weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

Remove deprecated code from ingress-shim controller

Browse Source 
Signed-off-by: James Munnelly <james@munnelly.eu>
This commit is contained in:
James Munnelly 2019-09-19 13:04:19 +01:00
parent 20840b552d
commit bc61194709
6 changed files with 53 additions and 583 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
cmd/controller/app/controller.go
View File

@ -242,11 +242,9 @@ func buildControllerContext(ctx context.Context, stopCh <-chan struct{}, opts *o
RenewBeforeExpiryDuration: opts.RenewBeforeExpiryDuration,
},
IngressShimOptions: controller.IngressShimOptions{
DefaultIssuerName: opts.DefaultIssuerName,
DefaultIssuerKind: opts.DefaultIssuerKind,
DefaultAutoCertificateAnnotations: opts.DefaultAutoCertificateAnnotations,
DefaultACMEIssuerChallengeType: opts.DefaultACMEIssuerChallengeType,
DefaultACMEIssuerDNS01ProviderName: opts.DefaultACMEIssuerDNS01ProviderName,
DefaultIssuerName: opts.DefaultIssuerName,
DefaultIssuerKind: opts.DefaultIssuerKind,
DefaultAutoCertificateAnnotations: opts.DefaultAutoCertificateAnnotations,
},
CertificateOptions: controller.CertificateOptions{
EnableOwnerRef: opts.EnableCertificateOwnerRef,

57
cmd/controller/app/options/options.go
View File

@ -59,11 +59,9 @@ type ControllerOptions struct {
RenewBeforeExpiryDuration time.Duration
// Default issuer/certificates details consumed by ingress-shim
DefaultIssuerName string
DefaultIssuerKind string
DefaultAutoCertificateAnnotations []string
DefaultACMEIssuerChallengeType string
DefaultACMEIssuerDNS01ProviderName string
DefaultIssuerName string
DefaultIssuerKind string
DefaultAutoCertificateAnnotations []string
// Allows specifying a list of custom nameservers to perform DNS checks on.
DNS01RecursiveNameservers []string
@ -156,31 +154,35 @@ var (
orderscontroller.ControllerName,
challengescontroller.ControllerName,
webhookbootstrap.ControllerName,
cracmecontroller.CRControllerName,
crcacontroller.CRControllerName,
crselfsignedcontroller.CRControllerName,
crvaultcontroller.CRControllerName,
crvenaficontroller.CRControllerName,
certificatescontroller.ControllerName,
}
)
func NewControllerOptions() *ControllerOptions {
return &ControllerOptions{
APIServerHost: defaultAPIServerHost,
ClusterResourceNamespace: defaultClusterResourceNamespace,
Namespace: defaultNamespace,
LeaderElect: defaultLeaderElect,
LeaderElectionNamespace: defaultLeaderElectionNamespace,
LeaderElectionLeaseDuration: defaultLeaderElectionLeaseDuration,
LeaderElectionRenewDeadline: defaultLeaderElectionRenewDeadline,
LeaderElectionRetryPeriod: defaultLeaderElectionRetryPeriod,
EnabledControllers: defaultEnabledControllers,
ClusterIssuerAmbientCredentials: defaultClusterIssuerAmbientCredentials,
IssuerAmbientCredentials: defaultIssuerAmbientCredentials,
RenewBeforeExpiryDuration: defaultRenewBeforeExpiryDuration,
DefaultIssuerName: defaultTLSACMEIssuerName,
DefaultIssuerKind: defaultTLSACMEIssuerKind,
DefaultAutoCertificateAnnotations: defaultAutoCertificateAnnotations,
DefaultACMEIssuerChallengeType: defaultACMEIssuerChallengeType,
DefaultACMEIssuerDNS01ProviderName: defaultACMEIssuerDNS01ProviderName,
DNS01RecursiveNameservers: []string{},
DNS01RecursiveNameserversOnly: defaultDNS01RecursiveNameserversOnly,
EnableCertificateOwnerRef: defaultEnableCertificateOwnerRef,
APIServerHost: defaultAPIServerHost,
ClusterResourceNamespace: defaultClusterResourceNamespace,
Namespace: defaultNamespace,
LeaderElect: defaultLeaderElect,
LeaderElectionNamespace: defaultLeaderElectionNamespace,
LeaderElectionLeaseDuration: defaultLeaderElectionLeaseDuration,
LeaderElectionRenewDeadline: defaultLeaderElectionRenewDeadline,
LeaderElectionRetryPeriod: defaultLeaderElectionRetryPeriod,
EnabledControllers: defaultEnabledControllers,
ClusterIssuerAmbientCredentials: defaultClusterIssuerAmbientCredentials,
IssuerAmbientCredentials: defaultIssuerAmbientCredentials,
RenewBeforeExpiryDuration: defaultRenewBeforeExpiryDuration,
DefaultIssuerName: defaultTLSACMEIssuerName,
DefaultIssuerKind: defaultTLSACMEIssuerKind,
DefaultAutoCertificateAnnotations: defaultAutoCertificateAnnotations,
DNS01RecursiveNameservers: []string{},
DNS01RecursiveNameserversOnly: defaultDNS01RecursiveNameserversOnly,
EnableCertificateOwnerRef: defaultEnableCertificateOwnerRef,
}
}
@ -251,11 +253,6 @@ func (s *ControllerOptions) AddFlags(fs *pflag.FlagSet) {
"Name of the Issuer to use when the tls is requested but issuer name is not specified on the ingress resource.")
