From bc61194709e1d6bd237b48fb435f60bcddccefbb Mon Sep 17 00:00:00 2001 From: James Munnelly Date: Thu, 19 Sep 2019 13:04:19 +0100 Subject: [PATCH] Remove deprecated code from ingress-shim controller Signed-off-by: James Munnelly --- cmd/controller/app/controller.go | 8 +- cmd/controller/app/options/options.go | 57 ++- pkg/controller/context.go | 8 +- pkg/controller/ingress-shim/controller.go | 8 +- pkg/controller/ingress-shim/sync.go | 101 ----- pkg/controller/ingress-shim/sync_test.go | 454 +--------------------- 6 files changed, 53 insertions(+), 583 deletions(-) diff --git a/cmd/controller/app/controller.go b/cmd/controller/app/controller.go index 0bb517b62..4dbf9ab6b 100644 --- a/cmd/controller/app/controller.go +++ b/cmd/controller/app/controller.go @@ -242,11 +242,9 @@ func buildControllerContext(ctx context.Context, stopCh <-chan struct{}, opts *o RenewBeforeExpiryDuration: opts.RenewBeforeExpiryDuration, }, IngressShimOptions: controller.IngressShimOptions{ - DefaultIssuerName: opts.DefaultIssuerName, - DefaultIssuerKind: opts.DefaultIssuerKind, - DefaultAutoCertificateAnnotations: opts.DefaultAutoCertificateAnnotations, - DefaultACMEIssuerChallengeType: opts.DefaultACMEIssuerChallengeType, - DefaultACMEIssuerDNS01ProviderName: opts.DefaultACMEIssuerDNS01ProviderName, + DefaultIssuerName: opts.DefaultIssuerName, + DefaultIssuerKind: opts.DefaultIssuerKind, + DefaultAutoCertificateAnnotations: opts.DefaultAutoCertificateAnnotations, }, CertificateOptions: controller.CertificateOptions{ EnableOwnerRef: opts.EnableCertificateOwnerRef, diff --git a/cmd/controller/app/options/options.go b/cmd/controller/app/options/options.go index 4972e7cee..15bac51a6 100644 --- a/cmd/controller/app/options/options.go +++ b/cmd/controller/app/options/options.go @@ -59,11 +59,9 @@ type ControllerOptions struct { RenewBeforeExpiryDuration time.Duration // Default issuer/certificates details consumed by ingress-shim - DefaultIssuerName string - DefaultIssuerKind string - DefaultAutoCertificateAnnotations []string - DefaultACMEIssuerChallengeType string - DefaultACMEIssuerDNS01ProviderName string + DefaultIssuerName string + DefaultIssuerKind string + DefaultAutoCertificateAnnotations []string // Allows specifying a list of custom nameservers to perform DNS checks on. DNS01RecursiveNameservers []string @@ -156,31 +154,35 @@ var ( orderscontroller.ControllerName, challengescontroller.ControllerName, webhookbootstrap.ControllerName, + cracmecontroller.CRControllerName, + crcacontroller.CRControllerName, + crselfsignedcontroller.CRControllerName, + crvaultcontroller.CRControllerName, + crvenaficontroller.CRControllerName, + certificatescontroller.ControllerName, } ) func NewControllerOptions() *ControllerOptions { return &ControllerOptions{ - APIServerHost: defaultAPIServerHost, - ClusterResourceNamespace: defaultClusterResourceNamespace, - Namespace: defaultNamespace, - LeaderElect: defaultLeaderElect, - LeaderElectionNamespace: defaultLeaderElectionNamespace, - LeaderElectionLeaseDuration: defaultLeaderElectionLeaseDuration, - LeaderElectionRenewDeadline: defaultLeaderElectionRenewDeadline, - LeaderElectionRetryPeriod: defaultLeaderElectionRetryPeriod, - EnabledControllers: defaultEnabledControllers, - ClusterIssuerAmbientCredentials: defaultClusterIssuerAmbientCredentials, - IssuerAmbientCredentials: defaultIssuerAmbientCredentials, - RenewBeforeExpiryDuration: defaultRenewBeforeExpiryDuration, - DefaultIssuerName: defaultTLSACMEIssuerName, - DefaultIssuerKind: defaultTLSACMEIssuerKind, - DefaultAutoCertificateAnnotations: