fix unparam linter
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
This commit is contained in:
Tim Ramlot
parent
8ea7cbc362
commit
dd4f5f4e39
@ -4,7 +4,6 @@ issues:
|
||||
- dogsled
|
||||
- errcheck
|
||||
- contextcheck
|
||||
- unparam
|
||||
- promlinter
|
||||
- errname
|
||||
- tenv
|
||||
|
||||
@ -38,6 +38,13 @@ import (
|
||||
)
|
||||
|
||||
func TestDataForCertificate(t *testing.T) {
|
||||
cr := func(crName, ownerCertUID string, annot map[string]string) *cmapi.CertificateRequest {
|
||||
return gen.CertificateRequest(crName, gen.SetCertificateRequestNamespace("ns-1"),
|
||||
gen.AddCertificateRequestOwnerReferences(gen.CertificateRef("some-cert-name-that-does-not-matter", ownerCertUID)),
|
||||
gen.AddCertificateRequestAnnotations(annot),
|
||||
)
|
||||
}
|
||||
|
||||
tests := map[string]struct {
|
||||
builder *testpkg.Builder
|
||||
givenCert *cmapi.Certificate
|
||||
@ -68,8 +75,8 @@ func TestDataForCertificate(t *testing.T) {
|
||||
gen.SetCertificateRevision(1),
|
||||
),
|
||||
builder: &testpkg.Builder{CertManagerObjects: []runtime.Object{
|
||||
cr("cr-unknown-rev1", "ns-1", "unknown-uid", map[string]string{"cert-manager.io/certificate-revision": "1"}),
|
||||
cr("cr-unknown-rev2", "ns-1", "unknown-uid", map[string]string{"cert-manager.io/certificate-revision": "2"}),
|
||||
cr("cr-unknown-rev1", "unknown-uid", map[string]string{"cert-manager.io/certificate-revision": "1"}),
|
||||
cr("cr-unknown-rev2", "unknown-uid", map[string]string{"cert-manager.io/certificate-revision": "2"}),
|
||||
}},
|
||||
wantCurCR: nil,
|
||||
wantNextCR: nil,
|
||||
@ -79,17 +86,17 @@ func TestDataForCertificate(t *testing.T) {
|
||||
gen.SetCertificateUID("cert-1-uid"),
|
||||
),
|
||||
builder: &testpkg.Builder{CertManagerObjects: []runtime.Object{
|
||||
cr("cr-1-rev1", "ns-1", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": "1"}),
|
||||
cr("cr-1-rev2", "ns-1", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": "2"}),
|
||||
cr("cr-1-rev1", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": "1"}),
|
||||
cr("cr-1-rev2", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": "2"}),
|
||||
|
||||
// Edge cases.
|
||||
cr("cr-1-norev", "ns-1", "cert-1-uid", nil),
|
||||
cr("cr-1-empty", "ns-1", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": ""}),
|
||||
cr("cr-unrelated-rev1", "ns-1", "cert-unrelated-uid", map[string]string{"cert-manager.io/certificate-revision": "1"}),
|
||||
cr("cr-unrelated-rev2", "ns-1", "cert-unrelated-uid", map[string]string{"cert-manager.io/certificate-revision": "2"}),
|
||||
cr("cr-1-norev", "cert-1-uid", nil),
|
||||
cr("cr-1-empty", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": ""}),
|
||||
cr("cr-unrelated-rev1", "cert-unrelated-uid", map[string]string{"cert-manager.io/certificate-revision": "1"}),
|
||||
cr("cr-unrelated-rev2", "cert-unrelated-uid", map[string]string{"cert-manager.io/certificate-revision": "2"}),
|
||||
}},
|
||||
wantCurCR: nil,
|
||||
wantNextCR: cr("cr-1-rev1", "ns-1", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": "1"}),
|
||||
wantNextCR: cr("cr-1-rev1", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": "1"}),
|
||||
},
|
||||
"when cert revision=1, should return the current CR with revision=1 and the next CR with revision=2": {
|
||||
givenCert: gen.Certificate("cert-1", gen.SetCertificateNamespace("ns-1"),
|
||||
@ -97,20 +104,20 @@ func TestDataForCertificate(t *testing.T) {
|
||||
gen.SetCertificateRevision(1),
|
||||
),
|
||||
builder: &testpkg.Builder{CertManagerObjects: []runtime.Object{
|
||||
cr("cr-1-rev1", "ns-1", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": "1"}),
|
||||
cr("cr-1-rev2", "ns-1", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": "2"}),
|
||||
cr("cr-1-rev3", "ns-1", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": "3"}),
|
||||
cr("cr-1-rev1", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": "1"}),
|
||||
cr("cr-1-rev2", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": "2"}),
|
||||
cr("cr-1-rev3", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": "3"}),
|
||||
|
||||
// Edge cases.
|
||||
cr("cr-1-no-revision", "ns-1", "cert-1-uid", nil),
|
||||
cr("cr-1-empty", "ns-1", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": ""}),
|
||||
cr("cr-2-rev1", "ns-1", "cert-2-uid", map[string]string{"cert-manager.io/certificate-revision": "1"}),
|
||||
cr("cr-unrelated-rev1", "ns-1", "cert-unrelated-uid", map[string]string{"cert-manager.io/certificate-revision": "1"}),
|
||||
cr("cr-unrelated-rev2", "ns-1", "cert-unrelated-uid", map[string]string{"cert-manager.io/certificate-revision": "2"}),
|
||||
cr("cr-unrelated-rev3", "ns-1", "cert-unrelated-uid", map[string]string{"cert-manager.io/certificate-revision": "3"}),
|
||||
cr("cr-1-no-revision", "cert-1-uid", nil),
|
||||
cr("cr-1-empty", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": ""}),
|
||||
cr("cr-2-rev1", "cert-2-uid", map[string]string{"cert-manager.io/certificate-revision": "1"}),
|
||||
cr("cr-unrelated-rev1", "cert-unrelated-uid", map[string]string{"cert-manager.io/certificate-revision": "1"}),
|
||||
cr("cr-unrelated-rev2", "cert-unrelated-uid", map[string]string{"cert-manager.io/certificate-revision": "2"}),
|
||||
cr("cr-unrelated-rev3", "cert-unrelated-uid", map[string]string{"cert-manager.io/certificate-revision": "3"}),
|
||||
}},
|
||||
wantCurCR: cr("cr-1-rev1", "ns-1", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": "1"}),
|
||||
wantNextCR: cr("cr-1-rev2", "ns-1", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": "2"}),
|
||||
wantCurCR: cr("cr-1-rev1", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": "1"}),
|
||||
wantNextCR: cr("cr-1-rev2", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": "2"}),
|
||||
},
|
||||
"should error when duplicate current CRs are found": {
|
||||
givenCert: gen.Certificate("cert-1", gen.SetCertificateNamespace("ns-1"),
|
||||
@ -118,8 +125,8 @@ func TestDataForCertificate(t *testing.T) {
|
||||
gen.SetCertificateRevision(1),
|
||||
),
|
||||
builder: &testpkg.Builder{CertManagerObjects: []runtime.Object{
|
||||
cr("cr-1-rev1a", "ns-1", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": "1"}),
|
||||
cr("cr-1-rev1b", "ns-1", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": "1"}),
|
||||
cr("cr-1-rev1a", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": "1"}),
|
||||
cr("cr-1-rev1b", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": "1"}),
|
||||
}},
|
||||
wantErr: `multiple CertificateRequests were found for the 'current' revision 1, issuance is skipped until there are no more duplicates`,
|
||||
},
|
||||
@ -129,8 +136,8 @@ func TestDataForCertificate(t *testing.T) {
|
||||
gen.SetCertificateRevision(1),
|
||||
),
|
||||
builder: &testpkg.Builder{CertManagerObjects: []runtime.Object{
|
||||
cr("cr-1-rev2a", "ns-1", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": "2"}),
|
||||
cr("cr-1-rev2b", "ns-1", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": "2"}),
|
||||
cr("cr-1-rev2a", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": "2"}),
|
||||
cr("cr-1-rev2b", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": "2"}),
|
||||
}},
|
||||
wantErr: `multiple CertificateRequests were found for the 'next' revision 2, issuance is skipped until there are no more duplicates`,
|
||||
},
|
||||
@ -139,7 +146,7 @@ func TestDataForCertificate(t *testing.T) {
|
||||
t.Run(name, func(t *testing.T) {
|
||||
fakeClockStart, _ := time.Parse(time.RFC3339, "2021-01-02T15:04:05Z07:00")
|
||||
log := logtesting.NewTestLogger(t)
|
||||
turnOnKlogIfVerboseTest(t)
|
||||
turnOnKlogIfVerboseTest()
|
||||
|
||||
test.builder.T = t
|
||||
test.builder.Clock = fakeclock.NewFakeClock(fakeClockStart)
|
||||
@ -224,7 +231,7 @@ func TestDataForCertificate(t *testing.T) {
|
||||
// The logs are helpful for debugging client-go-related issues (informer
|
||||
// not starting...). This function passes the flag -v=4 to klog when the
|
||||
// tests are being run with -v. Otherwise, the default klog level is used.
|
||||
func turnOnKlogIfVerboseTest(t *testing.T) {
|
||||
func turnOnKlogIfVerboseTest() {
|
||||
hasVerboseFlag := flag.Lookup("test.v").Value.String() == "true"
|
||||
if !hasVerboseFlag {
|
||||
return
|
||||
@ -234,10 +241,3 @@ func turnOnKlogIfVerboseTest(t *testing.T) {
|
||||
klog.InitFlags(klogFlags)
|
||||
_ = klogFlags.Set("v", "4")
|
||||
}
|
||||
|
||||
func cr(crName, crNamespace, ownerCertUID string, annot map[string]string) *cmapi.CertificateRequest {
|
||||
return gen.CertificateRequest(crName, gen.SetCertificateRequestNamespace(crNamespace),
|
||||
gen.AddCertificateRequestOwnerReferences(gen.CertificateRef("some-cert-name-that-does-not-matter", ownerCertUID)),
|
||||
gen.AddCertificateRequestAnnotations(annot),
|
||||
)
|
||||
}
|
||||
|
||||
@ -55,17 +55,14 @@ func (s *Scheduler) ScheduleN(n int) ([]*cmacme.Challenge, error) {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return s.scheduleN(n, allChallenges)
|
||||
return s.scheduleN(n, allChallenges), nil
|
||||
}
|
||||
|
||||
func (s *Scheduler) scheduleN(n int, allChallenges []*cmacme.Challenge) ([]*cmacme.Challenge, error) {
|
||||
func (s *Scheduler) scheduleN(n int, allChallenges []*cmacme.Challenge) []*cmacme.Challenge {
|
||||
// Determine the list of challenges that could feasibly be scheduled on
|
||||
// this pass of the scheduler.
|
||||
// This function returns a list of candidates sorted by creation timestamp.
|
||||
candidates, inProgressChallengeCount, err := s.determineChallengeCandidates(allChallenges)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
candidates, inProgressChallengeCount := s.determineChallengeCandidates(allChallenges)
|
||||
|
||||
numberToSelect := n
|
||||
remainingNumberAllowedChallenges := s.maxConcurrentChallenges - inProgressChallengeCount
|
||||
@ -76,23 +73,18 @@ func (s *Scheduler) scheduleN(n int, allChallenges []*cmacme.Challenge) ([]*cmac
|
||||
numberToSelect = remainingNumberAllowedChallenges
|
||||
}
|
||||
|
||||
candidates, err = s.selectChallengesToSchedule(candidates, numberToSelect)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return candidates, nil
|
||||
return s.selectChallengesToSchedule(candidates, numberToSelect)
|
||||
}
|
||||
|
||||
// selectChallengesToSchedule will apply some sorting heuristic to the allowed
|
||||
// challenge candidates and return a maximum of N challenges that should be
|
||||
// scheduled for processing.
|
||||
func (s *Scheduler) selectChallengesToSchedule(candidates []*cmacme.Challenge, n int) ([]*cmacme.Challenge, error) {
|
||||
func (s *Scheduler) selectChallengesToSchedule(candidates []*cmacme.Challenge, n int) []*cmacme.Challenge {
|
||||
// Trim the candidates returned to 'n'
|
||||
if len(candidates) > n {
|
||||
candidates = candidates[:n]
|
||||
}
|
||||
return candidates, nil
|
||||
return candidates
|
||||
}
|
||||
|
||||
// determineChallengeCandidates will determine which, if any, challenges can
|
||||
@ -100,7 +92,7 @@ func (s *Scheduler) selectChallengesToSchedule(candidates []*cmacme.Challenge, n
|
||||
// processing.
|
||||
// The returned challenges will be sorted in ascending order based on timestamp
|
||||
// (i.e. the oldest challenge will be element zero).
|
||||
func (s *Scheduler) determineChallengeCandidates(allChallenges []*cmacme.Challenge) ([]*cmacme.Challenge, int, error) {
|
||||
func (s *Scheduler) determineChallengeCandidates(allChallenges []*cmacme.Challenge) ([]*cmacme.Challenge, int) {
|
||||
// consider the entire set of challenges for 'in progress', in case a challenge
|
||||
// has processing=true whilst still being in a 'final' state
|
||||
inProgress := processingChallenges(allChallenges)
|
||||
@ -111,7 +103,7 @@ func (s *Scheduler) determineChallengeCandidates(allChallenges []*cmacme.Challen
|
||||
// hit the maximum number of challenges.
|
||||
if inProgressChallengeCount >= s.maxConcurrentChallenges {
|
||||
s.log.V(logs.DebugLevel).Info("hit maximum concurrent challenge limit. refusing to schedule more challenges.", "in_progress", len(inProgress), "max_concurrent", s.maxConcurrentChallenges)
|
||||
return []*cmacme.Challenge{}, inProgressChallengeCount, nil
|
||||
return []*cmacme.Challenge{}, inProgressChallengeCount
|
||||
}
|
||||
|
||||
// Calculate incomplete challenges
|
||||
@ -139,7 +131,7 @@ func (s *Scheduler) determineChallengeCandidates(allChallenges []*cmacme.Challen
|
||||
// Finally, sorted the challenges by timestamp to ensure a stable output
|
||||
sortChallengesByTimestamp(candidates)
|
||||
|
||||
return candidates, inProgressChallengeCount, nil
|
||||
return candidates, inProgressChallengeCount
|
||||
}
|
||||
|
||||
func sortChallengesByTimestamp(chs []*cmacme.Challenge) {
|
||||
|
||||
@ -82,8 +82,7 @@ func BenchmarkScheduleAscending(b *testing.B) {
|
||||
s := &Scheduler{}
|
||||
b.ResetTimer()
|
||||
for n := 0; n < b.N; n++ {
|
||||
_, err := s.scheduleN(30, chs)
|
||||
require.NoError(b, err)
|
||||
_ = s.scheduleN(30, chs)
|
||||
}
|
||||
})
|
||||
}
|
||||
@ -97,8 +96,7 @@ func BenchmarkScheduleRandom(b *testing.B) {
|
||||
s := &Scheduler{}
|
||||
b.ResetTimer()
|
||||
for n := 0; n < b.N; n++ {
|
||||
_, err := s.scheduleN(30, chs)
|
||||
require.NoError(b, err)
|
||||
_ = s.scheduleN(30, chs)
|
||||
}
|
||||
})
|
||||
}
|
||||
@ -112,8 +110,7 @@ func BenchmarkScheduleDuplicates(b *testing.B) {
|
||||
s := &Scheduler{}
|
||||
b.ResetTimer()
|
||||
for n := 0; n < b.N; n++ {
|
||||
_, err := s.scheduleN(30, chs)
|
||||
require.NoError(b, err)
|
||||
_ = s.scheduleN(30, chs)
|
||||
}
|
||||
})
|
||||
}
|
||||
|
||||
@ -202,7 +202,7 @@ func (c *controller) Sync(ctx context.Context, o *cmacme.Order) (err error) {
|
||||
// correctly. Do not change this unless there is a real need for
|
||||
// it.
