diff --git a/deploy/crds/crd-challenges.yaml b/deploy/crds/crd-challenges.yaml index b213ce9cc..6f62ee8ed 100644 --- a/deploy/crds/crd-challenges.yaml +++ b/deploy/crds/crd-challenges.yaml @@ -375,7 +375,7 @@ spec: type: object properties: labels: - description: Custom labels that you want the HTTPRoutes created by cert-manager for solving HTTP-01 challenges. Back when cert-manager supported v1alpha1, this field was used when creating the solver's HTTPRoute, and used to be how the HTTPRoute was matched to a Gateway. Since v1alpha2, the HTTPRoute is matched to a Gateway using the field parentRefs on the HTTPRoute. + description: Custom labels that will be applied to HTTPRoutes created by cert-manager while solving HTTP-01 challenges. type: object additionalProperties: type: string diff --git a/deploy/crds/crd-clusterissuers.yaml b/deploy/crds/crd-clusterissuers.yaml index 13ddd4ad9..66726210e 100644 --- a/deploy/crds/crd-clusterissuers.yaml +++ b/deploy/crds/crd-clusterissuers.yaml @@ -410,7 +410,7 @@ spec: type: object properties: labels: - description: Custom labels that you want the HTTPRoutes created by cert-manager for solving HTTP-01 challenges. Back when cert-manager supported v1alpha1, this field was used when creating the solver's HTTPRoute, and used to be how the HTTPRoute was matched to a Gateway. Since v1alpha2, the HTTPRoute is matched to a Gateway using the field parentRefs on the HTTPRoute. + description: Custom labels that will be applied to HTTPRoutes created by cert-manager while solving HTTP-01 challenges. type: object additionalProperties: type: string diff --git a/deploy/crds/crd-issuers.yaml b/deploy/crds/crd-issuers.yaml index cb3b24daa..a993fea54 100644 --- a/deploy/crds/crd-issuers.yaml +++ b/deploy/crds/crd-issuers.yaml @@ -412,7 +412,7 @@ spec: type: object properties: labels: - description: Custom labels that you want the HTTPRoutes created by cert-manager for solving HTTP-01 challenges. Back when cert-manager supported v1alpha1, this field was used when creating the solver's HTTPRoute, and used to be how the HTTPRoute was matched to a Gateway. Since v1alpha2, the HTTPRoute is matched to a Gateway using the field parentRefs on the HTTPRoute. + description: Custom labels that will be applied to HTTPRoutes created by cert-manager while solving HTTP-01 challenges. type: object additionalProperties: type: string diff --git a/internal/apis/acme/types_issuer.go b/internal/apis/acme/types_issuer.go index 8943626aa..9019b9db7 100644 --- a/internal/apis/acme/types_issuer.go +++ b/internal/apis/acme/types_issuer.go @@ -229,12 +229,9 @@ type ACMEChallengeSolverHTTP01GatewayHTTPRoute struct { // +optional ServiceType corev1.ServiceType - // Custom labels that you want the HTTPRoutes created by cert-manager - // for solving HTTP-01 challenges. Back when cert-manager supported - // v1alpha1, this field was used when creating the solver's HTTPRoute, - // and used to be how the HTTPRoute was matched to a Gateway. Since - // v1alpha2, the HTTPRoute is matched to a Gateway using the field - // parentRefs on the HTTPRoute. + // Custom labels that will be applied to HTTPRoutes created by cert-manager + // while solving HTTP-01 challenges. + // +optional Labels map[string]string // When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. diff --git a/internal/apis/acme/v1alpha2/types_issuer.go b/internal/apis/acme/v1alpha2/types_issuer.go index 29dd14ef1..67200a400 100644 --- a/internal/apis/acme/v1alpha2/types_issuer.go +++ b/internal/apis/acme/v1alpha2/types_issuer.go @@ -252,12 +252,9 @@ type ACMEChallengeSolverHTTP01GatewayHTTPRoute struct { // +optional ServiceType corev1.ServiceType `json:"serviceType,omitempty"` - // Custom labels that you want the HTTPRoutes created by cert-manager - // for solving HTTP-01 challenges. Back when cert-manager supported - // v1alpha1, this field was used when creating the solver's HTTPRoute, - // and used to be how the HTTPRoute was matched to a Gateway. Since - // v1alpha2, the HTTPRoute is matched to a Gateway using the field - // parentRefs on the HTTPRoute. + // Custom labels that will be applied to HTTPRoutes created by cert-manager + // while solving HTTP-01 challenges. + // +optional Labels map[string]string // When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. diff --git a/internal/apis/acme/v1alpha3/types_issuer.go b/internal/apis/acme/v1alpha3/types_issuer.go index 3121a194e..2e2e508a2 100644 --- a/internal/apis/acme/v1alpha3/types_issuer.go +++ b/internal/apis/acme/v1alpha3/types_issuer.go @@ -252,12 +252,9 @@ type ACMEChallengeSolverHTTP01GatewayHTTPRoute