weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
4,977 Commits 45 Branches 0 Tags 96 MiB
680c7b75f6
Commit Graph

871 Commits

Author SHA1 Message Date
Maël Valais
680c7b75f6 DataForCertificate: use fake clientset instead of fake lister 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-03-04 17:20:45 +01:00
Maël Valais
46e9cb6c5b DataForCertificates: remove unused "name" field 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-03-04 17:19:02 +01:00
Maël Valais
3af2cb6650 DataForCertificate: expand comments around expectCalled 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-03-04 17:19:02 +01:00
Maël Valais
e0ca10ef2d DataForCertificate: detail why "whereAmI" is used 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-03-04 17:19:02 +01:00
Maël Valais
65701e04ab DataForCertificate: check fake is called with correct input 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-03-04 17:19:01 +01:00
Maël Valais
8b3bec3c9c DataForCertificate: implement Josh's fake idea 
Co-Authored-By: JoshVanL <vleeuwenjoshua@gmail.com>
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-03-04 17:18:56 +01:00
Maël Valais
38919b7eb2 DataForCertificate: move certRef to test/unit/gen 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-03-04 17:16:16 +01:00
Maël Valais
92bf3c59a0 DataForCertificate: fix tests 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-03-04 17:16:16 +01:00
Maël Valais
5c1fba52a5 Mock lister: fix the wrong stack frames for certificaterequests 
The stack frames displayed using assert.Fail was not very informative.
That is due to t.Cleanup being called "outside" of the test case
context. There was no mention of the test file itself, gatherer_test.go
in the following example:

 certificaterequest.go:205:
         Error Trace:    certificaterequest.go:205
                                                 testing.go:872
                                                 testing.go:866
                                                 testing.go:873
                                                 testing.go:949
                                                 testing.go:1121
         Error:          lister.CertificateRequests was expected to be called but was not called
         Test:           TestDataForCertificate/should_return_error_when_the_list_func_returns_an_error

With this patch that vendors a simple version of assert.Fail, we get the
correct stack frames that the user needs in order to locate where this
failure happened:

 certificaterequest.go:254:
         Error Trace:    gatherer_test.go:230
                         gatherer_test.go:240
         Error:          lister.CertificateRequests was expected to be called but was not called
         Test:           TestDataForCertificate/should_return_error_when_the_list_func_returns_an_error

Signed-off-by: Maël Valais <mael@vls.dev>
 2021-03-04 17:16:16 +01:00
Maël Valais
9eb43bbb96 DataForCertificate: document the behavior and explain "current" 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-03-04 17:16:15 +01:00
Maël Valais
754035de7d DataForCertificate: tests: chained funcs pattern for CR mock 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-03-04 17:16:15 +01:00
Maël Valais
20ec95e91e DataForCertificate test: v1 -> corev1 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-03-04 17:16:15 +01:00
Maël Valais
acc3a19b62 DataForCertificate tests: use generators in test/unit/gen 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-03-04 17:16:09 +01:00
Maël Valais
20ee363366 DataForCertificate: add mock listers for certificaterequests 
At first, I tried to follow the "generator" pattern that had already
been implemented for the order and secret objects. These generators look
like:

  import (
      "github.com/jetstack/cert-manager/test/unit/listers"
  )

  fake := listers.FakeSecretListerFrom(listers.NewFakeSecretLister(),
      listers.SetFakeSecretNamespaceListerGet(nil, errors.New("not found")),
  )

The major issue I was finding with this approach is that you cannot
enforce any behavior with these fakes: no way to check (or prevent)
unwanted called, no way to check that the correct namespace was used for
the call:

  fake.Secrets("default").Get("secret-1")

which is annoying; I want to be able to check every input, output and
call numbers made to the mocked function.

So I propose a gomock-like approach. I could not use mockgen due to the
fact that (again) client-go is overly nested, which means I would have
to use quite a lot of glue code in order to use mockgen-generated mocks.

Signed-off-by: Maël Valais <mael@vls.dev>
 2021-03-04 17:15:32 +01:00
Maël Valais
b937eefbd7 DataForCertificate: unit test it 
I initially thought about using the fake clientset like anywhere else,
but this time I thought: what about trying out the hard way, i.e.,
writing all the mocking code myself?

Result: not that hard, but requires more time than just using the fake
clientset.

