Skip to content

[release-1.19] Add defaulting to Certificate - CertificateRequest comparison#8175

Merged
cert-manager-prow[bot] merged 3 commits intocert-manager:release-1.19from
cert-manager-bot:cherry-pick-8160-to-release-1.19
Oct 15, 2025
Merged

[release-1.19] Add defaulting to Certificate - CertificateRequest comparison#8175
cert-manager-prow[bot] merged 3 commits intocert-manager:release-1.19from
cert-manager-bot:cherry-pick-8160-to-release-1.19

Conversation

@cert-manager-bot
Copy link
Copy Markdown
Contributor

@cert-manager-bot cert-manager-bot commented Oct 15, 2025
edited by wallrj-cyberark
Loading

This is an automated cherry-pick of #8160

/assign wallrj-cyberark

BUGFIX: in case kind or group in the `issuerRef` of a Certificate was omitted, upgrading to `1.19.x` incorrectly caused the certificate to be renewed

CyberArk tracker: VC-46121

inteon and others added 3 commits October 15, 2025 10:15
@inteon
add defaulting to Certificate - CertificateRequest comparison, preven…
8f83ff0 
…ting mismatches when upgrading

Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
@wallrj-cyberark
Add IssuerRef comparison tests for RequestMatchesSpec
33787f5 
- Add TestRequestMatchesSpecIssuerRef covering name, kind, and group
- Include cases for defaulted Kind/Group vs empty fields in CRs
- Treat empty Kind/Group in CertificateRequest as 'Issuer' and
- 'cert-manager.io' to avoid re-issuing certificates after 1.19

Signed-off-by: Richard Wall <richard.wall@cyberark.com>
@wallrj-cyberark
Add comments clarifying issuerRef defaulting handling in RequestMatch…
1d8c6e6 
…esSpec

- Explain that IssuerRef comparisons ignore default group and kind
- Describe upgrades where CRD defaults can cause transient mismatches
- Document issuerKindsEqual and issuerGroupsEqual behavior
- Update test comment to describe the equivalence rationale

Signed-off-by: Richard Wall <richard.wall@cyberark.com>
@cert-manager-bot cert-manager-bot mentioned this pull request Oct 15, 2025
Merged
@cert-manager-prow cert-manager-prow bot added release-note Denotes a PR that will be considered when it comes time to generate release notes. dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. needs-kind Indicates a PR lacks a `kind/foo` label and requires one. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Oct 15, 2025
wallrj-cyberark
wallrj-cyberark approved these changes Oct 15, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@wallrj-cyberark wallrj-cyberark left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/kind bug

@cert-manager-prow cert-manager-prow bot added kind/bug Categorizes issue or PR as related to a bug. and removed needs-kind Indicates a PR lacks a `kind/foo` label and requires one. labels Oct 15, 2025
@wallrj
Copy link
Copy Markdown
Member

wallrj commented Oct 15, 2025

/approve
/lgtm

@cert-manager-prow cert-manager-prow bot added the lgtm Indicates that a PR is ready to be merged. label Oct 15, 2025
@cert-manager-prow
Copy link
Copy Markdown
Contributor

cert-manager-prow bot commented Oct 15, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: wallrj, wallrj-cyberark

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@cert-manager-prow cert-manager-prow bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Oct 15, 2025
@cert-manager-prow cert-manager-prow bot merged commit de44c90 into cert-manager:release-1.19 Oct 15, 2025
6 checks passed
@wallrj-cyberark wallrj-cyberark added the cybr Used by CyberArk-employed maintainers to report to line management what's being worked on. label Oct 15, 2025
@erikgb erikgb mentioned this pull request Oct 17, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wallrj-cyberark wallrj-cyberark wallrj-cyberark approved these changes

Assignees

@wallrj-cyberark wallrj-cyberark

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. cybr Used by CyberArk-employed maintainers to report to line management what's being worked on. dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. kind/bug Categorizes issue or PR as related to a bug. lgtm Indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@cert-manager-bot @wallrj @wallrj-cyberark @inteon