Merge pull request #1075 from gparvin/adding-not-after-to-certificate-status

changes to add a NotAfter field to the cert status
2018-11-16 10:11:01 +00:00 · 2018-11-16 10:11:01 +00:00 · 9975ff4a8a
commit 9975ff4a8a
parent 9a64cfa027 acc0fa887b
5 changed files with 29 additions and 0 deletions
--- a/docs/generated/reference/output/reference/api-docs/index.html
+++ b/docs/generated/reference/output/reference/api-docs/index.html
@ -154,6 +154,10 @@ Appears In:
 <td><code>lastFailureTime</code><br /> <em><a href="#time-v1">Time</a></em></td>
 <td></td>
 </tr>
+<tr>
+<td><code>notAfter</code><br /> <em><a href="#time-v1">Time</a></em></td>
+<td>The expiration time of the certificate stored in the secret named by this resource in spec.secretName.</td>
+</tr>
 </tbody>
 </table>
 <hr>
--- a/pkg/apis/certmanager/v1alpha1/types_certificate.go
+++ b/pkg/apis/certmanager/v1alpha1/types_certificate.go
@ -109,6 +109,10 @@ type ACMECertificateConfig struct {
 type CertificateStatus struct {
 	Conditions      []CertificateCondition `json:"conditions,omitempty"`
 	LastFailureTime *metav1.Time           `json:"lastFailureTime,omitempty"`
+
+	// The expiration time of the certificate stored in the secret named
+	// by this resource in spec.secretName.
+	NotAfter *metav1.Time `json:"notAfter,omitempty"`
 }

 // CertificateCondition contains condition information for an Certificate.
--- a/pkg/apis/certmanager/v1alpha1/zz_generated.deepcopy.go
+++ b/pkg/apis/certmanager/v1alpha1/zz_generated.deepcopy.go
@ -533,6 +533,15 @@ func (in *CertificateStatus) DeepCopyInto(out *CertificateStatus) {
 			(*in).DeepCopyInto(*out)
 		}
 	}
+	if in.NotAfter != nil {
+		in, out := &in.NotAfter, &out.NotAfter
+		if *in == nil {
+			*out = nil
+		} else {
+			*out = new(v1.Time)
+			(*in).DeepCopyInto(*out)
+		}
+	}
 	return
 }

--- a/pkg/controller/certificates/sync.go
+++ b/pkg/controller/certificates/sync.go
@ -160,6 +160,9 @@ func (c *Controller) Sync(ctx context.Context, crt *v1alpha1.Certificate) (reque
 		return false, err
 	}

+	metaNotAfter := metav1.NewTime(cert.NotAfter)
+	crtCopy.Status.NotAfter = &metaNotAfter
+
 	// begin checking if the TLS certificate is valid/needs a re-issue or renew

 	// check if the private key is the corresponding pair to the certificate
--- a/test/util/util.go
+++ b/test/util/util.go
@ -283,6 +283,15 @@ func WaitCertificateIssuedValid(certClient clientset.CertificateInterface, secre
 				return false, nil
 			}

+			if certificate.Status.NotAfter == nil {
+				glog.Infof("No certificate expiration found for Certificate %q", name)
+				return false, nil
+			}
+			if !cert.NotAfter.Equal(certificate.Status.NotAfter.Time) {
+				glog.Info("Expected certificate expire date to be %v, but got %v", certificate.Status.NotAfter, cert.NotAfter)
+				return false, nil
+			}
+
 			label, ok := secret.Labels[v1alpha1.CertificateNameKey]
 			if !ok {
 				return false, fmt.Errorf("Expected secret to have certificate-name label, but had none")