Update codebase for new API group

Signed-off-by: James Munnelly <james@munnelly.eu>

pkg/controller/cainjector/sources.go

@@ -55,7 +55,7 @@ type caDataSource interface {
 }
 
 // kubeconfigDataSource reads the ca bundle provided as part of the struct
-// instantiation if it has the 'certmanager.k8s.io/inject-apiserver-ca'
+// instantiation if it has the 'cert-manager.io/inject-apiserver-ca'
 // annotation.
 type kubeconfigDataSource struct {
 	apiserverCABundle []byte
@@ -80,7 +80,7 @@ func (c *kubeconfigDataSource) ApplyTo(mgr ctrl.Manager, setup injectorSetup, bu
 }
 
 // certificateDataSource reads a CA bundle by fetching the Certificate named in
-// the 'certmanager.k8s.io/inject-ca-from' annotation in the form
+// the 'cert-manager.io/inject-ca-from' annotation in the form
 // 'namespace/name'.
 type certificateDataSource struct {
 	client client.Client
@@ -162,7 +162,7 @@ func (c *certificateDataSource) ApplyTo(mgr ctrl.Manager, setup injectorSetup, b
 }
 
 // secretDataSource reads a CA bundle from a Secret resource named using the
-// 'certmanager.k8s.io/inject-ca-from-secret' annotation in the form
+// 'cert-manager.io/inject-ca-from-secret' annotation in the form
 // 'namespace/name'.
 type secretDataSource struct {
 	client client.Client

pkg/controller/certificaterequests/selfsigned/selfsigned_test.go

@@ -165,7 +165,7 @@ func TestSign(t *testing.T) {
 	}
 
 	tests := map[string]testT{
-		"a CertificateRequest with no certmanager.k8s.io/selfsigned-private-key annotation should fail": {
+		"a CertificateRequest with no cert-manager.io/selfsigned-private-key annotation should fail": {
 			certificateRequest: gen.CertificateRequestFrom(baseCR,
 				// no annotation
 				gen.SetCertificateRequestAnnotations(map[string]string{}),
@@ -177,7 +177,7 @@ func TestSign(t *testing.T) {
 					gen.SetCertificateRequestAnnotations(map[string]string{}),
 				), baseIssuer},
 				ExpectedEvents: []string{
-					`Warning MissingAnnotation Annotation "certmanager.k8s.io/private-key-secret-name" missing or reference empty: secret name missing`,
+					`Warning MissingAnnotation Annotation "cert-manager.io/private-key-secret-name" missing or reference empty: secret name missing`,
 				},
 				ExpectedActions: []testpkg.Action{
 					testpkg.NewAction(coretesting.NewUpdateAction(
@@ -189,7 +189,7 @@ func TestSign(t *testing.T) {
 								Type:               cmapi.CertificateRequestConditionReady,
 								Status:             cmmeta.ConditionFalse,
 								Reason:             cmapi.CertificateRequestReasonFailed,
-								Message:            `Annotation "certmanager.k8s.io/private-key-secret-name" missing or reference empty: secret name missing`,
+								Message:            `Annotation "cert-manager.io/private-key-secret-name" missing or reference empty: secret name missing`,
 								LastTransitionTime: &metaFixedClockStart,
 							}),
 							gen.SetCertificateRequestFailureTime(metaFixedClockStart),
@@ -198,7 +198,7 @@ func TestSign(t *testing.T) {
 				},
 			},
 		},
-		"a CertificateRequest with a certmanager.k8s.io/private-key-secret-name annotation but empty string should fail": {
+		"a CertificateRequest with a cert-manager.io/private-key-secret-name annotation but empty string should fail": {
 			certificateRequest: gen.CertificateRequestFrom(baseCR,
 				// no data in annotation
 				gen.SetCertificateRequestAnnotations(map[string]string{cmapi.CRPrivateKeyAnnotationKey: ""}),
@@ -210,7 +210,7 @@ func TestSign(t *testing.T) {
 					gen.SetCertificateRequestAnnotations(map[string]string{cmapi.CRPrivateKeyAnnotationKey: ""}),
 				), baseIssuer},
 				ExpectedEvents: []string{
-					`Warning MissingAnnotation Annotation "certmanager.k8s.io/private-key-secret-name" missing or reference empty: secret name missing`,
+					`Warning MissingAnnotation Annotation "cert-manager.io/private-key-secret-name" missing or reference empty: secret name missing`,
 				},
 				ExpectedActions: []testpkg.Action{
 					testpkg.NewAction(coretesting.NewUpdateAction(
@@ -222,7 +222,7 @@ func TestSign(t *testing.T) {
 								Type:               cmapi.CertificateRequestConditionReady,
 								Status:             cmmeta.ConditionFalse,
 								Reason:             cmapi.CertificateRequestReasonFailed,
-								Message:            `Annotation "certmanager.k8s.io/private-key-secret-name" missing or reference empty: secret name missing`,
+								Message:            `Annotation "cert-manager.io/private-key-secret-name" missing or reference empty: secret name missing`,
 								LastTransitionTime: &metaFixedClockStart,
 							}),
 							gen.SetCertificateRequestFailureTime(metaFixedClockStart),
@@ -262,7 +262,7 @@ func TestSign(t *testing.T) {
 				KubeObjects:        []runtime.Object{invalidKeySecret},
 				CertManagerObjects: []runtime.Object{baseCR.DeepCopy(), baseIssuer},
 				ExpectedEvents: []string{
-					`Normal ErrorParsingKey Failed to get key "test-rsa-key" referenced in annotation "certmanager.k8s.io/private-key-secret-name": error decoding private key PEM block`,
+					`Normal ErrorParsingKey Failed to get key "test-rsa-key" referenced in annotation "cert-manager.io/private-key-secret-name": error decoding private key PEM block`,
 				},
 				ExpectedActions: []testpkg.Action{
 					testpkg.NewAction(coretesting.NewUpdateAction(
@@ -273,7 +273,7 @@ func TestSign(t *testing.T) {
 								Type:               cmapi.CertificateRequestConditionReady,
 								Status:             cmmeta.ConditionFalse,
 								Reason:             cmapi.CertificateRequestReasonPending,
-								Message:            `Failed to get key "test-rsa-key" referenced in annotation "certmanager.k8s.io/private-key-secret-name": error decoding private key PEM block`,
+								Message:            `Failed to get key "test-rsa-key" referenced in annotation "cert-manager.io/private-key-secret-name": error decoding private key PEM block`,
 								LastTransitionTime: &metaFixedClockStart,
 							}),
 						),