fs.StringVar(&s.DefaultIssuerKind, "default-issuer-kind", defaultTLSACMEIssuerKind, ""+
"Kind of the Issuer to use when the tls is requested but issuer kind is not specified on the ingress resource.")
fs.StringVar(&s.DefaultACMEIssuerChallengeType, "default-acme-issuer-challenge-type", defaultACMEIssuerChallengeType, ""+
"The ACME challenge type to use when tls is requested for an ACME Issuer but is not specified on the ingress resource.")
fs.StringVar(&s.DefaultACMEIssuerDNS01ProviderName, "default-acme-issuer-dns01-provider-name", defaultACMEIssuerDNS01ProviderName, ""+
"Required if --default-acme-issuer-challenge-type is set to dns01. The DNS01 provider to use for ingresses using ACME dns01 "+
"validation that do not explicitly state a dns provider.")
fs.StringSliceVar(&s.DNS01RecursiveNameservers, "dns01-recursive-nameservers",
[]string{}, "A list of comma seperated dns server endpoints used for "+
"DNS01 check requests. This should be a list containing IP address and "+

8
pkg/controller/context.go
View File

@ -122,11 +122,9 @@ type ACMEOptions struct {
type IngressShimOptions struct {
// Default issuer/certificates details consumed by ingress-shim
DefaultIssuerKind string
DefaultIssuerName string
DefaultACMEIssuerChallengeType string
DefaultACMEIssuerDNS01ProviderName string
DefaultAutoCertificateAnnotations []string
DefaultIssuerKind string
DefaultIssuerName string
DefaultAutoCertificateAnnotations []string
}
type CertificateOptions struct {

8
pkg/controller/ingress-shim/controller.go
View File

@ -42,10 +42,8 @@ const (
)
type defaults struct {
autoCertificateAnnotations []string
issuerName, issuerKind string
acmeIssuerChallengeType string
acmeIssuerDNS01ProviderName string
autoCertificateAnnotations []string
issuerName, issuerKind string
}
type controller struct {
@ -117,8 +115,6 @@ func (c *controller) Register(ctx *controllerpkg.Context) (workqueue.RateLimitin
ctx.DefaultAutoCertificateAnnotations,
ctx.DefaultIssuerName,
ctx.DefaultIssuerKind,
ctx.DefaultACMEIssuerChallengeType,
ctx.DefaultACMEIssuerDNS01ProviderName,
}
return c.queue, mustSync, nil, nil

101
pkg/controller/ingress-shim/sync.go
View File

@ -46,12 +46,6 @@ const (
// created Certificate resource. The Certificate will reference the
// specified *ClusterIssuer* instead of normal issuer.
