From 9844658e731cdea3ed7aad68be00a00551522945 Mon Sep 17 00:00:00 2001
From: Maartje Eyskens <maartje@eyskens.me>
Date: Tue, 28 Jul 2020 11:18:04 +0200
Subject: [PATCH] Remove defaulting behaviour

Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
---
 pkg/controller/ingress-shim/sync.go      | 22 +-------
 pkg/controller/ingress-shim/sync_test.go | 67 ------------------------
 2 files changed, 2 insertions(+), 87 deletions(-)

diff --git a/pkg/controller/ingress-shim/sync.go b/pkg/controller/ingress-shim/sync.go
index cbc984de3..c42c42219 100644
--- a/pkg/controller/ingress-shim/sync.go
+++ b/pkg/controller/ingress-shim/sync.go
@@ -308,28 +308,10 @@ func (c *controller) setIssuerSpecificConfig(crt *cmapi.Certificate, ing *extv1b
 }
 
 func (c *controller) setCommonName(crt *cmapi.Certificate, ing *extv1beta1.Ingress, tls extv1beta1.IngressTLS) {
-	ingAnnotations := ing.Annotations
-	if ingAnnotations == nil {
-		ingAnnotations = map[string]string{}
-	}
-
 	// if annotation is set use that as CN
-	if ingAnnotations[cmapi.CommonNameAnnotationKey] != "" {
-		crt.Spec.CommonName = ingAnnotations[cmapi.CommonNameAnnotationKey]
-		return
+	if ing.Annotations != nil && ing.Annotations[cmapi.CommonNameAnnotationKey] != "" {
+		crt.Spec.CommonName = ing.Annotations[cmapi.CommonNameAnnotationKey]
 	}
-
-	// if not set pick the first DNS name that is less than 64 characters
-	// this is the length limit of the CN
-	// if none if found we leave the CN empty
-	for _, host := range tls.Hosts {
-		if len(host) < 64 {
-			crt.Spec.CommonName = host
-			return
-		}
-	}
-
-	return
 }
 
