-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add base of issuer-specific validation to certificates at runtime #761
Conversation
IssuerRef: validIssuerRef, | ||
KeyAlgorithm: v1alpha1.RSAKeyAlgorithm, | ||
}, | ||
}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we add a case for a valid type, but invalid for this issuer? e.g. setting key algorithm to ecdsa
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
SecretName: "abc", | ||
IssuerRef: validIssuerRef, | ||
}, | ||
issuer: &v1alpha1.IssuerSpec{}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why does this test case pass? If the issuer type is not defined in the IssuerSpec, surely NameForIssuer should error with fmt.Errorf("no issuer specified for Issuer '%s/%s'", i.GetObjectMeta().Namespace, i.GetObjectMeta().Name)
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, that is as part of ValidateCertificateForIssuer
and not this function. Perhaps we can add a couple of test cases there too for the case where an unspecified issuer type is used?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've updated the test to cover ValidateCertificateForIssuer
instead of individual validation tests
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: munnerz The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Fixes #735