diff --git a/pkg/controller/ingress-shim/sync.go b/pkg/controller/ingress-shim/sync.go index 1a7791290..dc7075b86 100644 --- a/pkg/controller/ingress-shim/sync.go +++ b/pkg/controller/ingress-shim/sync.go @@ -3,6 +3,7 @@ package controller import ( "context" "fmt" + "reflect" "strconv" "github.com/golang/glog" @@ -133,6 +134,12 @@ func (c *Controller) buildCertificates(ing *extv1beta1.Ingress) (new, update []* updateCrt.Spec.SecretName = tls.SecretName updateCrt.Spec.IssuerRef.Name = issuerName updateCrt.Spec.IssuerRef.Kind = issuerKind + updateCrt.Spec.IssuerRef.Kind = issuerKind + updateCrt.Spec.IssuerRef.Kind = issuerKind + err = c.setIssuerSpecificConfig(updateCrt, issuer, ing, tls) + if err != nil { + return nil, nil, err + } updateCrts = append(updateCrts, updateCrt) } else { newCrts = append(newCrts, crt) @@ -169,6 +176,12 @@ func certNeedsUpdate(a, b *v1alpha1.Certificate) bool { return true } + if a.Spec.ACME != nil && b.Spec.ACME != nil { + if !reflect.DeepEqual(a.Spec.ACME.Config, b.Spec.ACME.Config) { + return true + } + } + return false } diff --git a/pkg/controller/ingress-shim/sync_test.go b/pkg/controller/ingress-shim/sync_test.go index 1524c7460..085081544 100644 --- a/pkg/controller/ingress-shim/sync_test.go +++ b/pkg/controller/ingress-shim/sync_test.go @@ -568,6 +568,98 @@ func TestBuildCertificates(t *testing.T) { Name: "issuer-name", Kind: "Issuer", }, + ACME: &v1alpha1.ACMECertificateConfig{ + Config: []v1alpha1.ACMECertificateDomainConfig{ + { + Domains: []string{"example.com"}, + ACMESolverConfig: v1alpha1.ACMESolverConfig{ + HTTP01: &v1alpha1.ACMECertificateHTTP01Config{ + Ingress: "", + }, + }, + }, + }, + }, + }, + }, + }, + }, + { + Name: "should update a certificate's config if an incorrect Certificate exists", + Ingress: &extv1beta1.Ingress{ + ObjectMeta: metav1.ObjectMeta{ + Name: "ingress-name", + Namespace: "ingress-namespace", + Annotations: map[string]string{ + issuerNameAnnotation: "issuer-name", + acmeIssuerChallengeTypeAnnotation: "http01", + ingressClassAnnotation: "toot-ing", + }, + }, + Spec: extv1beta1.IngressSpec{ + TLS: []extv1beta1.IngressTLS{ + { + Hosts: []string{"example.com"}, + SecretName: "existing-crt", + }, + }, + }, + }, + IssuerLister: []*v1alpha1.Issuer{buildACMEIssuer("issuer-name", "ingress-namespace")}, + CertificateLister: []*v1alpha1.Certificate{ + { + ObjectMeta: metav1.ObjectMeta{ + Name: "existing-crt", + Namespace: "ingress-namespace", + }, + Spec: v1alpha1.CertificateSpec{ + DNSNames: []string{"example.com"}, + SecretName: "existing-crt", + IssuerRef: v1alpha1.ObjectReference{ + Name: "issuer-name", + Kind: "Issuer", + }, + ACME: &v1alpha1.ACMECertificateConfig{ + Config: []v1alpha1.ACMECertificateDomainConfig{ + { + Domains: []string{"wrong-example.com"}, + ACMESolverConfig: v1alpha1.ACMESolverConfig{ + HTTP01: &v1alpha1.ACMECertificateHTTP01Config{ + Ingress: "wrong-ingress", + }, + }, + }, + }, + }, + }, + }, + }, + ExpectedUpdate: []*v1alpha1.Certificate{ + &v1alpha1.Certificate{ + ObjectMeta: metav1.ObjectMeta{ + Name: "existing-crt", + Namespace: "ingress-namespace", + }, + Spec: v1alpha1.CertificateSpec{ + DNSNames: []string{"example.com"}, + SecretName: "existing-crt", + IssuerRef: v1alpha1.ObjectReference{ + Name: "issuer-name", + Kind: "Issuer", + }, + ACME: &v1alpha1.ACMECertificateConfig{ + Config: []v1alpha1.ACMECertificateDomainConfig{ + { + Domains: []string{"example.com"}, + ACMESolverConfig: v1alpha1.ACMESolverConfig{ + HTTP01: &v1alpha1.ACMECertificateHTTP01Config{ + Ingress: "", + IngressClass: strPtr("toot-ing"), + }, + }, + }, + }, + }, }, }, },