Skip to content

Add base of issuer-specific validation to certificates at runtime#761

Merged
jetstack-bot merged 7 commits intocert-manager:masterfrom
kragniz:runtime-validation
Jul 26, 2018
Merged

Add base of issuer-specific validation to certificates at runtime#761
jetstack-bot merged 7 commits intocert-manager:masterfrom
kragniz:runtime-validation

Conversation

@kragniz
Copy link
Copy Markdown
Member

@kragniz kragniz commented Jul 25, 2018

Fixes #735

Add base issuer-specific validation to certificates at runtime

@jetstack-bot jetstack-bot added the release-note Denotes a PR that will be considered when it comes time to generate release notes. label Jul 25, 2018
@jetstack-bot jetstack-bot requested a review from munnerz July 25, 2018 14:48
@jetstack-bot jetstack-bot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Jul 25, 2018
munnerz
munnerz reviewed Jul 25, 2018
View reviewed changes
pkg/apis/certmanager/validation/certificate_for_issuer_test.go
IssuerRef: validIssuerRef,
KeyAlgorithm: v1alpha1.RSAKeyAlgorithm,
},
},
Copy link
Copy Markdown
Member

@munnerz munnerz Jul 25, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we add a case for a valid type, but invalid for this issuer? e.g. setting key algorithm to ecdsa

Copy link
Copy Markdown
Member Author

@kragniz kragniz Jul 25, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

munnerz
munnerz reviewed Jul 25, 2018
View reviewed changes
pkg/apis/certmanager/validation/certificate_for_issuer_test.go Outdated
SecretName: "abc",
IssuerRef: validIssuerRef,
},
issuer: &v1alpha1.IssuerSpec{},
Copy link
Copy Markdown
Member

@munnerz munnerz Jul 25, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why does this test case pass? If the issuer type is not defined in the IssuerSpec, surely NameForIssuer should error with fmt.Errorf("no issuer specified for Issuer '%s/%s'", i.GetObjectMeta().Namespace, i.GetObjectMeta().Name)?

Copy link
Copy Markdown
Member

@munnerz munnerz Jul 25, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, that is as part of ValidateCertificateForIssuer and not this function. Perhaps we can add a couple of test cases there too for the case where an unspecified issuer type is used?

Copy link
Copy Markdown
Member Author

@kragniz kragniz Jul 26, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've updated the test to cover ValidateCertificateForIssuer instead of individual validation tests

@munnerz munnerz mentioned this pull request Jul 25, 2018
Closed
@munnerz
Copy link
Copy Markdown
Member

munnerz commented Jul 26, 2018

/lgtm
/approve

@jetstack-bot jetstack-bot added the lgtm Indicates that a PR is ready to be merged. label Jul 26, 2018
@jetstack-bot
Copy link
Copy Markdown
Contributor

jetstack-bot commented Jul 26, 2018

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: munnerz

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@jetstack-bot jetstack-bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 26, 2018
@jetstack-bot jetstack-bot merged commit 317e6e8 into cert-manager:master Jul 26, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@munnerz munnerz munnerz left review comments

Assignees

@munnerz munnerz

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kragniz @munnerz @jetstack-bot