clusterIssuerNameAnnotation = "certmanager.k8s.io/cluster-issuer"
// acmeIssuerChallengeTypeAnnotation can be used to override the default ACME challenge
// type to be used when the specified issuer is an ACME issuer
acmeIssuerChallengeTypeAnnotation = "certmanager.k8s.io/acme-challenge-type"
// acmeIssuerDNS01ProviderNameAnnotation can be used to override the default dns01 provider
// configured on the issuer if the challenge type is set to dns01
acmeIssuerDNS01ProviderNameAnnotation = "certmanager.k8s.io/acme-dns01-provider"
// acmeIssuerHTTP01IngressClassAnnotation can be used to override the http01 ingressClass
// if the challenge type is set to http01
acmeIssuerHTTP01IngressClassAnnotation = "certmanager.k8s.io/acme-http01-ingress-class"
@ -140,19 +134,6 @@ func (c *controller) Sync(ctx context.Context, ing *extv1beta1.Ingress) error {
func (c *controller) validateIngress(ing *extv1beta1.Ingress) []error {
var errs []error
if ing.Annotations != nil {
challengeType := ing.Annotations[acmeIssuerChallengeTypeAnnotation]
switch challengeType {
case "", "http01":
case "dns01":
providerName := ing.Annotations[acmeIssuerDNS01ProviderNameAnnotation]
if providerName == "" {
errs = append(errs, fmt.Errorf("No acme dns01 challenge provider specified"))
}
default:
errs = append(errs, fmt.Errorf("Invalid acme challenge type specified %q", challengeType))
}
}
for i, tls := range ing.Spec.TLS {
// validate the ingress TLS block
if len(tls.Hosts) == 0 {
@ -304,20 +285,6 @@ func certNeedsUpdate(a, b *v1alpha1.Certificate) bool {
return true
}
var configA, configB []v1alpha1.DomainSolverConfig
if a.Spec.ACME != nil {
configA = a.Spec.ACME.Config
}
if b.Spec.ACME != nil {
configB = b.Spec.ACME.Config
}
if !reflect.DeepEqual(configA, configB) {
return true
}
return false
}
@ -345,68 +312,6 @@ func (c *controller) setIssuerSpecificConfig(crt *v1alpha1.Certificate, issuer v
crt.Annotations[v1alpha1.ACMECertificateHTTP01IngressClassOverride] = ingressClassVal
}
if issuer.GetSpec().ACME != nil {
challengeType, ok := ingAnnotations[acmeIssuerChallengeTypeAnnotation]
if !ok {
challengeType = c.defaults.acmeIssuerChallengeType
}
domainCfg := v1alpha1.DomainSolverConfig{
Domains: tls.Hosts,
}
switch challengeType {
case "http01":
editInPlaceVal, ok := ingAnnotations[editInPlaceAnnotation]
editInPlace := editInPlaceVal == "true"
// If the HTTP01 issuer is not enabled, skip setting the ACME field
// on the Certificate resource.
if issuer.GetSpec().ACME.HTTP01 == nil {
if editInPlace {
c.recorder.Eventf(ing, corev1.EventTypeWarning, "Unsupported", "%s annotation cannot be enabled when using new format solver type. "+
"Re-enable the old format HTTP01 solver, or otherwise create a specific HTTP01 solver for this Ingress.", editInPlaceAnnotation)
}
crt.Spec.ACME = nil
return nil
}
domainCfg.HTTP01 = &v1alpha1.HTTP01SolverConfig{}
// If annotation isn't present, or it's set to true, edit the existing ingress
if ok && editInPlace {
domainCfg.HTTP01.Ingress = ing.Name
} else {
ingressClass, ok := ingAnnotations[acmeIssuerHTTP01IngressClassAnnotation]
if ok {
domainCfg.HTTP01.IngressClass = &ingressClass
} else {
ingressClass, ok := ingAnnotations[ingressClassAnnotation]
if ok {
domainCfg.HTTP01.IngressClass = &ingressClass
}
}
}
case "dns01":
// If the DNS01 issuer is not enabled, skip setting the ACME field
// on the Certificate resource.
if issuer.GetSpec().ACME.DNS01 == nil {
crt.Spec.ACME = nil
return nil
}
dnsProvider, ok := ingAnnotations[acmeIssuerDNS01ProviderNameAnnotation]
if !ok {
dnsProvider = c.defaults.acmeIssuerDNS01ProviderName
}
if dnsProvider == "" {
return fmt.Errorf("no acme issuer dns01 challenge provider specified")
}
domainCfg.DNS01 = &v1alpha1.DNS01SolverConfig{Provider: dnsProvider}
// If no challenge type is specified, don't set the ACME field at all
// and instead rely on the 'new API format' to provide solver config.
