Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SelfSigned Sign Implementation #1906

Merged
merged 12 commits into from
Aug 2, 2019
Merged

SelfSigned Sign Implementation #1906

merged 12 commits into from
Aug 2, 2019

Conversation

JoshVanL
Copy link
Contributor

@JoshVanL JoshVanL commented Jul 19, 2019
edited
Loading 

Adds SelfSigned CertificateRequest Controller

rebased on #1910

@jetstack-bot jetstack-bot added release-note Denotes a PR that will be considered when it comes time to generate release notes. dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. area/api Indicates a PR directly modifies the 'pkg/apis' directory labels Jul 19, 2019
@jetstack-bot jetstack-bot added area/ca Indicates a PR directly modifies the CA Issuer code area/testing Issues relating to testing labels Jul 19, 2019
@jetstack-bot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: JoshVanL

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@jetstack-bot jetstack-bot added approved Indicates a PR has been approved by an approver from all required OWNERS files. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. labels Jul 19, 2019
@jetstack-bot jetstack-bot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jul 19, 2019
@JoshVanL
Copy link
Contributor Author

/assign @munnerz

@jetstack-bot jetstack-bot added size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. and removed size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. labels Jul 19, 2019
@JoshVanL
Copy link
Contributor Author

/hold

@jetstack-bot jetstack-bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jul 22, 2019
@jetstack-bot jetstack-bot added area/acme Indicates a PR directly modifies the ACME Issuer code area/vault Indicates a PR directly modifies the Vault Issuer code labels Jul 22, 2019
@JoshVanL
Copy link
Contributor Author

/retest

@JoshVanL JoshVanL force-pushed the cr-self-signed branch 2 times, most recently from 3a9de1f to c87bb47 Compare July 22, 2019 15:31
@JoshVanL
Copy link
Contributor Author

/retest

@munnerz munnerz added this to the v0.10 milestone Jul 23, 2019
@JoshVanL JoshVanL force-pushed the cr-self-signed branch 6 times, most recently from bfe5011 to e164b96 Compare July 27, 2019 14:20
@JoshVanL
Adds SelfSigned certificaterequest controller
0ce8aab 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
@JoshVanL
Adds selfsigned certificaterequest e2e tests
f26ea8d 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
@JoshVanL
Initialises CR annotations in SelfSigned e2e tests
8d64a94 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
@JoshVanL
Adds events checks to SelfSigned sign unit tests
d98a6dc 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
@JoshVanL
Move tests to use new slimmer controller test builder
6d34163 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
@JoshVanL
Adds fake secrets lister to simulate network failure
97f2183 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
@JoshVanL
Register self signed CR controller
46fd159 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
@JoshVanL
Ensures certificate controller add selfsigned annotations to CRs
42c47c7 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
@JoshVanL
Update selfsigned issuer e2e tests
eca238f 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
@JoshVanL
Always set secret ref annotation for CRs
071e5ab 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
@JoshVanL
Have CR selfsigned to use reporter
6bd9de1 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
@JoshVanL
Copy link
Contributor Author

JoshVanL commented Aug 1, 2019

/retest

munnerz
munnerz reviewed Aug 2, 2019
View reviewed changes
pkg/controller/certificaterequests/selfsigned/selfsigned.go Outdated
v1alpha1.CRPrivateKeyAnnotationKey)
err := errors.New("secret name missing")

reporter.Pending(err, "MissingAnnotation", message)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Undecided: should we hard fail if the annotation is missing? Do we want to allow changes here after the request has been created? I am leaning towards hard failing here 🙄

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah that's my bad - I agree, should hard fail

pkg/controller/certificaterequests/selfsigned/selfsigned_test.go
Data: map[string][]byte{
corev1.TLSPrivateKeyKey: []byte("this is a bad key"),
},
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In future I think extracting the cryptoBundle structure out of the certificate_request_test.go file and utilising it here would be best, but we can leave that for later..

pkg/controller/test/fake/lister.go Outdated
limitations under the License.
*/

package fake
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think/thought this code was moved to test/unit/listers?

@munnerz munnerz assigned JoshVanL and unassigned munnerz Aug 2, 2019
@JoshVanL
Remove fake in CR controller and fail hard for no annotations for
233afd2 
selfsigned

Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
@JoshVanL
Copy link
Contributor Author

JoshVanL commented Aug 2, 2019

Back to you @munnerz
/unassign
/assign @munnerz

@jetstack-bot jetstack-bot assigned munnerz and unassigned JoshVanL Aug 2, 2019
@munnerz
Copy link
Member

munnerz commented Aug 2, 2019

/lgtm

@jetstack-bot jetstack-bot added the lgtm Indicates that a PR is ready to be merged. label Aug 2, 2019
@jetstack-bot jetstack-bot merged commit 892eafb into cert-manager:master Aug 2, 2019
@munnerz munnerz added this to Done in v0.10 Aug 19, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@munnerz munnerz munnerz left review comments

Assignees

@munnerz munnerz

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/acme Indicates a PR directly modifies the ACME Issuer code area/api Indicates a PR directly modifies the 'pkg/apis' directory area/ca Indicates a PR directly modifies the CA Issuer code area/testing Issues relating to testing area/vault Indicates a PR directly modifies the Vault Issuer code dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. lgtm Indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
No open projects
v0.10
  
Done
Milestone
v0.10
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@JoshVanL @jetstack-bot @munnerz