defaultAutoCertificateAnnotations, - DefaultACMEIssuerChallengeType: defaultACMEIssuerChallengeType, - DefaultACMEIssuerDNS01ProviderName: defaultACMEIssuerDNS01ProviderName, - DNS01RecursiveNameservers: []string{}, - DNS01RecursiveNameserversOnly: defaultDNS01RecursiveNameserversOnly, - EnableCertificateOwnerRef: defaultEnableCertificateOwnerRef, + APIServerHost: defaultAPIServerHost, + ClusterResourceNamespace: defaultClusterResourceNamespace, + Namespace: defaultNamespace, + LeaderElect: defaultLeaderElect, + LeaderElectionNamespace: defaultLeaderElectionNamespace, + LeaderElectionLeaseDuration: defaultLeaderElectionLeaseDuration, + LeaderElectionRenewDeadline: defaultLeaderElectionRenewDeadline, + LeaderElectionRetryPeriod: defaultLeaderElectionRetryPeriod, + EnabledControllers: defaultEnabledControllers, + ClusterIssuerAmbientCredentials: defaultClusterIssuerAmbientCredentials, + IssuerAmbientCredentials: defaultIssuerAmbientCredentials, + RenewBeforeExpiryDuration: defaultRenewBeforeExpiryDuration, + DefaultIssuerName: defaultTLSACMEIssuerName, + DefaultIssuerKind: defaultTLSACMEIssuerKind, + DefaultAutoCertificateAnnotations: defaultAutoCertificateAnnotations, + DNS01RecursiveNameservers: []string{}, + DNS01RecursiveNameserversOnly: defaultDNS01RecursiveNameserversOnly, + EnableCertificateOwnerRef: defaultEnableCertificateOwnerRef, } } @@ -251,11 +253,6 @@ func (s *ControllerOptions) AddFlags(fs *pflag.FlagSet) { "Name of the Issuer to use when the tls is requested but issuer name is not specified on the ingress resource.") fs.StringVar(&s.DefaultIssuerKind, "default-issuer-kind", defaultTLSACMEIssuerKind, ""+ "Kind of the Issuer to use when the tls is requested but issuer kind is not specified on the ingress resource.") - fs.StringVar(&s.DefaultACMEIssuerChallengeType, "default-acme-issuer-challenge-type", defaultACMEIssuerChallengeType, ""+ - "The ACME challenge type to use when tls is requested for an ACME Issuer but is not specified on the ingress resource.") - fs.StringVar(&s.DefaultACMEIssuerDNS01ProviderName, "default-acme-issuer-dns01-provider-name", defaultACMEIssuerDNS01ProviderName, ""+ - "Required if --default-acme-issuer-challenge-type is set to dns01. The DNS01 provider to use for ingresses using ACME dns01 "+ - "validation that do not explicitly state a dns provider.") fs.StringSliceVar(&s.DNS01RecursiveNameservers, "dns01-recursive-nameservers", []string{}, "A list of comma seperated dns server endpoints used for "+ "DNS01 check requests. This should be a list containing IP address and "+ diff --git a/pkg/controller/context.go b/pkg/controller/context.go index e860df0fb..316949e50 100644 --- a/pkg/controller/context.go +++ b/pkg/controller/context.go @@ -122,11 +122,9 @@ type ACMEOptions struct { type IngressShimOptions struct { // Default issuer/certificates details consumed by ingress-shim - DefaultIssuerKind string - DefaultIssuerName string - DefaultACMEIssuerChallengeType string - DefaultACMEIssuerDNS01ProviderName string - DefaultAutoCertificateAnnotations []string + DefaultIssuerKind string + DefaultIssuerName string + DefaultAutoCertificateAnnotations []string } type CertificateOptions struct { diff --git a/pkg/controller/ingress-shim/controller.go b/pkg/controller/ingress-shim/controller.go index 2f33be699..dba6b2483 100644 --- a/pkg/controller/ingress-shim/controller.go +++ b/pkg/controller/ingress-shim/controller.go @@ -42,10 +42,8 @@ const ( ) type defaults struct { - autoCertificateAnnotations []string - issuerName, issuerKind string - acmeIssuerChallengeType string - acmeIssuerDNS01ProviderName string + autoCertificateAnnotations []string + issuerName, issuerKind string } type controller struct { @@ -117,8 +115,6 @@ func (c *controller) Register(ctx *controllerpkg.Context) (workqueue.RateLimitin ctx.DefaultAutoCertificateAnnotations, ctx.DefaultIssuerName, ctx.DefaultIssuerKind, - ctx.DefaultACMEIssuerChallengeType, - ctx.DefaultACMEIssuerDNS01ProviderName, } return c.queue, mustSync, nil, nil diff --git a/pkg/controller/ingress-shim/sync.go b/pkg/controller/ingress-shim/sync.go index 354f5fd47..986f4469f 100644 --- a/pkg/controller/ingress-shim/sync.go +++ b/pkg/controller/ingress-shim/sync.go @@ -46,12 +46,6 @@ const ( // created Certificate resource. The Certificate will reference the // specified *ClusterIssuer* instead of normal issuer. clusterIssuerNameAnnotation = "certmanager.k8s.io/cluster-issuer" - // acmeIssuerChallengeTypeAnnotation can be used to override the default ACME challenge - // type to be used when the specified issuer is an ACME issuer - acmeIssuerChallengeTypeAnnotation = "certmanager.k8s.io/acme-challenge-type" - // acmeIssuerDNS01ProviderNameAnnotation can be used to override the default dns01 provider - // configured on the issuer if the challenge type is set to dns01 - acmeIssuerDNS01ProviderNameAnnotation = "certmanager.k8s.io/acme-dns01-provider" // acmeIssuerHTTP01IngressClassAnnotation can be used to override the http01 ingressClass // if the challenge type is set to http01 acmeIssuerHTTP01IngressClassAnnotation = "certmanager.k8s.io/acme-http01-ingress-class" @@ -140,19 +134,6 @@ func (c *controller) Sync(ctx context.Context, ing *extv1beta1.Ingress) error { func (c *controller) validateIngress(ing *extv1beta1.Ingress) []error { var errs []error - if ing.Annotations != nil { - challengeType := ing.Annotations[acmeIssuerChallengeTypeAnnotation] - switch challengeType { - case "", "http01": - case "dns01": - providerName := ing.Annotations[acmeIssuerDNS01ProviderNameAnnotation] - if providerName == "" { - errs = append(errs, fmt.Errorf("No acme dns01 challenge provider specified")) - } - default: - errs = append(errs, fmt.Errorf("Invalid acme challenge type specified %q", challengeType)) - } - } for i, tls := range ing.Spec.TLS { // validate the ingress TLS block if len(tls.Hosts) == 0 { @@ -304,20 +285,6 @@ func certNeedsUpdate(a, b *v1alpha1.Certificate) bool { return true } - var configA, configB []v1alpha1.DomainSolverConfig - - if a.Spec.ACME != nil { - configA = a.Spec.ACME.Config - } - - if b.Spec.ACME != nil { - configB = b.Spec.ACME.Config - } - - if !reflect.DeepEqual(configA, configB) { - return true - } - return false } @@ -345,68 +312,6 @@ func (c *controller) setIssuerSpecificConfig(crt *v1alpha1.Certificate, issuer v crt.Annotations[v1alpha1.ACMECertificateHTTP01IngressClassOverride] = ingressClassVal } - if issuer.GetSpec().ACME != nil { - challengeType, ok := ingAnnotations[acmeIssuerChallengeTypeAnnotation] - if !ok { - challengeType = c.defaults.acmeIssuerChallengeType - } - domainCfg := v1alpha1.DomainSolverConfig{ - Domains: tls.Hosts, - } - switch challengeType { - case "http01": - editInPlaceVal, ok := ingAnnotations[editInPlaceAnnotation] - editInPlace := editInPlaceVal == "true" - // If the HTTP01 issuer is not enabled, skip setting the ACME field - // on the Certificate resource. - if issuer.GetSpec().ACME.HTTP01 == nil { - if editInPlace { - c.recorder.Eventf(ing, corev1.EventTypeWarning, "Unsupported", "%s annotation cannot be enabled when using new format solver type. "+ - "Re-enable the old format HTTP01 