From e0e4f9b5ea809cbbc392611c52272f48b6b2ffbc Mon Sep 17 00:00:00 2001
From: James Munnelly <james@munnelly.eu>
Date: Fri, 11 Oct 2019 10:23:15 +0100
Subject: [PATCH] Only construct ACME client once Issuer resource is Ready

Signed-off-by: James Munnelly <james@munnelly.eu>
---
 pkg/acme/BUILD.bazel | 1 +
 pkg/acme/helper.go   | 7 +++++++
 2 files changed, 8 insertions(+)

diff --git a/pkg/acme/BUILD.bazel b/pkg/acme/BUILD.bazel
index 1d8b77397..7d5c6f829 100644
--- a/pkg/acme/BUILD.bazel
+++ b/pkg/acme/BUILD.bazel
@@ -12,6 +12,7 @@ go_library(
     deps = [
         "//pkg/acme/client:go_default_library",
         "//pkg/acme/client/middleware:go_default_library",
+        "//pkg/api/util:go_default_library",
         "//pkg/apis/acme/v1alpha2:go_default_library",
         "//pkg/apis/certmanager/v1alpha2:go_default_library",
         "//pkg/apis/meta/v1:go_default_library",
diff --git a/pkg/acme/helper.go b/pkg/acme/helper.go
index 965b53aaf..a9faeef29 100644
--- a/pkg/acme/helper.go
+++ b/pkg/acme/helper.go
@@ -22,6 +22,7 @@ import (
 	corelisters "k8s.io/client-go/listers/core/v1"
 
 	acme "github.com/jetstack/cert-manager/pkg/acme/client"
+	apiutil "github.com/jetstack/cert-manager/pkg/api/util"
 	cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1alpha2"
 	cmmeta "github.com/jetstack/cert-manager/pkg/apis/meta/v1"
 	cmerrors "github.com/jetstack/cert-manager/pkg/util/errors"
@@ -95,6 +96,12 @@ func (h *helperImpl) ClientForIssuer(iss cmapi.GenericIssuer) (acme.Interface, e
 	if acmeSpec == nil {
 		return nil, fmt.Errorf("issuer %q is not an ACME issuer. Ensure the 'acme' stanza is correctly specified on your Issuer resource", iss.GetObjectMeta().Name)
 	}
+	if !apiutil.IssuerHasCondition(iss, cmapi.IssuerCondition{
+		Type:   cmapi.IssuerConditionReady,
+		Status: cmmeta.ConditionTrue,
+	}) {
+		return nil, fmt.Errorf("issuer %q is not in a 'Ready' state. not constructing client until issuer is ready", iss.GetObjectMeta().Name)
+	}
 
 	ns := iss.GetObjectMeta().Namespace
 	if ns == "" {