case "":
crt.Spec.ACME = nil
return nil
default:
return fmt.Errorf("invalid acme issuer challenge type specified %q", challengeType)
}
crt.Spec.ACME = &v1alpha1.ACMECertificateConfig{Config: []v1alpha1.DomainSolverConfig{domainCfg}}
}
return nil
}
@ -430,12 +335,6 @@ func shouldSync(ing *extv1beta1.Ingress, autoCertificateAnnotations []string) bo
}
}
}
if _, ok := annotations[acmeIssuerChallengeTypeAnnotation]; ok {
return true
}
if _, ok := annotations[acmeIssuerDNS01ProviderNameAnnotation]; ok {
return true
}
return false
}

454
pkg/controller/ingress-shim/sync_test.go
View File

@ -34,10 +34,6 @@ import (
const testAcmeTLSAnnotation = "kubernetes.io/tls-acme"
func strPtr(s string) *string {
return &s
}
func TestShouldSync(t *testing.T) {
type testT struct {
Annotations map[string]string
@ -64,14 +60,6 @@ func TestShouldSync(t *testing.T) {
Annotations: map[string]string{testAcmeTLSAnnotation: ""},
ShouldSync: false,
},
{
Annotations: map[string]string{acmeIssuerChallengeTypeAnnotation: ""},
ShouldSync: true,
},
{
Annotations: map[string]string{acmeIssuerDNS01ProviderNameAnnotation: ""},
ShouldSync: true,
},
{
ShouldSync: false,
},
@ -89,15 +77,9 @@ func TestSync(t *testing.T) {
acmeIssuerNewFormat := gen.Issuer("issuer-name",
gen.SetIssuerACME(v1alpha1.ACMEIssuer{}))
acmeIssuer := gen.Issuer("issuer-name",
gen.SetIssuerACME(v1alpha1.ACMEIssuer{
HTTP01: &v1alpha1.ACMEIssuerHTTP01Config{},
DNS01: &v1alpha1.ACMEIssuerDNS01Config{},
}))
gen.SetIssuerACME(v1alpha1.ACMEIssuer{}))
acmeClusterIssuer := gen.ClusterIssuer("issuer-name",
gen.SetIssuerACME(v1alpha1.ACMEIssuer{
HTTP01: &v1alpha1.ACMEIssuerHTTP01Config{},
DNS01: &v1alpha1.ACMEIssuerDNS01Config{},
}))
gen.SetIssuerACME(v1alpha1.ACMEIssuer{}))
type testT struct {
Name string
Ingress *extv1beta1.Ingress
@ -124,9 +106,8 @@ func TestSync(t *testing.T) {
"my-test-label": "should be copied",
},
Annotations: map[string]string{
clusterIssuerNameAnnotation: "issuer-name",
acmeIssuerChallengeTypeAnnotation: "http01",
editInPlaceAnnotation: "true",
clusterIssuerNameAnnotation: "issuer-name",
editInPlaceAnnotation: "true",
},
UID: types.UID("ingress-name"),
},
@ -160,18 +141,6 @@ func TestSync(t *testing.T) {
Name: "issuer-name",
Kind: "ClusterIssuer",
},
ACME: &v1alpha1.ACMECertificateConfig{
Config: []v1alpha1.DomainSolverConfig{
{
Domains: []string{"example.com", "www.example.com"},
SolverConfig: v1alpha1.SolverConfig{
HTTP01: &v1alpha1.HTTP01SolverConfig{
Ingress: "ingress-name",
},
},
},
},
},
},
},
},
@ -234,8 +203,7 @@ func TestSync(t *testing.T) {
Name: "ingress-name",
Namespace: gen.DefaultTestNamespace,
Annotations: map[string]string{
clusterIssuerNameAnnotation: "issuer-name",
acmeIssuerChallengeTypeAnnotation: "http01",
clusterIssuerNameAnnotation: "issuer-name",
},
UID: types.UID("ingress-name"),
},
@ -263,16 +231,6 @@ func TestSync(t *testing.T) {
Name: "issuer-name",
Kind: "ClusterIssuer",
},
ACME: &v1alpha1.ACMECertificateConfig{
Config: []v1alpha1.DomainSolverConfig{
{
Domains: []string{"example.com", "www.example.com"},
SolverConfig: v1alpha1.SolverConfig{