pkg/controller/certificaterequests/sync_test.go

@@ -136,10 +136,10 @@ func TestSync(t *testing.T) {
 	certECPEMExpired := generateSelfSignedCert(t, baseCR, skEC, fixedClockStart.Add(-time.Hour*13), fixedClockStart.Add(-time.Hour*12))
 
 	tests := map[string]testT{
-		"should return nil (no action) if group name if not 'certmanager.k8s.io' or ''": {
+		"should return nil (no action) if group name if not 'cert-manager.io' or ''": {
 			certificateRequest: gen.CertificateRequestFrom(baseCR,
 				gen.SetCertificateRequestIssuer(cmmeta.ObjectReference{
-					Group: "not-certmanager.k8s.io",
+					Group: "not-cert-manager.io",
 				}),
 			),
 			builder: &testpkg.Builder{
@@ -185,7 +185,7 @@ func TestSync(t *testing.T) {
 			builder: &testpkg.Builder{
 				CertManagerObjects: []runtime.Object{baseCR},
 				ExpectedEvents: []string{
-					`Normal IssuerNotFound Referenced "Issuer" not found: issuer.certmanager.k8s.io "test-issuer" not found`,
+					`Normal IssuerNotFound Referenced "Issuer" not found: issuer.cert-manager.io "test-issuer" not found`,
 				},
 				ExpectedActions: []testpkg.Action{
 					testpkg.NewAction(coretesting.NewUpdateAction(
@@ -196,7 +196,7 @@ func TestSync(t *testing.T) {
 								Type:               cmapi.CertificateRequestConditionReady,
 								Status:             cmmeta.ConditionFalse,
 								Reason:             "Pending",
-								Message:            `Referenced "Issuer" not found: issuer.certmanager.k8s.io "test-issuer" not found`,
+								Message:            `Referenced "Issuer" not found: issuer.cert-manager.io "test-issuer" not found`,
 								LastTransitionTime: &nowMetaTime,
 							}),
 						),

