diff --git a/pkg/controller/certificates/sync.go b/pkg/controller/certificates/sync.go index 885781973..b52b99d59 100644 --- a/pkg/controller/certificates/sync.go +++ b/pkg/controller/certificates/sync.go @@ -452,9 +452,11 @@ func (c *controller) updateSecret(ctx context.Context, crt *v1alpha1.Certificate secret.Annotations[v1alpha1.CommonNameAnnotationKey] = x509Cert.Subject.CommonName secret.Annotations[v1alpha1.AltNamesAnnotationKey] = strings.Join(x509Cert.DNSNames, ",") secret.Annotations[v1alpha1.IPSANAnnotationKey] = strings.Join(pki.IPAddressesToString(x509Cert.IPAddresses), ",") + secret.Annotations[v1alpha1.CertificateNameKey] = crt.Name } // Always set the certificate name label on the target secret + // TODO: remove this behaviour - there is a max length limit of 64 chars on label values which causes issues here secret.Labels[v1alpha1.CertificateNameKey] = crt.Name // set the actual values in the secret diff --git a/pkg/controller/certificates/sync_test.go b/pkg/controller/certificates/sync_test.go index 2ca0537d3..e65bb207c 100644 --- a/pkg/controller/certificates/sync_test.go +++ b/pkg/controller/certificates/sync_test.go @@ -222,6 +222,7 @@ func TestSync(t *testing.T) { cmapi.CertificateNameKey: "test", }, Annotations: map[string]string{ + cmapi.CertificateNameKey: "test", "certmanager.k8s.io/alt-names": "example.com", "certmanager.k8s.io/common-name": "example.com", "certmanager.k8s.io/ip-sans": "", @@ -290,6 +291,7 @@ func TestSync(t *testing.T) { }, Annotations: map[string]string{ "testannotation": "true", + cmapi.CertificateNameKey: "test", "certmanager.k8s.io/alt-names": "example.com", "certmanager.k8s.io/common-name": "example.com", "certmanager.k8s.io/ip-sans": "", @@ -340,6 +342,7 @@ func TestSync(t *testing.T) { cmapi.CertificateNameKey: "test", }, Annotations: map[string]string{ + cmapi.CertificateNameKey: "test", "certmanager.k8s.io/alt-names": "example.com", "certmanager.k8s.io/common-name": "example.com", "certmanager.k8s.io/ip-sans": "", @@ -408,6 +411,7 @@ func TestSync(t *testing.T) { }, Annotations: map[string]string{ "testannotation": "true", + cmapi.CertificateNameKey: "test", "certmanager.k8s.io/alt-names": "example.com", "certmanager.k8s.io/common-name": "example.com", "certmanager.k8s.io/ip-sans": "", @@ -492,6 +496,7 @@ func TestSync(t *testing.T) { }, Annotations: map[string]string{ "testannotation": "true", + cmapi.CertificateNameKey: "test", "certmanager.k8s.io/alt-names": "example.com", "certmanager.k8s.io/common-name": "example.com", "certmanager.k8s.io/ip-sans": "", @@ -620,6 +625,7 @@ func TestSync(t *testing.T) { }, Annotations: map[string]string{ "testannotation": "true", + cmapi.CertificateNameKey: "test", "certmanager.k8s.io/alt-names": "example.com", "certmanager.k8s.io/common-name": "example.com", "certmanager.k8s.io/ip-sans": "", @@ -707,6 +713,7 @@ func TestSync(t *testing.T) { }, Annotations: map[string]string{ "testannotation": "true", + cmapi.CertificateNameKey: "test", "certmanager.k8s.io/alt-names": "example.com", "certmanager.k8s.io/common-name": "example.com", "certmanager.k8s.io/ip-sans": "", @@ -798,6 +805,7 @@ func TestSync(t *testing.T) { cmapi.CertificateNameKey: "test", }, Annotations: map[string]string{ + cmapi.CertificateNameKey: "test", "certmanager.k8s.io/alt-names": "example.com", "certmanager.k8s.io/common-name": "example.com", "certmanager.k8s.io/ip-sans": "", diff --git a/test/e2e/framework/helper/certificates.go b/test/e2e/framework/helper/certificates.go index 54caf1355..436328b78 100644 --- a/test/e2e/framework/helper/certificates.go +++ b/test/e2e/framework/helper/certificates.go @@ -163,7 +163,7 @@ func (h *Helper) ValidateIssuedCertificate(certificate *v1alpha1.Certificate, ro return nil, fmt.Errorf("Expected certificate expiry date to be %v, but got %v", certificate.Status.NotAfter, cert.NotAfter) } - label, ok := secret.Labels[v1alpha1.CertificateNameKey] + label, ok := secret.Annotations[v1alpha1.CertificateNameKey] if !ok { return nil, fmt.Errorf("Expected secret to have certificate-name label, but had none") }