|
||||
log.V(logf.DebugLevel).Info("Update Order status as at least one Challenge has failed")
|
||||
_, err := c.updateOrderStatusFromACMEOrder(ctx, cl, o, acmeOrder)
|
||||
_, err := c.updateOrderStatusFromACMEOrder(o, acmeOrder)
|
||||
if acmeErr, ok := err.(*acmeapi.Error); ok {
|
||||
if acmeErr.StatusCode >= 400 && acmeErr.StatusCode < 500 {
|
||||
log.Error(err, "failed to update Order status due to a 4xx error, marking Order as failed")
|
||||
@ -242,7 +242,7 @@ func (c *controller) Sync(ctx context.Context, o *cmacme.Order) (err error) {
|
||||
|
||||
case !anyChallengesFailed(challenges) && allChallengesFinal(challenges):
|
||||
log.V(logf.DebugLevel).Info("All challenges are in a final state, updating order state")
|
||||
_, err := c.updateOrderStatusFromACMEOrder(ctx, cl, o, acmeOrder)
|
||||
_, err := c.updateOrderStatusFromACMEOrder(o, acmeOrder)
|
||||
if acmeErr, ok := err.(*acmeapi.Error); ok {
|
||||
if acmeErr.StatusCode >= 400 && acmeErr.StatusCode < 500 {
|
||||
log.Error(err, "failed to update Order status due to a 4xx error, marking Order as failed")
|
||||
@ -312,10 +312,10 @@ func (c *controller) updateOrderStatus(ctx context.Context, cl acmecl.Interface,
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return c.updateOrderStatusFromACMEOrder(ctx, cl, o, acmeOrder)
|
||||
return c.updateOrderStatusFromACMEOrder(o, acmeOrder)
|
||||
}
|
||||
|
||||
func (c *controller) updateOrderStatusFromACMEOrder(ctx context.Context, cl acmecl.Interface, o *cmacme.Order, acmeOrder *acmeapi.Order) (*acmeapi.Order, error) {
|
||||
func (c *controller) updateOrderStatusFromACMEOrder(o *cmacme.Order, acmeOrder *acmeapi.Order) (*acmeapi.Order, error) {
|
||||
// Workaround bug in golang.org/x/crypto/acme implementation whereby the
|
||||
// order's URI field will be empty when calling GetOrder due to the
|
||||
// 'Location' header not being set on the response from the ACME server.
|
||||
|
||||
@ -35,7 +35,6 @@ import (
|
||||
cmacme "github.com/cert-manager/cert-manager/pkg/apis/acme/v1"
|
||||
cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
|
||||
cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1"
|
||||
"github.com/cert-manager/cert-manager/pkg/controller"
|
||||
controllerpkg "github.com/cert-manager/cert-manager/pkg/controller"
|
||||
testpkg "github.com/cert-manager/cert-manager/pkg/controller/test"
|
||||
"github.com/cert-manager/cert-manager/test/unit/gen"
|
||||
@ -129,7 +128,7 @@ func TestSync(t *testing.T) {
|
||||
Labels: map[string]string{
|
||||
"my-test-label": "should be copied",
|
||||
},
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com", "www.example.com"},
|
||||
@ -179,7 +178,7 @@ func TestSync(t *testing.T) {
|
||||
Labels: map[string]string{
|
||||
"my-test-label": "should be copied",
|
||||
},
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com", "www.example.com"},
|
||||
@ -230,7 +229,7 @@ func TestSync(t *testing.T) {
|
||||
Labels: map[string]string{
|
||||
"my-test-label": "should be copied",
|
||||
},
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com", "www.example.com"},
|
||||
@ -281,7 +280,7 @@ func TestSync(t *testing.T) {
|
||||
Labels: map[string]string{
|
||||
"my-test-label": "should be copied",
|
||||
},
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com", "www.example.com"},
|
||||
@ -336,7 +335,7 @@ func TestSync(t *testing.T) {
|
||||
cmacme.ACMECertificateHTTP01IngressNameOverride: "ingress-name",
|
||||
cmapi.IssueTemporaryCertificateAnnotation: "true",
|
||||
},
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com", "www.example.com"},
|
||||
@ -389,7 +388,7 @@ func TestSync(t *testing.T) {
|
||||
cmacme.ACMECertificateHTTP01IngressNameOverride: "ingress-name",
|
||||
cmapi.IssueTemporaryCertificateAnnotation: "true",
|
||||
},
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com", "www.example.com"},
|
||||
@ -431,7 +430,7 @@ func TestSync(t *testing.T) {
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "example-com-tls",
|
||||
Namespace: gen.DefaultTestNamespace,
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com", "www.example.com"},
|
||||
@ -474,7 +473,7 @@ func TestSync(t *testing.T) {
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "example-com-tls",
|
||||
Namespace: gen.DefaultTestNamespace,
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com", "www.example.com"},
|
||||
@ -518,7 +517,7 @@ func TestSync(t *testing.T) {
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "example-com-tls",
|
||||
Namespace: gen.DefaultTestNamespace,
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name"),
|
||||
Annotations: map[string]string{
|
||||
cmacme.ACMECertificateHTTP01IngressClassOverride: "cert-ing",
|
||||
},
|
||||
@ -564,7 +563,7 @@ func TestSync(t *testing.T) {
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "example-com-tls",
|
||||
Namespace: gen.DefaultTestNamespace,
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com", "www.example.com"},
|
||||
@ -664,7 +663,7 @@ func TestSync(t *testing.T) {
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "example-com-tls",
|
||||
Namespace: gen.DefaultTestNamespace,
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com", "www.example.com"},
|
||||
@ -706,7 +705,7 @@ func TestSync(t *testing.T) {
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "example-com-tls",
|
||||
Namespace: gen.DefaultTestNamespace,
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com", "www.example.com"},
|
||||
@ -751,7 +750,7 @@ func TestSync(t *testing.T) {
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "example-com-tls",
|
||||
Namespace: gen.DefaultTestNamespace,
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com", "www.example.com"},
|
||||
@ -800,7 +799,7 @@ func TestSync(t *testing.T) {
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "example-com-tls",
|
||||
Namespace: gen.DefaultTestNamespace,
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com", "www.example.com"},
|
||||
@ -849,7 +848,7 @@ func TestSync(t *testing.T) {
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "example-com-tls",
|
||||
Namespace: gen.DefaultTestNamespace,
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com", "www.example.com"},
|
||||
@ -905,7 +904,7 @@ func TestSync(t *testing.T) {
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "existing-crt",
|
||||
Namespace: gen.DefaultTestNamespace,
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com"},
|
||||
@ -945,7 +944,7 @@ func TestSync(t *testing.T) {
|
||||
CertificateLister: []runtime.Object{
|
||||
buildCertificate("existing-crt",
|
||||
gen.DefaultTestNamespace,
|
||||
buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace),
|
||||
buildIngressOwnerReferences("ingress-name"),
|
||||
),
|
||||
},
|
||||
DefaultIssuerKind: "Issuer",
|
||||
@ -955,7 +954,7 @@ func TestSync(t *testing.T) {
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "existing-crt",
|
||||
Namespace: gen.DefaultTestNamespace,
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com"},
|
||||
@ -1003,7 +1002,7 @@ func TestSync(t *testing.T) {
|
||||
Labels: map[string]string{
|
||||
"a-different-value": "should be removed",
|
||||
},
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com"},
|
||||
@ -1025,7 +1024,7 @@ func TestSync(t *testing.T) {
|
||||
Labels: map[string]string{
|
||||
"my-test-label": "should be copied",
|
||||
},
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com"},
|
||||
@ -1068,7 +1067,7 @@ func TestSync(t *testing.T) {
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "cert-secret-name",
|
||||
Namespace: gen.DefaultTestNamespace,
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com"},
|
||||
@ -1088,7 +1087,7 @@ func TestSync(t *testing.T) {
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "cert-secret-name",
|
||||
Namespace: gen.DefaultTestNamespace,
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com"},
|
||||
@ -1133,7 +1132,7 @@ func TestSync(t *testing.T) {
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "cert-secret-name",
|
||||
Namespace: gen.DefaultTestNamespace,
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com"},
|
||||
@ -1156,7 +1155,7 @@ func TestSync(t *testing.T) {
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "cert-secret-name",
|
||||
Namespace: gen.DefaultTestNamespace,
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com"},
|
||||
@ -1204,7 +1203,7 @@ func TestSync(t *testing.T) {
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "cert-secret-name",
|
||||
Namespace: gen.DefaultTestNamespace,
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com"},
|
||||
@ -1227,7 +1226,7 @@ func TestSync(t *testing.T) {
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "cert-secret-name",
|
||||
Namespace: gen.DefaultTestNamespace,
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com"},
|
||||
@ -1276,7 +1275,7 @@ func TestSync(t *testing.T) {
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "cert-secret-name",
|
||||
Namespace: gen.DefaultTestNamespace,
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com"},
|
||||
@ -1299,7 +1298,7 @@ func TestSync(t *testing.T) {
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "cert-secret-name",
|
||||
Namespace: gen.DefaultTestNamespace,
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com"},
|
||||
@ -1350,7 +1349,7 @@ func TestSync(t *testing.T) {
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "cert-secret-name",
|
||||
Namespace: gen.DefaultTestNamespace,
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com"},
|
||||
@ -1373,7 +1372,7 @@ func TestSync(t *testing.T) {
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "cert-secret-name",
|
||||
Namespace: gen.DefaultTestNamespace,
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com"},
|
||||
@ -1463,7 +1462,7 @@ func TestSync(t *testing.T) {
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "existing-crt",
|
||||
Namespace: gen.DefaultTestNamespace,
|
||||
OwnerReferences: buildIngressOwnerReferences("not-ingress-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildIngressOwnerReferences("not-ingress-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com"},
|
||||
@ -1496,7 +1495,7 @@ func TestSync(t *testing.T) {
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "existing-crt",
|
||||
Namespace: gen.DefaultTestNamespace,
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com"},
|
||||
@ -1515,7 +1514,7 @@ func TestSync(t *testing.T) {
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "existing-crt",
|
||||
Namespace: gen.DefaultTestNamespace,
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com"},
|
||||
@ -1557,7 +1556,7 @@ func TestSync(t *testing.T) {
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "example-com-tls",
|
||||
Namespace: gen.DefaultTestNamespace,
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com"},
|
||||
@ -1578,7 +1577,7 @@ func TestSync(t *testing.T) {
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "example-com-tls",
|
||||
Namespace: gen.DefaultTestNamespace,
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com"},
|
||||
@ -1692,7 +1691,7 @@ func TestSync(t *testing.T) {
|
||||
Labels: map[string]string{
|
||||
"my-test-label": "should be copied",
|
||||
},
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com", "www.example.com"},
|
||||
@ -1747,7 +1746,7 @@ func TestSync(t *testing.T) {
|
||||
Labels: map[string]string{
|
||||
"my-test-label": "should be copied",
|
||||
},
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildIngressOwnerReferences("ingress-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com", "www.example.com"},
|
||||
@ -1824,7 +1823,7 @@ func TestSync(t *testing.T) {
|
||||
Labels: map[string]string{
|
||||
"my-test-label": "should be copied",
|
||||
},
|
||||
OwnerReferences: buildGatewayOwnerReferences("gateway-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildGatewayOwnerReferences("gateway-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com"},
|
||||
@ -1886,7 +1885,7 @@ func TestSync(t *testing.T) {
|
||||
Labels: map[string]string{
|
||||
"my-test-label": "should be copied",
|
||||
},
|
||||
OwnerReferences: buildGatewayOwnerReferences("gateway-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildGatewayOwnerReferences("gateway-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com"},
|
||||
@ -1950,7 +1949,7 @@ func TestSync(t *testing.T) {
|
||||
cmacme.ACMECertificateHTTP01IngressNameOverride: "gateway-name",
|
||||
cmapi.IssueTemporaryCertificateAnnotation: "true",
|
||||
},
|
||||
OwnerReferences: buildGatewayOwnerReferences("gateway-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildGatewayOwnerReferences("gateway-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com"},
|
||||
@ -2013,7 +2012,7 @@ func TestSync(t *testing.T) {
|
||||
cmacme.ACMECertificateHTTP01IngressNameOverride: "gateway-name",
|
||||
cmapi.IssueTemporaryCertificateAnnotation: "true",
|
||||
},
|
||||
OwnerReferences: buildGatewayOwnerReferences("gateway-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildGatewayOwnerReferences("gateway-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com"},
|
||||
@ -2065,7 +2064,7 @@ func TestSync(t *testing.T) {
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "example-com-tls",
|
||||
Namespace: gen.DefaultTestNamespace,
|
||||
OwnerReferences: buildGatewayOwnerReferences("gateway-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildGatewayOwnerReferences("gateway-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com"},
|
||||
@ -2118,7 +2117,7 @@ func TestSync(t *testing.T) {
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "example-com-tls",
|
||||
Namespace: gen.DefaultTestNamespace,
|
||||
OwnerReferences: buildGatewayOwnerReferences("gateway-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildGatewayOwnerReferences("gateway-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com"},
|
||||
@ -2172,7 +2171,7 @@ func TestSync(t *testing.T) {
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "example-com-tls",
|
||||
Namespace: gen.DefaultTestNamespace,
|
||||
OwnerReferences: buildGatewayOwnerReferences("gateway-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildGatewayOwnerReferences("gateway-name"),
|
||||
Annotations: map[string]string{
|
||||
cmacme.ACMECertificateHTTP01IngressClassOverride: "cert-ing",
|
||||
},
|
||||
@ -2229,7 +2228,7 @@ func TestSync(t *testing.T) {
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "example-com-tls",
|
||||
Namespace: gen.DefaultTestNamespace,
|
||||
OwnerReferences: buildGatewayOwnerReferences("gateway-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildGatewayOwnerReferences("gateway-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com"},
|
||||
@ -2281,7 +2280,7 @@ func TestSync(t *testing.T) {
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "example-com-tls",
|
||||
Namespace: gen.DefaultTestNamespace,
|
||||
OwnerReferences: buildGatewayOwnerReferences("gateway-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildGatewayOwnerReferences("gateway-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com"},
|
||||
@ -2386,7 +2385,7 @@ func TestSync(t *testing.T) {
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "example-com-tls",
|
||||
Namespace: gen.DefaultTestNamespace,
|
||||
OwnerReferences: buildGatewayOwnerReferences("gateway-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildGatewayOwnerReferences("gateway-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com"},
|
||||
@ -2449,7 +2448,7 @@ func TestSync(t *testing.T) {
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "example-com-tls",
|
||||
Namespace: gen.DefaultTestNamespace,
|
||||
OwnerReferences: buildGatewayOwnerReferences("gateway-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildGatewayOwnerReferences("gateway-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"www.example.com"},
|
||||
@ -2515,7 +2514,7 @@ func TestSync(t *testing.T) {
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "existing-crt",
|
||||
Namespace: gen.DefaultTestNamespace,
|
||||
OwnerReferences: buildGatewayOwnerReferences("gateway-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildGatewayOwnerReferences("gateway-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com"},
|
||||
@ -2565,7 +2564,7 @@ func TestSync(t *testing.T) {
|
||||
CertificateLister: []runtime.Object{
|
||||
buildCertificate("existing-crt",
|
||||
gen.DefaultTestNamespace,
|
||||
buildGatewayOwnerReferences("gateway-name", gen.DefaultTestNamespace),
|
||||
buildGatewayOwnerReferences("gateway-name"),
|
||||
),
|
||||
},
|
||||
DefaultIssuerKind: "Issuer",
|
||||
@ -2575,7 +2574,7 @@ func TestSync(t *testing.T) {
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "existing-crt",
|
||||
Namespace: gen.DefaultTestNamespace,
|
||||
OwnerReferences: buildGatewayOwnerReferences("gateway-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildGatewayOwnerReferences("gateway-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com"},
|
||||
@ -2633,7 +2632,7 @@ func TestSync(t *testing.T) {
|
||||
Labels: map[string]string{
|
||||
"a-different-value": "should be removed",
|
||||
},
|
||||
OwnerReferences: buildGatewayOwnerReferences("gateway-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildGatewayOwnerReferences("gateway-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com"},
|
||||
@ -2655,7 +2654,7 @@ func TestSync(t *testing.T) {
|
||||
Labels: map[string]string{
|
||||
"my-test-label": "should be copied",
|
||||
},
|
||||
OwnerReferences: buildGatewayOwnerReferences("gateway-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildGatewayOwnerReferences("gateway-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com"},
|
||||
@ -2759,7 +2758,7 @@ func TestSync(t *testing.T) {
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "existing-crt",
|
||||
Namespace: gen.DefaultTestNamespace,
|
||||
OwnerReferences: buildIngressOwnerReferences("not-gateway-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildIngressOwnerReferences("not-gateway-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com"},
|
||||
@ -2792,7 +2791,7 @@ func TestSync(t *testing.T) {
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "existing-crt",
|
||||
Namespace: gen.DefaultTestNamespace,
|
||||
OwnerReferences: buildGatewayOwnerReferences("gateway-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildGatewayOwnerReferences("gateway-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com"},
|
||||
@ -2811,7 +2810,7 @@ func TestSync(t *testing.T) {
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "existing-crt",
|
||||
Namespace: gen.DefaultTestNamespace,
|
||||
OwnerReferences: buildGatewayOwnerReferences("gateway-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildGatewayOwnerReferences("gateway-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com"},
|
||||
@ -2863,7 +2862,7 @@ func TestSync(t *testing.T) {
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "example-com-tls",
|
||||
Namespace: gen.DefaultTestNamespace,
|
||||
OwnerReferences: buildGatewayOwnerReferences("gateway-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildGatewayOwnerReferences("gateway-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com"},
|
||||
@ -2884,7 +2883,7 @@ func TestSync(t *testing.T) {
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "example-com-tls",
|
||||
Namespace: gen.DefaultTestNamespace,
|
||||
OwnerReferences: buildGatewayOwnerReferences("gateway-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildGatewayOwnerReferences("gateway-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com"},
|
||||
@ -2969,7 +2968,7 @@ func TestSync(t *testing.T) {
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "example-com-tls",
|
||||
Namespace: gen.DefaultTestNamespace,
|
||||
OwnerReferences: buildGatewayOwnerReferences("gateway-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildGatewayOwnerReferences("gateway-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com", "www.example.com", "foo.example.com"},
|
||||
@ -3041,7 +3040,7 @@ func TestSync(t *testing.T) {
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "foo-example-com-tls",
|
||||
Namespace: gen.DefaultTestNamespace,
|
||||
OwnerReferences: buildGatewayOwnerReferences("gateway-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildGatewayOwnerReferences("gateway-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"foo.example.com"},
|
||||
@ -3058,7 +3057,7 @@ func TestSync(t *testing.T) {
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "bar-example-com-tls",
|
||||
Namespace: gen.DefaultTestNamespace,
|
||||
OwnerReferences: buildGatewayOwnerReferences("gateway-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildGatewayOwnerReferences("gateway-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"bar.example.com"},
|
||||
@ -3155,7 +3154,7 @@ func TestSync(t *testing.T) {
|
||||
Labels: map[string]string{
|
||||
"my-test-label": "should be copied",
|
||||
},
|
||||
OwnerReferences: buildGatewayOwnerReferences("gateway-name", gen.DefaultTestNamespace),
|
||||
OwnerReferences: buildGatewayOwnerReferences("gateway-name"),
|
||||
},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
DNSNames: []string{"example.com"},
|
||||
@ -3226,7 +3225,7 @@ func TestSync(t *testing.T) {
|
||||
}
|
||||
b.Init()
|
||||
defer b.Stop()
|
||||
sync := SyncFnFor(b.Recorder, logr.Discard(), b.CMClient, b.SharedInformerFactory.Certmanager().V1().Certificates().Lister(), controller.IngressShimOptions{
|
||||
sync := SyncFnFor(b.Recorder, logr.Discard(), b.CMClient, b.SharedInformerFactory.Certmanager().V1().Certificates().Lister(), controllerpkg.IngressShimOptions{
|
||||
DefaultIssuerName: test.DefaultIssuerName,
|
||||
DefaultIssuerKind: test.DefaultIssuerKind,
|
||||
DefaultIssuerGroup: test.DefaultIssuerGroup,
|
||||
@ -3381,20 +3380,21 @@ func buildGateway(name, namespace string, annotations map[string]string) *gwapi.
