weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

improve comments

Browse Source 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
This commit is contained in:
Tim Ramlot 2023-06-20 16:36:46 +02:00
parent 22440e8710
commit d310d8597c
No known key found for this signature in database
GPG Key ID: 47428728E0C2878D
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
internal/controller/certificates/policies/checks.go
View File

@ -166,6 +166,10 @@ func SecretIssuerAnnotationsNotUpToDate(input Input) (string, string, bool) {
return "", "", false
}
// SecretCertificateMatchesSpec checks that the current CertificateRequest contains a CSR that is
// signed by the key stored in the Secret. A failure is often caused by the Secret being changed
// outside of the control of cert-manager, causing the current CertificateRequest to no longer
// match what is stored in the Secret.
func SecretPublicKeysDiffersFromCurrentCertificateRequest(input Input) (string, string, bool) {
if input.CurrentRevisionRequest == nil {
return "", "", false

3
internal/controller/certificates/policies/constants.go
View File

@ -30,7 +30,8 @@ const (
// the Input Secret could not be parsed or decoded.
InvalidCertificate string = "InvalidCertificate"
// InvalidCertificateRequest is a policy violation whereby the CSR in
// the Input CertificateRequest could not be parsed or decoded.
// the Input CertificateRequest could not be parsed or decoded or is
// eg. signed using an unknown key.
InvalidCertificateRequest string = "InvalidCertificateRequest"
// SecretMismatch is a policy violation reason for a scenario where Secret's