Fix some GO Style

Signed-off-by: Laurent Rolaz <laurent.rolaz@gmail.com> (+2 squashed commits) Squashed commits: [ce6cc2eb] Fix some GO Style Signed-off-by: Laurent Rolaz <laurent.rolaz@gmail.com> [563b7275] Fix some GO Style Signed-off-by: Laurent Rolaz <laurent.rolaz@gmail.com>
2019-01-15 16:23:42 +01:00 · 2019-01-15 16:23:42 +01:00 · c5fa202239
commit c5fa202239
parent 55cafeae33
5 changed files with 39 additions and 6 deletions
--- a/pkg/apis/certmanager/v1alpha1/types.go
+++ b/pkg/apis/certmanager/v1alpha1/types.go
@ -18,7 +18,7 @@ package v1alpha1

 const (
 	AltNamesAnnotationKey   = "certmanager.k8s.io/alt-names"
-	IpSansAnnotationKey     = "certmanager.k8s.io/ip-sans"
+	IPSANAnnotationKey      = "certmanager.k8s.io/ip-sans"
 	CommonNameAnnotationKey = "certmanager.k8s.io/common-name"
 	IssuerNameAnnotationKey = "certmanager.k8s.io/issuer-name"
 	IssuerKindAnnotationKey = "certmanager.k8s.io/issuer-kind"
--- a/pkg/apis/certmanager/validation/certificate_for_issuer.go
+++ b/pkg/apis/certmanager/validation/certificate_for_issuer.go
@ -63,6 +63,10 @@ func ValidateCertificateForACMEIssuer(crt *v1alpha1.CertificateSpec, issuer *v1a
 		el = append(el, field.Invalid(specPath.Child("duration"), crt.Duration, "ACME does not support certificate durations"))
 	}

+	if len(crt.IPAddresses) != 0 {
+		el = append(el, field.Invalid(specPath.Child("ipAddresses"), crt.IPAddresses, "ACME does not support certificate ip addresses"))
+	}
+
 	return el
 }

--- a/pkg/apis/certmanager/validation/certificate_for_issuer_test.go
+++ b/pkg/apis/certmanager/validation/certificate_for_issuer_test.go
@ -158,6 +158,31 @@ func TestValidateCertificateForIssuer(t *testing.T) {
 				field.Invalid(fldPath.Child("duration"), &metav1.Duration{Duration: time.Minute * 60}, "ACME does not support certificate durations"),
 			},
 		},
+		"acme certificate with ipAddresses set": {
+			crt: &v1alpha1.Certificate{
+				Spec: v1alpha1.CertificateSpec{
+					IPAddresses: []string{"127.0.0.1"},
+					IssuerRef:   validIssuerRef,
+					ACME: &v1alpha1.ACMECertificateConfig{
+						Config: []v1alpha1.DomainSolverConfig{
+							{
+								Domains: []string{"example.com"},
+								SolverConfig: v1alpha1.SolverConfig{
+									HTTP01: &v1alpha1.HTTP01SolverConfig{},
+								},
+							},
+						},
+					},
+				},
+			},
+			issuer: generate.Issuer(generate.IssuerConfig{
+				Name:      defaultTestIssuerName,
+				Namespace: defaultTestNamespace,
+			}),
+			errs: []*field.Error{
+				field.Invalid(fldPath.Child("ipAddresses"), []string{"127.0.0.1"}, "ACME does not support certificate ip addresses"),
+			},
+		},
 		"acme certificate with renewBefore set": {
 			crt: &v1alpha1.Certificate{
 				Spec: v1alpha1.CertificateSpec{
--- a/pkg/controller/certificates/sync.go
+++ b/pkg/controller/certificates/sync.go
@ -320,7 +320,7 @@ func (c *Controller) updateSecret(crt *v1alpha1.Certificate, namespace string, c
 		secret.Annotations[v1alpha1.IssuerKindAnnotationKey] = issuerKind(crt)
 		secret.Annotations[v1alpha1.CommonNameAnnotationKey] = x509Cert.Subject.CommonName
 		secret.Annotations[v1alpha1.AltNamesAnnotationKey] = strings.Join(x509Cert.DNSNames, ",")
-		secret.Annotations[v1alpha1.IpSansAnnotationKey] = strings.Join(util.IPAddressesToString(x509Cert.IPAddresses), ",")
+		secret.Annotations[v1alpha1.IPSANAnnotationKey] = strings.Join(util.IPAddressesToString(x509Cert.IPAddresses), ",")
 	}

 	// Always set the certificate name label on the target secret
--- a/pkg/util/pki/csr.go
+++ b/pkg/util/pki/csr.go
@ -60,8 +60,12 @@ func DNSNamesForCertificate(crt *v1alpha1.Certificate) []string {

 func IPAddressesForCertificate(crt *v1alpha1.Certificate) []net.IP {
 	var ipAddresses []net.IP
-	for _, ip := range IPAddressesNameForCertificate(crt) {
-		ipAddresses = append(ipAddresses, net.ParseIP(ip))
+	var ip net.IP
+	for _, ipName := range IPAddressesNameForCertificate(crt) {
+		ip = net.ParseIP(ipName)
+		if ip != nil {
+			ipAddresses = append(ipAddresses, ip)
+		}
 	}
 	return ipAddresses
 }
@ -144,7 +148,7 @@ func GenerateCSR(issuer v1alpha1.GenericIssuer, crt *v1alpha1.Certificate) (*x50
 func GenerateTemplate(issuer v1alpha1.GenericIssuer, crt *v1alpha1.Certificate) (*x509.Certificate, error) {
 	commonName := CommonNameForCertificate(crt)
 	dnsNames := DNSNamesForCertificate(crt)
-	iPAddresses := IPAddressesForCertificate(crt)
+	ipAddresses := IPAddressesForCertificate(crt)
 	organization := OrganizationForCertificate(crt)

 	if len(commonName) == 0 && len(dnsNames) == 0 {
@ -186,7 +190,7 @@ func GenerateTemplate(issuer v1alpha1.GenericIssuer, crt *v1alpha1.Certificate)
 		// see http://golang.org/pkg/crypto/x509/#KeyUsage
 		KeyUsage:    keyUsages,
 		DNSNames:    dnsNames,
-		IPAddresses: iPAddresses,
+		IPAddresses: ipAddresses,
 	}, nil
 }