HTTP01: &v1alpha1.HTTP01SolverConfig{},
},
},
},
},
},
},
},
@ -285,9 +243,8 @@ func TestSync(t *testing.T) {
Name: "ingress-name",
Namespace: gen.DefaultTestNamespace,
Annotations: map[string]string{
clusterIssuerNameAnnotation: "issuer-name",
acmeIssuerChallengeTypeAnnotation: "http01",
ingressClassAnnotation: "nginx-ing",
clusterIssuerNameAnnotation: "issuer-name",
ingressClassAnnotation: "nginx-ing",
},
UID: types.UID("ingress-name"),
},
@ -315,18 +272,6 @@ func TestSync(t *testing.T) {
Name: "issuer-name",
Kind: "ClusterIssuer",
},
ACME: &v1alpha1.ACMECertificateConfig{
Config: []v1alpha1.DomainSolverConfig{
{
Domains: []string{"example.com", "www.example.com"},
SolverConfig: v1alpha1.SolverConfig{
HTTP01: &v1alpha1.HTTP01SolverConfig{
IngressClass: strPtr("nginx-ing"),
},
},
},
},
},
},
},
},
@ -340,7 +285,6 @@ func TestSync(t *testing.T) {
Namespace: gen.DefaultTestNamespace,
Annotations: map[string]string{
clusterIssuerNameAnnotation: "issuer-name",
acmeIssuerChallengeTypeAnnotation: "http01",
acmeIssuerHTTP01IngressClassAnnotation: "cert-ing",
ingressClassAnnotation: "nginx-ing",
},
@ -373,18 +317,6 @@ func TestSync(t *testing.T) {
Name: "issuer-name",
Kind: "ClusterIssuer",
},
ACME: &v1alpha1.ACMECertificateConfig{
Config: []v1alpha1.DomainSolverConfig{
{
Domains: []string{"example.com", "www.example.com"},
SolverConfig: v1alpha1.SolverConfig{
HTTP01: &v1alpha1.HTTP01SolverConfig{
IngressClass: strPtr("cert-ing"),
},
},
},
},
},
},
},
},
@ -397,10 +329,9 @@ func TestSync(t *testing.T) {
Name: "ingress-name",
Namespace: gen.DefaultTestNamespace,
Annotations: map[string]string{
clusterIssuerNameAnnotation: "issuer-name",
acmeIssuerChallengeTypeAnnotation: "http01",
ingressClassAnnotation: "nginx-ing",
editInPlaceAnnotation: "false",
clusterIssuerNameAnnotation: "issuer-name",
ingressClassAnnotation: "nginx-ing",
editInPlaceAnnotation: "false",
},
UID: types.UID("ingress-name"),
},
@ -428,130 +359,14 @@ func TestSync(t *testing.T) {
Name: "issuer-name",
Kind: "ClusterIssuer",
},
ACME: &v1alpha1.ACMECertificateConfig{
Config: []v1alpha1.DomainSolverConfig{
{
Domains: []string{"example.com", "www.example.com"},
SolverConfig: v1alpha1.SolverConfig{
HTTP01: &v1alpha1.HTTP01SolverConfig{
IngressClass: strPtr("nginx-ing"),
},
},
},
},
},
},
},
},
},
{
Name: "should error when an ingress specifies dns01 challenge type but no challenge provider",
Name: "return a single DNS01 Certificate for an ingress with a single valid TLS entry",
Issuer: acmeClusterIssuer,
Err: true,
Ingress: &extv1beta1.Ingress{
ObjectMeta: metav1.ObjectMeta{
Name: "ingress-name",
Namespace: gen.DefaultTestNamespace,
Annotations: map[string]string{
clusterIssuerNameAnnotation: "issuer-name",
acmeIssuerChallengeTypeAnnotation: "dns01",
},
UID: types.UID("ingress-name"),
},
Spec: extv1beta1.IngressSpec{
TLS: []extv1beta1.IngressTLS{
{
Hosts: []string{"example.com", "www.example.com"},
SecretName: "example-com-tls",
},
},
},
},
ClusterIssuerLister: []runtime.Object{acmeClusterIssuer},
},
{
Name: "should error when an invalid ACME challenge type is specified",
