adds CDP field and description to CA issuer

Signed-off-by: Sergey Braun <dev@skra.space>
2020-03-19 12:07:31 +01:00 · 2020-03-19 12:07:31 +01:00 · 9b76cdd402
commit 9b76cdd402
parent 04bfddefc3
12 changed files with 103 additions and 4 deletions
--- a/deploy/charts/cert-manager/crds/clusterissuers.yaml
+++ b/deploy/charts/cert-manager/crds/clusterissuers.yaml
@ -1525,6 +1525,14 @@ spec:
              required:
              - secretName
              properties:
+                crlDistributionPoints:
+                  description: The CRL distribution points is an X.509 v3 certificate
+                    extension which identifies the location of the CRL from which
+                    the revocation of this certificate can be checked. If not set
+                    certificate will be issued without CDP. Values are strings.
+                  type: array
+                  items:
+                    type: string
                secretName:
                  description: SecretName is the name of the secret used to sign Certificates
                    issued by this Issuer.
@ -1533,6 +1541,10 @@ spec:
              type: object
              properties:
                crlDistributionPoints:
+                  description: The CRL distribution points is an X.509 v3 certificate
+                    extension which identifies the location of the CRL from which
+                    the revocation of this certificate can be checked. If not set
+                    certificate will be issued without CDP. Values are strings.
                  type: array
                  items:
                    type: string
--- a/deploy/charts/cert-manager/crds/issuers.yaml
+++ b/deploy/charts/cert-manager/crds/issuers.yaml
@ -1525,6 +1525,14 @@ spec:
              required:
              - secretName
              properties:
+                crlDistributionPoints:
+                  description: The CRL distribution points is an X.509 v3 certificate
+                    extension which identifies the location of the CRL from which
+                    the revocation of this certificate can be checked. If not set
+                    certificate will be issued without CDP. Values are strings.
+                  type: array
+                  items:
+                    type: string
                secretName:
                  description: SecretName is the name of the secret used to sign Certificates
                    issued by this Issuer.
@ -1533,6 +1541,10 @@ spec:
              type: object
              properties:
                crlDistributionPoints:
+                  description: The CRL distribution points is an X.509 v3 certificate
+                    extension which identifies the location of the CRL from which
+                    the revocation of this certificate can be checked. If not set
+                    certificate will be issued without CDP. Values are strings.
                  type: array
                  items:
                    type: string
--- a/deploy/manifests/00-crds.yaml
+++ b/deploy/manifests/00-crds.yaml
@ -3675,6 +3675,14 @@ spec:
              required:
              - secretName
              properties:
+                crlDistributionPoints:
+                  description: The CRL distribution points is an X.509 v3 certificate
+                    extension which identifies the location of the CRL from which
+                    the revocation of this certificate can be checked. If not set
+                    certificate will be issued without CDP. Values are strings.
+                  type: array
+                  items:
+                    type: string
                secretName:
                  description: SecretName is the name of the secret used to sign Certificates
                    issued by this Issuer.
@ -3683,6 +3691,10 @@ spec:
              type: object
              properties:
                crlDistributionPoints:
+                  description: The CRL distribution points is an X.509 v3 certificate
+                    extension which identifies the location of the CRL from which
+                    the revocation of this certificate can be checked. If not set
+                    certificate will be issued without CDP. Values are strings.
                  type: array
                  items:
                    type: string
@ -5434,6 +5446,14 @@ spec:
              required:
              - secretName
              properties:
+                crlDistributionPoints:
+                  description: The CRL distribution points is an X.509 v3 certificate
+                    extension which identifies the location of the CRL from which
+                    the revocation of this certificate can be checked. If not set
+                    certificate will be issued without CDP. Values are strings.
+                  type: array
+                  items:
+                    type: string
                secretName:
                  description: SecretName is the name of the secret used to sign Certificates
                    issued by this Issuer.
@ -5442,6 +5462,10 @@ spec:
              type: object
              properties:
                crlDistributionPoints:
+                  description: The CRL distribution points is an X.509 v3 certificate
+                    extension which identifies the location of the CRL from which
+                    the revocation of this certificate can be checked. If not set
+                    certificate will be issued without CDP. Values are strings.
                  type: array
                  items:
                    type: string
--- a/pkg/apis/certmanager/v1alpha2/types_issuer.go
+++ b/pkg/apis/certmanager/v1alpha2/types_issuer.go
@ -148,6 +148,10 @@ type VenafiCloud struct {
 }

 type SelfSignedIssuer struct {
+	// The CRL distribution points is an X.509 v3 certificate extension which identifies
+	// the location of the CRL from which the revocation of this certificate can be checked.
+	// If not set certificate will be issued without CDP. Values are strings.
+	// +optional
 	CRLDistributionPoints []string `json:"crlDistributionPoints,omitempty"`
 }