 // shouldSync returns true if this ingress should have a Certificate resource
diff --git a/pkg/controller/ingress-shim/sync_test.go b/pkg/controller/ingress-shim/sync_test.go
index 0601633a7..d07c2a214 100644
--- a/pkg/controller/ingress-shim/sync_test.go
+++ b/pkg/controller/ingress-shim/sync_test.go
@@ -195,60 +195,6 @@ func TestSync(t *testing.T) {
 							"awaytoolongdomainnameforthecommonnamefielstoballowedinsoithastopicktheotherone.example.org",
 							"example.com",
 						},
-						CommonName: "example.com",
-						SecretName: "example-com-tls",
-						IssuerRef: cmmeta.ObjectReference{
-							Name: "issuer-name",
-							Kind: "ClusterIssuer",
-						},
-					},
-				},
-			},
-		},
-		{
-			Name:   "return a single Certificate for an ingress with all hosts over the CM length limit",
-			Issuer: acmeClusterIssuer,
-			Ingress: &extv1beta1.Ingress{
-				ObjectMeta: metav1.ObjectMeta{
-					Name:      "ingress-name",
-					Namespace: gen.DefaultTestNamespace,
-					Labels: map[string]string{
-						"my-test-label": "should be copied",
-					},
-					Annotations: map[string]string{
-						cmapi.IngressClusterIssuerNameAnnotationKey: "issuer-name",
-					},
-					UID: types.UID("ingress-name"),
-				},
-				Spec: extv1beta1.IngressSpec{
-					TLS: []extv1beta1.IngressTLS{
-						{
-							Hosts: []string{
-								"awaytoolongdomainnameforthecommonnamefielstoballowedinsoithastopicktheotherone.example.com",
-								"awaytoolongdomainnameforthecommonnamefielstoballowedinsoithastopicktheotherone.example.org",
-							},
-							SecretName: "example-com-tls",
-						},
-					},
-				},
-			},
-			ClusterIssuerLister: []runtime.Object{acmeClusterIssuer},
-			ExpectedEvents:      []string{`Normal CreateCertificate Successfully created Certificate "example-com-tls"`},
-			ExpectedCreate: []*cmapi.Certificate{
-				{
-					ObjectMeta: metav1.ObjectMeta{
-						Name:      "example-com-tls",
-						Namespace: gen.DefaultTestNamespace,
-						Labels: map[string]string{
-							"my-test-label": "should be copied",
-						},
-						OwnerReferences: buildOwnerReferences("ingress-name", gen.DefaultTestNamespace),
-					},
-					Spec: cmapi.CertificateSpec{
-						DNSNames: []string{
-							"awaytoolongdomainnameforthecommonnamefielstoballowedinsoithastopicktheotherone.example.com",
-							"awaytoolongdomainnameforthecommonnamefielstoballowedinsoithastopicktheotherone.example.org",
-						},
 						SecretName: "example-com-tls",
 						IssuerRef: cmmeta.ObjectReference{
 							Name: "issuer-name",
@@ -301,7 +247,6 @@ func TestSync(t *testing.T) {
 					},
 					Spec: cmapi.CertificateSpec{
 						DNSNames:   []string{"example.com", "www.example.com"},
-						CommonName: "example.com",
 						SecretName: "example-com-tls",
 						IssuerRef: cmmeta.ObjectReference{
 							Name: "issuer-name",
@@ -354,7 +299,6 @@ func TestSync(t *testing.T) {
 					},
 					Spec: cmapi.CertificateSpec{
 						DNSNames:   []string{"example.com", "www.example.com"},
-						CommonName: "example.com",
 						SecretName: "example-com-tls",
 						IssuerRef: cmmeta.ObjectReference{
 							Name: "issuer-name",
@@ -396,7 +340,6 @@ func TestSync(t *testing.T) {
 					},
 					Spec: cmapi.CertificateSpec{
 						DNSNames:   []string{"example.com", "www.example.com"},
-						CommonName: "example.com",
 						SecretName: "example-com-tls",
 						IssuerRef: cmmeta.ObjectReference{
 							Name: "issuer-name",
@@ -439,7 +382,6 @@ func TestSync(t *testing.T) {
 					},
 					Spec: cmapi.CertificateSpec{
 						DNSNames:   []string{"example.com", "www.example.com"},
-						CommonName: "example.com",
 						SecretName: "example-com-tls",
 						IssuerRef: cmmeta.ObjectReference{
 							Name: "issuer-name",
@@ -486,7 +428,6 @@ func TestSync(t *testing.T) {
 					},
 					Spec: cmapi.CertificateSpec{
 						DNSNames:   []string{"example.com", "www.example.com"},
-						CommonName: "example.com",
 						SecretName: "example-com-tls",
 						IssuerRef: cmmeta.ObjectReference{
 							Name: "issuer-name",
@@ -530,7 +471,6 @@ func TestSync(t *testing.T) {
 					},
 					Spec: cmapi.CertificateSpec{
 						DNSNames:   []string{"example.com", "www.example.com"},
-						CommonName: "example.com",
 						SecretName: "example-com-tls",
 						IssuerRef: cmmeta.ObjectReference{
 							Name: "issuer-name",
@@ -573,7 +513,6 @@ func TestSync(t *testing.T) {
 					},
 					Spec: cmapi.CertificateSpec{
 						DNSNames:   []string{"example.com", "www.example.com"},
-						CommonName: "example.com",
 						SecretName: "example-com-tls",
 						IssuerRef: cmmeta.ObjectReference{
 							Name: "issuer-name",
@@ -618,7 +557,6 @@ func TestSync(t *testing.T) {
 					},
 					Spec: cmapi.CertificateSpec{
 						DNSNames:   []string{"example.com", "www.example.com"},
-						CommonName: "example.com",
 						SecretName: "example-com-tls",
 						IssuerRef: cmmeta.ObjectReference{
 							Name:  "issuer-name",
@@ -724,7 +662,6 @@ func TestSync(t *testing.T) {
 					},
 					Spec: cmapi.CertificateSpec{
 						DNSNames:   []string{"example.com"},
-						CommonName: "example.com",
 						SecretName: "existing-crt",
 						IssuerRef: cmmeta.ObjectReference{
 							Name:  "issuer-name",
@@ -883,7 +820,6 @@ func TestSync(t *testing.T) {
 					},
 					Spec: cmapi.CertificateSpec{
 						DNSNames:   []string{"example.com"},
-						CommonName: "example.com",
 						SecretName: "existing-crt",
 						IssuerRef: cmmeta.ObjectReference{
 							Name: "issuer-name",
@@ -925,7 +861,6 @@ func TestSync(t *testing.T) {
 					},
 					Spec: cmapi.CertificateSpec{
 						DNSNames:   []string{"example.com"},
-						CommonName: "example.com",
 						SecretName: "existing-crt",
 						IssuerRef: cmmeta.ObjectReference{
 							Name: "issuer-name",
@@ -958,7 +893,6 @@ func TestSync(t *testing.T) {
 					},
 					Spec: cmapi.CertificateSpec{
 						DNSNames:   []string{"example.com"},
-						CommonName: "example.com",
 						SecretName: "existing-crt",
 						IssuerRef: cmmeta.ObjectReference{
 							Name: "issuer-name",
@@ -977,7 +911,6 @@ func TestSync(t *testing.T) {
 					},
 					Spec: cmapi.CertificateSpec{
 						DNSNames:   []string{"example.com"},
-						CommonName: "example.com",
 						SecretName: "existing-crt",
 						IssuerRef: cmmeta.ObjectReference{
 							Name: "issuer-name",