|
||||
Name: name,
|
||||
Namespace: namespace,
|
||||
Annotations: annotations,
|
||||
UID: types.UID(name),
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
func buildIngressOwnerReferences(name, namespace string) []metav1.OwnerReference {
|
||||
func buildIngressOwnerReferences(name string) []metav1.OwnerReference {
|
||||
return []metav1.OwnerReference{
|
||||
*metav1.NewControllerRef(buildIngress(name, namespace, nil), ingressV1GVK),
|
||||
*metav1.NewControllerRef(buildIngress(name, gen.DefaultTestNamespace, nil), ingressV1GVK),
|
||||
}
|
||||
}
|
||||
|
||||
// The Gateway name and UID are set to the same.
|
||||
func buildGatewayOwnerReferences(name, namespace string) []metav1.OwnerReference {
|
||||
func buildGatewayOwnerReferences(name string) []metav1.OwnerReference {
|
||||
return []metav1.OwnerReference{
|
||||
*metav1.NewControllerRef(buildIngress(name, namespace, nil), gatewayGVK),
|
||||
*metav1.NewControllerRef(buildGateway(name, gen.DefaultTestNamespace, nil), gatewayGVK),
|
||||
}
|
||||
}
|
||||
|
||||
@ -3419,7 +3419,7 @@ func Test_validateGatewayListenerBlock(t *testing.T) {
|
||||
ingLike: &gwapi.Gateway{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "gateway",
|
||||
Namespace: "default",
|
||||
Namespace: gen.DefaultTestNamespace,
|
||||
},
|
||||
},
|
||||
listener: gwapi.Listener{
|
||||
@ -3434,7 +3434,7 @@ func Test_validateGatewayListenerBlock(t *testing.T) {
|
||||
ingLike: &gwapi.Gateway{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "gateway",
|
||||
Namespace: "default",
|
||||
Namespace: gen.DefaultTestNamespace,
|
||||
},
|
||||
},
|
||||
listener: gwapi.Listener{
|
||||
@ -3459,7 +3459,7 @@ func Test_validateGatewayListenerBlock(t *testing.T) {
|
||||
ingLike: &gwapi.Gateway{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "example",
|
||||
Namespace: "default",
|
||||
Namespace: gen.DefaultTestNamespace,
|
||||
},
|
||||
},
|
||||
listener: gwapi.Listener{
|
||||
@ -3523,7 +3523,7 @@ func Test_validateGatewayListenerBlock(t *testing.T) {
|
||||
ingLike: &gwapi.Gateway{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "example",
|
||||
Namespace: "default",
|
||||
Namespace: gen.DefaultTestNamespace,
|
||||
},
|
||||
},
|
||||
listener: gwapi.Listener{
|
||||
@ -3595,14 +3595,14 @@ func Test_findCertificatesToBeRemoved(t *testing.T) {
|
||||
givenCerts: []*cmapi.Certificate{{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "cert-1",
|
||||
Namespace: "default",
|
||||
OwnerReferences: buildGatewayOwnerReferences("ingress-1", "default"),
|
||||
Namespace: gen.DefaultTestNamespace,
|
||||
OwnerReferences: buildGatewayOwnerReferences("ingress-1"),
|
||||
}, Spec: cmapi.CertificateSpec{
|
||||
SecretName: "secret-name",
|
||||
}},
|
||||
},
|
||||
ingLike: &networkingv1.Ingress{
|
||||
ObjectMeta: metav1.ObjectMeta{Name: "ingress-2", Namespace: "default", UID: "ingress-2"},
|
||||
ObjectMeta: metav1.ObjectMeta{Name: "ingress-2", Namespace: gen.DefaultTestNamespace, UID: "ingress-2"},
|
||||
Spec: networkingv1.IngressSpec{TLS: []networkingv1.IngressTLS{{SecretName: "secret-name"}}},
|
||||
},
|
||||
wantToBeRemoved: nil,
|
||||
@ -3612,14 +3612,14 @@ func Test_findCertificatesToBeRemoved(t *testing.T) {
|
||||
givenCerts: []*cmapi.Certificate{{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "cert-1",
|
||||
Namespace: "default",
|
||||
OwnerReferences: buildGatewayOwnerReferences("ingress-1", "default"),
|
||||
Namespace: gen.DefaultTestNamespace,
|
||||
OwnerReferences: buildGatewayOwnerReferences("ingress-1"),
|
||||
}, Spec: cmapi.CertificateSpec{
|
||||
SecretName: "secret-name",
|
||||
}},
|
||||
},
|
||||
ingLike: &networkingv1.Ingress{
|
||||
ObjectMeta: metav1.ObjectMeta{Name: "ingress-1", Namespace: "default", UID: "ingress-1"},
|
||||
ObjectMeta: metav1.ObjectMeta{Name: "ingress-1", Namespace: gen.DefaultTestNamespace, UID: "ingress-1"},
|
||||
Spec: networkingv1.IngressSpec{TLS: []networkingv1.IngressTLS{{SecretName: "secret-name"}}},
|
||||
},
|
||||
wantToBeRemoved: nil,
|
||||
@ -3629,14 +3629,14 @@ func Test_findCertificatesToBeRemoved(t *testing.T) {
|
||||
givenCerts: []*cmapi.Certificate{{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "cert-1",
|
||||
Namespace: "default",
|
||||
OwnerReferences: buildGatewayOwnerReferences("ingress-1", "default"),
|
||||
Namespace: gen.DefaultTestNamespace,
|
||||
OwnerReferences: buildGatewayOwnerReferences("ingress-1"),
|
||||
}, Spec: cmapi.CertificateSpec{
|
||||
SecretName: "secret-name",
|
||||
}},
|
||||
},
|
||||
ingLike: &networkingv1.Ingress{
|
||||
ObjectMeta: metav1.ObjectMeta{Name: "ingress-1", Namespace: "default", UID: "ingress-1"},
|
||||
ObjectMeta: metav1.ObjectMeta{Name: "ingress-1", Namespace: gen.DefaultTestNamespace, UID: "ingress-1"},
|
||||
},
|
||||
wantToBeRemoved: []string{"cert-1"},
|
||||
},
|
||||
@ -3645,14 +3645,14 @@ func Test_findCertificatesToBeRemoved(t *testing.T) {
|
||||
givenCerts: []*cmapi.Certificate{{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "cert-1",
|
||||
Namespace: "default",
|
||||
OwnerReferences: buildGatewayOwnerReferences("gw-1", "default"),
|
||||
Namespace: gen.DefaultTestNamespace,
|
||||
OwnerReferences: buildGatewayOwnerReferences("gw-1"),
|
||||
}, Spec: cmapi.CertificateSpec{
|
||||
SecretName: "secret-name",
|
||||
}},
|
||||
},
|
||||
ingLike: &gwapi.Gateway{
|
||||
ObjectMeta: metav1.ObjectMeta{Name: "gw-2", Namespace: "default", UID: "gw-2"},
|
||||
ObjectMeta: metav1.ObjectMeta{Name: "gw-2", Namespace: gen.DefaultTestNamespace, UID: "gw-2"},
|
||||
Spec: gwapi.GatewaySpec{Listeners: []gwapi.Listener{{
|
||||
TLS: &gwapi.GatewayTLSConfig{CertificateRefs: []gwapi.SecretObjectReference{
|
||||
{
|
||||
@ -3668,14 +3668,14 @@ func Test_findCertificatesToBeRemoved(t *testing.T) {
|
||||
givenCerts: []*cmapi.Certificate{{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "cert-1",
|
||||
Namespace: "default",
|
||||
OwnerReferences: buildGatewayOwnerReferences("gw-1", "default"),
|
||||
Namespace: gen.DefaultTestNamespace,
|
||||
OwnerReferences: buildGatewayOwnerReferences("gw-1"),
|
||||
}, Spec: cmapi.CertificateSpec{
|
||||
SecretName: "secret-name",
|
||||
}},
|
||||
},
|
||||
ingLike: &gwapi.Gateway{
|
||||
ObjectMeta: metav1.ObjectMeta{Name: "gw-1", Namespace: "default", UID: "gw-1"},
|
||||
ObjectMeta: metav1.ObjectMeta{Name: "gw-1", Namespace: gen.DefaultTestNamespace, UID: "gw-1"},
|
||||
Spec: gwapi.GatewaySpec{Listeners: []gwapi.Listener{
|
||||
{TLS: &gwapi.GatewayTLSConfig{CertificateRefs: []gwapi.SecretObjectReference{{Name: "not-secret-name"}}}},
|
||||
}},
|
||||
@ -3687,14 +3687,14 @@ func Test_findCertificatesToBeRemoved(t *testing.T) {
|
||||
givenCerts: []*cmapi.Certificate{{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "cert-1",
|
||||
Namespace: "default",
|
||||
OwnerReferences: buildGatewayOwnerReferences("gw-1", "default"),
|
||||
Namespace: gen.DefaultTestNamespace,
|
||||
OwnerReferences: buildGatewayOwnerReferences("gw-1"),
|
||||
}, Spec: cmapi.CertificateSpec{
|
||||
SecretName: "secret-name",
|
||||
}},
|
||||
},
|
||||
ingLike: &gwapi.Gateway{
|
||||
ObjectMeta: metav1.ObjectMeta{Name: "gw-1", Namespace: "default", UID: "gw-1"},
|
||||
ObjectMeta: metav1.ObjectMeta{Name: "gw-1", Namespace: gen.DefaultTestNamespace, UID: "gw-1"},
|
||||
Spec: gwapi.GatewaySpec{Listeners: []gwapi.Listener{
|
||||
{TLS: &gwapi.GatewayTLSConfig{CertificateRefs: []gwapi.SecretObjectReference{{Name: "secret-name"}}}},
|
||||
}},
|
||||
@ -3712,7 +3712,7 @@ func Test_findCertificatesToBeRemoved(t *testing.T) {
|
||||
|
||||
func Test_secretNameUsedIn_nilPointerGateway(t *testing.T) {
|
||||
got := secretNameUsedIn("secret-name", &gwapi.Gateway{
|
||||
ObjectMeta: metav1.ObjectMeta{Name: "gw-1", Namespace: "default", UID: "gw-1"},
|
||||
ObjectMeta: metav1.ObjectMeta{Name: "gw-1", Namespace: gen.DefaultTestNamespace, UID: "gw-1"},
|
||||
Spec: gwapi.GatewaySpec{Listeners: []gwapi.Listener{
|
||||
{TLS: nil},
|
||||
{TLS: &gwapi.GatewayTLSConfig{CertificateRefs: nil}},
|
||||
@ -3722,7 +3722,7 @@ func Test_secretNameUsedIn_nilPointerGateway(t *testing.T) {
|
||||
assert.Equal(t, true, got)
|
||||
|
||||
got = secretNameUsedIn("secret-name", &gwapi.Gateway{
|
||||
ObjectMeta: metav1.ObjectMeta{Name: "gw-1", Namespace: "default", UID: "gw-1"},
|
||||
ObjectMeta: metav1.ObjectMeta{Name: "gw-1", Namespace: gen.DefaultTestNamespace, UID: "gw-1"},
|
||||
Spec: gwapi.GatewaySpec{Listeners: []gwapi.Listener{
|
||||
{TLS: nil},
|
||||
{TLS: &gwapi.GatewayTLSConfig{CertificateRefs: nil}},
|
||||
|
||||
@ -64,8 +64,7 @@ func generateCSR(t *testing.T, secretKey crypto.Signer) []byte {
|
||||
return csr
|
||||
}
|
||||
|
||||
func generateSelfSignedCertFromCR(cr *cmapi.CertificateRequest, key crypto.Signer,
|
||||
duration time.Duration) ([]byte, error) {
|
||||
func generateSelfSignedCertFromCR(cr *cmapi.CertificateRequest, key crypto.Signer) ([]byte, error) {
|
||||
template, err := pki.CertificateTemplateFromCertificateRequest(cr)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("error generating template: %v", err)
|
||||
@ -134,7 +133,7 @@ func TestSign(t *testing.T) {
|
||||
}),
|
||||
)
|
||||
|
||||
rsaPEMCert, err := generateSelfSignedCertFromCR(baseCR, rsaSK, time.Hour*24*60)
|
||||
rsaPEMCert, err := generateSelfSignedCertFromCR(baseCR, rsaSK)
|
||||
if err != nil {
|
||||
t.Error(err)
|
||||
t.FailNow()
|
||||
|
||||
@ -115,12 +115,11 @@ func (v *Venafi) Sign(ctx context.Context, cr *cmapi.CertificateRequest, issuerO
|
||||
}
|
||||
}
|
||||
|
||||
duration := apiutil.DefaultCertDuration(cr.Spec.Duration)
|
||||
pickupID := cr.ObjectMeta.Annotations[cmapi.VenafiPickupIDAnnotationKey]
|
||||
|
||||
// check if the pickup ID annotation is there, if not set it up.
