weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
4,961 Commits 45 Branches 0 Tags 96 MiB
20ec95e91e
Commit Graph

860 Commits

Author SHA1 Message Date
Maël Valais
20ec95e91e DataForCertificate test: v1 -> corev1 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-03-04 17:16:15 +01:00
Maël Valais
acc3a19b62 DataForCertificate tests: use generators in test/unit/gen 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-03-04 17:16:09 +01:00
Maël Valais
20ee363366 DataForCertificate: add mock listers for certificaterequests 
At first, I tried to follow the "generator" pattern that had already
been implemented for the order and secret objects. These generators look
like:

  import (
      "github.com/jetstack/cert-manager/test/unit/listers"
  )

  fake := listers.FakeSecretListerFrom(listers.NewFakeSecretLister(),
      listers.SetFakeSecretNamespaceListerGet(nil, errors.New("not found")),
  )

The major issue I was finding with this approach is that you cannot
enforce any behavior with these fakes: no way to check (or prevent)
unwanted called, no way to check that the correct namespace was used for
the call:

  fake.Secrets("default").Get("secret-1")

which is annoying; I want to be able to check every input, output and
call numbers made to the mocked function.

So I propose a gomock-like approach. I could not use mockgen due to the
fact that (again) client-go is overly nested, which means I would have
to use quite a lot of glue code in order to use mockgen-generated mocks.

Signed-off-by: Maël Valais <mael@vls.dev>
 2021-03-04 17:15:32 +01:00
Maël Valais
b937eefbd7 DataForCertificate: unit test it 
I initially thought about using the fake clientset like anywhere else,
but this time I thought: what about trying out the hard way, i.e.,
writing all the mocking code myself?

Result: not that hard, but requires more time than just using the fake
clientset.

Signed-off-by: Maël Valais <mael@vls.dev>
 2021-03-04 17:13:19 +01:00
jetstack-bot
28fc97699e
Merge pull request #3692 from irbekrm/3666_tests_for_readiness_controller 
unit tests for readiness controller
 2021-03-04 10:41:17 +00:00
irbekrm
17b7749621 Add extra test case + better naming and comments 
joshvanl <vleeuwenjoshua@gmail.com>

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-03-03 18:39:01 +00:00
jetstack-bot
a9c672e900
Merge pull request #3699 from maelvls/ocsp-unit-test 
Add unit tests around the new ocspServers field
 2021-03-01 19:12:49 +00:00
Maël Valais
e7b3e6c4e5 PR comment: no more "return" in test code 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Irbe Krumina <irbekrm@gmail.com>
 2021-03-01 14:12:02 +01:00
irbekrm
ff2e2f6d87 Fixes typo + runs ./hack/update-all.sh 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-02-25 10:05:08 +00:00
irbekrm
9ac9a6039c Adds unit tests for readiness controller 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-02-25 09:45:55 +00:00
irbekrm
5dc63bb2e6 Refactor readiness controller for easier testing 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-02-25 09:45:04 +00:00
irbekrm
9a306e73e1 Move certificate test util functions to common location so they can be reused 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-02-25 09:40:50 +00:00
irbekrm
ad53be3138 Small refactor around policies 
Make reason values constants, rename some functions for clarity

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-02-25 09:38:17 +00:00
Maël Valais
dc4f0a34e9 PR comment: compare time.Time instead of strings 
Also removed the unused "givenNamespace"

Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Irbe Krumina <irbekrm@gmail.com>
 2021-02-25 10:28:56 +01:00
Maël Valais
e50f26fc97 PR comment: fix notAfter test case using time.Truncate 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Irbe Krumina <irbekrm@gmail.com>
 2021-02-24 15:07:54 +01:00
Maël Valais
c9dcae2313 ocspServers field: add unit test 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-02-24 11:05:59 +01:00
Lars Lehtonen
0270377f6c
pkg/controller/certificaterequests/acme: fix dropped test error 
Signed-off-by: Lars Lehtonen <lars.lehtonen@gmail.com>
 2021-02-23 18:13:37 -08:00
irbekrm
b852e97ffb Removes the deprecated renew-before-expiry flag 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-02-21 10:22:25 +00:00
jetstack-bot
35febb1717
Merge pull request #3505 from hugoboos/ocsp-server 
Add option to specify OCSP server #3497
 2021-02-05 11:27:37 +00:00
joshvanl
15536801f0 Revert ingress key usage annotation to default the same as Certificate 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-02-04 16:08:30 +00:00
Maartje Eyskens
577c039220 Implement feedback 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2021-02-04 15:11:00 +00:00
Maartje Eyskens
bfce24fd59 Fix sync tests 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2021-02-04 15:11:00 +00:00
Maartje Eyskens
8ec816814f update bazel 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2021-02-04 15:11:00 +00:00
Maartje Eyskens
bbb75ee52f Allow ingress-shim to specify key usages + add server-auth to default 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2021-02-04 15:11:00 +00:00
Maël Valais
ba22785445 Rename ocspServer to oscpServers 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: James Munnelly <james@munnelly.eu>
 2021-02-03 11:13:32 +01:00
Hugo Stijns
5f18cce622 add option to specify OCSP server 
Signed-off-by: Hugo Stijns <hugo@boosboos.net>
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-02-03 09:09:03 +01:00
irbekrm
be5ba022a9 Improves error checking in TestSync function 
Also corrects some expected error values in test cases