Issuer: acmeClusterIssuer,
Err: true,
Ingress: &extv1beta1.Ingress{
ObjectMeta: metav1.ObjectMeta{
Name: "ingress-name",
Namespace: gen.DefaultTestNamespace,
Annotations: map[string]string{
clusterIssuerNameAnnotation: "issuer-name",
acmeIssuerChallengeTypeAnnotation: "invalid-challenge-type",
},
UID: types.UID("ingress-name"),
},
Spec: extv1beta1.IngressSpec{
TLS: []extv1beta1.IngressTLS{
{
Hosts: []string{"example.com", "www.example.com"},
SecretName: "example-com-tls",
},
},
},
},
ClusterIssuerLister: []runtime.Object{acmeClusterIssuer},
},
{
Name: "return a single DNS01 Certificate for an ingress with a single valid TLS entry and DNS01 annotations",
Issuer: acmeClusterIssuer,
Err: true,
Ingress: &extv1beta1.Ingress{
ObjectMeta: metav1.ObjectMeta{
Name: "ingress-name",
Namespace: gen.DefaultTestNamespace,
Annotations: map[string]string{
clusterIssuerNameAnnotation: "issuer-name",
acmeIssuerChallengeTypeAnnotation: "dns01",
acmeIssuerDNS01ProviderNameAnnotation: "fake-dns",
},
UID: types.UID("ingress-name"),
},
Spec: extv1beta1.IngressSpec{
TLS: []extv1beta1.IngressTLS{
{
Hosts: []string{"example.com", "www.example.com"},
SecretName: "example-com-tls",
},
},
},
},
ClusterIssuerLister: []runtime.Object{acmeClusterIssuer},
ExpectedCreate: []*v1alpha1.Certificate{
{
ObjectMeta: metav1.ObjectMeta{
Name: "example-com-tls",
Namespace: gen.DefaultTestNamespace,
OwnerReferences: buildOwnerReferences("ingress-name", gen.DefaultTestNamespace),
},
Spec: v1alpha1.CertificateSpec{
DNSNames: []string{"example.com", "www.example.com"},
SecretName: "example-com-tls",
IssuerRef: v1alpha1.ObjectReference{
Name: "issuer-name",
Kind: "ClusterIssuer",
},
ACME: &v1alpha1.ACMECertificateConfig{
Config: []v1alpha1.DomainSolverConfig{
{
Domains: []string{"example.com", "www.example.com"},
SolverConfig: v1alpha1.SolverConfig{
DNS01: &v1alpha1.DNS01SolverConfig{
Provider: "fake-dns",
},
},
},
},
},
},
},
},
},
{
Name: "should return a certificate without the acme field set when no challenge type is provided",
Issuer: acmeClusterIssuer,
Ingress: &extv1beta1.Ingress{
ObjectMeta: metav1.ObjectMeta{
Name: "ingress-name",
@ -700,8 +515,7 @@ func TestSync(t *testing.T) {
Name: "ingress-name",
Namespace: gen.DefaultTestNamespace,
Annotations: map[string]string{
issuerNameAnnotation: "issuer-name",
acmeIssuerChallengeTypeAnnotation: "http01",
issuerNameAnnotation: "issuer-name",
},
UID: types.UID("ingress-name"),
},
@ -728,18 +542,6 @@ func TestSync(t *testing.T) {
Name: "issuer-name",
Kind: "Issuer",
},
ACME: &v1alpha1.ACMECertificateConfig{
Config: []v1alpha1.DomainSolverConfig{
{
Domains: []string{"example.com"},
SolverConfig: v1alpha1.SolverConfig{
HTTP01: &v1alpha1.HTTP01SolverConfig{
Ingress: "",
},
},
},
},
},
},
},
},
@ -753,8 +555,7 @@ func TestSync(t *testing.T) {
Name: "ingress-name",
Namespace: gen.DefaultTestNamespace,
Annotations: map[string]string{
issuerNameAnnotation: "issuer-name",
acmeIssuerChallengeTypeAnnotation: "http01",
issuerNameAnnotation: "issuer-name",
},
UID: types.UID("ingress-name"),
},
@ -788,174 +589,6 @@ func TestSync(t *testing.T) {
