Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reverts ACME issuer from forming a chain bundle and populating the ca.crt #4074

Merged
merged 1 commit into from
Jun 4, 2021
Merged

Reverts ACME issuer from forming a chain bundle and populating the ca.crt #4074

merged 1 commit into from
Jun 4, 2021

Conversation

JoshVanL
Copy link
Contributor

@JoshVanL JoshVanL commented Jun 2, 2021
edited
Loading

This PR reverts the ACME CR controller changes in https://github.com/jetstack/cert-manager/pull/3984/files

Though I have tested that with the changes made above, ingress controllers like NGINX still work correctly, I'm not confident that we are breaking someone somewhere silently.

REVERTS: The ACME issuer now constructs a certificate chain after signing, and populates the CertificateRequest.Status.CA with the root most certificate if available.

@JoshVanL
Reverts ACME issuer from forming a chain bundle and populating the
1678d08 
ca.crt

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
@jetstack-bot jetstack-bot added release-note-none Denotes a PR that doesn't merit a release note. dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. needs-kind Indicates a PR lacks a `kind/foo` label and requires one. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Jun 2, 2021
@JoshVanL
Copy link
Contributor Author

JoshVanL commented Jun 3, 2021

/assign @jakexks

@JoshVanL JoshVanL added this to the v1.4 milestone Jun 3, 2021
@jetstack-bot jetstack-bot added release-note Denotes a PR that will be considered when it comes time to generate release notes. and removed release-note-none Denotes a PR that doesn't merit a release note. labels Jun 3, 2021
jakexks
jakexks reviewed Jun 3, 2021
View reviewed changes
pkg/controller/certificaterequests/acme/acme.go
Comment on lines -219 to -220
Certificate: bundle.ChainPEM,
CA: bundle.CAPEM,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this because we don't get the actual root back from ACME servers, so removing the intermediate and putting it in CA may not be correct?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's right. Although this works in the testing I did, I can't test every user's working setup. Best to leave the current behavior to not break anyone.

@jakexks
Copy link
Member

jakexks commented Jun 4, 2021

/approve
/lgtm

@jetstack-bot jetstack-bot added the lgtm Indicates that a PR is ready to be merged. label Jun 4, 2021
@jetstack-bot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jakexks, JoshVanL

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@jakexks
Copy link
Member

jakexks commented Jun 4, 2021

/kind bug

@jetstack-bot jetstack-bot added kind/bug Categorizes issue or PR as related to a bug. and removed needs-kind Indicates a PR lacks a `kind/foo` label and requires one. labels Jun 4, 2021
@jetstack-bot jetstack-bot merged commit 5875c82 into cert-manager:master Jun 4, 2021
@maelvls maelvls mentioned this pull request Mar 6, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jakexks jakexks jakexks left review comments

Assignees

@jakexks jakexks

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. kind/bug Categorizes issue or PR as related to a bug. lgtm Indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
v1.4
Development

Successfully merging this pull request may close these issues.
3 participants
@JoshVanL @jakexks @jetstack-bot