Remove CA annotation from ACME CertificateSigningRequest controller

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>

pkg/controller/certificatesigningrequests/acme/BUILD.bazel

@@ -10,7 +10,6 @@ go_library(
         "//pkg/api/util:go_default_library",
         "//pkg/apis/acme/v1:go_default_library",
         "//pkg/apis/certmanager/v1:go_default_library",
-        "//pkg/apis/experimental/v1alpha1:go_default_library",
         "//pkg/apis/meta/v1:go_default_library",
         "//pkg/client/clientset/versioned/typed/acme/v1:go_default_library",
         "//pkg/client/listers/acme/v1:go_default_library",

pkg/controller/certificatesigningrequests/acme/acme.go

@@ -34,7 +34,6 @@ import (
 	apiutil "github.com/jetstack/cert-manager/pkg/api/util"
 	cmacme "github.com/jetstack/cert-manager/pkg/apis/acme/v1"
 	cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
-	experimentalapi "github.com/jetstack/cert-manager/pkg/apis/experimental/v1alpha1"
 	cmmeta "github.com/jetstack/cert-manager/pkg/apis/meta/v1"
 	cmacmeclientset "github.com/jetstack/cert-manager/pkg/client/clientset/versioned/typed/acme/v1"
 	cmacmelisters "github.com/jetstack/cert-manager/pkg/client/listers/acme/v1"
@@ -220,17 +219,6 @@ func (a *ACME) Sign(ctx context.Context, csr *certificatesv1.CertificateSigningR
 		return err
 	}
 
-	if csr.Annotations == nil {
-		csr.Annotations = make(map[string]string)
-	}
-	csr.Annotations[experimentalapi.CertificateSigningRequestCAAnnotationKey] = ""
-	_, err = a.certClient.Update(ctx, csr, metav1.UpdateOptions{})
-	if err != nil {
-		message := fmt.Sprintf("Error setting %q", experimentalapi.CertificateSigningRequestCAAnnotationKey)
-		a.recorder.Eventf(csr, corev1.EventTypeWarning, "SigningError", "%s: %s", message, err)
-		return err
-	}
-
 	log.V(logf.DebugLevel).Info("certificate issued")
 	a.recorder.Event(csr, corev1.EventTypeNormal, "CertificateIssued", "Certificate fetched from issuer successfully")
 

pkg/controller/certificatesigningrequests/acme/acme_test.go

@@ -691,7 +691,7 @@ func TestProcessItem(t *testing.T) {
 				},
 			},
 		},
-		"an approved CSR where the order is in a valid state, should update the CSR with the Certificate and an empty CA annotation": {
+		"an approved CSR where the order is in a valid state, should update the CSR with the Certificate": {
 			csr: gen.CertificateSigningRequestFrom(baseCSR,
 				gen.SetCertificateSigningRequestStatusCondition(certificatesv1.CertificateSigningRequestCondition{
 					Type:   certificatesv1.CertificateApproved,
@@ -750,18 +750,6 @@ func TestProcessItem(t *testing.T) {
 							gen.SetCertificateSigningRequestCertificate(certPEM),
 						),
 					)),
-					testpkg.NewAction(coretesting.NewUpdateAction(
-						certificatesv1.SchemeGroupVersion.WithResource("certificatesigningrequests"),
-						"",
-						gen.CertificateSigningRequestFrom(baseCSR,
-							gen.SetCertificateSigningRequestStatusCondition(certificatesv1.CertificateSigningRequestCondition{
-								Type:   certificatesv1.CertificateApproved,
-								Status: corev1.ConditionTrue,
-							}),
-							gen.SetCertificateSigningRequestCertificate(certPEM),
-							gen.SetCertificateSigningRequestCA([]byte{}),
-						),
-					)),
 				},
 			},
 		},

test/e2e/suite/conformance/certificatesigningrequests/acme/acme.go

@@ -52,7 +52,6 @@ func runACMEIssuerTests(eab *cmacme.ACMEExternalAccountBinding) {
 		featureset.CommonNameFeature,
 		featureset.KeyUsagesFeature,
 		featureset.EmailSANsFeature,
-		featureset.SaveRootCAToSecret,
 	)
 
 	// unsupportedDNS01Features is a list of features that are not supported by the ACME
@@ -64,7 +63,6 @@ func runACMEIssuerTests(eab *cmacme.ACMEExternalAccountBinding) {
 		featureset.CommonNameFeature,
 		featureset.KeyUsagesFeature,
 		featureset.EmailSANsFeature,
-		featureset.SaveRootCAToSecret,
 	)
 
 	http01 := &acme{