weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

add comments explaining issuerRef validation logic

Browse Source 
Signed-off-by: Ashley Davis <ashley.davis@venafi.com>
This commit is contained in:
Ashley Davis 2024-04-18 13:04:46 +01:00
parent 0f5689e120
commit b8e40825ce
No known key found for this signature in database
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
internal/apis/certmanager/validation/certificate.go
View File

@ -216,16 +216,27 @@ func validateIssuerRef(issuerRef cmmeta.ObjectReference, fldPath *field.Path) fi
issuerRefPath := fldPath.Child("issuerRef")
if issuerRef.Name == "" {
// all issuerRefs must specify a name
el = append(el, field.Required(issuerRefPath.Child("name"), "must be specified"))
}
if issuerRef.Group == "" || issuerRef.Group == internalcmapi.SchemeGroupVersion.Group {
// if the user leaves the group blank, it's effectively defaulted to the built-in issuers (i.e. cert-manager.io)
// if the cert-manager.io group is used, we can do extra validation on the Kind
// if an external group is used, we don't have a mechanism currently to determine which Kinds are valid for those groups
// so we don't check
switch issuerRef.Kind {
case "":
// do nothing
case "Issuer", "ClusterIssuer":
// do nothing
default:
el = append(el, field.Invalid(issuerRefPath.Child("kind"), issuerRef.Kind, "must be one of Issuer or ClusterIssuer"))
}
}
return el
}