|
||||
if pickupID == "" {
|
||||
pickupID, err = client.RequestCertificate(cr.Spec.Request, duration, customFields)
|
||||
pickupID, err = client.RequestCertificate(cr.Spec.Request, customFields)
|
||||
// Check some known error types
|
||||
if err != nil {
|
||||
switch err.(type) {
|
||||
@ -148,7 +147,7 @@ func (v *Venafi) Sign(ctx context.Context, cr *cmapi.CertificateRequest, issuerO
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
certPem, err := client.RetrieveCertificate(pickupID, cr.Spec.Request, duration, customFields)
|
||||
certPem, err := client.RetrieveCertificate(pickupID, cr.Spec.Request, customFields)
|
||||
if err != nil {
|
||||
switch err.(type) {
|
||||
case endpoint.ErrCertificatePending, endpoint.ErrRetrieveCertificateTimeout:
|
||||
|
||||
@ -222,10 +222,10 @@ func TestSign(t *testing.T) {
|
||||
}
|
||||
|
||||
clientReturnsPending := &internalvenafifake.Venafi{
|
||||
RequestCertificateFn: func(csrPEM []byte, duration time.Duration, customFields []api.CustomField) (string, error) {
|
||||
RequestCertificateFn: func(csrPEM []byte, customFields []api.CustomField) (string, error) {
|
||||
return "test", nil
|
||||
},
|
||||
RetrieveCertificateFn: func(string, []byte, time.Duration, []api.CustomField) ([]byte, error) {
|
||||
RetrieveCertificateFn: func(string, []byte, []api.CustomField) ([]byte, error) {
|
||||
return nil, endpoint.ErrCertificatePending{
|
||||
CertificateID: "test-cert-id",
|
||||
Status: "test-status-pending",
|
||||
@ -233,33 +233,33 @@ func TestSign(t *testing.T) {
|
||||
},
|
||||
}
|
||||
clientReturnsGenericError := &internalvenafifake.Venafi{
|
||||
RequestCertificateFn: func(csrPEM []byte, duration time.Duration, customFields []api.CustomField) (string, error) {
|
||||
RequestCertificateFn: func(csrPEM []byte, customFields []api.CustomField) (string, error) {
|
||||
return "", errors.New("this is an error")
|
||||
},
|
||||
}
|
||||
clientReturnsCert := &internalvenafifake.Venafi{
|
||||
RequestCertificateFn: func(csrPEM []byte, duration time.Duration, customFields []api.CustomField) (string, error) {
|
||||
RequestCertificateFn: func(csrPEM []byte, customFields []api.CustomField) (string, error) {
|
||||
return "test", nil
|
||||
},
|
||||
RetrieveCertificateFn: func(string, []byte, time.Duration, []api.CustomField) ([]byte, error) {
|
||||
RetrieveCertificateFn: func(string, []byte, []api.CustomField) ([]byte, error) {
|
||||
return append(certPEM, rootPEM...), nil
|
||||
},
|
||||
}
|
||||
|
||||
clientReturnsCertIfCustomField := &internalvenafifake.Venafi{
|
||||
RequestCertificateFn: func(csrPEM []byte, duration time.Duration, fields []api.CustomField) (string, error) {
|
||||
RequestCertificateFn: func(csrPEM []byte, fields []api.CustomField) (string, error) {
|
||||
if len(fields) > 0 && fields[0].Name == "cert-manager-test" && fields[0].Value == "test ok" {
|
||||
return "test", nil
|
||||
}
|
||||
return "", errors.New("Custom field not set")
|
||||
},
|
||||
RetrieveCertificateFn: func(string, []byte, time.Duration, []api.CustomField) ([]byte, error) {
|
||||
RetrieveCertificateFn: func(string, []byte, []api.CustomField) ([]byte, error) {
|
||||
return append(certPEM, rootPEM...), nil
|
||||
},
|
||||
}
|
||||
|
||||
clientReturnsInvalidCustomFieldType := &internalvenafifake.Venafi{
|
||||
RequestCertificateFn: func(csrPEM []byte, duration time.Duration, fields []api.CustomField) (string, error) {
|
||||
RequestCertificateFn: func(csrPEM []byte, fields []api.CustomField) (string, error) {
|
||||
return "", client.ErrCustomFieldsType{Type: fields[0].Type}
|
||||
},
|
||||
}
|
||||
|
||||
@ -48,10 +48,8 @@ func mustGeneratePrivateKey(t *testing.T, encoding cmapi.PrivateKeyEncoding) []b
|
||||
return pkBytes
|
||||
}
|
||||
|
||||
func mustSelfSignCertificate(t *testing.T, pkBytes []byte) []byte {
|
||||
if pkBytes == nil {
|
||||
pkBytes = mustGeneratePrivateKey(t, cmapi.PKCS8)
|
||||
}
|
||||
func mustSelfSignCertificate(t *testing.T) []byte {
|
||||
pkBytes := mustGeneratePrivateKey(t, cmapi.PKCS8)
|
||||
pk, err := pki.DecodePrivateKeyBytes(pkBytes)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
@ -74,7 +72,7 @@ func mustSelfSignCertificate(t *testing.T, pkBytes []byte) []byte {
|
||||
func mustSelfSignCertificates(t *testing.T, count int) []byte {
|
||||
var buf bytes.Buffer
|
||||
for i := 0; i < count; i++ {
|
||||
buf.Write(mustSelfSignCertificate(t, nil))
|
||||
buf.Write(mustSelfSignCertificate(t))
|
||||
}
|
||||
return buf.Bytes()
|
||||
}
|
||||
@ -165,7 +163,7 @@ func TestEncodeJKSKeystore(t *testing.T) {
|
||||
password: "password",
|
||||
alias: "alias",
|
||||
rawKey: mustGeneratePrivateKey(t, cmapi.PKCS1),
|
||||
certPEM: mustSelfSignCertificate(t, nil),
|
||||
certPEM: mustSelfSignCertificate(t),
|
||||
verify: func(t *testing.T, out []byte, err error) {
|
||||
if err != nil {
|
||||
t.Errorf("expected no error but got: %v", err)
|
||||
@ -192,7 +190,7 @@ func TestEncodeJKSKeystore(t *testing.T) {
|
||||
password: "password",
|
||||
alias: "alias",
|
||||
rawKey: mustGeneratePrivateKey(t, cmapi.PKCS8),
|
||||
certPEM: mustSelfSignCertificate(t, nil),
|
||||
certPEM: mustSelfSignCertificate(t),
|
||||
verify: func(t *testing.T, out []byte, err error) {
|
||||
if err != nil {
|
||||
t.Errorf("expected no error but got: %v", err)
|
||||
@ -217,8 +215,8 @@ func TestEncodeJKSKeystore(t *testing.T) {
|
||||
password: "password",
|
||||
alias: "alias",
|
||||
rawKey: mustGeneratePrivateKey(t, cmapi.PKCS8),
|
||||
certPEM: mustSelfSignCertificate(t, nil),
|
||||
caPEM: mustSelfSignCertificate(t, nil),
|
||||
certPEM: mustSelfSignCertificate(t),
|
||||
caPEM: mustSelfSignCertificate(t),
|
||||
verify: func(t *testing.T, out []byte, err error) {
|
||||
if err != nil {
|
||||
t.Errorf("expected no error but got: %v", err)
|
||||
@ -242,7 +240,7 @@ func TestEncodeJKSKeystore(t *testing.T) {
|
||||
password: "password",
|
||||
alias: "alias",
|
||||
rawKey: mustGeneratePrivateKey(t, cmapi.PKCS8),
|
||||
certPEM: mustSelfSignCertificate(t, nil),
|
||||
certPEM: mustSelfSignCertificate(t),
|
||||
caPEM: mustSelfSignCertificates(t, 3),
|
||||
verify: func(t *testing.T, out []byte, err error) {
|
||||
if err != nil {
|
||||
@ -356,7 +354,7 @@ func TestEncodePKCS12Keystore(t *testing.T) {
|
||||
"encode a JKS bundle for a PKCS1 key and certificate only": {
|
||||
password: "password",
|
||||
rawKey: mustGeneratePrivateKey(t, cmapi.PKCS1),
|
||||
certPEM: mustSelfSignCertificate(t, nil),
|
||||
certPEM: mustSelfSignCertificate(t),
|
||||
verify: func(t *testing.T, out []byte, err error) {
|
||||
if err != nil {
|
||||
t.Errorf("expected no error but got: %v", err)
|
||||
@ -377,7 +375,7 @@ func TestEncodePKCS12Keystore(t *testing.T) {
|
||||
"encode a JKS bundle for a PKCS8 key and certificate only": {
|
||||
password: "password",
|
||||
rawKey: mustGeneratePrivateKey(t, cmapi.PKCS8),
|
||||
certPEM: mustSelfSignCertificate(t, nil),
|
||||
certPEM: mustSelfSignCertificate(t),
|
||||
verify: func(t *testing.T, out []byte, err error) {
|
||||
if err != nil {
|
||||
t.Errorf("expected no error but got: %v", err)
|
||||
@ -398,8 +396,8 @@ func TestEncodePKCS12Keystore(t *testing.T) {
|
||||
"encode a JKS bundle for a key, certificate and ca": {
|
||||
password: "password",
|
||||
rawKey: mustGeneratePrivateKey(t, cmapi.PKCS8),
|
||||
certPEM: mustSelfSignCertificate(t, nil),
|
||||
caPEM: mustSelfSignCertificate(t, nil),
|
||||
certPEM: mustSelfSignCertificate(t),
|
||||
caPEM: mustSelfSignCertificate(t),
|
||||
verify: func(t *testing.T, out []byte, err error) {
|
||||
if err != nil {
|
||||
t.Errorf("expected no error but got: %v", err)
|
||||
@ -450,7 +448,7 @@ func TestEncodePKCS12Keystore(t *testing.T) {
|
||||
})
|
||||
t.Run("encodePKCS12Keystore *prepends* non-leaf certificates to the supplied CA certificate chain", func(t *testing.T) {
|
||||
const password = "password"
|
||||
caChainInPEM := mustSelfSignCertificate(t, nil)
|
||||
caChainInPEM := mustSelfSignCertificate(t)
|
||||
caChainIn, err := pki.DecodeX509CertificateChainBytes(caChainInPEM)
|
||||
require.NoError(t, err)
|
||||
|
||||
@ -534,8 +532,8 @@ func TestEncodePKCS12Truststore(t *testing.T) {
|
||||
|
||||
func TestManyPasswordLengths(t *testing.T) {
|
||||
rawKey := mustGeneratePrivateKey(t, cmapi.PKCS8)
|
||||
certPEM := mustSelfSignCertificate(t, nil)
|
||||
caPEM := mustSelfSignCertificate(t, nil)
|
||||
certPEM := mustSelfSignCertificate(t)
|
||||
caPEM := mustSelfSignCertificate(t)
|
||||
|
||||
const testN = 10000
|
||||
|
||||
|
||||
@ -86,7 +86,7 @@ func NewSecretsManager(
|
||||
// If the Secret resource does not exist, it will be created on Apply.
|
||||
// UpdateData will also update deprecated annotations if they exist.
|
||||
func (s *SecretsManager) UpdateData(ctx context.Context, crt *cmapi.Certificate, data SecretData) error {
|
||||
secret, err := s.getCertificateSecret(ctx, crt)
|
||||
secret, err := s.getCertificateSecret(crt)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@ -207,7 +207,7 @@ func (s *SecretsManager) setValues(crt *cmapi.Certificate, secret *corev1.Secret
|
||||
|
||||
// getCertificateSecret will return a secret which is ready for fields to be
|
||||
// applied. Only the Secret Type will be persisted from the original Secret.
|
||||
func (s *SecretsManager) getCertificateSecret(ctx context.Context, crt *cmapi.Certificate) (*corev1.Secret, error) {
|
||||
func (s *SecretsManager) getCertificateSecret(crt *cmapi.Certificate) (*corev1.Secret, error) {
|
||||
// Get existing secret if it exists.
|
||||
existingSecret, err := s.secretLister.Secrets(crt.Namespace).Get(crt.Spec.SecretName)
|
||||
|
||||
|
||||
@ -865,7 +865,7 @@ func Test_getCertificateSecret(t *testing.T) {
|
||||
builder.Start()
|
||||
defer builder.Stop()
|
||||
|
||||
gotSecret, err := s.getCertificateSecret(context.Background(), crt)
|
||||
gotSecret, err := s.getCertificateSecret(crt)
|
||||
assert.NoError(t, err)
|
||||
|
||||
assert.Equal(t, test.expSecret, gotSecret, "unexpected returned secret")
|
||||
|
||||
@ -75,10 +75,6 @@ func NewController(ctx *controllerpkg.Context) (*controller, workqueue.RateLimit
|
||||
}
|
||||
|
||||
func (c *controller) ProcessItem(ctx context.Context, key string) error {
|
||||
// Set context deadline for full sync in 10 seconds
|
||||
ctx, cancel := context.WithTimeout(ctx, time.Second*10)
|
||||
defer cancel()
|
||||
|
||||
namespace, name, err := cache.SplitMetaNamespaceKey(key)
|
||||
if err != nil {
|
||||
return nil
|
||||
@ -95,7 +91,7 @@ func (c *controller) ProcessItem(ctx context.Context, key string) error {
|
||||
}
|
||||
|
||||
// Update that Certificates metrics
|
||||
c.metrics.UpdateCertificate(ctx, crt)
|
||||
c.metrics.UpdateCertificate(crt)
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
@ -43,8 +43,8 @@ import (
|
||||
"github.com/cert-manager/cert-manager/test/unit/gen"
|
||||
)
|
||||
|
||||
func mustGenerateRSA(t *testing.T, keySize int) []byte {
|
||||
pk, err := pki.GenerateRSAPrivateKey(keySize)
|
||||
func mustGenerateRSA(t *testing.T) []byte {
|
||||
pk, err := pki.GenerateRSAPrivateKey(2048)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
@ -293,7 +293,7 @@ func TestProcessItem(t *testing.T) {
|
||||
secrets: []runtime.Object{
|
||||
&corev1.Secret{
|
||||
ObjectMeta: metav1.ObjectMeta{Namespace: "testns", Name: "exists"},
|
||||
Data: map[string][]byte{corev1.TLSPrivateKeyKey: mustGenerateRSA(t, 2048)},
|
||||
Data: map[string][]byte{corev1.TLSPrivateKeyKey: mustGenerateRSA(t)},
|
||||
},
|
||||
},
|
||||
certificate: gen.CertificateFrom(bundle1.certificate,
|
||||
@ -326,7 +326,7 @@ func TestProcessItem(t *testing.T) {
|
||||
secrets: []runtime.Object{
|
||||
&corev1.Secret{
|
||||
ObjectMeta: metav1.ObjectMeta{Namespace: "testns", Name: "exists"},
|
||||
Data: map[string][]byte{corev1.TLSPrivateKeyKey: mustGenerateRSA(t, 2048)},
|
||||
Data: map[string][]byte{corev1.TLSPrivateKeyKey: mustGenerateRSA(t)},
|
||||
},
|
||||
},
|
||||
certificate: gen.CertificateFrom(bundle1.certificate,
|
||||
@ -414,7 +414,7 @@ func TestProcessItem(t *testing.T) {
|
||||
secrets: []runtime.Object{
|
||||
&corev1.Secret{
|
||||
ObjectMeta: metav1.ObjectMeta{Namespace: "testns", Name: "exists"},
|
||||
Data: map[string][]byte{corev1.TLSPrivateKeyKey: mustGenerateRSA(t, 2048)},
|
||||
Data: map[string][]byte{corev1.TLSPrivateKeyKey: mustGenerateRSA(t)},
|
||||
},
|
||||
},
|
||||
certificate: gen.CertificateFrom(bundle1.certificate,
|
||||
@ -453,7 +453,7 @@ func TestProcessItem(t *testing.T) {
|
||||
secrets: []runtime.Object{
|
||||
&corev1.Secret{
|
||||
ObjectMeta: metav1.ObjectMeta{Namespace: "testns", Name: "exists"},
|
||||
Data: map[string][]byte{corev1.TLSPrivateKeyKey: mustGenerateRSA(t, 2048)},
|
||||
Data: map[string][]byte{corev1.TLSPrivateKeyKey: mustGenerateRSA(t)},
|
||||
},
|
||||
},
|
||||
certificate: gen.CertificateFrom(bundle1.certificate,
|
||||
@ -538,7 +538,7 @@ func TestProcessItem(t *testing.T) {
|
||||
secrets: []runtime.Object{
|
||||
&corev1.Secret{
|
||||
ObjectMeta: metav1.ObjectMeta{Namespace: "testns", Name: "exists"},
|
||||
Data: map[string][]byte{corev1.TLSPrivateKeyKey: mustGenerateRSA(t, 2048)},
|
||||
Data: map[string][]byte{corev1.TLSPrivateKeyKey: mustGenerateRSA(t)},
|
||||
},
|
||||
},
|
||||
certificate: gen.CertificateFrom(bundle1.certificate,
|
||||
|
||||
@ -40,7 +40,6 @@ import (
|
||||
venafiapi "github.com/cert-manager/cert-manager/pkg/issuer/venafi/client/api"
|
||||
logf "github.com/cert-manager/cert-manager/pkg/logs"
|
||||
"github.com/cert-manager/cert-manager/pkg/metrics"
|
||||
"github.com/cert-manager/cert-manager/pkg/util/pki"
|
||||
utilpki "github.com/cert-manager/cert-manager/pkg/util/pki"
|
||||
)
|
||||
|
||||
@ -130,16 +129,6 @@ func (v *Venafi) Sign(ctx context.Context, csr *certificatesv1.CertificateSignin
|
||||
}
|
||||
}
|
||||
|
||||
duration, err := pki.DurationFromCertificateSigningRequest(csr)
|
||||
if err != nil {
|
||||
message := fmt.Sprintf("Failed to parse requested duration: %s", err)
|
||||
log.Error(err, message)
|
||||
v.recorder.Event(csr, corev1.EventTypeWarning, "ErrorParseDuration", message)
|
||||
util.CertificateSigningRequestSetFailed(csr, "ErrorParseDuration", message)
|
||||
_, userr := util.UpdateOrApplyStatus(ctx, v.certClient, csr, certificatesv1.CertificateFailed, v.fieldManager)
|
||||
return userr
|
||||
}
|
||||
|
||||
// The signing process with Venafi is slow. The "pickupID" allows us to track
|
||||
// the progress of the certificate signing. It is set as an annotation the
|
||||
// first time the Certificate is reconciled.
