. If specified, system roots will not be used and the issuing CA for the TPP instance must be verifiable using the provided root. If not specified, diff --git a/deploy/manifests/00-crds.yaml b/deploy/manifests/00-crds.yaml index 20c49a554..773e225ce 100644 --- a/deploy/manifests/00-crds.yaml +++ b/deploy/manifests/00-crds.yaml @@ -3823,7 +3823,7 @@ spec: - url properties: caBundle: - description: CABundle is a PEM encoded TLS certifiate to use + description: CABundle is a PEM encoded TLS certificate to use to verify connections to the TPP instance. If specified, system roots will not be used and the issuing CA for the TPP instance must be verifiable using the provided root. If not specified, @@ -5577,7 +5577,7 @@ spec: - url properties: caBundle: - description: CABundle is a PEM encoded TLS certifiate to use + description: CABundle is a PEM encoded TLS certificate to use to verify connections to the TPP instance. If specified, system roots will not be used and the issuing CA for the TPP instance must be verifiable using the provided root. If not specified, diff --git a/design/20190708.certificate-request-crd.md b/design/20190708.certificate-request-crd.md index 7aa28164d..18699cdec 100644 --- a/design/20190708.certificate-request-crd.md +++ b/design/20190708.certificate-request-crd.md @@ -217,7 +217,7 @@ the `CertificateRequest` fails for any reason then this field is set to the current time. This field can then be used by a higher order controller, such as the `Certificate` controller, to take further action and facilitate a backoff. -The `Certificte` controller will retry all failed `CetificateRequest` resources +The `Certificate` controller will retry all failed `CertificateRequest` resources by creating a new request with an identical Spec, only when the `FailureTime` field is a least 1 hour in the past. The old failed `CertificateRequest` will be deleted and the new `CertificateRequest` resource will be created with the same @@ -238,7 +238,7 @@ In order for `CertificateRequest` controllers to resolve requests, extra information may be needed that is not present in the API Spec. To pass on this information, a set of one or more annotations should be defined, with reliable value pairs. These annotations should be considered optional. Any -`CertificiateRequest` controller that relies on these to function should +`CertificateRequest` controller that relies on these to function should fallback gracefully or be marked as failed in the event a required annotation is missing. The currently defined annotations are: diff --git a/design/release-notes/release-0.11/draft-release-notes.md b/design/release-notes/release-0.11/draft-release-notes.md index 032c362c2..dfb13504f 100644 --- a/design/release-notes/release-0.11/draft-release-notes.md +++ b/design/release-notes/release-0.11/draft-release-notes.md @@ -199,7 +199,7 @@ the temporary. In this release, no temporary certificates will be created unless explicitly requested. This can be done using the annotation -`"cert-manager.io/issue-temporary-certificate": "true` on `Certifcate` +`"cert-manager.io/issue-temporary-certificate": "true` on `Certificate` resources. We've additionally changed the behaviour of ingress-shim to now add this new diff --git a/design/release-notes/release-0.7/draft-release-notes.md b/design/release-notes/release-0.7/draft-release-notes.md index 20c963d29..2e065f7df 100644 --- a/design/release-notes/release-0.7/draft-release-notes.md +++ b/design/release-notes/release-0.7/draft-release-notes.md @@ -67,7 +67,7 @@ kubectl describe. - Bump Kubernetes apimachinery dependencies to v1.10.12 (#1344, @munnerz) - Increase acmesolver default cpu resource limit to 100m (#1335, @munnerz) - Fix potential race when updating secret resource (#1318, @munnerz) -- Fix bug causing certficates to be re-issued endlessly in certain edge cases (#1280, @munnerz) +- Fix bug causing certificates to be re-issued endlessly in certain edge cases (#1280, @munnerz) - Fix bug when specify certificate keyAlgorithm without an explicit keySize (#1309, @munnerz) - Bump Go version to 1.11.5 (#1304, @munnerz) - Fix typo in SelfSigned Issuer in webhook deployment manifests (#1294, @munnerz) diff --git a/pkg/apis/certmanager/v1alpha2/types_issuer.go b/pkg/apis/certmanager/v1alpha2/types_issuer.go index 9d79359c0..14b191da7 100644 --- a/pkg/apis/certmanager/v1alpha2/types_issuer.go +++ b/pkg/apis/certmanager/v1alpha2/types_issuer.go @@ -127,7 +127,7 @@ type VenafiTPP struct { // The secret must contain two keys, 'username' and 'password'. CredentialsRef cmmeta.LocalObjectReference `json:"credentialsRef"` - // CABundle is a PEM encoded TLS certifiate to use to verify connections to + // CABundle is a PEM encoded TLS certificate to use to verify connections to // the TPP instance. // If specified, system roots will not be used and the issuing CA for the // TPP instance must be verifiable using the provided root. diff --git a/pkg/apis/certmanager/v1alpha3/types_issuer.go b/pkg/apis/certmanager/v1alpha3/types_issuer.go index 3d400dcaa..d89027114 100644 --- a/pkg/apis/certmanager/v1alpha3/types_issuer.go +++ b/pkg/apis/certmanager/v1alpha3/types_issuer.go @@ -127,7 +127,7 @@ type VenafiTPP struct { // The secret must contain two keys, 'username' and 'password'. CredentialsRef cmmeta.LocalObjectReference `json:"credentialsRef"` - // CABundle is a PEM encoded TLS certifiate to use to verify connections to + // CABundle is a PEM encoded TLS certificate to use to verify connections to // the TPP instance. // If specified, system roots will not be used and the issuing CA for the // TPP instance must be verifiable using the provided root. diff --git a/pkg/controller/acmeorders/checks.go b/pkg/controller/acmeorders/checks.go index d4872e363..83c01a9f3 100644 --- a/pkg/controller/acmeorders/checks.go +++ b/pkg/controller/acmeorders/checks.go @@ -51,7 +51,7 @@ func (c *controller) ordersForGenericIssuer(iss cmapi.GenericIssuer) ([]*cmacme. orders, err := c.orderLister.List(labels.NewSelector()) if err != nil { - return nil, fmt.Errorf("error listing certificiates: %s", err.Error()) + return nil, fmt.Errorf("error listing certificates: %s", err.Error()) } _, isClusterIssuer := iss.(*cmapi.ClusterIssuer) diff --git a/pkg/controller/certificaterequests/checks.go b/pkg/controller/certificaterequests/checks.go index 2bfbc0c0e..372949b65 100644 --- a/pkg/controller/certificaterequests/checks.go +++ b/pkg/controller/certificaterequests/checks.go @@ -55,7 +55,7 @@ func (c *Controller) certificatesRequestsForGenericIssuer(iss cmapi.GenericIssue crts, err := c.certificateRequestLister.List(labels.NewSelector()) if err != nil { - return nil, fmt.Errorf("error listing certificiates: %s", err.Error()) + return nil, fmt.Errorf("error listing certificates: %s", err.Error()) } _, isClusterIssuer := iss.(*cmapi.ClusterIssuer) diff --git a/pkg/controller/certificates/checks.go b/pkg/controller/certificates/checks.go index fab54be91..2c96baa2f 100644 --- a/pkg/controller/certificates/checks.go +++ b/pkg/controller/certificates/checks.go @@ -61,7 +61,7 @@ func certificatesForSecret(certificateLister cmlisters.CertificateLister, secret crts, err := certificateLister.List(labels.NewSelector()) if err != nil { - return nil, fmt.Errorf("error listing certificiates: %s", err.Error()) + return nil, fmt.Errorf("error listing certificates: %s", err.Error()) } var affected []*cmapi.Certificate diff --git a/pkg/controller/clusterissuers/checks.go b/pkg/controller/clusterissuers/checks.go index a2886618f..50c91c50b 100644 --- a/pkg/controller/clusterissuers/checks.go +++ b/pkg/controller/clusterissuers/checks.go @@ -29,7 +29,7 @@ func (c *controller) issuersForSecret(secret *corev1.Secret) ([]*v1alpha2.Cluste issuers, err := c.clusterIssuerLister.List(labels.NewSelector()) if err != nil { - return nil, fmt.Errorf("error listing certificiates: %s", err.Error()) + return nil, fmt.Errorf("error listing certificates: %s", err.Error()) } var affected []*v1alpha2.ClusterIssuer diff --git a/pkg/controller/ingress-shim/checks.go b/pkg/controller/ingress-shim/checks.go index a59045b9a..12eefcdde 100644 --- a/pkg/controller/ingress-shim/checks.go +++ b/pkg/controller/ingress-shim/checks.go @@ -30,7 +30,7 @@ func (c *controller) ingressesForCertificate(crt *v1alpha2.Certificate) ([]*extv ings, err := c.ingressLister.List(labels.NewSelector()) if err != nil { - return nil, fmt.Errorf("error listing certificiates: %s", err.Error()) + return nil, fmt.Errorf("error listing certificates: %s", err.Error()) } var affected []*extv1beta1.Ingress diff --git a/pkg/controller/issuers/checks.go b/pkg/controller/issuers/checks.go index 3ab699130..1b984ed25 100644 --- a/pkg/controller/issuers/checks.go +++ b/pkg/controller/issuers/checks.go @@ -29,7 +29,7 @@ func (c *controller) issuersForSecret(secret *corev1.Secret) ([]*v1alpha2.Issuer issuers, err := c.issuerLister.List(labels.NewSelector()) if err != nil { - return nil, fmt.Errorf("error listing certificiates: %s", err.Error()) + return nil, fmt.Errorf("error listing certificates: %s", err.Error()) } var affected []*v1alpha2.Issuer diff --git a/pkg/internal/apis/certmanager/types_issuer.go b/pkg/internal/apis/certmanager/types_issuer.go index 3d69fcfb2..ebb2ad1e9 100644 --- a/pkg/internal/apis/certmanager/types_issuer.go +++ b/pkg/internal/apis/certmanager/types_issuer.go @@ -108,7 +108,7 @@ type VenafiTPP struct { // The secret must contain two keys, 'username' and 'password'. CredentialsRef cmmeta.LocalObjectReference - // CABundle is a PEM encoded TLS certifiate to use to verify connections to + // CABundle is a PEM encoded TLS certificate to use to verify connections to // the TPP instance. // If specified, system roots will not be used and the issuing CA for the // TPP instance must be verifiable using the provided root. diff --git a/pkg/internal/venafi/sign_test.go b/pkg/internal/venafi/sign_test.go index 27e514d65..0438e26a6 100644 --- a/pkg/internal/venafi/sign_test.go +++ b/pkg/internal/venafi/sign_test.go @@ -77,7 +77,7 @@ func checkCertificateIssued(t *testing.T, csrPEM []byte, resp []byte) { } } -func checkNoCetificateIssued(t *testing.T, csrPEM []byte, resp []byte) { +func checkNoCertificateIssued(t *testing.T, csrPEM []byte, resp []byte) { if len(resp) > 0 { t.Errorf("expected no response with error but got=%s", resp) } @@ -117,7 +117,7 @@ func TestSign(t *testing.T) { tests := map[string]testSignT{ "if reading the zone configuration fails then error": { csrPEM: csrPEM, - checkFn: checkNoCetificateIssued, + checkFn: checkNoCertificateIssued, expectedErr: true, client: internalfake.Connector{ ReadZoneConfigurationFunc: func() (*endpoint.ZoneConfiguration, error) { @@ -127,7 +127,7 @@ func TestSign(t *testing.T) { }, "if validating the certificate fails then error": { csrPEM: csrPEM, - checkFn: checkNoCetificateIssued, + checkFn: checkNoCertificateIssued, expectedErr: true, client: internalfake.Connector{ ReadZoneConfigurationFunc: func() (*endpoint.ZoneConfiguration, error) { @@ -141,7 +141,7 @@ func TestSign(t *testing.T) { }, "a badly formed CSR should error": { csrPEM: []byte("a badly formed CSR"), - checkFn: checkNoCetificateIssued, + checkFn: checkNoCertificateIssued, expectedErr: true, }, "if requesting the certificate fails, sign should error": { @@ -151,7 +151,7 @@ func TestSign(t *testing.T) { return "", errors.New("request error") }, }.Default(), - checkFn: checkNoCetificateIssued, + checkFn: checkNoCertificateIssued, expectedErr: true, }, "if retrive certificate fails, sign should error": { @@ -161,12 +161,12 @@ func TestSign(t *testing.T) { return nil, errors.New("request error") }, }.Default(), - checkFn: checkNoCetificateIssued, + checkFn: checkNoCertificateIssued, expectedErr: true, }, "if no Common Name, DNS Name, or URI SANs in CSR then error": { csrPEM: csrNonePEM, - checkFn: checkNoCetificateIssued, + checkFn: checkNoCertificateIssued, expectedErr: true, }, "obtain a certificate with DNS names specified": { @@ -194,7 +194,7 @@ func TestSign(t *testing.T) { "If invalid custom field type found the error": { csrPEM: csrPEM, customFields: []internalvanafiapi.CustomField{{Name: "test", Value: "ok", Type: "Bool"}}, - checkFn: checkNoCetificateIssued, + checkFn: checkNoCertificateIssued, expectedErr: true, }, }