solver, or otherwise create a specific HTTP01 solver for this Ingress.", editInPlaceAnnotation) - } - crt.Spec.ACME = nil - return nil - } - domainCfg.HTTP01 = &v1alpha1.HTTP01SolverConfig{} - // If annotation isn't present, or it's set to true, edit the existing ingress - if ok && editInPlace { - domainCfg.HTTP01.Ingress = ing.Name - } else { - ingressClass, ok := ingAnnotations[acmeIssuerHTTP01IngressClassAnnotation] - if ok { - domainCfg.HTTP01.IngressClass = &ingressClass - } else { - ingressClass, ok := ingAnnotations[ingressClassAnnotation] - if ok { - domainCfg.HTTP01.IngressClass = &ingressClass - } - } - } - case "dns01": - // If the DNS01 issuer is not enabled, skip setting the ACME field - // on the Certificate resource. - if issuer.GetSpec().ACME.DNS01 == nil { - crt.Spec.ACME = nil - return nil - } - dnsProvider, ok := ingAnnotations[acmeIssuerDNS01ProviderNameAnnotation] - if !ok { - dnsProvider = c.defaults.acmeIssuerDNS01ProviderName - } - if dnsProvider == "" { - return fmt.Errorf("no acme issuer dns01 challenge provider specified") - } - domainCfg.DNS01 = &v1alpha1.DNS01SolverConfig{Provider: dnsProvider} - // If no challenge type is specified, don't set the ACME field at all - // and instead rely on the 'new API format' to provide solver config. - case "": - crt.Spec.ACME = nil - return nil - default: - return fmt.Errorf("invalid acme issuer challenge type specified %q", challengeType) - } - crt.Spec.ACME = &v1alpha1.ACMECertificateConfig{Config: []v1alpha1.DomainSolverConfig{domainCfg}} - } return nil } @@ -430,12 +335,6 @@ func shouldSync(ing *extv1beta1.Ingress, autoCertificateAnnotations []string) bo } } } - if _, ok := annotations[acmeIssuerChallengeTypeAnnotation]; ok { - return true - } - if _, ok := annotations[acmeIssuerDNS01ProviderNameAnnotation]; ok { - return true - } return false } diff --git a/pkg/controller/ingress-shim/sync_test.go b/pkg/controller/ingress-shim/sync_test.go index a6c349cec..1c0d0d7ad 100644 --- a/pkg/controller/ingress-shim/sync_test.go +++ b/pkg/controller/ingress-shim/sync_test.go @@ -34,10 +34,6 @@ import ( const testAcmeTLSAnnotation = "kubernetes.io/tls-acme" -func strPtr(s string) *string { - return &s -} - func TestShouldSync(t *testing.T) { type testT struct { Annotations map[string]string @@ -64,14 +60,6 @@ func TestShouldSync(t *testing.T) { Annotations: map[string]string{testAcmeTLSAnnotation: ""}, ShouldSync: false, }, - { - Annotations: map[string]string{acmeIssuerChallengeTypeAnnotation: ""}, - ShouldSync: true, - }, - { - Annotations: map[string]string{acmeIssuerDNS01ProviderNameAnnotation: ""}, - ShouldSync: true, - }, { ShouldSync: false, }, @@ -89,15 +77,9 @@ func TestSync(t *testing.T) { acmeIssuerNewFormat := gen.Issuer("issuer-name", gen.SetIssuerACME(v1alpha1.ACMEIssuer{})) acmeIssuer := gen.Issuer("issuer-name", - gen.SetIssuerACME(v1alpha1.ACMEIssuer{ - HTTP01: &v1alpha1.ACMEIssuerHTTP01Config{}, - DNS01: &v1alpha1.ACMEIssuerDNS01Config{}, - })) + gen.SetIssuerACME(v1alpha1.ACMEIssuer{})) acmeClusterIssuer := gen.ClusterIssuer("issuer-name", - gen.SetIssuerACME(v1alpha1.ACMEIssuer{ - HTTP01: &v1alpha1.ACMEIssuerHTTP01Config{}, - DNS01: &v1alpha1.ACMEIssuerDNS01Config{}, - })) + gen.SetIssuerACME(v1alpha1.ACMEIssuer{})) type testT struct { Name string Ingress *extv1beta1.Ingress @@ -124,9 +106,8 @@ func TestSync(t *testing.T) { "my-test-label": "should be copied", }, Annotations: map[string]string{ - clusterIssuerNameAnnotation: "issuer-name", - acmeIssuerChallengeTypeAnnotation: "http01", - editInPlaceAnnotation: "true", + clusterIssuerNameAnnotation: "issuer-name", + editInPlaceAnnotation: "true", }, UID: types.UID("ingress-name"), }, @@ -160,18 +141,6 @@ func TestSync(t *testing.T) { Name: "issuer-name", Kind: "ClusterIssuer", }, - ACME: &v1alpha1.ACMECertificateConfig{ - Config: []v1alpha1.DomainSolverConfig{ - { - Domains: []string{"example.com", "www.example.com"}, - SolverConfig: v1alpha1.SolverConfig{ - HTTP01: &v1alpha1.HTTP01SolverConfig{ - Ingress: "ingress-name", - }, - }, - }, - }, - }, }, }, }, @@ -234,8 +203,7 @@ func TestSync(t *testing.T) { Name: "ingress-name", Namespace: gen.DefaultTestNamespace, Annotations: map[string]string{ - clusterIssuerNameAnnotation: "issuer-name", - acmeIssuerChallengeTypeAnnotation: "http01", + clusterIssuerNameAnnotation: "issuer-name", }, UID: types.UID("ingress-name"), }, @@ -263,16 +231,6 @@ func TestSync(t *testing.T) { Name: "issuer-name", Kind: "ClusterIssuer", }, - ACME: &v1alpha1.ACMECertificateConfig{ - Config: []v1alpha1.DomainSolverConfig{ - { - Domains: []string{"example.com", "www.example.com"}, - SolverConfig: v1alpha1.SolverConfig{ - HTTP01: &v1alpha1.HTTP01SolverConfig{}, - }, - }, - }, - }, }, }, }, @@ -285,9 +243,8 @@ func TestSync(t *testing.T) { Name: "ingress-name", Namespace: gen.DefaultTestNamespace, Annotations: map[string]string{ - clusterIssuerNameAnnotation: "issuer-name", - acmeIssuerChallengeTypeAnnotation: "http01", - ingressClassAnnotation: "nginx-ing", + clusterIssuerNameAnnotation: "issuer-name", + ingressClassAnnotation: "nginx-ing", }, UID: types.UID("ingress-name"), }, @@ -315,18 +272,6 @@ func TestSync(t *testing.T) { Name: "issuer-name", Kind: "ClusterIssuer", }, - ACME: &v1alpha1.ACMECertificateConfig{ - Config: []v1alpha1.DomainSolverConfig{ - { - Domains: []string{"example.com", "www.example.com"}, - SolverConfig: v1alpha1.SolverConfig{ - HTTP01: &v1alpha1.HTTP01SolverConfig{ - IngressClass: strPtr("nginx-ing"), - }, - }, - }, - }, - }, }, }, }, @@ -340,7 +285,6 @@ func TestSync(t *testing.T) { Namespace: gen.DefaultTestNamespace, Annotations: map[string]string{ clusterIssuerNameAnnotation: "issuer-name", - acmeIssuerChallengeTypeAnnotation: "http01", acmeIssuerHTTP01IngressClassAnnotation: "cert-ing", ingressClassAnnotation: "nginx-ing", }, @@ -373,18 +317,6 @@ func TestSync(t *testing.T) { Name: "issuer-name", Kind: "ClusterIssuer", }, - ACME: &v1alpha1.ACMECertificateConfig{ - Config: []v1alpha1.DomainSolverConfig{ - { - Domains: []string{"example.com", "www.example.com"}, - SolverConfig: v1alpha1.SolverConfig{ - HTTP01: &v1alpha1.HTTP01SolverConfig{ - IngressClass: strPtr("cert-ing"), - }, - }, - }, - }, - }, }, }, }, @@ -397,10 +329,9 @@ func TestSync(t *testing.T) { Name: "ingress-name", Namespace: gen.DefaultTestNamespace, Annotations: map[string]string{ - clusterIssuerNameAnnotation: "issuer-name", - acmeIssuerChallengeTypeAnnotation: "http01", - ingressClassAnnotation: "nginx-ing", - editInPlaceAnnotation: "false", + clusterIssuerNameAnnotation: "issuer-name", + ingressClassAnnotation: "nginx-ing", + editInPlaceAnnotation: "false", }, UID: types.UID("ingress-name"), }, @@ -428,130 +359,14 @@ func TestSync(t *testing.T) { Name: "issuer-name", Kind: "ClusterIssuer", }, - ACME: &v1alpha1.ACMECertificateConfig{ - Config: []v1alpha1.DomainSolverConfig{ - { - Domains: []string{"example.com", "www.example.com"}, - SolverConfig: v1alpha1.SolverConfig{ - HTTP01: &v1alpha1.HTTP01SolverConfig{ - IngressClass: strPtr("nginx-ing"), - }, - }, - }, - }, - }, }, }, }, }, { - Name: "should error when an ingress specifies dns01 challenge type but no