|
||||
@ -147,7 +136,7 @@ func (v *Venafi) Sign(ctx context.Context, csr *certificatesv1.CertificateSignin
|
||||
|
||||
// check if the pickup ID annotation is there, if not set it up.
|
||||
if len(pickupID) == 0 {
|
||||
pickupID, err := client.RequestCertificate(csr.Spec.Request, duration, customFields)
|
||||
pickupID, err := client.RequestCertificate(csr.Spec.Request, customFields)
|
||||
// Check some known error types
|
||||
if err != nil {
|
||||
switch err.(type) {
|
||||
@ -177,7 +166,7 @@ func (v *Venafi) Sign(ctx context.Context, csr *certificatesv1.CertificateSignin
|
||||
return uerr
|
||||
}
|
||||
|
||||
certPem, err := client.RetrieveCertificate(pickupID, csr.Spec.Request, duration, customFields)
|
||||
certPem, err := client.RetrieveCertificate(pickupID, csr.Spec.Request, customFields)
|
||||
if err != nil {
|
||||
switch err.(type) {
|
||||
case endpoint.ErrCertificatePending:
|
||||
|
||||
@ -390,7 +390,7 @@ func TestProcessItem(t *testing.T) {
|
||||
),
|
||||
clientBuilder: func(_ string, _ internalinformers.SecretLister, _ cmapi.GenericIssuer, _ *metrics.Metrics, _ logr.Logger, _ string) (venaficlient.Interface, error) {
|
||||
return &fakevenaficlient.Venafi{
|
||||
RequestCertificateFn: func(_ []byte, _ time.Duration, _ []venafiapi.CustomField) (string, error) {
|
||||
RequestCertificateFn: func(_ []byte, _ []venafiapi.CustomField) (string, error) {
|
||||
return "", venaficlient.ErrCustomFieldsType{Type: "test-type"}
|
||||
},
|
||||
}, nil
|
||||
@ -461,7 +461,7 @@ func TestProcessItem(t *testing.T) {
|
||||
),
|
||||
clientBuilder: func(_ string, _ internalinformers.SecretLister, _ cmapi.GenericIssuer, _ *metrics.Metrics, _ logr.Logger, _ string) (venaficlient.Interface, error) {
|
||||
return &fakevenaficlient.Venafi{
|
||||
RequestCertificateFn: func(_ []byte, _ time.Duration, _ []venafiapi.CustomField) (string, error) {
|
||||
RequestCertificateFn: func(_ []byte, _ []venafiapi.CustomField) (string, error) {
|
||||
return "", errors.New("generic error")
|
||||
},
|
||||
}, nil
|
||||
@ -532,7 +532,7 @@ func TestProcessItem(t *testing.T) {
|
||||
),
|
||||
clientBuilder: func(_ string, _ internalinformers.SecretLister, _ cmapi.GenericIssuer, _ *metrics.Metrics, _ logr.Logger, _ string) (venaficlient.Interface, error) {
|
||||
return &fakevenaficlient.Venafi{
|
||||
RequestCertificateFn: func(_ []byte, _ time.Duration, _ []venafiapi.CustomField) (string, error) {
|
||||
RequestCertificateFn: func(_ []byte, _ []venafiapi.CustomField) (string, error) {
|
||||
return "test-pickup-id", nil
|
||||
},
|
||||
}, nil
|
||||
@ -594,7 +594,7 @@ func TestProcessItem(t *testing.T) {
|
||||
),
|
||||
clientBuilder: func(_ string, _ internalinformers.SecretLister, _ cmapi.GenericIssuer, _ *metrics.Metrics, _ logr.Logger, _ string) (venaficlient.Interface, error) {
|
||||
return &fakevenaficlient.Venafi{
|
||||
RetrieveCertificateFn: func(_ string, _ []byte, _ time.Duration, _ []venafiapi.CustomField) ([]byte, error) {
|
||||
RetrieveCertificateFn: func(_ string, _ []byte, _ []venafiapi.CustomField) ([]byte, error) {
|
||||
return nil, endpoint.ErrCertificatePending{}
|
||||
},
|
||||
}, nil
|
||||
@ -645,7 +645,7 @@ func TestProcessItem(t *testing.T) {
|
||||
),
|
||||
clientBuilder: func(_ string, _ internalinformers.SecretLister, _ cmapi.GenericIssuer, _ *metrics.Metrics, _ logr.Logger, _ string) (venaficlient.Interface, error) {
|
||||
return &fakevenaficlient.Venafi{
|
||||
RetrieveCertificateFn: func(_ string, _ []byte, _ time.Duration, _ []venafiapi.CustomField) ([]byte, error) {
|
||||
RetrieveCertificateFn: func(_ string, _ []byte, _ []venafiapi.CustomField) ([]byte, error) {
|
||||
return nil, endpoint.ErrRetrieveCertificateTimeout{}
|
||||
},
|
||||
}, nil
|
||||
@ -696,7 +696,7 @@ func TestProcessItem(t *testing.T) {
|
||||
),
|
||||
clientBuilder: func(_ string, _ internalinformers.SecretLister, _ cmapi.GenericIssuer, _ *metrics.Metrics, _ logr.Logger, _ string) (venaficlient.Interface, error) {
|
||||
return &fakevenaficlient.Venafi{
|
||||
RetrieveCertificateFn: func(_ string, _ []byte, _ time.Duration, _ []venafiapi.CustomField) ([]byte, error) {
|
||||
RetrieveCertificateFn: func(_ string, _ []byte, _ []venafiapi.CustomField) ([]byte, error) {
|
||||
return nil, errors.New("generic error")
|
||||
},
|
||||
}, nil
|
||||
@ -747,7 +747,7 @@ func TestProcessItem(t *testing.T) {
|
||||
),
|
||||
clientBuilder: func(_ string, _ internalinformers.SecretLister, _ cmapi.GenericIssuer, _ *metrics.Metrics, _ logr.Logger, _ string) (venaficlient.Interface, error) {
|
||||
return &fakevenaficlient.Venafi{
|
||||
RetrieveCertificateFn: func(_ string, _ []byte, _ time.Duration, _ []venafiapi.CustomField) ([]byte, error) {
|
||||
RetrieveCertificateFn: func(_ string, _ []byte, _ []venafiapi.CustomField) ([]byte, error) {
|
||||
return []byte("garbage"), nil
|
||||
},
|
||||
}, nil
|
||||
@ -820,7 +820,7 @@ func TestProcessItem(t *testing.T) {
|
||||
),
|
||||
clientBuilder: func(_ string, _ internalinformers.SecretLister, _ cmapi.GenericIssuer, _ *metrics.Metrics, _ logr.Logger, _ string) (venaficlient.Interface, error) {
|
||||
return &fakevenaficlient.Venafi{
|
||||
RetrieveCertificateFn: func(_ string, _ []byte, _ time.Duration, _ []venafiapi.CustomField) ([]byte, error) {
|
||||
RetrieveCertificateFn: func(_ string, _ []byte, _ []venafiapi.CustomField) ([]byte, error) {
|
||||
return []byte(fmt.Sprintf("%s%s", certBundle.ChainPEM, certBundle.CAPEM)), nil
|
||||
},
|
||||
}, nil
|
||||
|
||||
@ -36,11 +36,11 @@ import (
|
||||
"github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/util"
|
||||
)
|
||||
|
||||
func newIssuer(name, namespace string) *v1.Issuer {
|
||||
func newIssuer() *v1.Issuer {
|
||||
return &v1.Issuer{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: name,
|
||||
Namespace: namespace,
|
||||
Name: "test",
|
||||
Namespace: "default",
|
||||
},
|
||||
Spec: v1.IssuerSpec{
|
||||
IssuerConfig: v1.IssuerConfig{
|
||||
@ -50,11 +50,11 @@ func newIssuer(name, namespace string) *v1.Issuer {
|
||||
}
|
||||
}
|
||||
|
||||
func newSecret(name, namespace string, data map[string][]byte) *corev1.Secret {
|
||||
func newSecret(name string, data map[string][]byte) *corev1.Secret {
|
||||
return &corev1.Secret{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: name,
|
||||
Namespace: namespace,
|
||||
Namespace: "default",
|
||||
},
|
||||
Data: data,
|
||||
}
|
||||
@ -71,12 +71,12 @@ func TestSolverFor(t *testing.T) {
|
||||
solverFixture: &solverFixture{
|
||||
Builder: &test.Builder{
|
||||
KubeObjects: []runtime.Object{
|
||||
newSecret("cloudflare-key", "default", map[string][]byte{
|
||||
newSecret("cloudflare-key", map[string][]byte{
|
||||
"api-key": []byte("a-cloudflare-api-key"),
|
||||
}),
|
||||
},
|
||||
},
|
||||
Issuer: newIssuer("test", "default"),
|
||||
Issuer: newIssuer(),
|
||||
Challenge: &cmacme.Challenge{
|
||||
Spec: cmacme.ChallengeSpec{
|
||||
Solver: cmacme.ACMEChallengeSolver{
|
||||
@ -102,12 +102,12 @@ func TestSolverFor(t *testing.T) {
|
||||
solverFixture: &solverFixture{
|
||||
Builder: &test.Builder{
|
||||
KubeObjects: []runtime.Object{
|
||||
newSecret("cloudflare-token", "default", map[string][]byte{
|
||||
newSecret("cloudflare-token", map[string][]byte{
|
||||
"api-token": []byte("a-cloudflare-api-token"),
|
||||
}),
|
||||
},
|
||||
},
|
||||
Issuer: newIssuer("test", "default"),
|
||||
Issuer: newIssuer(),
|
||||
Challenge: &cmacme.Challenge{
|
||||
Spec: cmacme.ChallengeSpec{
|
||||
Solver: cmacme.ACMEChallengeSolver{
|
||||
@ -131,7 +131,7 @@ func TestSolverFor(t *testing.T) {
|
||||
},
|
||||
"fails to load a cloudflare provider with a missing secret": {
|
||||
solverFixture: &solverFixture{
|
||||
Issuer: newIssuer("test", "default"),
|
||||
Issuer: newIssuer(),
|
||||
// don't include any secrets in the lister
|
||||
Challenge: &cmacme.Challenge{
|
||||
Spec: cmacme.ChallengeSpec{
|
||||
@ -156,7 +156,7 @@ func TestSolverFor(t *testing.T) {
|
||||
},
|
||||
"fails to load a cloudflare provider when key and token are provided": {
|
||||
solverFixture: &solverFixture{
|
||||
Issuer: newIssuer("test", "default"),
|
||||
Issuer: newIssuer(),
|
||||
// don't include any secrets in the lister
|
||||
Challenge: &cmacme.Challenge{
|
||||
Spec: cmacme.ChallengeSpec{
|
||||
@ -189,12 +189,12 @@ func TestSolverFor(t *testing.T) {
|
||||
solverFixture: &solverFixture{
|
||||
Builder: &test.Builder{
|
||||
KubeObjects: []runtime.Object{
|
||||
newSecret("cloudflare-key", "default", map[string][]byte{
|
||||
newSecret("cloudflare-key", map[string][]byte{
|
||||
"api-key-oops": []byte("a-cloudflare-api-key"),
|
||||
}),
|
||||
},
|
||||
},
|
||||
Issuer: newIssuer("test", "default"),
|
||||
Issuer: newIssuer(),
|
||||
Challenge: &cmacme.Challenge{
|
||||
Spec: cmacme.ChallengeSpec{
|
||||
Solver: cmacme.ACMEChallengeSolver{
|
||||
@ -220,12 +220,12 @@ func TestSolverFor(t *testing.T) {
|
||||
solverFixture: &solverFixture{
|
||||
Builder: &test.Builder{
|
||||
KubeObjects: []runtime.Object{
|
||||
newSecret("cloudflare-token", "default", map[string][]byte{
|
||||
newSecret("cloudflare-token", map[string][]byte{
|
||||
"api-key-oops": []byte("a-cloudflare-api-token"),
|
||||
}),
|
||||
},
|
||||
},
|
||||
Issuer: newIssuer("test", "default"),
|
||||
Issuer: newIssuer(),
|
||||
Challenge: &cmacme.Challenge{
|
||||
Spec: cmacme.ChallengeSpec{
|
||||
Solver: cmacme.ACMEChallengeSolver{
|
||||
@ -251,12 +251,12 @@ func TestSolverFor(t *testing.T) {
|
||||
solverFixture: &solverFixture{
|
||||
Builder: &test.Builder{
|
||||
KubeObjects: []runtime.Object{
|
||||
newSecret("acmedns-key", "default", map[string][]byte{
|
||||
newSecret("acmedns-key", map[string][]byte{
|
||||
"acmedns.json": []byte("{}"),
|
||||
}),
|
||||
},
|
||||
},
|
||||
Issuer: newIssuer("test", "default"),
|
||||
Issuer: newIssuer(),
|
||||
Challenge: &cmacme.Challenge{
|
||||
Spec: cmacme.ChallengeSpec{
|
||||
Solver: cmacme.ACMEChallengeSolver{
|
||||
@ -305,12 +305,12 @@ func TestSolveForDigitalOcean(t *testing.T) {
|
||||
f := &solverFixture{
|
||||
Builder: &test.Builder{
|
||||
KubeObjects: []runtime.Object{
|
||||
newSecret("digitalocean", "default", map[string][]byte{
|
||||
newSecret("digitalocean", map[string][]byte{
|
||||
"token": []byte("FAKE-TOKEN"),
|
||||
}),
|
||||
},
|
||||
},
|
||||
Issuer: newIssuer("test", "default"),
|
||||
Issuer: newIssuer(),
|
||||
Challenge: &cmacme.Challenge{
|
||||
Spec: cmacme.ChallengeSpec{
|
||||
Solver: cmacme.ACMEChallengeSolver{
|
||||
@ -356,12 +356,12 @@ func TestRoute53TrimCreds(t *testing.T) {
|
||||
f := &solverFixture{
|
||||
Builder: &test.Builder{
|
||||
KubeObjects: []runtime.Object{
|
||||
newSecret("route53", "default", map[string][]byte{
|
||||
newSecret("route53", map[string][]byte{
|
||||
"secret": []byte("AKIENDINNEWLINE \n"),
|
||||
}),
|
||||
},
|
||||
},
|
||||
Issuer: newIssuer("test", "default"),
|
||||
Issuer: newIssuer(),
|
||||
Challenge: &cmacme.Challenge{
|
||||
Spec: cmacme.ChallengeSpec{
|
||||
Solver: cmacme.ACMEChallengeSolver{
|
||||
@ -408,13 +408,13 @@ func TestRoute53SecretAccessKey(t *testing.T) {
|
||||
f := &solverFixture{
|
||||
Builder: &test.Builder{
|
||||
KubeObjects: []runtime.Object{
|
||||
newSecret("route53", "default", map[string][]byte{
|
||||
newSecret("route53", map[string][]byte{
|
||||
"accessKeyID": []byte("AWSACCESSKEYID"),
|
||||
"secretAccessKey": []byte("AKIENDINNEWLINE \n"),
|
||||
}),
|
||||
},
|
||||
},
|
||||
Issuer: newIssuer("test", "default"),
|
||||
Issuer: newIssuer(),
|
||||
Challenge: &cmacme.Challenge{
|
||||
Spec: cmacme.ChallengeSpec{
|
||||
Solver: cmacme.ACMEChallengeSolver{
|
||||
@ -484,7 +484,7 @@ func TestRoute53AmbientCreds(t *testing.T) {
|
||||
},
|
||||
},
|
||||
},
|
||||
Issuer: newIssuer("test", "default"),
|
||||
Issuer: newIssuer(),
|
||||
dnsProviders: newFakeDNSProviders(),
|
||||
Challenge: &cmacme.Challenge{
|
||||
Spec: cmacme.ChallengeSpec{
|
||||