Name: "issuer-name",
Kind: "Issuer",
},
ACME: &v1alpha1.ACMECertificateConfig{
Config: []v1alpha1.DomainSolverConfig{
{
Domains: []string{"example.com"},
SolverConfig: v1alpha1.SolverConfig{
HTTP01: &v1alpha1.HTTP01SolverConfig{
Ingress: "",
},
},
},
},
},
},
},
},
},
{
Name: "should update a certificate's config if an incorrect Certificate exists",
Issuer: acmeIssuer,
IssuerLister: []runtime.Object{acmeIssuer},
Ingress: &extv1beta1.Ingress{
ObjectMeta: metav1.ObjectMeta{
Name: "ingress-name",
Namespace: gen.DefaultTestNamespace,
Annotations: map[string]string{
issuerNameAnnotation: "issuer-name",
acmeIssuerChallengeTypeAnnotation: "http01",
ingressClassAnnotation: "toot-ing",
},
UID: types.UID("ingress-name"),
},
Spec: extv1beta1.IngressSpec{
TLS: []extv1beta1.IngressTLS{
{
Hosts: []string{"example.com"},
SecretName: "existing-crt",
},
},
},
},
CertificateLister: []runtime.Object{
&v1alpha1.Certificate{
ObjectMeta: metav1.ObjectMeta{
Name: "existing-crt",
Namespace: gen.DefaultTestNamespace,
OwnerReferences: buildOwnerReferences("ingress-name", gen.DefaultTestNamespace),
},
Spec: v1alpha1.CertificateSpec{
DNSNames: []string{"example.com"},
SecretName: "existing-crt",
IssuerRef: v1alpha1.ObjectReference{
Name: "issuer-name",
Kind: "Issuer",
},
ACME: &v1alpha1.ACMECertificateConfig{
Config: []v1alpha1.DomainSolverConfig{
{
Domains: []string{"wrong-example.com"},
SolverConfig: v1alpha1.SolverConfig{
HTTP01: &v1alpha1.HTTP01SolverConfig{
Ingress: "wrong-ingress",
},
},
},
},
},
},
},
},
ExpectedUpdate: []*v1alpha1.Certificate{
{
ObjectMeta: metav1.ObjectMeta{
Name: "existing-crt",
Namespace: gen.DefaultTestNamespace,
OwnerReferences: buildOwnerReferences("ingress-name", gen.DefaultTestNamespace),
},
Spec: v1alpha1.CertificateSpec{
DNSNames: []string{"example.com"},
SecretName: "existing-crt",
IssuerRef: v1alpha1.ObjectReference{
Name: "issuer-name",
Kind: "Issuer",
},
ACME: &v1alpha1.ACMECertificateConfig{
Config: []v1alpha1.DomainSolverConfig{
{
Domains: []string{"example.com"},
SolverConfig: v1alpha1.SolverConfig{
HTTP01: &v1alpha1.HTTP01SolverConfig{
Ingress: "",
IngressClass: strPtr("toot-ing"),
},
},
},
},
},
},
},
},
},
{
Name: "should update a Certificate correctly if an existing one of a different type exists",
Issuer: acmeIssuer,
IssuerLister: []runtime.Object{acmeIssuer},
Ingress: &extv1beta1.Ingress{
ObjectMeta: metav1.ObjectMeta{
Name: "ingress-name",
Namespace: gen.DefaultTestNamespace,
Annotations: map[string]string{
issuerNameAnnotation: "issuer-name",
acmeIssuerChallengeTypeAnnotation: "http01",
ingressClassAnnotation: "toot-ing",
},
UID: types.UID("ingress-name"),
},
Spec: extv1beta1.IngressSpec{
TLS: []extv1beta1.IngressTLS{
{
Hosts: []string{"example.com"},
SecretName: "existing-crt",
},
},
},
},
CertificateLister: []runtime.Object{
&v1alpha1.Certificate{
ObjectMeta: metav1.ObjectMeta{
Name: "existing-crt",
Namespace: gen.DefaultTestNamespace,
OwnerReferences: buildOwnerReferences("ingress-name", gen.DefaultTestNamespace),
},
Spec: v1alpha1.CertificateSpec{
DNSNames: []string{"example.com"},