@ -220,6 +224,12 @@ type CAIssuer struct {
 	// SecretName is the name of the secret used to sign Certificates issued
 	// by this Issuer.
 	SecretName string `json:"secretName"`
+
+	// The CRL distribution points is an X.509 v3 certificate extension which identifies
+	// the location of the CRL from which the revocation of this certificate can be checked.
+	// If not set certificate will be issued without CDP. Values are strings.
+	// +optional
+	CRLDistributionPoints []string `json:"crlDistributionPoints,omitempty"`
 }

 // IssuerStatus contains status information about an Issuer
--- a/pkg/apis/certmanager/v1alpha2/zz_generated.deepcopy.go
+++ b/pkg/apis/certmanager/v1alpha2/zz_generated.deepcopy.go
@ -30,6 +30,11 @@ import (
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *CAIssuer) DeepCopyInto(out *CAIssuer) {
 	*out = *in
+	if in.CRLDistributionPoints != nil {
+		in, out := &in.CRLDistributionPoints, &out.CRLDistributionPoints
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
 	return
 }

@ -482,7 +487,7 @@ func (in *IssuerConfig) DeepCopyInto(out *IssuerConfig) {
 	if in.CA != nil {
 		in, out := &in.CA, &out.CA
 		*out = new(CAIssuer)
-		**out = **in
+		(*in).DeepCopyInto(*out)
 	}
 	if in.Vault != nil {
 		in, out := &in.Vault, &out.Vault
--- a/pkg/apis/certmanager/v1alpha3/types_issuer.go
+++ b/pkg/apis/certmanager/v1alpha3/types_issuer.go
@ -148,6 +148,10 @@ type VenafiCloud struct {
 }

 type SelfSignedIssuer struct {
+	// The CRL distribution points is an X.509 v3 certificate extension which identifies
+	// the location of the CRL from which the revocation of this certificate can be checked.
+	// If not set certificate will be issued without CDP. Values are strings.
+	// +optional
 	CRLDistributionPoints []string `json:"crlDistributionPoints,omitempty"`
 }

@ -220,6 +224,12 @@ type CAIssuer struct {
 	// SecretName is the name of the secret used to sign Certificates issued
 	// by this Issuer.
 	SecretName string `json:"secretName"`
+
+	// The CRL distribution points is an X.509 v3 certificate extension which identifies
+	// the location of the CRL from which the revocation of this certificate can be checked.
+	// If not set certificate will be issued without CDP. Values are strings.
+	// +optional
+	CRLDistributionPoints []string `json:"crlDistributionPoints,omitempty"`
 }

 // IssuerStatus contains status information about an Issuer
--- a/pkg/apis/certmanager/v1alpha3/zz_generated.deepcopy.go
+++ b/pkg/apis/certmanager/v1alpha3/zz_generated.deepcopy.go
@ -30,6 +30,11 @@ import (
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *CAIssuer) DeepCopyInto(out *CAIssuer) {
 	*out = *in
+	if in.CRLDistributionPoints != nil {
+		in, out := &in.CRLDistributionPoints, &out.CRLDistributionPoints
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
 	return
 }

@ -477,7 +482,7 @@ func (in *IssuerConfig) DeepCopyInto(out *IssuerConfig) {
 	if in.CA != nil {
 		in, out := &in.CA, &out.CA
 		*out = new(CAIssuer)
-		**out = **in
+		(*in).DeepCopyInto(*out)
 	}
 	if in.Vault != nil {
 		in, out := &in.Vault, &out.Vault
--- a/pkg/controller/certificaterequests/ca/ca.go
+++ b/pkg/controller/certificaterequests/ca/ca.go
@ -111,6 +111,8 @@ func (c *CA) Sign(ctx context.Context, cr *cmapi.CertificateRequest, issuerObj c
 		return nil, nil
 	}