@ -517,7 +517,7 @@ func TestRoute53AmbientCreds(t *testing.T) {
|
||||
},
|
||||
},
|
||||
},
|
||||
Issuer: newIssuer("test", "default"),
|
||||
Issuer: newIssuer(),
|
||||
dnsProviders: newFakeDNSProviders(),
|
||||
Challenge: &cmacme.Challenge{
|
||||
Spec: cmacme.ChallengeSpec{
|
||||
@ -580,7 +580,7 @@ func TestRoute53AssumeRole(t *testing.T) {
|
||||
},
|
||||
},
|
||||
},
|
||||
Issuer: newIssuer("test", "default"),
|
||||
Issuer: newIssuer(),
|
||||
dnsProviders: newFakeDNSProviders(),
|
||||
Challenge: &cmacme.Challenge{
|
||||
Spec: cmacme.ChallengeSpec{
|
||||
@ -614,7 +614,7 @@ func TestRoute53AssumeRole(t *testing.T) {
|
||||
},
|
||||
},
|
||||
},
|
||||
Issuer: newIssuer("test", "default"),
|
||||
Issuer: newIssuer(),
|
||||
dnsProviders: newFakeDNSProviders(),
|
||||
Challenge: &cmacme.Challenge{
|
||||
Spec: cmacme.ChallengeSpec{
|
||||
|
||||
@ -122,7 +122,7 @@ func (d *sessionProvider) GetSession() (aws.Config, error) {
|
||||
return cfg, nil
|
||||
}
|
||||
|
||||
func newSessionProvider(accessKeyID, secretAccessKey, region, role string, ambient bool, userAgent string) (*sessionProvider, error) {
|
||||
func newSessionProvider(accessKeyID, secretAccessKey, region, role string, ambient bool, userAgent string) *sessionProvider {
|
||||
return &sessionProvider{
|
||||
AccessKeyID: accessKeyID,
|
||||
SecretAccessKey: secretAccessKey,
|
||||
@ -132,7 +132,7 @@ func newSessionProvider(accessKeyID, secretAccessKey, region, role string, ambie
|
||||
StsProvider: defaultSTSProvider,
|
||||
log: logf.Log.WithName("route53-session-provider"),
|
||||
userAgent: userAgent,
|
||||
}, nil
|
||||
}
|
||||
}
|
||||
|
||||
func defaultSTSProvider(cfg aws.Config) StsClient {
|
||||
@ -147,10 +147,7 @@ func NewDNSProvider(accessKeyID, secretAccessKey, hostedZoneID, region, role str
|
||||
dns01Nameservers []string,
|
||||
userAgent string,
|
||||
) (*DNSProvider, error) {
|
||||
provider, err := newSessionProvider(accessKeyID, secretAccessKey, region, role, ambient, userAgent)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
provider := newSessionProvider(accessKeyID, secretAccessKey, region, role, ambient, userAgent)
|
||||
|
||||
cfg, err := provider.GetSession()
|
||||
if err != nil {
|
||||
|
||||
@ -251,10 +251,9 @@ func TestAssumeRole(t *testing.T) {
|
||||
|
||||
for _, c := range cases {
|
||||
t.Run(c.name, func(t *testing.T) {
|
||||
provider, err := makeMockSessionProvider(func(aws.Config) StsClient {
|
||||
provider := makeMockSessionProvider(func(aws.Config) StsClient {
|
||||
return c.mockSTS
|
||||
}, c.key, c.secret, c.region, c.role, c.ambient)
|
||||
assert.NoError(t, err)
|
||||
cfg, err := provider.GetSession()
|
||||
if c.expErr {
|
||||
assert.NotNil(t, err)
|
||||
@ -287,7 +286,7 @@ func makeMockSessionProvider(
|
||||
defaultSTSProvider func(aws.Config) StsClient,
|
||||
accessKeyID, secretAccessKey, region, role string,
|
||||
ambient bool,
|
||||
) (*sessionProvider, error) {
|
||||
) *sessionProvider {
|
||||
return &sessionProvider{
|
||||
AccessKeyID: accessKeyID,
|
||||
SecretAccessKey: secretAccessKey,
|
||||
@ -296,7 +295,7 @@ func makeMockSessionProvider(
|
||||
Role: role,
|
||||
StsProvider: defaultSTSProvider,
|
||||
log: logf.Log.WithName("route53-session"),
|
||||
}, nil
|
||||
}
|
||||
}
|
||||
|
||||
func Test_removeReqID(t *testing.T) {
|
||||
|
||||
@ -17,8 +17,6 @@ limitations under the License.
|
||||
package fake
|
||||
|
||||
import (
|
||||
"time"
|
||||
|
||||
"github.com/Venafi/vcert/v5/pkg/endpoint"
|
||||
|
||||
"github.com/cert-manager/cert-manager/pkg/issuer/venafi/client/api"
|
||||
@ -26,8 +24,8 @@ import (
|
||||
|
||||
type Venafi struct {
|
||||
PingFn func() error
|
||||
RequestCertificateFn func(csrPEM []byte, duration time.Duration, customFields []api.CustomField) (string, error)
|
||||
RetrieveCertificateFn func(pickupID string, csrPEM []byte, duration time.Duration, customFields []api.CustomField) ([]byte, error)
|
||||
RequestCertificateFn func(csrPEM []byte, customFields []api.CustomField) (string, error)
|
||||
RetrieveCertificateFn func(pickupID string, csrPEM []byte, customFields []api.CustomField) ([]byte, error)
|
||||
ReadZoneConfigurationFn func() (*endpoint.ZoneConfiguration, error)
|
||||
VerifyCredentialsFn func() error
|
||||
}
|
||||
@ -36,12 +34,12 @@ func (v *Venafi) Ping() error {
|
||||
return v.PingFn()
|
||||
}
|
||||
|
||||
func (v *Venafi) RequestCertificate(csrPEM []byte, duration time.Duration, customFields []api.CustomField) (string, error) {
|
||||
return v.RequestCertificateFn(csrPEM, duration, customFields)
|
||||
func (v *Venafi) RequestCertificate(csrPEM []byte, customFields []api.CustomField) (string, error) {
|
||||
return v.RequestCertificateFn(csrPEM, customFields)
|
||||
}
|
||||
|
||||
func (v *Venafi) RetrieveCertificate(pickupID string, csrPEM []byte, duration time.Duration, customFields []api.CustomField) ([]byte, error) {
|
||||
return v.RetrieveCertificateFn(pickupID, csrPEM, duration, customFields)
|
||||
func (v *Venafi) RetrieveCertificate(pickupID string, csrPEM []byte, customFields []api.CustomField) ([]byte, error) {
|
||||
return v.RetrieveCertificateFn(pickupID, csrPEM, customFields)
|
||||
}
|
||||
|
||||
func (v *Venafi) ReadZoneConfiguration() (*endpoint.ZoneConfiguration, error) {
|
||||
|
||||
@ -45,8 +45,8 @@ var ErrorMissingSubject = errors.New("Certificate requests submitted to Venafi i
|
||||
// The CSR will be decoded to be validated against the zone configuration policy.
|
||||
// Upon the template being successfully defaulted and validated, the CSR will be sent, as is.
|
||||
// It will return a pickup ID which can be used with RetrieveCertificate to get the certificate
|
||||
func (v *Venafi) RequestCertificate(csrPEM []byte, duration time.Duration, customFields []api.CustomField) (string, error) {
|
||||
vreq, err := v.buildVReq(csrPEM, duration, customFields)
|
||||
func (v *Venafi) RequestCertificate(csrPEM []byte, customFields []api.CustomField) (string, error) {
|
||||
vreq, err := v.buildVReq(csrPEM, customFields)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
@ -81,8 +81,8 @@ func (v *Venafi) RequestCertificate(csrPEM []byte, duration time.Duration, custo
|
||||
return v.vcertClient.RequestCertificate(vreq)
|
||||
}
|
||||
|
||||
func (v *Venafi) RetrieveCertificate(pickupID string, csrPEM []byte, duration time.Duration, customFields []api.CustomField) ([]byte, error) {
|
||||
vreq, err := v.buildVReq(csrPEM, duration, customFields)
|
||||
func (v *Venafi) RetrieveCertificate(pickupID string, csrPEM []byte, customFields []api.CustomField) ([]byte, error) {
|
||||
vreq, err := v.buildVReq(csrPEM, customFields)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@ -103,7 +103,7 @@ func (v *Venafi) RetrieveCertificate(pickupID string, csrPEM []byte, duration ti
|
||||
return []byte(chain), nil
|
||||
}
|
||||
|
||||
func (v *Venafi) buildVReq(csrPEM []byte, duration time.Duration, customFields []api.CustomField) (*certificate.Request, error) {
|
||||
func (v *Venafi) buildVReq(csrPEM []byte, customFields []api.CustomField) (*certificate.Request, error) {
|
||||
// Retrieve a copy of the Venafi zone.
|
||||
// This contains default values and policy control info that we can apply
|
||||
// and check against locally.
|
||||
|
||||
@ -20,7 +20,6 @@ import (
|
||||
"crypto"
|
||||
"errors"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/Venafi/vcert/v5/pkg/certificate"
|
||||
"github.com/Venafi/vcert/v5/pkg/endpoint"
|
||||
@ -215,7 +214,7 @@ func TestVenafi_RequestCertificate(t *testing.T) {
|
||||
"foo.example.com", "bar.example.com"})
|
||||
}
|
||||
|
||||
got, err := v.RequestCertificate(tt.args.csrPEM, time.Minute, tt.args.customFields)
|
||||
got, err := v.RequestCertificate(tt.args.csrPEM, tt.args.customFields)
|
||||
if (err != nil) != tt.wantErr {
|
||||
t.Errorf("RequestCertificate() error = %v, wantErr %v", err, tt.wantErr)
|
||||
return
|
||||
@ -236,7 +235,6 @@ func TestVenafi_RetrieveCertificate(t *testing.T) {
|
||||
|
||||
type args struct {
|
||||
csrPEM []byte
|
||||
duration time.Duration
|
||||
customFields []api.CustomField
|
||||
}
|
||||
tests := []struct {
|
||||
@ -280,11 +278,11 @@ func TestVenafi_RetrieveCertificate(t *testing.T) {
|
||||
// this is needed to provide the fake venafi client with a "valid" pickup id
|
||||
// testing errors in this should be done in TestVenafi_RequestCertificate
|
||||
// any error returned in these tests is a hard fail
|
||||
pickupID, err := v.RequestCertificate(tt.args.csrPEM, tt.args.duration, tt.args.customFields)
|
||||
pickupID, err := v.RequestCertificate(tt.args.csrPEM, tt.args.customFields)
|
||||
if err != nil {
|
||||
t.Errorf("RequestCertificate() should but error but got error = %v", err)
|
||||
}
|
||||
got, err := v.RetrieveCertificate(pickupID, tt.args.csrPEM, tt.args.duration, tt.args.customFields)
|
||||
got, err := v.RetrieveCertificate(pickupID, tt.args.csrPEM, tt.args.customFields)
|
||||
if (err != nil) != tt.wantErr {
|
||||
t.Errorf("RetrieveCertificate() error = %v, wantErr %v", err, tt.wantErr)
|
||||
return
|
||||
|
||||
@ -52,8 +52,8 @@ type VenafiClientBuilder func(namespace string, secretsLister internalinformers.
|
||||
|
||||
// Interface implements a Venafi client
|
||||
type Interface interface {
|
||||
RequestCertificate(csrPEM []byte, duration time.Duration, customFields []api.CustomField) (string, error)
|
||||
RetrieveCertificate(pickupID string, csrPEM []byte, duration time.Duration, customFields []api.CustomField) ([]byte, error)
|
||||
RequestCertificate(csrPEM []byte, customFields []api.CustomField) (string, error)
|
||||
RetrieveCertificate(pickupID string, csrPEM []byte, customFields []api.CustomField) ([]byte, error)
|
||||
Ping() error
|
||||
ReadZoneConfiguration() (*endpoint.ZoneConfiguration, error)
|
||||
SetClient(endpoint.Connector)
|
||||
|
||||
@ -17,33 +17,23 @@ limitations under the License.
|
||||
package metrics
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
||||
"github.com/prometheus/client_golang/prometheus"
|
||||
"k8s.io/client-go/tools/cache"
|
||||
|
||||
cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
|
||||
cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1"
|
||||
logf "github.com/cert-manager/cert-manager/pkg/logs"
|
||||
)
|
||||
|
||||
// UpdateCertificate will update the given Certificate's metrics for its expiry, renewal, and status
|
||||
// condition.
|
||||
func (m *Metrics) UpdateCertificate(ctx context.Context, crt *cmapi.Certificate) {
|
||||
key, err := cache.MetaNamespaceKeyFunc(crt)
|
||||
if err != nil {
|
||||
log := logf.WithRelatedResource(m.log, crt)
|
||||
log.Error(err, "failed to get key from certificate object")
|
||||
return
|
||||
}
|
||||
|
||||
m.updateCertificateStatus(key, crt)
|
||||
m.updateCertificateExpiry(ctx, key, crt)
|
||||
func (m *Metrics) UpdateCertificate(crt *cmapi.Certificate) {
|
||||
m.updateCertificateStatus(crt)
|
||||
m.updateCertificateExpiry(crt)
|
||||
m.updateCertificateRenewalTime(crt)
|
||||
}
|
||||
|
||||
// updateCertificateExpiry updates the expiry time of a certificate
|
||||
func (m *Metrics) updateCertificateExpiry(ctx context.Context, key string, crt *cmapi.Certificate) {
|
||||
func (m *Metrics) updateCertificateExpiry(crt *cmapi.Certificate) {
|
||||
expiryTime := 0.0
|
||||
|
||||
if crt.Status.NotAfter != nil {
|
||||
@ -76,7 +66,7 @@ func (m *Metrics) updateCertificateRenewalTime(crt *cmapi.Certificate) {
|
||||
}
|
||||
|
||||
// updateCertificateStatus will update the metric for that Certificate
|
||||
func (m *Metrics) updateCertificateStatus(key string, crt *cmapi.Certificate) {
|
||||
func (m *Metrics) updateCertificateStatus(crt *cmapi.Certificate) {
|
||||
for _, c := range crt.Status.Conditions {
|
||||
if c.Type == cmapi.CertificateConditionReady {
|
||||
m.updateCertificateReadyStatus(crt, c.Status)
|
||||
|
||||
@ -17,7 +17,6 @@ limitations under the License.
