Updated PKCS12 API docs and corrected code formatting #3373

Signed-off-by: David Handermann <exceptionfactory@gmail.com>
2020-12-08 11:23:16 -05:00 · 2020-12-08 11:23:16 -05:00 · e9dfbb7a1a
commit e9dfbb7a1a
parent c3db3ee7cd
3 changed files with 15 additions and 7 deletions
--- a/pkg/apis/certmanager/v1/types_certificate.go
+++ b/pkg/apis/certmanager/v1/types_certificate.go
@ -279,6 +279,9 @@ type JKSKeystore struct {
 	// Secret resource, encrypted using the password stored in
 	// `passwordSecretRef`.
 	// The keystore file will only be updated upon re-issuance.
+	// A file named `truststore.jks` will also be created in the target
+	// Secret resource, encrypted using the password stored in
+	// `passwordSecretRef` containing the issuing Certificate Authority
 	Create bool `json:"create"`

 	// PasswordSecretRef is a reference to a key in a Secret resource
@ -294,6 +297,9 @@ type PKCS12Keystore struct {
 	// Secret resource, encrypted using the password stored in
 	// `passwordSecretRef`.
 	// The keystore file will only be updated upon re-issuance.
+	// A file named `truststore.p12` will also be created in the target
+	// Secret resource, encrypted using the password stored in
+	// `passwordSecretRef` containing the issuing Certificate Authority
 	Create bool `json:"create"`

 	// PasswordSecretRef is a reference to a key in a Secret resource
--- a/pkg/controller/certificates/internal/secretsmanager/keystore.go
+++ b/pkg/controller/certificates/internal/secretsmanager/keystore.go
@ -37,12 +37,14 @@ import (
 const (
 	// pkcs12SecretKey is the name of the data entry in the Secret resource
 	// used to store the p12 file.
-	pkcs12SecretKey     = "keystore.p12"
+	pkcs12SecretKey = "keystore.p12"
+	// Data Entry Name in the Secret resource for PKCS12 containing Certificate Authority
 	pkcs12TruststoreKey = "truststore.p12"

 	// jksSecretKey is the name of the data entry in the Secret resource
 	// used to store the jks file.
-	jksSecretKey     = "keystore.jks"
+	jksSecretKey = "keystore.jks"
+	// Data Entry Name in the Secret resource for JKS containing Certificate Authority
 	jksTruststoreKey = "truststore.jks"
 )

--- a/pkg/controller/certificates/internal/secretsmanager/keystore_test.go
+++ b/pkg/controller/certificates/internal/secretsmanager/keystore_test.go
@ -347,14 +347,14 @@ func TestEncodePKCS12Keystore(t *testing.T) {

 func TestEncodePKCS12Truststore(t *testing.T) {
 	tests := map[string]struct {
-		password		string
-		caPEM			[]byte
-		verify			func(t *testing.T, caPEM []byte, out []byte, err error)
-		run				func(t testing.T)
+		password string
+		caPEM    []byte
+		verify   func(t *testing.T, caPEM []byte, out []byte, err error)
+		run      func(t testing.T)
 	}{
 		"encode a PKCS12 bundle for a CA": {
 			password: "password",
-			caPEM: mustSelfSignCertificate(t, nil),
+			caPEM:    mustSelfSignCertificate(t, nil),
 			verify: func(t *testing.T, caPEM []byte, out []byte, err error) {
 				if err != nil {
 					t.Errorf("expected no error but got: %v", err)