Signed-off-by: Maël Valais <mael@vls.dev>
 2021-03-04 17:13:19 +01:00
jetstack-bot
28fc97699e
Merge pull request #3692 from irbekrm/3666_tests_for_readiness_controller 
unit tests for readiness controller
 2021-03-04 10:41:17 +00:00
irbekrm
17b7749621 Add extra test case + better naming and comments 
joshvanl <vleeuwenjoshua@gmail.com>

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-03-03 18:39:01 +00:00
jetstack-bot
a9c672e900
Merge pull request #3699 from maelvls/ocsp-unit-test 
Add unit tests around the new ocspServers field
 2021-03-01 19:12:49 +00:00
Maël Valais
e7b3e6c4e5 PR comment: no more "return" in test code 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Irbe Krumina <irbekrm@gmail.com>
 2021-03-01 14:12:02 +01:00
irbekrm
ff2e2f6d87 Fixes typo + runs ./hack/update-all.sh 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-02-25 10:05:08 +00:00
irbekrm
9ac9a6039c Adds unit tests for readiness controller 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-02-25 09:45:55 +00:00
irbekrm
5dc63bb2e6 Refactor readiness controller for easier testing 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-02-25 09:45:04 +00:00
irbekrm
9a306e73e1 Move certificate test util functions to common location so they can be reused 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-02-25 09:40:50 +00:00
irbekrm
ad53be3138 Small refactor around policies 
Make reason values constants, rename some functions for clarity

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-02-25 09:38:17 +00:00
Maël Valais
dc4f0a34e9 PR comment: compare time.Time instead of strings 
Also removed the unused "givenNamespace"

Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Irbe Krumina <irbekrm@gmail.com>
 2021-02-25 10:28:56 +01:00
Maël Valais
e50f26fc97 PR comment: fix notAfter test case using time.Truncate 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Irbe Krumina <irbekrm@gmail.com>
 2021-02-24 15:07:54 +01:00
Maël Valais
c9dcae2313 ocspServers field: add unit test 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-02-24 11:05:59 +01:00
Lars Lehtonen
0270377f6c
pkg/controller/certificaterequests/acme: fix dropped test error 
Signed-off-by: Lars Lehtonen <lars.lehtonen@gmail.com>
 2021-02-23 18:13:37 -08:00
irbekrm
b852e97ffb Removes the deprecated renew-before-expiry flag 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-02-21 10:22:25 +00:00
jetstack-bot
35febb1717
Merge pull request #3505 from hugoboos/ocsp-server 
Add option to specify OCSP server #3497
 2021-02-05 11:27:37 +00:00
joshvanl
15536801f0 Revert ingress key usage annotation to default the same as Certificate 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-02-04 16:08:30 +00:00
Maartje Eyskens
577c039220 Implement feedback 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2021-02-04 15:11:00 +00:00
Maartje Eyskens
bfce24fd59 Fix sync tests 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2021-02-04 15:11:00 +00:00
Maartje Eyskens
8ec816814f update bazel 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2021-02-04 15:11:00 +00:00
Maartje Eyskens
bbb75ee52f Allow ingress-shim to specify key usages + add server-auth to default 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2021-02-04 15:11:00 +00:00
Maël Valais
ba22785445 Rename ocspServer to oscpServers 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: James Munnelly <james@munnelly.eu>
 2021-02-03 11:13:32 +01:00
Hugo Stijns
5f18cce622 add option to specify OCSP server 
Signed-off-by: Hugo Stijns <hugo@boosboos.net>
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-02-03 09:09:03 +01:00
irbekrm
be5ba022a9 Improves error checking in TestSync function 
Also corrects some expected error values in test cases

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-02-02 11:23:42 +00:00
irbekrm
bb99260365 Skips an invalid Ingress.spec.tls entry instead of invalidating the whole Ingress 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-02-01 19:32:36 +00:00
Richard Wall
50a388a8a1 Fix unit tests 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-01-20 14:26:43 +00:00
Richard Wall
95d26b7c60 Extract the CA from Venafi response 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-01-20 14:14:48 +00:00
Matt Turner
44f69ce015 Minor log message clarification 
Supplying just a name, rather than a namespace/name, for a cainjector
source reference, results in the generic error message "invalid
certificate name". This condition is detected on its own branch so we
can be more specific.

Signed-off-by: Matt Turner <matturner@gmail.com>
 2021-01-07 19:21:11 +00:00
jetstack-bot
f19a5e6402
Merge pull request #3463 from wallrj/2667-acme-stalled-orders 
Wait for order-controller to add certificate data to the Order
 2020-12-17 16:30:41 +00:00
Richard Wall
9cd3eaabf7 Add a duration Ingress annotation to set the duration field on Certificate 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-12-16 09:40:28 +00:00
Richard Wall
27d0f011be Delete Order if its certificate data is bad or unexpected 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-12-15 13:46:52 +00:00
Richard Wall
fb01c3b3c2 Tests for handling of Orders with bad certificates 
* Badly formed certificates, and
* certificates with an unexpected public key.

Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-12-15 13:44:59 +00:00
Richard Wall
98e2f1c8f3 Wait for order-controller to add certificate data to the Order 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-12-15 10:22:38 +00:00
Richard Wall
02883417ee Re-organise the handling of non-failed but not-yet-valid Orders 
Exit early in this case and move the happy case to the end of the function.

Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-12-15 10:22:38 +00:00
Richard Wall
26aa0e29fa Add a renew-before Ingress annotation to set the renewBefore field on the Certificate 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-12-15 10:19:07 +00:00
Richard Wall
bae51b92b2 Simplify some ingress-shim helper functions 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-12-15 10:19:07 +00:00