|
||||
package metrics
|
||||
|
||||
import (
|
||||
"context"
|
||||
"strings"
|
||||
"testing"
|
||||
"time"
|
||||
@ -195,7 +194,7 @@ func TestCertificateMetrics(t *testing.T) {
|
||||
for n, test := range tests {
|
||||
t.Run(n, func(t *testing.T) {
|
||||
m := New(logtesting.NewTestLogger(t), clock.RealClock{})
|
||||
m.UpdateCertificate(context.TODO(), test.crt)
|
||||
m.UpdateCertificate(test.crt)
|
||||
|
||||
if err := testutil.CollectAndCompare(m.certificateExpiryTimeSeconds,
|
||||
strings.NewReader(expiryMetadata+test.expectedExpiry),
|
||||
@ -279,9 +278,9 @@ func TestCertificateCache(t *testing.T) {
|
||||
)
|
||||
|
||||
// Observe all three Certificate metrics
|
||||
m.UpdateCertificate(context.TODO(), crt1)
|
||||
m.UpdateCertificate(context.TODO(), crt2)
|
||||
m.UpdateCertificate(context.TODO(), crt3)
|
||||
m.UpdateCertificate(crt1)
|
||||
m.UpdateCertificate(crt2)
|
||||
m.UpdateCertificate(crt3)
|
||||
|
||||
// Check all three metrics exist
|
||||
if err := testutil.CollectAndCompare(m.certificateReadyStatus,
|
||||
|
||||
@ -36,7 +36,7 @@ func TestCertificateTemplateFromCSR(t *testing.T) {
|
||||
sansGenerator := func(t *testing.T, generalNames []asn1.RawValue, critical bool) pkix.Extension {
|
||||
val, err := asn1.Marshal(generalNames)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
return pkix.Extension{
|
||||
|
||||
@ -379,7 +379,7 @@ func TestGenerateCSR(t *testing.T) {
|
||||
sansGenerator := func(t *testing.T, generalNames []asn1.RawValue, critical bool) pkix.Extension {
|
||||
val, err := asn1.Marshal(generalNames)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
return pkix.Extension{
|
||||
|
||||
@ -42,7 +42,7 @@ func TestCertificateTemplateFromCertificateSigningRequest(t *testing.T) {
|
||||
|
||||
val, err := asn1.Marshal(generalNames)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
return pkix.Extension{
|
||||
|
||||
@ -47,7 +47,7 @@ func PrivateKeyMatchesSpec(pk crypto.PrivateKey, spec cmapi.CertificateSpec) ([]
|
||||
case "", cmapi.RSAKeyAlgorithm:
|
||||
return rsaPrivateKeyMatchesSpec(pk, spec)
|
||||
case cmapi.Ed25519KeyAlgorithm:
|
||||
return ed25519PrivateKeyMatchesSpec(pk, spec)
|
||||
return ed25519PrivateKeyMatchesSpec(pk)
|
||||
case cmapi.ECDSAKeyAlgorithm:
|
||||
return ecdsaPrivateKeyMatchesSpec(pk, spec)
|
||||
default:
|
||||
@ -97,7 +97,7 @@ func ecdsaPrivateKeyMatchesSpec(pk crypto.PrivateKey, spec cmapi.CertificateSpec
|
||||
return violations, nil
|
||||
}
|
||||
|
||||
func ed25519PrivateKeyMatchesSpec(pk crypto.PrivateKey, spec cmapi.CertificateSpec) ([]string, error) {
|
||||
func ed25519PrivateKeyMatchesSpec(pk crypto.PrivateKey) ([]string, error) {
|
||||
_, ok := pk.(ed25519.PrivateKey)
|
||||
if !ok {
|
||||
return []string{"spec.privateKey.algorithm"}, nil
|
||||
|
||||
@ -129,8 +129,8 @@ func TestEqualIPsUnsorted(t *testing.T) {
|
||||
}
|
||||
|
||||
for name, spec := range specs {
|
||||
s1 := parseIPs(t, spec.s1)
|
||||
s2 := parseIPs(t, spec.s2)
|
||||
s1 := parseIPs(spec.s1)
|
||||
s2 := parseIPs(spec.s2)
|
||||
|
||||
t.Run(name, func(t *testing.T) {
|
||||
got := EqualIPsUnsorted(s1, s2)
|
||||
@ -244,7 +244,7 @@ func parseURLs(t *testing.T, urlStrs []string) []*url.URL {
|
||||
return urls
|
||||
}
|
||||
|
||||
func parseIPs(t *testing.T, ipStrs []string) []net.IP {
|
||||
func parseIPs(ipStrs []string) []net.IP {
|
||||
var ips []net.IP
|
||||
|
||||
for _, i := range ipStrs {
|
||||
|
||||
@ -287,15 +287,9 @@ func (v *Vault) Setup(cfg *config.Config, leaderData ...internal.AddonTransferab
|
||||
}
|
||||
v.details.VaultCA = vaultCA
|
||||
|
||||
v.vaultCert, v.vaultCertPrivateKey, err = generateVaultServingCert(vaultCA, vaultCAPrivateKey, dnsName)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
v.vaultCert, v.vaultCertPrivateKey = generateVaultServingCert(vaultCA, vaultCAPrivateKey, dnsName)
|
||||
|
||||
vaultClientCertificate, vaultClientPrivateKey, err := generateVaultClientCert(vaultCA, vaultCAPrivateKey)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
vaultClientCertificate, vaultClientPrivateKey := generateVaultClientCert(vaultCA, vaultCAPrivateKey)
|
||||
v.details.VaultClientCertificate = vaultClientCertificate
|
||||
v.details.VaultClientPrivateKey = vaultClientPrivateKey
|
||||
v.details.EnforceMtls = v.EnforceMtls
|
||||
@ -447,7 +441,7 @@ func (v *Vault) Logs() (map[string]string, error) {
|
||||
return v.chart.Logs()
|
||||
}
|
||||
|
||||
func generateVaultServingCert(vaultCA []byte, vaultCAPrivateKey []byte, dnsName string) ([]byte, []byte, error) {
|
||||
func generateVaultServingCert(vaultCA []byte, vaultCAPrivateKey []byte, dnsName string) ([]byte, []byte) {
|
||||
catls, _ := tls.X509KeyPair(vaultCA, vaultCAPrivateKey)
|
||||
ca, _ := x509.ParseCertificate(catls.Certificate[0])
|
||||
|
||||
@ -470,10 +464,10 @@ func generateVaultServingCert(vaultCA []byte, vaultCAPrivateKey []byte, dnsName
|
||||
privateKey, _ := rsa.GenerateKey(rand.Reader, 2048)
|
||||
certBytes, _ := x509.CreateCertificate(rand.Reader, cert, ca, &privateKey.PublicKey, catls.PrivateKey)
|
||||
|
||||
return encodePublicKey(certBytes), encodePrivateKey(privateKey), nil
|
||||
return encodePublicKey(certBytes), encodePrivateKey(privateKey)
|
||||
}
|
||||
|
||||
func generateVaultClientCert(vaultCA []byte, vaultCAPrivateKey []byte) ([]byte, []byte, error) {
|
||||
func generateVaultClientCert(vaultCA []byte, vaultCAPrivateKey []byte) ([]byte, []byte) {
|
||||
catls, _ := tls.X509KeyPair(vaultCA, vaultCAPrivateKey)
|
||||
ca, _ := x509.ParseCertificate(catls.Certificate[0])
|
||||
|
||||
@ -494,7 +488,7 @@ func generateVaultClientCert(vaultCA []byte, vaultCAPrivateKey []byte) ([]byte,
|
||||
privateKey, _ := rsa.GenerateKey(rand.Reader, 2048)
|
||||
certBytes, _ := x509.CreateCertificate(rand.Reader, cert, ca, &privateKey.PublicKey, catls.PrivateKey)
|
||||
|
||||
return encodePublicKey(certBytes), encodePrivateKey(privateKey), nil
|
||||
return encodePublicKey(certBytes), encodePrivateKey(privateKey)
|
||||
}
|
||||
|
||||
func GenerateCA() ([]byte, []byte, error) {
|
||||
|
||||
@ -28,6 +28,7 @@ import (
|
||||
crdapi "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
|
||||
crdclientset "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/util/rand"
|
||||
"k8s.io/apimachinery/pkg/util/wait"
|
||||
"k8s.io/client-go/util/retry"
|
||||
|
||||
@ -54,9 +55,10 @@ var _ = framework.CertManagerDescribe("Approval CertificateRequests", func() {
|
||||
saclient clientset.Interface
|
||||
request *cmapi.CertificateRequest
|
||||
|
||||
crd *crdapi.CustomResourceDefinition
|
||||
crdclient crdclientset.Interface
|
||||
group string
|
||||
crd *crdapi.CustomResourceDefinition
|
||||
crdclient crdclientset.Interface
|
||||
issuerKind string
|
||||
group string
|
||||
)
|
||||
|
||||
// isNotFoundError returns true if an error from the cert-manager admission
|
||||
@ -107,6 +109,7 @@ var _ = framework.CertManagerDescribe("Approval CertificateRequests", func() {
|
||||
var err error
|
||||
crdclient, err = crdclientset.NewForConfig(f.KubeClientConfig)
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
issuerKind = fmt.Sprintf("Issuer%s", rand.String(5))
|
||||
group = e2eutil.RandomSubdomain("example.io")
|
||||
|
||||
sa, err = f.KubeClientSet.CoreV1().ServiceAccounts(f.Namespace.Name).Create(context.TODO(), &corev1.ServiceAccount{
|
||||
@ -215,7 +218,7 @@ var _ = framework.CertManagerDescribe("Approval CertificateRequests", func() {
|
||||
gen.SetCertificateRequestCSR(csr),
|
||||
gen.SetCertificateRequestIssuer(cmmeta.ObjectReference{
|
||||
Name: "test-issuer",
|
||||
Kind: "Issuer",
|
||||
Kind: issuerKind,
|
||||
Group: group,
|
||||
}),
|
||||
)
|
||||
@ -240,7 +243,7 @@ var _ = framework.CertManagerDescribe("Approval CertificateRequests", func() {
|
||||
})
|
||||
|
||||
It("attempting to approve a certificate request without the approve permission should error", func() {
|
||||
createCRD(crdclient, group, "issuers", "Issuer", crdapi.NamespaceScoped)
|
||||
createCRD(crdclient, group, "issuers", issuerKind, crdapi.NamespaceScoped)
|
||||
approvedCR := request.DeepCopy()
|
||||
apiutil.SetCertificateRequestCondition(approvedCR, cmapi.CertificateRequestConditionApproved, cmmeta.ConditionTrue, "cert-manager.io", "e2e")
|
||||
err := retry.OnError(retry.DefaultBackoff, retryOnNotFound(approvedCR.Spec.IssuerRef), func() error {
|
||||
@ -251,7 +254,7 @@ var _ = framework.CertManagerDescribe("Approval CertificateRequests", func() {
|
||||
})
|
||||
|
||||
It("attempting to deny a certificate request without the approve permission should error", func() {
|
||||
createCRD(crdclient, group, "issuers", "Issuer", crdapi.NamespaceScoped)
|
||||
createCRD(crdclient, group, "issuers", issuerKind, crdapi.NamespaceScoped)
|
||||
deniedCR := request.DeepCopy()
|
||||
apiutil.SetCertificateRequestCondition(deniedCR, cmapi.CertificateRequestConditionDenied, cmmeta.ConditionTrue, "cert-manager.io", "e2e")
|
||||
err := retry.OnError(retry.DefaultBackoff, retryOnNotFound(deniedCR.Spec.IssuerRef), func() error {
|
||||
@ -293,7 +296,7 @@ var _ = framework.CertManagerDescribe("Approval CertificateRequests", func() {
|
||||
})
|
||||
|
||||
It("a service account with the approve permissions for cluster scoped issuers.example.io/* should be able to approve requests", func() {
|
||||
crd = createCRD(crdclient, group, "issuers", "Issuer", crdapi.ClusterScoped)
|
||||
crd = createCRD(crdclient, group, "issuers", issuerKind, crdapi.ClusterScoped)
|
||||
bindServiceAccountToApprove(f, sa, fmt.Sprintf("issuers.%s/*", group))
|
||||
|
||||
approvedCR, err := f.CertManagerClientSet.CertmanagerV1().CertificateRequests(f.Namespace.Name).Get(context.TODO(), request.Name, metav1.GetOptions{})
|
||||
@ -306,7 +309,7 @@ var _ = framework.CertManagerDescribe("Approval CertificateRequests", func() {
|
||||
})
|
||||
|
||||
It("a service account with the approve permissions for cluster scoped issuers.example.io/* should be able to deny requests", func() {
|
||||
crd = createCRD(crdclient, group, "issuers", "Issuer", crdapi.ClusterScoped)
|
||||
crd = createCRD(crdclient, group, "issuers", issuerKind, crdapi.ClusterScoped)
|
||||
bindServiceAccountToApprove(f, sa, fmt.Sprintf("issuers.%s/*", group))
|
||||
|
||||
deniedCR, err := f.CertManagerClientSet.CertmanagerV1().CertificateRequests(f.Namespace.Name).Get(context.TODO(), request.Name, metav1.GetOptions{})
|
||||
@ -319,7 +322,7 @@ var _ = framework.CertManagerDescribe("Approval CertificateRequests", func() {
|
||||
})
|
||||
|
||||
It("a service account with the approve permissions for cluster scoped issuers.example.io/test-issuer should be able to approve requests", func() {
|
||||
crd = createCRD(crdclient, group, "issuers", "Issuer", crdapi.ClusterScoped)
|
||||
crd = createCRD(crdclient, group, "issuers", issuerKind, crdapi.ClusterScoped)
|
||||
bindServiceAccountToApprove(f, sa, fmt.Sprintf("issuers.%s/test-issuer", group))
|
||||
|
||||
approvedCR, err := f.CertManagerClientSet.CertmanagerV1().CertificateRequests(f.Namespace.Name).Get(context.TODO(), request.Name, metav1.GetOptions{})
|
||||
@ -331,8 +334,21 @@ var _ = framework.CertManagerDescribe("Approval CertificateRequests", func() {
|
||||
})).ToNot(HaveOccurred())
|
||||
})
|
||||
|
||||
It("a service account with the approve permissions for cluster scoped clusterissuers.example.io/test-issuer should be able to approve requests", func() {
|
||||
crd = createCRD(crdclient, group, "clusterissuers", issuerKind, crdapi.ClusterScoped)
|
||||
bindServiceAccountToApprove(f, sa, fmt.Sprintf("clusterissuers.%s/test-issuer", group))
|
||||
|
||||
approvedCR, err := f.CertManagerClientSet.CertmanagerV1().CertificateRequests(f.Namespace.Name).Get(context.TODO(), request.Name, metav1.GetOptions{})
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
apiutil.SetCertificateRequestCondition(approvedCR, cmapi.CertificateRequestConditionApproved, cmmeta.ConditionTrue, "cert-manager.io", "e2e")
|
||||
Expect(retry.OnError(retry.DefaultBackoff, retryOnNotFound(approvedCR.Spec.IssuerRef), func() error {
|
||||
_, err = saclient.CertmanagerV1().CertificateRequests(f.Namespace.Name).UpdateStatus(context.TODO(), approvedCR, metav1.UpdateOptions{})
|
||||
return err
|
||||
})).ToNot(HaveOccurred())
|
||||
})
|
||||
|
||||
It("a service account with the approve permissions for cluster scoped issuers.example.io/<namespace>.test-issuer should not be able to approve requests", func() {
|
||||
crd = createCRD(crdclient, group, "issuers", "Issuer", crdapi.ClusterScoped)
|
||||
crd = createCRD(crdclient, group, "issuers", issuerKind, crdapi.ClusterScoped)
|
||||
bindServiceAccountToApprove(f, sa, fmt.Sprintf("issuers.%s/%s.test-issuer", f.Namespace.Name, group))
|
||||
|
||||