SecretName: "existing-crt",
IssuerRef: v1alpha1.ObjectReference{
Name: "issuer-name",
Kind: "Issuer",
},
},
},
},
ExpectedUpdate: []*v1alpha1.Certificate{
{
ObjectMeta: metav1.ObjectMeta{
Name: "existing-crt",
Namespace: gen.DefaultTestNamespace,
OwnerReferences: buildOwnerReferences("ingress-name", gen.DefaultTestNamespace),
},
Spec: v1alpha1.CertificateSpec{
DNSNames: []string{"example.com"},
SecretName: "existing-crt",
IssuerRef: v1alpha1.ObjectReference{
Name: "issuer-name",
Kind: "Issuer",
},
ACME: &v1alpha1.ACMECertificateConfig{
Config: []v1alpha1.DomainSolverConfig{
{
Domains: []string{"example.com"},
SolverConfig: v1alpha1.SolverConfig{
HTTP01: &v1alpha1.HTTP01SolverConfig{
Ingress: "",
IngressClass: strPtr("toot-ing"),
},
},
},
},
},
},
},
},
@ -1035,9 +668,8 @@ func TestSync(t *testing.T) {
Name: "ingress-name",
Namespace: gen.DefaultTestNamespace,
Annotations: map[string]string{
issuerNameAnnotation: "issuer-name",
acmeIssuerChallengeTypeAnnotation: "http01",
ingressClassAnnotation: "toot-ing",
issuerNameAnnotation: "issuer-name",
ingressClassAnnotation: "toot-ing",
},
UID: types.UID("ingress-name"),
},
@ -1064,18 +696,6 @@ func TestSync(t *testing.T) {
Name: "issuer-name",
Kind: "Issuer",
},
ACME: &v1alpha1.ACMECertificateConfig{
Config: []v1alpha1.DomainSolverConfig{
{
Domains: []string{"example.com"},
SolverConfig: v1alpha1.SolverConfig{
HTTP01: &v1alpha1.HTTP01SolverConfig{
Ingress: "",
},
},
},
},
},
},
},
},
@ -1089,9 +709,8 @@ func TestSync(t *testing.T) {
Name: "ingress-name",
Namespace: gen.DefaultTestNamespace,
Annotations: map[string]string{
issuerNameAnnotation: "issuer-name",
acmeIssuerChallengeTypeAnnotation: "http01",
ingressClassAnnotation: "toot-ing",
issuerNameAnnotation: "issuer-name",
ingressClassAnnotation: "toot-ing",
},
UID: types.UID("ingress-name"),
},
@ -1118,18 +737,6 @@ func TestSync(t *testing.T) {
Name: "issuer-name",
Kind: "Issuer",
},
ACME: &v1alpha1.ACMECertificateConfig{
Config: []v1alpha1.DomainSolverConfig{
{
Domains: []string{"example.com"},
SolverConfig: v1alpha1.SolverConfig{
HTTP01: &v1alpha1.HTTP01SolverConfig{
Ingress: "",
},
},
},
},
},
},
},
},
@ -1143,8 +750,7 @@ func TestSync(t *testing.T) {
Name: "ingress-name",
Namespace: gen.DefaultTestNamespace,
Annotations: map[string]string{
issuerNameAnnotation: "issuer-name",
acmeIssuerChallengeTypeAnnotation: "http01",
issuerNameAnnotation: "issuer-name",
},
UID: types.UID("ingress-name"),
},
@ -1163,18 +769,6 @@ func TestSync(t *testing.T) {
Name: "issuer-name",
Kind: "Issuer",
},
ACME: &v1alpha1.ACMECertificateConfig{
Config: []v1alpha1.DomainSolverConfig{
{
Domains: []string{"example.com"},
SolverConfig: v1alpha1.SolverConfig{
HTTP01: &v1alpha1.HTTP01SolverConfig{
Ingress: "",
},
},
},
},
},
},
},
},
@ -1192,18 +786,6 @@ func TestSync(t *testing.T) {
Name: "issuer-name",
Kind: "Issuer",
},
ACME: &v1alpha1.ACMECertificateConfig{
Config: []v1alpha1.DomainSolverConfig{
{
Domains: []string{"example.com"},
SolverConfig: v1alpha1.SolverConfig{
HTTP01: &v1alpha1.HTTP01SolverConfig{
Ingress: "",
},
},
},
},
},
},
},
},