Merge pull request #5323 from JoshVanL/controllers-certificatesigningrequests-selfsigned-no-fail-missing-secret

[SelfSigned] CertificateSigningRequest: don't mark failed when referenced Secret doesn't exist
2022-07-21 15:58:56 +01:00 · 2022-07-21 15:58:56 +01:00 · ca9e48c7e3
commit ca9e48c7e3
parent a9c1e6aea7 bbc6823163
2 changed files with 2 additions and 25 deletions
--- a/pkg/controller/certificatesigningrequests/selfsigned/selfsigned.go
+++ b/pkg/controller/certificatesigningrequests/selfsigned/selfsigned.go
@ -115,8 +115,6 @@ func (s *SelfSigned) Sign(ctx context.Context, csr *certificatesv1.CertificateSi
 		message := fmt.Sprintf("Referenced Secret %s/%s not found", resourceNamespace, secretName)
 		log.Error(err, message)
 		s.recorder.Event(csr, corev1.EventTypeWarning, "SecretNotFound", message)
-		util.CertificateSigningRequestSetFailed(csr, "SecretNotFound", message)
-		_, err = util.UpdateOrApplyStatus(ctx, s.certClient, csr, certificatesv1.CertificateFailed, s.fieldManager)
 		return err
 	}

--- a/pkg/controller/certificatesigningrequests/selfsigned/selfsigned_test.go
+++ b/pkg/controller/certificatesigningrequests/selfsigned/selfsigned_test.go
@ -218,7 +218,7 @@ func TestProcessItem(t *testing.T) {
 				},
 			},
 		},
-		"an approved CSR but the private key references a Secret that does not exist should mark as failed": {
+		"an approved CSR but the private key references a Secret that does not exist should fire an event and return error": {
 			csr: gen.CertificateSigningRequestFrom(baseCSR,
 				gen.SetCertificateSigningRequestStatusCondition(certificatesv1.CertificateSigningRequestCondition{
 					Type:   certificatesv1.CertificateApproved,
@ -258,30 +258,9 @@ func TestProcessItem(t *testing.T) {
 							},
 						},
 					)),
-					testpkg.NewAction(coretesting.NewUpdateSubresourceAction(
-						certificatesv1.SchemeGroupVersion.WithResource("certificatesigningrequests"),
-						"status",
-						"",
-						gen.CertificateSigningRequestFrom(baseCSR.DeepCopy(),
-							gen.AddCertificateSigningRequestAnnotations(map[string]string{
-								"experimental.cert-manager.io/private-key-secret-name": "test-secret",
-							}),
-							gen.SetCertificateSigningRequestStatusCondition(certificatesv1.CertificateSigningRequestCondition{
-								Type:   certificatesv1.CertificateApproved,
-								Status: corev1.ConditionTrue,
-							}),
-							gen.SetCertificateSigningRequestStatusCondition(certificatesv1.CertificateSigningRequestCondition{
-								Type:               certificatesv1.CertificateFailed,
-								Status:             corev1.ConditionTrue,
-								Reason:             "SecretNotFound",
-								Message:            `Referenced Secret default-unit-test-ns/test-secret not found`,
-								LastTransitionTime: metaFixedClockStart,
-								LastUpdateTime:     metaFixedClockStart,
-							}),
-						),
-					)),
 				},
 			},
+			expectedErr: true,
 		},
 		"an approved CSR but the private key references a Secret that contains bad data should be marked as failed": {
 			csr: gen.CertificateSigningRequestFrom(baseCSR,