approvedCR, err := f.CertManagerClientSet.CertmanagerV1().CertificateRequests(f.Namespace.Name).Get(context.TODO(), request.Name, metav1.GetOptions{})
|
||||
@ -346,7 +362,7 @@ var _ = framework.CertManagerDescribe("Approval CertificateRequests", func() {
|
||||
})
|
||||
|
||||
It("a service account with the approve permissions for namespaced scoped issuers.example.io/<namespace>.test-issuer should be able to approve requests", func() {
|
||||
crd = createCRD(crdclient, group, "issuers", "Issuer", crdapi.NamespaceScoped)
|
||||
crd = createCRD(crdclient, group, "issuers", issuerKind, crdapi.NamespaceScoped)
|
||||
bindServiceAccountToApprove(f, sa, fmt.Sprintf("issuers.%s/%s.test-issuer", group, f.Namespace.Name))
|
||||
|
||||
approvedCR, err := f.CertManagerClientSet.CertmanagerV1().CertificateRequests(f.Namespace.Name).Get(context.TODO(), request.Name, metav1.GetOptions{})
|
||||
@ -359,7 +375,7 @@ var _ = framework.CertManagerDescribe("Approval CertificateRequests", func() {
|
||||
})
|
||||
|
||||
It("a service account with the approve permissions for namespaced scoped issuers.example.io/test-issuer should not be able to approve requests", func() {
|
||||
crd = createCRD(crdclient, group, "issuers", "Issuer", crdapi.NamespaceScoped)
|
||||
crd = createCRD(crdclient, group, "issuers", issuerKind, crdapi.NamespaceScoped)
|
||||
bindServiceAccountToApprove(f, sa, fmt.Sprintf("issuers.%s/test-issuer", group))
|
||||
|
||||
approvedCR, err := f.CertManagerClientSet.CertmanagerV1().CertificateRequests(f.Namespace.Name).Get(context.TODO(), request.Name, metav1.GetOptions{})
|
||||
@ -375,7 +391,7 @@ var _ = framework.CertManagerDescribe("Approval CertificateRequests", func() {
|
||||
//
|
||||
|
||||
It("a service account with the approve permissions for cluster scoped issuers.example.io/test-issuer should be able to deny requests", func() {
|
||||
crd = createCRD(crdclient, group, "issuers", "Issuer", crdapi.ClusterScoped)
|
||||
crd = createCRD(crdclient, group, "issuers", issuerKind, crdapi.ClusterScoped)
|
||||
bindServiceAccountToApprove(f, sa, fmt.Sprintf("issuers.%s/test-issuer", group))
|
||||
|
||||
deniedCR, err := f.CertManagerClientSet.CertmanagerV1().CertificateRequests(f.Namespace.Name).Get(context.TODO(), request.Name, metav1.GetOptions{})
|
||||
@ -388,7 +404,7 @@ var _ = framework.CertManagerDescribe("Approval CertificateRequests", func() {
|
||||
})
|
||||
|
||||
It("a service account with the approve permissions for cluster scoped issuers.example.io/<namespace>.test-issuer should not be able to deny requests", func() {
|
||||
crd = createCRD(crdclient, group, "issuers", "Issuer", crdapi.ClusterScoped)
|
||||
crd = createCRD(crdclient, group, "issuers", issuerKind, crdapi.ClusterScoped)
|
||||
bindServiceAccountToApprove(f, sa, fmt.Sprintf("issuers.%s/%s.test-issuer", f.Namespace.Name, group))
|
||||
|
||||
deniedCR, err := f.CertManagerClientSet.CertmanagerV1().CertificateRequests(f.Namespace.Name).Get(context.TODO(), request.Name, metav1.GetOptions{})
|
||||
@ -402,7 +418,7 @@ var _ = framework.CertManagerDescribe("Approval CertificateRequests", func() {
|
||||
})
|
||||
|
||||
It("a service account with the approve permissions for namespaced scoped issuers.example.io/<namespace>.test-issuer should be able to deny requests", func() {
|
||||
crd = createCRD(crdclient, group, "issuers", "Issuer", crdapi.NamespaceScoped)
|
||||
crd = createCRD(crdclient, group, "issuers", issuerKind, crdapi.NamespaceScoped)
|
||||
bindServiceAccountToApprove(f, sa, fmt.Sprintf("issuers.%s/%s.test-issuer", group, f.Namespace.Name))
|
||||
|
||||
deniedCR, err := f.CertManagerClientSet.CertmanagerV1().CertificateRequests(f.Namespace.Name).Get(context.TODO(), request.Name, metav1.GetOptions{})
|
||||
@ -415,7 +431,7 @@ var _ = framework.CertManagerDescribe("Approval CertificateRequests", func() {
|
||||
})
|
||||
|
||||
It("a service account with the approve permissions for namespaced scoped issuers.example.io/test-issuer should not be able to denied requests", func() {
|
||||
crd = createCRD(crdclient, group, "issuers", "Issuer", crdapi.NamespaceScoped)
|
||||
crd = createCRD(crdclient, group, "issuers", issuerKind, crdapi.NamespaceScoped)
|
||||
bindServiceAccountToApprove(f, sa, fmt.Sprintf("issuers.%s/test-issuer", group))
|
||||
|
||||
deniedCR, err := f.CertManagerClientSet.CertmanagerV1().CertificateRequests(f.Namespace.Name).Get(context.TODO(), request.Name, metav1.GetOptions{})
|
||||
|
||||
@ -91,7 +91,7 @@ func (v *vaultAppRoleProvisioner) createIssuer(f *framework.Framework) cmmeta.Ob
|
||||
appRoleSecretGeneratorName := "vault-approle-secret-"
|
||||
By("Creating a VaultAppRole Issuer")
|
||||
|
||||
v.vaultSecrets = v.initVault(f)
|
||||
v.vaultSecrets = v.initVault()
|
||||
|
||||
sec, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(context.TODO(), vault.NewVaultAppRoleSecret(appRoleSecretGeneratorName, v.secretID), metav1.CreateOptions{})
|
||||
Expect(err).NotTo(HaveOccurred(), "vault to store app role secret from vault")
|
||||
@ -103,7 +103,7 @@ func (v *vaultAppRoleProvisioner) createIssuer(f *framework.Framework) cmmeta.Ob
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
GenerateName: "vault-issuer-",
|
||||
},
|
||||
Spec: v.createIssuerSpec(f),
|
||||
Spec: v.createIssuerSpec(),
|
||||
}, metav1.CreateOptions{})
|
||||
Expect(err).NotTo(HaveOccurred(), "failed to create vault issuer")
|
||||
|
||||
@ -123,7 +123,7 @@ func (v *vaultAppRoleProvisioner) createClusterIssuer(f *framework.Framework) cm
|
||||
appRoleSecretGeneratorName := "vault-approle-secret-"
|
||||
By("Creating a VaultAppRole ClusterIssuer")
|
||||
|
||||
v.vaultSecrets = v.initVault(f)
|
||||
v.vaultSecrets = v.initVault()
|
||||
|
||||
sec, err := f.KubeClientSet.CoreV1().Secrets(f.Config.Addons.CertManager.ClusterResourceNamespace).Create(context.TODO(), vault.NewVaultAppRoleSecret(appRoleSecretGeneratorName, v.secretID), metav1.CreateOptions{})
|
||||
Expect(err).NotTo(HaveOccurred(), "vault to store app role secret from vault")
|
||||
@ -135,7 +135,7 @@ func (v *vaultAppRoleProvisioner) createClusterIssuer(f *framework.Framework) cm
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
GenerateName: "vault-cluster-issuer-",
|
||||
},
|
||||
Spec: v.createIssuerSpec(f),
|
||||
Spec: v.createIssuerSpec(),
|
||||
}, metav1.CreateOptions{})
|
||||
Expect(err).NotTo(HaveOccurred(), "failed to create vault issuer")
|
||||
|
||||
@ -151,7 +151,7 @@ func (v *vaultAppRoleProvisioner) createClusterIssuer(f *framework.Framework) cm
|
||||
}
|
||||
}
|
||||
|
||||
func (v *vaultAppRoleProvisioner) initVault(f *framework.Framework) *vaultSecrets {
|
||||
func (v *vaultAppRoleProvisioner) initVault() *vaultSecrets {
|
||||
By("Configuring the VaultAppRole server")
|
||||
v.setup = vault.NewVaultInitializerAppRole(
|
||||
addon.Base.Details().KubeClient,
|
||||
@ -170,7 +170,7 @@ func (v *vaultAppRoleProvisioner) initVault(f *framework.Framework) *vaultSecret
|
||||
}
|
||||
}
|
||||
|
||||
func (v *vaultAppRoleProvisioner) createIssuerSpec(f *framework.Framework) cmapi.IssuerSpec {
|
||||
func (v *vaultAppRoleProvisioner) createIssuerSpec() cmapi.IssuerSpec {
|
||||
return cmapi.IssuerSpec{
|
||||
IssuerConfig: cmapi.IssuerConfig{
|
||||
Vault: &cmapi.VaultIssuer{
|
||||
|
||||
@ -123,7 +123,7 @@ func (a *approle) createIssuer(f *framework.Framework) string {
|
||||
appRoleSecretGeneratorName := "vault-approle-secret-"
|
||||
By("Creating a VaultAppRole Issuer")
|
||||
|
||||
a.secrets = a.initVault(f)
|
||||
a.secrets = a.initVault()
|
||||
|
||||
sec, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(context.TODO(), vault.NewVaultAppRoleSecret(appRoleSecretGeneratorName, a.secretID), metav1.CreateOptions{})
|
||||
Expect(err).NotTo(HaveOccurred(), "vault to store app role secret from vault")
|
||||
@ -135,7 +135,7 @@ func (a *approle) createIssuer(f *framework.Framework) string {
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
GenerateName: "vault-issuer-",
|
||||
},
|
||||
Spec: a.createIssuerSpec(f),
|
||||
Spec: a.createIssuerSpec(),
|
||||
}, metav1.CreateOptions{})
|
||||
Expect(err).NotTo(HaveOccurred(), "failed to create vault issuer")
|
||||
|
||||
@ -151,7 +151,7 @@ func (a *approle) createClusterIssuer(f *framework.Framework) string {
|
||||
appRoleSecretGeneratorName := "vault-approle-secret-"
|
||||
By("Creating a VaultAppRole ClusterIssuer")
|
||||
|
||||
a.secrets = a.initVault(f)
|
||||
a.secrets = a.initVault()
|
||||
|
||||
sec, err := f.KubeClientSet.CoreV1().Secrets(f.Config.Addons.CertManager.ClusterResourceNamespace).Create(context.TODO(), vault.NewVaultAppRoleSecret(appRoleSecretGeneratorName, a.secretID), metav1.CreateOptions{})
|
||||
Expect(err).NotTo(HaveOccurred(), "vault to store app role secret from vault")
|
||||
@ -163,7 +163,7 @@ func (a *approle) createClusterIssuer(f *framework.Framework) string {
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
GenerateName: "vault-cluster-issuer-",
|
||||
},
|
||||
Spec: a.createIssuerSpec(f),
|
||||
Spec: a.createIssuerSpec(),
|
||||
}, metav1.CreateOptions{})
|
||||
Expect(err).NotTo(HaveOccurred(), "failed to create vault issuer")
|
||||
|
||||
@ -175,7 +175,7 @@ func (a *approle) createClusterIssuer(f *framework.Framework) string {
|
||||
return fmt.Sprintf("clusterissuers.cert-manager.io/%s", issuer.Name)
|
||||
}
|
||||
|
||||
func (a *approle) initVault(f *framework.Framework) *secrets {
|
||||
func (a *approle) initVault() *secrets {
|
||||
By("Configuring the VaultAppRole server")
|
||||
a.setup = vault.NewVaultInitializerAppRole(
|
||||
addon.Base.Details().KubeClient,
|
||||
@ -194,7 +194,7 @@ func (a *approle) initVault(f *framework.Framework) *secrets {
|
||||
}
|
||||
}
|
||||
|
||||
func (a *approle) createIssuerSpec(f *framework.Framework) cmapi.IssuerSpec {
|
||||
func (a *approle) createIssuerSpec() cmapi.IssuerSpec {
|
||||
return cmapi.IssuerSpec{
|
||||
IssuerConfig: cmapi.IssuerConfig{
|
||||
Vault: &cmapi.VaultIssuer{
|
||||
|
||||
@ -82,7 +82,7 @@ func (k *kubernetes) createIssuer(f *framework.Framework) string {
|
||||
GenerateName: "vault-issuer-",
|
||||
Namespace: f.Namespace.Name,
|
||||
},
|
||||
Spec: k.issuerSpec(f),
|
||||
Spec: k.issuerSpec(),
|
||||
}, metav1.CreateOptions{})
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
|
||||
@ -102,7 +102,7 @@ func (k *kubernetes) createClusterIssuer(f *framework.Framework) string {
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
GenerateName: "vault-issuer-",
|
||||
},
|
||||
Spec: k.issuerSpec(f),
|
||||
Spec: k.issuerSpec(),
|
||||
}, metav1.CreateOptions{})
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
|
||||
@ -150,7 +150,7 @@ func (k *kubernetes) initVault(f *framework.Framework, boundNS string) {
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
}
|
||||
|
||||
func (k *kubernetes) issuerSpec(f *framework.Framework) cmapi.IssuerSpec {
|
||||
func (k *kubernetes) issuerSpec() cmapi.IssuerSpec {
|
||||
return cmapi.IssuerSpec{
|
||||
IssuerConfig: cmapi.IssuerConfig{
|
||||
Vault: &cmapi.VaultIssuer{
|
||||
|
||||
@ -60,7 +60,7 @@ func TestTriggerController(t *testing.T) {
|
||||
// Build, instantiate and run the trigger controller.
|
||||
kubeClient, factory, cmCl, cmFactory, scheme := framework.NewClients(t, config)
|
||||
|
||||
namespace := "testns"
|
||||
namespace := "testns-trigger"
|
||||
|
||||
// Create Namespace
|
||||
ns := &corev1.Namespace{ObjectMeta: metav1.ObjectMeta{Name: namespace}}
|
||||
@ -96,7 +96,7 @@ func TestTriggerController(t *testing.T) {
|
||||
|
||||
// Create a Certificate resource and wait for it to have the 'Issuing' condition.
|
||||
cert, err := cmCl.CertmanagerV1().Certificates(namespace).Create(ctx, &cmapi.Certificate{
|
||||
ObjectMeta: metav1.ObjectMeta{Name: "testcrt", Namespace: "testns"},
|
||||
ObjectMeta: metav1.ObjectMeta{Name: "testcrt", Namespace: namespace},
|
||||
Spec: cmapi.CertificateSpec{
|
||||
SecretName: "example",
|
||||
CommonName: "example.com",
|
||||
@ -125,7 +125,7 @@ func TestTriggerController_RenewNearExpiry(t *testing.T) {
|
||||
// Build, instantiate and run the trigger controller.
|
||||
kubeClient, factory, cmCl, cmFactory, scheme := framework.NewClients(t, config)
|
||||
|
||||
namespace := "testns"
|
||||
namespace := "testns-renew-near-expiry"
|
||||
secretName := "example"
|
||||
certName := "testcrt"
|
||||
|
||||
@ -247,7 +247,7 @@ func TestTriggerController_ExpBackoff(t *testing.T) {
|
||||
// Build, instantiate and run the trigger controller.
|
||||
kubeClient, factory, cmCl, cmFactory, scheme := framework.NewClients(t, config)
|
||||
|
||||
namespace := "testns"
|
||||
namespace := "testns-expbackoff"
|
||||
secretName := "example"
|
||||
certName := "testcrt"
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user