pkg/controller/ingress-shim/sync.go

@@ -40,17 +40,17 @@ import (
 const (
 	// editInPlaceAnnotation is used to toggle the use of ingressClass instead
 	// of ingress on the created Certificate resource
-	editInPlaceAnnotation = "certmanager.k8s.io/acme-http01-edit-in-place"
+	editInPlaceAnnotation = "acme.cert-manager.io/http01-edit-in-place"
 	// issuerNameAnnotation can be used to override the issuer specified on the
 	// created Certificate resource.
-	issuerNameAnnotation = "certmanager.k8s.io/issuer"
+	issuerNameAnnotation = "cert-manager.io/issuer"
 	// clusterIssuerNameAnnotation can be used to override the issuer specified on the
 	// created Certificate resource. The Certificate will reference the
 	// specified *ClusterIssuer* instead of normal issuer.
-	clusterIssuerNameAnnotation = "certmanager.k8s.io/cluster-issuer"
+	clusterIssuerNameAnnotation = "cert-manager.io/cluster-issuer"
 	// acmeIssuerHTTP01IngressClassAnnotation can be used to override the http01 ingressClass
 	// if the challenge type is set to http01
-	acmeIssuerHTTP01IngressClassAnnotation = "certmanager.k8s.io/acme-http01-ingress-class"
+	acmeIssuerHTTP01IngressClassAnnotation = "acme.cert-manager.io/http01-ingress-class"
 
 	ingressClassAnnotation = util.IngressKey
 )

pkg/issuer/acme/http/http.go

@@ -43,9 +43,9 @@ const (
 	// acmeSolverListenPort is the port acmesolver should listen on
 	acmeSolverListenPort = 8089
 
-	domainLabelKey               = "certmanager.k8s.io/acme-http-domain"
-	tokenLabelKey                = "certmanager.k8s.io/acme-http-token"
-	solverIdentificationLabelKey = "certmanager.k8s.io/acme-http01-solver"
+	domainLabelKey               = "acme.cert-manager.io/http-domain"
+	tokenLabelKey                = "acme.cert-manager.io/http-token"
+	solverIdentificationLabelKey = "acme.cert-manager.io/http01-solver"
 )
 
 var (

pkg/issuer/acme/http/pod_test.go

@@ -277,8 +277,8 @@ func TestMergePodObjectMetaWithPodTemplate(t *testing.T) {
 								PodTemplate: &cmacme.ACMEChallengeSolverHTTP01IngressPodTemplate{
 									ObjectMeta: metav1.ObjectMeta{
 										Labels: map[string]string{
-											"this is a":                           "label",
-											"certmanager.k8s.io/acme-http-domain": "44655555555",
+											"this is a":                        "label",
+											"acme.cert-manager.io/http-domain": "44655555555",
 										},
 										Annotations: map[string]string{
 											"sidecar.istio.io/inject": "true",
@@ -306,10 +306,10 @@ func TestMergePodObjectMetaWithPodTemplate(t *testing.T) {
 			PreFn: func(t *testing.T, s *solverFixture) {
 				resultingPod := s.Solver.buildDefaultPod(s.Challenge)
 				resultingPod.Labels = map[string]string{
-					"this is a":                             "label",
-					"certmanager.k8s.io/acme-http-domain":   "44655555555",
-					"certmanager.k8s.io/acme-http-token":    "1",
-					"certmanager.k8s.io/acme-http01-solver": "true",
+					"this is a":                          "label",
+					"acme.cert-manager.io/http-domain":   "44655555555",
+					"acme.cert-manager.io/http-token":    "1",
+					"acme.cert-manager.io/http01-solver": "true",
 				}
 				resultingPod.Annotations = map[string]string{
 					"sidecar.istio.io/inject": "true",

test/e2e/framework/addon/samplewebhook/sample/chart/example-webhook/templates/apiservice.yaml

@@ -8,7 +8,7 @@ metadata:
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
   annotations:
-    certmanager.k8s.io/inject-ca-from: "{{ .Release.Namespace }}/{{ include "example-webhook.servingCertificate" . }}"
+    cert-manager.io/inject-ca-from: "{{ .Release.Namespace }}/{{ include "example-webhook.servingCertificate" . }}"
 spec:
   group: {{ .Values.groupName }}
   groupPriorityMinimum: 1000

test/e2e/framework/addon/samplewebhook/sample/chart/example-webhook/templates/pki.yaml

@@ -1,7 +1,7 @@
 ---
 # Create a selfsigned Issuer, in order to create a root CA certificate for
 # signing webhook serving certificates
-apiVersion: certmanager.k8s.io/v1alpha2
+apiVersion: cert-manager.io/v1alpha2
 kind: Issuer
 metadata:
   name: {{ include "example-webhook.selfSignedIssuer" . }}
@@ -17,7 +17,7 @@ spec:
 ---
 
 # Generate a CA Certificate used to sign certificates for the webhook
-apiVersion: certmanager.k8s.io/v1alpha2
+apiVersion: cert-manager.io/v1alpha2
 kind: Certificate
 metadata:
   name: {{ include "example-webhook.rootCACertificate" . }}
@@ -38,7 +38,7 @@ spec:
 ---
 
 # Create an Issuer that uses the above generated CA certificate to issue certs
-apiVersion: certmanager.k8s.io/v1alpha2
+apiVersion: cert-manager.io/v1alpha2
 kind: Issuer
 metadata:
   name: {{ include "example-webhook.rootCAIssuer" . }}
@@ -55,7 +55,7 @@ spec:
 ---
 
 # Finally, generate a serving certificate for the webhook to use
-apiVersion: certmanager.k8s.io/v1alpha2
+apiVersion: cert-manager.io/v1alpha2
 kind: Certificate
 metadata:
   name: {{ include "example-webhook.servingCertificate" . }}

test/e2e/framework/util.go

@@ -98,7 +98,7 @@ func RbacClusterRoleHasAccessToResource(f *Framework, clusterRole string, verb s
 			ResourceAttributes: &authorizationv1.ResourceAttributes{
 				Namespace: f.Namespace.Name,
 				Verb:      verb,
-				Group:     "certmanager.k8s.io",
+				Group:     "cert-manager.io",
 				Resource:  resource,
 			},
 		},

test/e2e/suite/conformance/certificates/acme/acme.go

@@ -60,7 +60,7 @@ type acmeIssuerProvisioner struct {
 	tiller *tiller.Tiller
 	pebble *pebble.Pebble
 	// if setGroupName is true, the 'group name' field on the IssuerRef will be
-	// set the 'certmanager.k8s.io'.
+	// set the 'cert-manager.io'.
 	// Setting the group name will cause the new 'certificate requests' based
 	// implementation to be used, however this is not implemented for ACME yet
 	// See: https://github.com/jetstack/cert-manager/pull/1943

test/e2e/suite/issuers/acme/certificate/http01.go

@@ -288,7 +288,7 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() {
 
 		By("Creating an Ingress with the issuer name annotation set")
 		_, err := ingClient.Create(util.NewIngress(certificateSecretName, certificateSecretName, map[string]string{
-			"certmanager.k8s.io/issuer": issuerName,
+			"cert-manager.io/issuer": issuerName,
 		}, acmeIngressDomain))
 		Expect(err).NotTo(HaveOccurred())
 

test/e2e/suite/serving/cainjector.go

@@ -390,13 +390,13 @@ var _ = framework.CertManagerDescribe("CA Injector", func() {
 			someURL := "https://localhost:8675"
 			return &apiext.CustomResourceDefinition{
 				ObjectMeta: metav1.ObjectMeta{
-					Name: "objs." + namePrefix + ".testing.certmanager.k8s.io",
+					Name: "objs." + namePrefix + ".testing.cert-manager.io",
 					Annotations: map[string]string{
 						certmanager.WantInjectAnnotation: types.NamespacedName{Name: "serving-certs", Namespace: f.Namespace.Name}.String(),
 					},
 				},
 				Spec: apiext.CustomResourceDefinitionSpec{
-					Group:   namePrefix + ".testing.certmanager.k8s.io",
+					Group:   namePrefix + ".testing.cert-manager.io",
 					Version: "v1",
 					Conversion: &apiext.CustomResourceConversion{
 						Strategy: apiext.WebhookConverter,
@@ -425,7 +425,7 @@ var _ = framework.CertManagerDescribe("CA Injector", func() {
 		makeInjectable: func(namePrefix string) runtime.Object {
 			return &apireg.APIService{
 				ObjectMeta: metav1.ObjectMeta{
-					Name: "v1." + namePrefix + ".testing.certmanager.k8s.io",
+					Name: "v1." + namePrefix + ".testing.cert-manager.io",
 					Annotations: map[string]string{
 						certmanager.WantInjectAnnotation: types.NamespacedName{Name: "serving-certs", Namespace: f.Namespace.Name}.String(),
 					},
@@ -435,7 +435,7 @@ var _ = framework.CertManagerDescribe("CA Injector", func() {
 						Name:      "does-not-exit",
 						Namespace: "default",
 					},
-					Group:                namePrefix + ".testing.certmanager.k8s.io",
+					Group:                namePrefix + ".testing.cert-manager.io",
 					Version:              "v1",
 					GroupPriorityMinimum: 1,
 					VersionPriority:      1,