diff --git a/pkg/controller/certificates/requestmanager/requestmanager_controller_test.go b/pkg/controller/certificates/requestmanager/requestmanager_controller_test.go index 2d50b839ec6..f2434f6bbca 100644 --- a/pkg/controller/certificates/requestmanager/requestmanager_controller_test.go +++ b/pkg/controller/certificates/requestmanager/requestmanager_controller_test.go @@ -111,7 +111,7 @@ func TestProcessItem(t *testing.T) { key string // Featuregates to set for a particular test. - featuresToEnable []featuregate.Feature + featuresFlags map[featuregate.Feature]bool // Certificate to be synced for the test. // if not set, the 'key' will be passed to ProcessItem instead. @@ -178,7 +178,10 @@ func TestProcessItem(t *testing.T) { gen.SetCertificateStatusCondition(cmapi.CertificateCondition{Type: cmapi.CertificateConditionIssuing, Status: cmmeta.ConditionTrue}), ), }, - "create a CertificateRequest if none exists": { + "create a CertificateRequest if none exists and StableCertificateRequestName disabled": { + featuresFlags: map[featuregate.Feature]bool{ + feature.StableCertificateRequestName: false, + }, secrets: []runtime.Object{ &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{Namespace: bundle1.certificate.Namespace, Name: "exists"}, @@ -193,6 +196,8 @@ func TestProcessItem(t *testing.T) { expectedActions: []testpkg.Action{ testpkg.NewCustomMatch(coretesting.NewCreateAction(cmapi.SchemeGroupVersion.WithResource("certificaterequests"), "testns", gen.CertificateRequestFrom(bundle1.certificateRequest, + gen.SetCertificateRequestName(""), + gen.SetCertificateRequestGenerateName("test-"), gen.SetCertificateRequestAnnotations(map[string]string{ cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists", cmapi.CertificateRequestRevisionAnnotationKey: "1", @@ -200,8 +205,7 @@ func TestProcessItem(t *testing.T) { )), relaxedCertificateRequestMatcher), }, }, - "create a CertificateRequest if none exists and StableCertificateRequestName enabled": { - featuresToEnable: []featuregate.Feature{feature.StableCertificateRequestName}, + "create a CertificateRequest if none exists": { secrets: []runtime.Object{ &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{Namespace: bundle3.certificate.Namespace, Name: "exists"}, @@ -217,7 +221,6 @@ func TestProcessItem(t *testing.T) { testpkg.NewCustomMatch(coretesting.NewCreateAction(cmapi.SchemeGroupVersion.WithResource("certificaterequests"), "testns", gen.CertificateRequestFrom(bundle3.certificateRequest, gen.SetCertificateRequestName("test-1"), - gen.SetCertificateRequestGenerateName(""), gen.SetCertificateRequestAnnotations(map[string]string{ cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists", cmapi.CertificateRequestRevisionAnnotationKey: "1", @@ -238,17 +241,19 @@ func TestProcessItem(t *testing.T) { ), requests: []runtime.Object{ gen.CertificateRequestFrom(bundle1.certificateRequest, + gen.SetCertificateRequestName("random-value"), gen.SetCertificateRequestAnnotations(map[string]string{ cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists", cmapi.CertificateRequestRevisionAnnotationKey: "", }), ), }, - expectedEvents: []string{`Normal Requested Created new CertificateRequest resource "test-notrandom"`}, + expectedEvents: []string{`Normal Requested Created new CertificateRequest resource "test-1"`}, expectedActions: []testpkg.Action{ - testpkg.NewAction(coretesting.NewDeleteAction(cmapi.SchemeGroupVersion.WithResource("certificaterequests"), "testns", "test")), + testpkg.NewAction(coretesting.NewDeleteAction(cmapi.SchemeGroupVersion.WithResource("certificaterequests"), "testns", "random-value")), testpkg.NewCustomMatch(coretesting.NewCreateAction(cmapi.SchemeGroupVersion.WithResource("certificaterequests"), "testns", gen.CertificateRequestFrom(bundle1.certificateRequest, + gen.SetCertificateRequestName("test-1"), gen.SetCertificateRequestAnnotations(map[string]string{ cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists", cmapi.CertificateRequestRevisionAnnotationKey: "1", @@ -269,17 +274,19 @@ func TestProcessItem(t *testing.T) { ), requests: []runtime.Object{ gen.CertificateRequestFrom(bundle1.certificateRequest, + gen.SetCertificateRequestName("random-value"), gen.SetCertificateRequestAnnotations(map[string]string{ cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists", cmapi.CertificateRequestRevisionAnnotationKey: "invalid", }), ), }, - expectedEvents: []string{`Normal Requested Created new CertificateRequest resource "test-notrandom"`}, + expectedEvents: []string{`Normal Requested Created new CertificateRequest resource "test-1"`}, expectedActions: []testpkg.Action{ - testpkg.NewAction(coretesting.NewDeleteAction(cmapi.SchemeGroupVersion.WithResource("certificaterequests"), "testns", "test")), + testpkg.NewAction(coretesting.NewDeleteAction(cmapi.SchemeGroupVersion.WithResource("certificaterequests"), "testns", "random-value")), testpkg.NewCustomMatch(coretesting.NewCreateAction(cmapi.SchemeGroupVersion.WithResource("certificaterequests"), "testns", gen.CertificateRequestFrom(bundle1.certificateRequest, + gen.SetCertificateRequestName("test-1"), gen.SetCertificateRequestAnnotations(map[string]string{ cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists", cmapi.CertificateRequestRevisionAnnotationKey: "1", @@ -300,6 +307,7 @@ func TestProcessItem(t *testing.T) { ), requests: []runtime.Object{ gen.CertificateRequestFrom(bundle1.certificateRequest, + gen.SetCertificateRequestName("random-value"), gen.SetCertificateRequestAnnotations(map[string]string{ cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists", cmapi.CertificateRequestRevisionAnnotationKey: "1", @@ -320,6 +328,7 @@ func TestProcessItem(t *testing.T) { ), requests: []runtime.Object{ gen.CertificateRequestFrom(bundle1.certificateRequest, + gen.SetCertificateRequestName("random-value"), gen.SetCertificateRequestAnnotations(map[string]string{ cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists", cmapi.CertificateRequestRevisionAnnotationKey: "1", @@ -327,11 +336,12 @@ func TestProcessItem(t *testing.T) { gen.SetCertificateRequestCSR([]byte("invalid")), ), }, - expectedEvents: []string{`Normal Requested Created new CertificateRequest resource "test-notrandom"`}, + expectedEvents: []string{`Normal Requested Created new CertificateRequest resource "test-1"`}, expectedActions: []testpkg.Action{ - testpkg.NewAction(coretesting.NewDeleteAction(cmapi.SchemeGroupVersion.WithResource("certificaterequests"), "testns", "test")), + testpkg.NewAction(coretesting.NewDeleteAction(cmapi.SchemeGroupVersion.WithResource("certificaterequests"), "testns", "random-value")), testpkg.NewCustomMatch(coretesting.NewCreateAction(cmapi.SchemeGroupVersion.WithResource("certificaterequests"), "testns", gen.CertificateRequestFrom(bundle1.certificateRequest, + gen.SetCertificateRequestName("test-1"), gen.SetCertificateRequestAnnotations(map[string]string{ cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists", cmapi.CertificateRequestRevisionAnnotationKey: "1", @@ -352,23 +362,25 @@ func TestProcessItem(t *testing.T) { ), requests: []runtime.Object{ gen.CertificateRequestFrom(bundle1.certificateRequest, + gen.SetCertificateRequestName("test-3"), gen.SetCertificateRequestAnnotations(map[string]string{ cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists", cmapi.CertificateRequestRevisionAnnotationKey: "3", }), ), gen.CertificateRequestFrom(bundle1.certificateRequest, - gen.SetCertificateRequestName("testing-number-2"), + gen.SetCertificateRequestName("test-4"), gen.SetCertificateRequestAnnotations(map[string]string{ cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists", cmapi.CertificateRequestRevisionAnnotationKey: "4", }), ), }, - expectedEvents: []string{`Normal Requested Created new CertificateRequest resource "test-notrandom"`}, + expectedEvents: []string{`Normal Requested Created new CertificateRequest resource "test-1"`}, expectedActions: []testpkg.Action{ testpkg.NewCustomMatch(coretesting.NewCreateAction(cmapi.SchemeGroupVersion.WithResource("certificaterequests"), "testns", gen.CertificateRequestFrom(bundle1.certificateRequest, + gen.SetCertificateRequestName("test-1"), gen.SetCertificateRequestAnnotations(map[string]string{ cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists", cmapi.CertificateRequestRevisionAnnotationKey: "1", @@ -389,6 +401,7 @@ func TestProcessItem(t *testing.T) { ), requests: []runtime.Object{ gen.CertificateRequestFrom(bundle1.certificateRequest, + gen.SetCertificateRequestName("test-1"), gen.SetCertificateRequestAnnotations(map[string]string{ cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists", cmapi.CertificateRequestRevisionAnnotationKey: "1", @@ -397,18 +410,19 @@ func TestProcessItem(t *testing.T) { // included here just to ensure it does not get deleted as it is not for the // 'next' revision that is being requested gen.CertificateRequestFrom(bundle1.certificateRequest, - gen.SetCertificateRequestName("testing-number-2"), + gen.SetCertificateRequestName("test-4"), gen.SetCertificateRequestAnnotations(map[string]string{ cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists", cmapi.CertificateRequestRevisionAnnotationKey: "4", }), ), }, - expectedEvents: []string{`Normal Requested Created new CertificateRequest resource "test-notrandom"`}, + expectedEvents: []string{`Normal Requested Created new CertificateRequest resource "test-1"`}, expectedActions: []testpkg.Action{ testpkg.NewAction(coretesting.NewDeleteAction(cmapi.SchemeGroupVersion.WithResource("certificaterequests"), "testns", "test")), testpkg.NewCustomMatch(coretesting.NewCreateAction(cmapi.SchemeGroupVersion.WithResource("certificaterequests"), "testns", gen.CertificateRequestFrom(bundle1.certificateRequest, + gen.SetCertificateRequestName("test-1"), gen.SetCertificateRequestAnnotations(map[string]string{ cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists", cmapi.CertificateRequestRevisionAnnotationKey: "1", @@ -430,6 +444,7 @@ func TestProcessItem(t *testing.T) { ), requests: []runtime.Object{ gen.CertificateRequestFrom(bundle1.certificateRequest, + gen.SetCertificateRequestName("test-6"), gen.SetCertificateRequestAnnotations(map[string]string{ cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists", cmapi.CertificateRequestRevisionAnnotationKey: "6", @@ -438,18 +453,19 @@ func TestProcessItem(t *testing.T) { // included here just to ensure it does not get deleted as it is not for the // 'next' revision that is being requested gen.CertificateRequestFrom(bundle1.certificateRequest, - gen.SetCertificateRequestName("testing-number-2"), + gen.SetCertificateRequestName("test-5"), gen.SetCertificateRequestAnnotations(map[string]string{ cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists", cmapi.CertificateRequestRevisionAnnotationKey: "5", }), ), }, - expectedEvents: []string{`Normal Requested Created new CertificateRequest resource "test-notrandom"`}, + expectedEvents: []string{`Normal Requested Created new CertificateRequest resource "test-6"`}, expectedActions: []testpkg.Action{ - testpkg.NewAction(coretesting.NewDeleteAction(cmapi.SchemeGroupVersion.WithResource("certificaterequests"), "testns", "test")), + testpkg.NewAction(coretesting.NewDeleteAction(cmapi.SchemeGroupVersion.WithResource("certificaterequests"), "testns", "test-6")), testpkg.NewCustomMatch(coretesting.NewCreateAction(cmapi.SchemeGroupVersion.WithResource("certificaterequests"), "testns", gen.CertificateRequestFrom(bundle2.certificateRequest, + gen.SetCertificateRequestName("test-6"), gen.SetCertificateRequestAnnotations(map[string]string{ cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists", cmapi.CertificateRequestRevisionAnnotationKey: "6", @@ -471,17 +487,19 @@ func TestProcessItem(t *testing.T) { ), requests: []runtime.Object{ gen.CertificateRequestFrom(bundle1.certificateRequest, + gen.SetCertificateRequestName("test-6"), gen.SetCertificateRequestAnnotations(map[string]string{ cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists", cmapi.CertificateRequestRevisionAnnotationKey: "6", }), ), }, - expectedEvents: []string{`Normal Requested Created new CertificateRequest resource "test-notrandom"`}, + expectedEvents: []string{`Normal Requested Created new CertificateRequest resource "test-6"`}, expectedActions: []testpkg.Action{ - testpkg.NewAction(coretesting.NewDeleteAction(cmapi.SchemeGroupVersion.WithResource("certificaterequests"), "testns", "test")), + testpkg.NewAction(coretesting.NewDeleteAction(cmapi.SchemeGroupVersion.WithResource("certificaterequests"), "testns", "test-6")), testpkg.NewCustomMatch(coretesting.NewCreateAction(cmapi.SchemeGroupVersion.WithResource("certificaterequests"), "testns", gen.CertificateRequestFrom(bundle1.certificateRequest, + gen.SetCertificateRequestName("test-6"), gen.SetCertificateRequestAnnotations(map[string]string{ cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists", cmapi.CertificateRequestRevisionAnnotationKey: "6", @@ -504,17 +522,19 @@ func TestProcessItem(t *testing.T) { ), requests: []runtime.Object{ gen.CertificateRequestFrom(bundle1.certificateRequest, + gen.SetCertificateRequestName("test-6"), gen.SetCertificateRequestAnnotations(map[string]string{ cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists", cmapi.CertificateRequestRevisionAnnotationKey: "6", }), ), }, - expectedEvents: []string{`Normal Requested Created new CertificateRequest resource "test-notrandom"`}, + expectedEvents: []string{`Normal Requested Created new CertificateRequest resource "test-6"`}, expectedActions: []testpkg.Action{ - testpkg.NewAction(coretesting.NewDeleteAction(cmapi.SchemeGroupVersion.WithResource("certificaterequests"), "testns", "test")), + testpkg.NewAction(coretesting.NewDeleteAction(cmapi.SchemeGroupVersion.WithResource("certificaterequests"), "testns", "test-6")), testpkg.NewCustomMatch(coretesting.NewCreateAction(cmapi.SchemeGroupVersion.WithResource("certificaterequests"), "testns", gen.CertificateRequestFrom(bundle1.certificateRequest, + gen.SetCertificateRequestName("test-6"), gen.SetCertificateRequestAnnotations(map[string]string{ cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists", cmapi.CertificateRequestRevisionAnnotationKey: "6", @@ -536,6 +556,7 @@ func TestProcessItem(t *testing.T) { ), requests: []runtime.Object{ gen.CertificateRequestFrom(bundle1.certificateRequest, + gen.SetCertificateRequestName("random-value"), gen.SetCertificateRequestAnnotations(map[string]string{ cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists", cmapi.CertificateRequestRevisionAnnotationKey: "6", @@ -557,13 +578,14 @@ func TestProcessItem(t *testing.T) { ), requests: []runtime.Object{ gen.CertificateRequestFrom(bundle1.certificateRequest, + gen.SetCertificateRequestName("random-value-1"), gen.SetCertificateRequestAnnotations(map[string]string{ cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists", cmapi.CertificateRequestRevisionAnnotationKey: "6", }), ), gen.CertificateRequestFrom(bundle1.certificateRequest, - gen.SetCertificateRequestName("another-name-2"), + gen.SetCertificateRequestName("random-value-2"), gen.SetCertificateRequestAnnotations(map[string]string{ cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists", cmapi.CertificateRequestRevisionAnnotationKey: "6", @@ -585,6 +607,7 @@ func TestProcessItem(t *testing.T) { ), requests: []runtime.Object{ gen.CertificateRequestFrom(bundle1.certificateRequest, + gen.SetCertificateRequestName("test-6"), gen.SetCertificateRequestAnnotations(map[string]string{ cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists", cmapi.CertificateRequestRevisionAnnotationKey: "6", @@ -593,11 +616,12 @@ func TestProcessItem(t *testing.T) { gen.SetCertificateRequestFailureTime(metav1.Time{Time: fixedNow.Time.Add(time.Hour * -1)}), ), }, - expectedEvents: []string{`Normal Requested Created new CertificateRequest resource "test-notrandom"`}, + expectedEvents: []string{`Normal Requested Created new CertificateRequest resource "test-6"`}, expectedActions: []testpkg.Action{ - testpkg.NewAction(coretesting.NewDeleteAction(cmapi.SchemeGroupVersion.WithResource("certificaterequests"), "testns", "test")), + testpkg.NewAction(coretesting.NewDeleteAction(cmapi.SchemeGroupVersion.WithResource("certificaterequests"), "testns", "test-6")), testpkg.NewCustomMatch(coretesting.NewCreateAction(cmapi.SchemeGroupVersion.WithResource("certificaterequests"), "testns", gen.CertificateRequestFrom(bundle1.certificateRequest, + gen.SetCertificateRequestName("test-6"), gen.SetCertificateRequestAnnotations(map[string]string{ cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists", cmapi.CertificateRequestRevisionAnnotationKey: "6", @@ -619,6 +643,7 @@ func TestProcessItem(t *testing.T) { ), requests: []runtime.Object{ gen.CertificateRequestFrom(bundle1.certificateRequest, + gen.SetCertificateRequestName("random-value"), gen.SetCertificateRequestAnnotations(map[string]string{ cmapi.CertificateRequestPrivateKeyAnnotationKey: "exists", cmapi.CertificateRequestRevisionAnnotationKey: "6", @@ -656,8 +681,8 @@ func TestProcessItem(t *testing.T) { } // Enable any features for a particular test - for _, feature := range test.featuresToEnable { - defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, feature, true)() + for feature, value := range test.featuresFlags { + defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, feature, value)() } // Start the informers and begin processing updates diff --git a/pkg/controller/certificates/requestmanager/util_test.go b/pkg/controller/certificates/requestmanager/util_test.go index 1f301fbab88..2c2fdfadde5 100644 --- a/pkg/controller/certificates/requestmanager/util_test.go +++ b/pkg/controller/certificates/requestmanager/util_test.go @@ -20,7 +20,6 @@ import ( "crypto" "crypto/x509" "encoding/pem" - "fmt" "testing" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -102,12 +101,8 @@ func createCryptoBundle(originalCert *cmapi.Certificate) (*cryptoBundle, error) for k, v := range crt.Annotations { annotations[k] = v } - if crt.Status.Revision != nil { - annotations[cmapi.CertificateRequestRevisionAnnotationKey] = fmt.Sprintf("%d", crt.Status.Revision) - } else { - annotations[cmapi.CertificateRequestRevisionAnnotationKey] = "1" - } + annotations[cmapi.CertificateRequestRevisionAnnotationKey] = "NOT SET" annotations[cmapi.CertificateRequestPrivateKeyAnnotationKey] = crt.Spec.SecretName annotations[cmapi.CertificateNameKey] = crt.Name if crt.Status.NextPrivateKeySecretName != nil { @@ -115,7 +110,7 @@ func createCryptoBundle(originalCert *cmapi.Certificate) (*cryptoBundle, error) } certificateRequest := &cmapi.CertificateRequest{ ObjectMeta: metav1.ObjectMeta{ - GenerateName: crt.Name + "-", + Name: "NOT SET", Namespace: crt.Namespace, OwnerReferences: []metav1.OwnerReference{*metav1.NewControllerRef(crt, certificateGvk)}, Annotations: annotations,