From d310d8597c06cb81e39dca90c215ef0061dacf73 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Tue, 20 Jun 2023 16:36:46 +0200 Subject: [PATCH] improve comments Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- internal/controller/certificates/policies/checks.go | 4 ++++ internal/controller/certificates/policies/constants.go | 3 ++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/internal/controller/certificates/policies/checks.go b/internal/controller/certificates/policies/checks.go index 10a260fa940..8f1b2245453 100644 --- a/internal/controller/certificates/policies/checks.go +++ b/internal/controller/certificates/policies/checks.go @@ -166,6 +166,10 @@ func SecretIssuerAnnotationsNotUpToDate(input Input) (string, string, bool) { return "", "", false } +// SecretCertificateMatchesSpec checks that the current CertificateRequest contains a CSR that is +// signed by the key stored in the Secret. A failure is often caused by the Secret being changed +// outside of the control of cert-manager, causing the current CertificateRequest to no longer +// match what is stored in the Secret. func SecretPublicKeysDiffersFromCurrentCertificateRequest(input Input) (string, string, bool) { if input.CurrentRevisionRequest == nil { return "", "", false diff --git a/internal/controller/certificates/policies/constants.go b/internal/controller/certificates/policies/constants.go index 32d556fdd58..011d7bfce28 100644 --- a/internal/controller/certificates/policies/constants.go +++ b/internal/controller/certificates/policies/constants.go @@ -30,7 +30,8 @@ const ( // the Input Secret could not be parsed or decoded. InvalidCertificate string = "InvalidCertificate" // InvalidCertificateRequest is a policy violation whereby the CSR in - // the Input CertificateRequest could not be parsed or decoded. + // the Input CertificateRequest could not be parsed or decoded or is + // eg. signed using an unknown key. InvalidCertificateRequest string = "InvalidCertificateRequest" // SecretMismatch is a policy violation reason for a scenario where Secret's