+	template.CRLDistributionPoints = issuerObj.GetSpec().CA.CRLDistributionPoints
+
 	certPEM, caPEM, err := pki.SignCSRTemplate(caCerts, caKey, template)
 	if err != nil {
 		message := "Error signing certificate"
--- a/pkg/internal/apis/certmanager/types_issuer.go
+++ b/pkg/internal/apis/certmanager/types_issuer.go
@ -127,7 +127,11 @@ type VenafiCloud struct {
 }

 type SelfSignedIssuer struct {
-	CRLDistributionPoints []string `json:"crlDistributionPoints,omitempty"`
+	// The CRL distribution points is an X.509 v3 certificate extension which identifies
+	// the location of the CRL from which the revocation of this certificate can be checked.
+	// If not set certificate will be issued without CDP. Values are strings.
+	// +optional
+	CRLDistributionPoints []string
 }

 type VaultIssuer struct {
@ -197,6 +201,12 @@ type CAIssuer struct {
 	// SecretName is the name of the secret used to sign Certificates issued
 	// by this Issuer.
 	SecretName string
+
+	// The CRL distribution points is an X.509 v3 certificate extension which identifies
+	// the location of the CRL from which the revocation of this certificate can be checked.
+	// If not set certificate will be issued without CDP. Values are strings.
+	// +optional
+	CRLDistributionPoints []string
 }

 // IssuerStatus contains status information about an Issuer
--- a/pkg/internal/apis/certmanager/v1alpha2/zz_generated.conversion.go
+++ b/pkg/internal/apis/certmanager/v1alpha2/zz_generated.conversion.go
@ -326,6 +326,7 @@ func RegisterConversions(s *runtime.Scheme) error {

 func autoConvert_v1alpha2_CAIssuer_To_certmanager_CAIssuer(in *v1alpha2.CAIssuer, out *certmanager.CAIssuer, s conversion.Scope) error {
 	out.SecretName = in.SecretName
+	out.CRLDistributionPoints = *(*[]string)(unsafe.Pointer(&in.CRLDistributionPoints))
 	return nil
 }

@ -336,6 +337,7 @@ func Convert_v1alpha2_CAIssuer_To_certmanager_CAIssuer(in *v1alpha2.CAIssuer, ou

 func autoConvert_certmanager_CAIssuer_To_v1alpha2_CAIssuer(in *certmanager.CAIssuer, out *v1alpha2.CAIssuer, s conversion.Scope) error {
 	out.SecretName = in.SecretName
+	out.CRLDistributionPoints = *(*[]string)(unsafe.Pointer(&in.CRLDistributionPoints))
 	return nil
 }

--- a/pkg/internal/apis/certmanager/v1alpha3/zz_generated.conversion.go
+++ b/pkg/internal/apis/certmanager/v1alpha3/zz_generated.conversion.go
@ -326,6 +326,7 @@ func RegisterConversions(s *runtime.Scheme) error {

 func autoConvert_v1alpha3_CAIssuer_To_certmanager_CAIssuer(in *v1alpha3.CAIssuer, out *certmanager.CAIssuer, s conversion.Scope) error {
 	out.SecretName = in.SecretName
+	out.CRLDistributionPoints = *(*[]string)(unsafe.Pointer(&in.CRLDistributionPoints))
 	return nil
 }

@ -336,6 +337,7 @@ func Convert_v1alpha3_CAIssuer_To_certmanager_CAIssuer(in *v1alpha3.CAIssuer, ou

 func autoConvert_certmanager_CAIssuer_To_v1alpha3_CAIssuer(in *certmanager.CAIssuer, out *v1alpha3.CAIssuer, s conversion.Scope) error {
 	out.SecretName = in.SecretName
+	out.CRLDistributionPoints = *(*[]string)(unsafe.Pointer(&in.CRLDistributionPoints))
 	return nil
 }

--- a/pkg/internal/apis/certmanager/zz_generated.deepcopy.go
+++ b/pkg/internal/apis/certmanager/zz_generated.deepcopy.go
@ -30,6 +30,11 @@ import (
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *CAIssuer) DeepCopyInto(out *CAIssuer) {
 	*out = *in
+	if in.CRLDistributionPoints != nil {
+		in, out := &in.CRLDistributionPoints, &out.CRLDistributionPoints
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
 	return
 }

@ -477,7 +482,7 @@ func (in *IssuerConfig) DeepCopyInto(out *IssuerConfig) {
 	if in.CA != nil {
 		in, out := &in.CA, &out.CA
 		*out = new(CAIssuer)
-		**out = **in
+		(*in).DeepCopyInto(*out)
 	}
 	if in.Vault != nil {
 		in, out := &in.Vault, &out.Vault