challenge provider", + Name: "return a single DNS01 Certificate for an ingress with a single valid TLS entry", Issuer: acmeClusterIssuer, Err: true, - Ingress: &extv1beta1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ - Name: "ingress-name", - Namespace: gen.DefaultTestNamespace, - Annotations: map[string]string{ - clusterIssuerNameAnnotation: "issuer-name", - acmeIssuerChallengeTypeAnnotation: "dns01", - }, - UID: types.UID("ingress-name"), - }, - Spec: extv1beta1.IngressSpec{ - TLS: []extv1beta1.IngressTLS{ - { - Hosts: []string{"example.com", "www.example.com"}, - SecretName: "example-com-tls", - }, - }, - }, - }, - ClusterIssuerLister: []runtime.Object{acmeClusterIssuer}, - }, - { - Name: "should error when an invalid ACME challenge type is specified", - Issuer: acmeClusterIssuer, - Err: true, - Ingress: &extv1beta1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ - Name: "ingress-name", - Namespace: gen.DefaultTestNamespace, - Annotations: map[string]string{ - clusterIssuerNameAnnotation: "issuer-name", - acmeIssuerChallengeTypeAnnotation: "invalid-challenge-type", - }, - UID: types.UID("ingress-name"), - }, - Spec: extv1beta1.IngressSpec{ - TLS: []extv1beta1.IngressTLS{ - { - Hosts: []string{"example.com", "www.example.com"}, - SecretName: "example-com-tls", - }, - }, - }, - }, - ClusterIssuerLister: []runtime.Object{acmeClusterIssuer}, - }, - { - Name: "return a single DNS01 Certificate for an ingress with a single valid TLS entry and DNS01 annotations", - Issuer: acmeClusterIssuer, - Err: true, - Ingress: &extv1beta1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ - Name: "ingress-name", - Namespace: gen.DefaultTestNamespace, - Annotations: map[string]string{ - clusterIssuerNameAnnotation: "issuer-name", - acmeIssuerChallengeTypeAnnotation: "dns01", - acmeIssuerDNS01ProviderNameAnnotation: "fake-dns", - }, - UID: types.UID("ingress-name"), - }, - Spec: extv1beta1.IngressSpec{ - TLS: []extv1beta1.IngressTLS{ - { - Hosts: []string{"example.com", "www.example.com"}, - SecretName: "example-com-tls", - }, - }, - }, - }, - ClusterIssuerLister: []runtime.Object{acmeClusterIssuer}, - ExpectedCreate: []*v1alpha1.Certificate{ - { - ObjectMeta: metav1.ObjectMeta{ - Name: "example-com-tls", - Namespace: gen.DefaultTestNamespace, - OwnerReferences: buildOwnerReferences("ingress-name", gen.DefaultTestNamespace), - }, - Spec: v1alpha1.CertificateSpec{ - DNSNames: []string{"example.com", "www.example.com"}, - SecretName: "example-com-tls", - IssuerRef: v1alpha1.ObjectReference{ - Name: "issuer-name", - Kind: "ClusterIssuer", - }, - ACME: &v1alpha1.ACMECertificateConfig{ - Config: []v1alpha1.DomainSolverConfig{ - { - Domains: []string{"example.com", "www.example.com"}, - SolverConfig: v1alpha1.SolverConfig{ - DNS01: &v1alpha1.DNS01SolverConfig{ - Provider: "fake-dns", - }, - }, - }, - }, - }, - }, - }, - }, - }, - { - Name: "should return a certificate without the acme field set when no challenge type is provided", - Issuer: acmeClusterIssuer, Ingress: &extv1beta1.Ingress{ ObjectMeta: metav1.ObjectMeta{ Name: "ingress-name", @@ -700,8 +515,7 @@ func TestSync(t *testing.T) { Name: "ingress-name", Namespace: gen.DefaultTestNamespace, Annotations: map[string]string{ - issuerNameAnnotation: "issuer-name", - acmeIssuerChallengeTypeAnnotation: "http01", + issuerNameAnnotation: "issuer-name", }, UID: types.UID("ingress-name"), }, @@ -728,18 +542,6 @@ func TestSync(t *testing.T) { Name: "issuer-name", Kind: "Issuer", }, - ACME: &v1alpha1.ACMECertificateConfig{ - Config: []v1alpha1.DomainSolverConfig{ - { - Domains: []string{"example.com"}, - SolverConfig: v1alpha1.SolverConfig{ - HTTP01: &v1alpha1.HTTP01SolverConfig{ - Ingress: "", - }, - }, - }, - }, - }, }, }, }, @@ -753,8 +555,7 @@ func TestSync(t *testing.T) { Name: "ingress-name", Namespace: gen.DefaultTestNamespace, Annotations: map[string]string{ - issuerNameAnnotation: "issuer-name", - acmeIssuerChallengeTypeAnnotation: "http01", + issuerNameAnnotation: "issuer-name", }, UID: types.UID("ingress-name"), }, @@ -788,174 +589,6 @@ func TestSync(t *testing.T) { Name: "issuer-name", Kind: "Issuer", }, - ACME: &v1alpha1.ACMECertificateConfig{ - Config: []v1alpha1.DomainSolverConfig{ - { - Domains: []string{"example.com"}, - SolverConfig: v1alpha1.SolverConfig{ - HTTP01: &v1alpha1.HTTP01SolverConfig{ - Ingress: "", - }, - }, - }, - }, - }, - }, - }, - }, - }, - { - Name: "should update a certificate's config if an incorrect Certificate exists", - Issuer: acmeIssuer, - IssuerLister: []runtime.Object{acmeIssuer}, - Ingress: &extv1beta1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ - Name: "ingress-name", - Namespace: gen.DefaultTestNamespace, - Annotations: map[string]string{ - issuerNameAnnotation: "issuer-name", - acmeIssuerChallengeTypeAnnotation: "http01", - ingressClassAnnotation: "toot-ing", - }, - UID: types.UID("ingress-name"), - }, - Spec: extv1beta1.IngressSpec{ - TLS: []extv1beta1.IngressTLS{ - { - Hosts: []string{"example.com"}, - SecretName: "existing-crt", - }, - }, - }, - }, - CertificateLister: []runtime.Object{ - &v1alpha1.Certificate{ - ObjectMeta: metav1.ObjectMeta{ - Name: "existing-crt", - Namespace: gen.DefaultTestNamespace, - OwnerReferences: buildOwnerReferences("ingress-name", gen.DefaultTestNamespace), - }, - Spec: v1alpha1.CertificateSpec{ - DNSNames: []string{"example.com"}, - SecretName: "existing-crt", - IssuerRef: v1alpha1.ObjectReference{ - Name: "issuer-name", - Kind: "Issuer", - }, - ACME: &v1alpha1.ACMECertificateConfig{ - Config: []v1alpha1.DomainSolverConfig{ - { - Domains: []string{"wrong-example.com"}, - SolverConfig: v1alpha1.SolverConfig{ - HTTP01: &v1alpha1.HTTP01SolverConfig{ - Ingress: "wrong-ingress", - }, - }, - }, - }, - }, - }, - }, - }, - ExpectedUpdate: []*v1alpha1.Certificate{ - { - ObjectMeta: metav1.ObjectMeta{ - Name: "existing-crt", - Namespace: gen.DefaultTestNamespace, - OwnerReferences: buildOwnerReferences("ingress-name", gen.DefaultTestNamespace), - }, - Spec: v1alpha1.CertificateSpec{ - DNSNames: []string{"example.com"}, - SecretName: "existing-crt", - IssuerRef: v1alpha1.ObjectReference{ - Name: "issuer-name", - Kind: "Issuer", - }, - ACME: &v1alpha1.ACMECertificateConfig{ - Config: []v1alpha1.DomainSolverConfig{ - { - Domains: []string{"example.com"}, - SolverConfig: v1alpha1.SolverConfig{ - HTTP01: &v1alpha1.HTTP01SolverConfig{ - Ingress: "", - IngressClass: strPtr("toot-ing"), - }, - }, - }, - }, - }, - }, - }, - }, - }, - { - Name: "should update a Certificate correctly if an existing one of a different type exists", - Issuer: acmeIssuer, - IssuerLister: []runtime.Object{acmeIssuer}, - Ingress: &extv1beta1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ - Name: "ingress-name", - Namespace: gen.DefaultTestNamespace, - Annotations: map[string]string{ - issuerNameAnnotation: "issuer-name", - acmeIssuerChallengeTypeAnnotation: "http01", - ingressClassAnnotation: "toot-ing", - }, - UID: types.UID("ingress-name"), - }, - Spec: extv1beta1.IngressSpec{ - TLS: []extv1beta1.IngressTLS{ - { - Hosts: []string{"example.com"}, - SecretName: "existing-crt", - }, - }, - }, - }, - CertificateLister: []runtime.Object{ - &v1alpha1.Certificate{ - ObjectMeta: metav1.ObjectMeta{ - Name: "existing-crt", - Namespace: gen.DefaultTestNamespace, - OwnerReferences: buildOwnerReferences("ingress-name", gen.DefaultTestNamespace), - }, - Spec: v1alpha1.CertificateSpec{ - DNSNames: []string{"example.com"}, - SecretName: "existing-crt", - IssuerRef: v1alpha1.ObjectReference{ - Name: "issuer-name", - Kind: "Issuer", - }, - }, - }, - }, - ExpectedUpdate: []*v1alpha1.Certificate{ - { - ObjectMeta: metav1.ObjectMeta{ - Name: "existing-crt", - Namespace: gen.DefaultTestNamespace, - OwnerReferences: buildOwnerReferences("ingress-name", gen.DefaultTestNamespace), - }, - Spec: v1alpha1.CertificateSpec{ - DNSNames: []string{"example.com"}, - SecretName: "existing-crt", - IssuerRef: v1alpha1.ObjectReference{ - Name: "issuer-name", - Kind: "Issuer", - }, - ACME: &v1alpha1.ACMECertificateConfig{ - Config: []v1alpha1.DomainSolverConfig{ - { - Domains: []string{"example.com"}, - SolverConfig: v1alpha1.SolverConfig{ - HTTP01: &v1alpha1.HTTP01SolverConfig{ - Ingress: "", - IngressClass: strPtr("toot-ing"), - }, - }, - }, - }, - }, }, }, }, @@ -1035,9 +668,8 @@ func TestSync(t *testing.T) { Name: "ingress-name", Namespace: gen.DefaultTestNamespace, Annotations: map[string]string{ - issuerNameAnnotation: "issuer-name", - acmeIssuerChallengeTypeAnnotation: "http01", - ingressClassAnnotation: "toot-ing", + issuerNameAnnotation: "issuer-name", + ingressClassAnnotation: "toot-ing", }, UID: types.UID("ingress-name"), }, @@ -1064,18 +696,6 @@ func TestSync(t *testing.T) { Name: "issuer-name", Kind: "Issuer", }, - ACME: &v1alpha1.ACMECertificateConfig{ - Config: []v1alpha1.DomainSolverConfig{ - { - Domains: []string{"example.com"}, - SolverConfig: v1alpha1.SolverConfig{ - HTTP01: &v1alpha1.HTTP01SolverConfig{ - Ingress: "", - }, - }, - }, - }, - }, }, }, }, @@ -1089,9 +709,8 @@ func TestSync(t *testing.T) { Name: "ingress-name", Namespace: gen.DefaultTestNamespace, Annotations: map[string]string{ - issuerNameAnnotation: "issuer-name", - acmeIssuerChallengeTypeAnnotation: "http01", - ingressClassAnnotation: "toot-ing", + issuerNameAnnotation: "issuer-name", + ingressClassAnnotation: "toot-ing", }, UID: types.UID("ingress-name"), }, @@ -1118,18 +737,6 @@ func TestSync(t *testing.T) { Name: "issuer-name", Kind: "Issuer", }, - ACME: &v1alpha1.ACMECertificateConfig{ - Config: []v1alpha1.DomainSolverConfig{ - { - Domains: []string{"example.com"}, - SolverConfig: v1alpha1.SolverConfig{ - HTTP01: &v1alpha1.HTTP01SolverConfig{ - Ingress: "", - }, - }, - }, - }, - }, }, }, }, @@ -1143,8 +750,7 @@ func TestSync(t *testing.T) { Name: "ingress-name", Namespace: gen.DefaultTestNamespace, Annotations: map[string]string{ - issuerNameAnnotation: "issuer-name", - acmeIssuerChallengeTypeAnnotation: "http01", + issuerNameAnnotation: "issuer-name", }, UID: types.UID("ingress-name"), }, @@ -1163,18 +769,6 @@ func TestSync(t *testing.T) { Name: "issuer-name", Kind: "Issuer", }, - ACME: &v1alpha1.ACMECertificateConfig{ - Config: []v1alpha1.DomainSolverConfig{ - { - Domains: []string{"example.com"}, - SolverConfig: v1alpha1.SolverConfig{ - HTTP01: &v1alpha1.HTTP01SolverConfig{ - Ingress: "", - }, - }, - }, - }, - }, }, }, }, @@ -1192,18 +786,6 @@ func TestSync(t *testing.T) { Name: "issuer-name", Kind: "Issuer", }, - ACME: &v1alpha1.ACMECertificateConfig{ - Config: []v1alpha1.DomainSolverConfig{ - { - Domains: []string{"example.com"}, - SolverConfig: v1alpha1.SolverConfig{ - HTTP01: &v1alpha1.HTTP01SolverConfig{ - Ingress: "", - }, - }, - }, - }, - }, }, }, },