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-02-02 11:23:42 +00:00
irbekrm
bb99260365 Skips an invalid Ingress.spec.tls entry instead of invalidating the whole Ingress 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-02-01 19:32:36 +00:00
Richard Wall
50a388a8a1 Fix unit tests 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-01-20 14:26:43 +00:00
Richard Wall
95d26b7c60 Extract the CA from Venafi response 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-01-20 14:14:48 +00:00
Matt Turner
44f69ce015 Minor log message clarification 
Supplying just a name, rather than a namespace/name, for a cainjector
source reference, results in the generic error message "invalid
certificate name". This condition is detected on its own branch so we
can be more specific.

Signed-off-by: Matt Turner <matturner@gmail.com>
 2021-01-07 19:21:11 +00:00
jetstack-bot
f19a5e6402
Merge pull request #3463 from wallrj/2667-acme-stalled-orders 
Wait for order-controller to add certificate data to the Order
 2020-12-17 16:30:41 +00:00
Richard Wall
9cd3eaabf7 Add a duration Ingress annotation to set the duration field on Certificate 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-12-16 09:40:28 +00:00
Richard Wall
27d0f011be Delete Order if its certificate data is bad or unexpected 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-12-15 13:46:52 +00:00
Richard Wall
fb01c3b3c2 Tests for handling of Orders with bad certificates 
* Badly formed certificates, and
* certificates with an unexpected public key.

Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-12-15 13:44:59 +00:00
Richard Wall
98e2f1c8f3 Wait for order-controller to add certificate data to the Order 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-12-15 10:22:38 +00:00
Richard Wall
02883417ee Re-organise the handling of non-failed but not-yet-valid Orders 
Exit early in this case and move the happy case to the end of the function.

Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-12-15 10:22:38 +00:00
Richard Wall
26aa0e29fa Add a renew-before Ingress annotation to set the renewBefore field on the Certificate 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-12-15 10:19:07 +00:00
Richard Wall
bae51b92b2 Simplify some ingress-shim helper functions 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-12-15 10:19:07 +00:00
jetstack-bot
cdc53b65cb
Merge pull request #3500 from meyskens/update-copy 
Update copyright to cert-manager project
 2020-12-15 10:12:31 +00:00
jetstack-bot
34396bc93b
Merge pull request #3499 from meyskens/ingress-netk8sbeta1 
Migrate Ingress to networking.k8s.io/v1beta1
 2020-12-14 09:50:12 +00:00
Maartje Eyskens
ab0cd57dc5 Use The cert-manager Authors. 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-12-11 19:04:13 +01:00
jetstack-bot
fcf54969dd
Merge pull request #3489 from exceptionfactory/3373-truststore-p12 
Add creation of truststore.p12 from CA
 2020-12-11 10:21:07 +00:00
Maartje Eyskens
c6e84d7c83 Switch informer to networking 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-12-09 16:36:11 +01:00
Maartje Eyskens
1788a9d758 Update copyright to cert-manager project 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-12-08 19:04:49 +01:00
exceptionfactory
e9dfbb7a1a Updated PKCS12 API docs and corrected code formatting #3373 
Signed-off-by: David Handermann <exceptionfactory@gmail.com>
 2020-12-08 11:23:16 -05:00
Maartje Eyskens
65281efff1 Migrate Ingress to networking.k8s.io/v1beta1 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-12-08 14:46:01 +01:00
jetstack-bot
7c53f88f19
Merge pull request #3476 from maelvls/unit-test-backoff-one-hour 
Move the 'back off for 1 hour' logic to a unit-tested func
 2020-12-08 11:02:17 +01:00
Maël Valais
62f8db6e6a refactor(issuing): PR review: use MustCreateCryptoBundle directly 
Signed-off-by: Maël Valais <mael.valais@gmail.com>
 2020-12-06 14:22:02 +01:00
Maël Valais
6484010f5c fix(issuing): wait until req matches cert before setting failure 
The issuing controller wasn't checking if the certificate request that
it picked up is up to date. That resulted in the certificate being set
to "Failing" and "Issuing = False" due to an old certificate request
that was created during a previous issuance. The certificate would then
become stale.

Signed-off-by: Maël Valais <mael.valais@gmail.com>
 2020-12-06 14:22:02 +01:00