weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #686 from kragniz/acme-config-update

Browse Source 
Update spec.acme.config field when ingress changes
This commit is contained in:
jetstack-bot 2018-06-29 10:11:06 +01:00 committed by GitHub
commit e7a2a0c618
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 191 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
pkg/controller/ingress-shim/sync.go
View File

@ -3,6 +3,7 @@ package controller
import (
"context"
"fmt"
"reflect"
"strconv"
"github.com/golang/glog"
@ -133,6 +134,10 @@ func (c *Controller) buildCertificates(ing *extv1beta1.Ingress) (new, update []*
updateCrt.Spec.SecretName = tls.SecretName
updateCrt.Spec.IssuerRef.Name = issuerName
updateCrt.Spec.IssuerRef.Kind = issuerKind
err = c.setIssuerSpecificConfig(updateCrt, issuer, ing, tls)
if err != nil {
return nil, nil, err
}
updateCrts = append(updateCrts, updateCrt)
} else {
newCrts = append(newCrts, crt)
@ -169,6 +174,20 @@ func certNeedsUpdate(a, b *v1alpha1.Certificate) bool {
return true
}
var configA, configB []v1alpha1.ACMECertificateDomainConfig
if a.Spec.ACME != nil {
configA = a.Spec.ACME.Config
}
if b.Spec.ACME != nil {
configB = b.Spec.ACME.Config
}
if !reflect.DeepEqual(configA, configB) {
return true
}
return false
}

172
pkg/controller/ingress-shim/sync_test.go
View File

@ -529,6 +529,18 @@ func TestBuildCertificates(t *testing.T) {
Name: "issuer-name",
Kind: "Issuer",
},
ACME: &v1alpha1.ACMECertificateConfig{
Config: []v1alpha1.ACMECertificateDomainConfig{
{
Domains: []string{"example.com"},
ACMESolverConfig: v1alpha1.ACMESolverConfig{
HTTP01: &v1alpha1.ACMECertificateHTTP01Config{
Ingress: "",
},
},
},
},
},
},
},
},
@ -568,6 +580,166 @@ func TestBuildCertificates(t *testing.T) {
Name: "issuer-name",
Kind: "Issuer",
},
ACME: &v1alpha1.ACMECertificateConfig{
Config: []v1alpha1.ACMECertificateDomainConfig{
{
Domains: []string{"example.com"},
ACMESolverConfig: v1alpha1.ACMESolverConfig{
HTTP01: &v1alpha1.ACMECertificateHTTP01Config{
Ingress: "",
},
},
},
},
},
},
},
},
},
{
Name: "should update a certificate's config if an incorrect Certificate exists",
Ingress: &extv1beta1.Ingress{
ObjectMeta: metav1.ObjectMeta{
Name: "ingress-name",
Namespace: "ingress-namespace",
Annotations: map[string]string{
issuerNameAnnotation: "issuer-name",
acmeIssuerChallengeTypeAnnotation: "http01",
ingressClassAnnotation: "toot-ing",
},
},
Spec: extv1beta1.IngressSpec{
TLS: []extv1beta1.IngressTLS{
{
Hosts: []string{"example.com"},
SecretName: "existing-crt",
},
},
},
},
IssuerLister: []*v1alpha1.Issuer{buildACMEIssuer("issuer-name", "ingress-namespace")},
CertificateLister: []*v1alpha1.Certificate{
{
ObjectMeta: metav1.ObjectMeta{
Name: "existing-crt",
Namespace: "ingress-namespace",
},
Spec: v1alpha1.CertificateSpec{
DNSNames: []string{"example.com"},
SecretName: "existing-crt",
IssuerRef: v1alpha1.ObjectReference{
Name: "issuer-name",
Kind: "Issuer",
},
ACME: &v1alpha1.ACMECertificateConfig{
Config: []v1alpha1.ACMECertificateDomainConfig{
{
Domains: []string{"wrong-example.com"},
ACMESolverConfig: v1alpha1.ACMESolverConfig{
HTTP01: &v1alpha1.ACMECertificateHTTP01Config{
Ingress: "wrong-ingress",
},
},
},
},
},
},
},
},
ExpectedUpdate: []*v1alpha1.Certificate{
&v1alpha1.Certificate{
ObjectMeta: metav1.ObjectMeta{
Name: "existing-crt",
Namespace: "ingress-namespace",
},
Spec: v1alpha1.CertificateSpec{
DNSNames: []string{"example.com"},
SecretName: "existing-crt",
IssuerRef: v1alpha1.ObjectReference{
Name: "issuer-name",
Kind: "Issuer",
},
ACME: &v1alpha1.ACMECertificateConfig{
Config: []v1alpha1.ACMECertificateDomainConfig{
{
Domains: []string{"example.com"},
ACMESolverConfig: v1alpha1.ACMESolverConfig{
HTTP01: &v1alpha1.ACMECertificateHTTP01Config{
Ingress: "",
IngressClass: strPtr("toot-ing"),
},
},
},
},
},
},
},
},
},
{
Name: "should update a Certificate correctly if an existing one of a different type exists",
Ingress: &extv1beta1.Ingress{
ObjectMeta: metav1.ObjectMeta{
Name: "ingress-name",
Namespace: "ingress-namespace",
Annotations: map[string]string{
issuerNameAnnotation: "issuer-name",
acmeIssuerChallengeTypeAnnotation: "http01",
ingressClassAnnotation: "toot-ing",
},
},
Spec: extv1beta1.IngressSpec{
TLS: []extv1beta1.IngressTLS{
{
Hosts: []string{"example.com"},
SecretName: "existing-crt",
},
},
},
},
IssuerLister: []*v1alpha1.Issuer{buildACMEIssuer("issuer-name", "ingress-namespace")},
CertificateLister: []*v1alpha1.Certificate{
{
ObjectMeta: metav1.ObjectMeta{
Name: "existing-crt",
Namespace: "ingress-namespace",
},
Spec: v1alpha1.CertificateSpec{
DNSNames: []string{"example.com"},
SecretName: "existing-crt",
IssuerRef: v1alpha1.ObjectReference{
Name: "issuer-name",
Kind: "Issuer",
},
},
},
},
ExpectedUpdate: []*v1alpha1.Certificate{
&v1alpha1.Certificate{
ObjectMeta: metav1.ObjectMeta{
Name: "existing-crt",
Namespace: "ingress-namespace",
},
Spec: v1alpha1.CertificateSpec{
DNSNames: []string{"example.com"},
SecretName: "existing-crt",
IssuerRef: v1alpha1.ObjectReference{
Name: "issuer-name",
Kind: "Issuer",
},
ACME: &v1alpha1.ACMECertificateConfig{
Config: []v1alpha1.ACMECertificateDomainConfig{
{
Domains: []string{"example.com"},
ACMESolverConfig: v1alpha1.ACMESolverConfig{
HTTP01: &v1alpha1.ACMECertificateHTTP01Config{
Ingress: "",
IngressClass: strPtr("toot-ing"),
},
},
},
},
},
},
},
},