struct { // +optional ServiceType corev1.ServiceType `json:"serviceType,omitempty"` - // Custom labels that you want the HTTPRoutes created by cert-manager - // for solving HTTP-01 challenges. Back when cert-manager supported - // v1alpha1, this field was used when creating the solver's HTTPRoute, - // and used to be how the HTTPRoute was matched to a Gateway. Since - // v1alpha2, the HTTPRoute is matched to a Gateway using the field - // parentRefs on the HTTPRoute. + // Custom labels that will be applied to HTTPRoutes created by cert-manager + // while solving HTTP-01 challenges. + // +optional Labels map[string]string // When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. diff --git a/internal/apis/acme/v1beta1/types_issuer.go b/internal/apis/acme/v1beta1/types_issuer.go index 8aab957c8..780f21f65 100644 --- a/internal/apis/acme/v1beta1/types_issuer.go +++ b/internal/apis/acme/v1beta1/types_issuer.go @@ -251,12 +251,9 @@ type ACMEChallengeSolverHTTP01GatewayHTTPRoute struct { // +optional ServiceType corev1.ServiceType `json:"serviceType,omitempty"` - // Custom labels that you want the HTTPRoutes created by cert-manager - // for solving HTTP-01 challenges. Back when cert-manager supported - // v1alpha1, this field was used when creating the solver's HTTPRoute, - // and used to be how the HTTPRoute was matched to a Gateway. Since - // v1alpha2, the HTTPRoute is matched to a Gateway using the field - // parentRefs on the HTTPRoute. + // Custom labels that will be applied to HTTPRoutes created by cert-manager + // while solving HTTP-01 challenges. + // +optional Labels map[string]string `json:"labels,omitempty"` // When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. diff --git a/internal/apis/certmanager/validation/issuer.go b/internal/apis/certmanager/validation/issuer.go index 932f3b710..ca577e437 100644 --- a/internal/apis/certmanager/validation/issuer.go +++ b/internal/apis/certmanager/validation/issuer.go @@ -201,6 +201,9 @@ func ValidateACMEIssuerChallengeSolverHTTP01GatewayConfig(gateway *cmacme.ACMECh default: el = append(el, field.Invalid(fldPath.Child("serviceType"), gateway.ServiceType, `must be empty, "ClusterIP" or "NodePort"`)) } + if len(gateway.ParentRefs) == 0 { + el = append(el, field.Required(fldPath.Child("parentRefs"), `at least 1 parentRef is required`)) + } return el } diff --git a/internal/apis/certmanager/validation/issuer_test.go b/internal/apis/certmanager/validation/issuer_test.go index a9f8d446d..f5d5c5df7 100644 --- a/internal/apis/certmanager/validation/issuer_test.go +++ b/internal/apis/certmanager/validation/issuer_test.go @@ -18,6 +18,7 @@ package validation import ( "reflect" + gwapi "sigs.k8s.io/gateway-api/apis/v1alpha2" "testing" "github.com/stretchr/testify/assert" @@ -244,8 +245,10 @@ func TestValidateACMEIssuerConfig(t *testing.T) { { HTTP01: &cmacme.ACMEChallengeSolverHTTP01{ GatewayHTTPRoute: &cmacme.ACMEChallengeSolverHTTP01GatewayHTTPRoute{ - Labels: map[string]string{ - "key": "value", + ParentRefs: []gwapi.ParentRef{ + { + Name: "blah", + }, }, }, }, @@ -268,8 +271,8 @@ func TestValidateACMEIssuerConfig(t *testing.T) { }, errs: []*field.Error{ field.Required( - fldPath.Child("solvers").Index(0).Child("http01", "gateway").Child("labels"), - "labels must be set", + fldPath.Child("solvers").Index(0).Child("http01", "gateway").Child("parentRefs"), + "at least 1 parentRef is required", ), }, }, @@ -286,6 +289,11 @@ func TestValidateACMEIssuerConfig(t *testing.T) { Labels: map[string]string{ "a": "b", }, + ParentRefs: []gwapi.ParentRef{ + { + Name: "blah", + }, + }, }, }, }, diff --git a/pkg/apis/acme/v1/types_issuer.go b/pkg/apis/acme/v1/types_issuer.go index 51bd6d837..56c28f6b4 100644 --- a/pkg/apis/acme/v1/types_issuer.go +++ b/pkg/apis/acme/v1/types_issuer.go @@ -255,12 +255,9 @@ type ACMEChallengeSolverHTTP01GatewayHTTPRoute struct { // +optional ServiceType corev1.ServiceType `json:"serviceType,omitempty"` - // Custom labels that you want the HTTPRoutes created by cert-manager - // for solving HTTP-01 challenges. Back when cert-manager supported - // v1alpha1, this field was used when creating the solver's HTTPRoute, - // and used to be how the HTTPRoute was matched to a Gateway. Since - // v1alpha2, the HTTPRoute is matched to a Gateway using the field - // parentRefs on the HTTPRoute. + // Custom labels that will be applied to HTTPRoutes created by cert-manager + // while solving HTTP-01 challenges. + // +optional Labels map[string]string `json:"labels,omitempty"` // When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute.