Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: cert-manager/cert-manager
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v1.11.0
Choose a base ref
...
head repository: cert-manager/cert-manager
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v1.11.1
Choose a head ref
7 contributors

Commits on Jan 13, 2023

  1. Use fake kube apiserver version when generating helm template in cmct… 

    …l x install

Signed-off-by: irbekrm <irbekrm@gmail.com>
    @irbekrm @SgtCoDFish
    irbekrm authored and SgtCoDFish committed Jan 13, 2023

    Verified

    This commit was signed with the committer’s verified signature.
    SgtCoDFish Ashley Davis
    GPG key ID: DD14CC017E32BEB1
    Verified
    Learn about vigilant mode
    Copy the full SHA
    89d9fd7 View commit details

  2. Merge pull request #5726 from SgtCoDFish/release-1.11-fix_helm_versio… 

    …n_check

[release-1.11] Fix helm version check
    @jetstack-bot
    jetstack-bot authored Jan 13, 2023

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    3a20e67 View commit details

Commits on Jan 17, 2023

  1. Bump keystore-go to v4.4.1 

    This version points to the same commit as v4.4.0, so there is no actual
code change. However, trying to build cert-manager with v4.4.0 errors
out due to a checksum mismatch. Bumping to the new tag solved the
issue.

Signed-off-by: Guillermo Gaston <gaslor@amazon.com>
    @g-gaston
    g-gaston authored and jetstack-bot committed Jan 17, 2023
    Copy the full SHA
    254f763 View commit details

  2. Merge pull request #5730 from jetstack-bot/cherry-pick-5724-to-releas… 

    …e-1.11

[release-1.11] Bump keystore-go to v4.4.1
    @jetstack-bot
    jetstack-bot authored Jan 17, 2023

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    5c6d47e View commit details

Commits on Jan 19, 2023

  1. A bunch of comments on webhook solver functionality 

    With the goal of making folks working on these parts of code be aware that this is the one bit that will be imported in external projects

Signed-off-by: irbekrm <irbekrm@gmail.com>
    @irbekrm
    irbekrm authored and jetstack-bot committed Jan 19, 2023
    Copy the full SHA
    3af9be0 View commit details

  2. RFC2136 solver has an init option to reset secrets lister 

    Signed-off-by: irbekrm <irbekrm@gmail.com>
    @irbekrm
    irbekrm authored and jetstack-bot committed Jan 19, 2023
    Copy the full SHA
    05e1cb4 View commit details

  3. Resets secrets lister in RFC2136 conformance tests 

    The way the tests run (a new kube apiserver with a different client created for the same initialized solver) is not how this solver would actually run

Signed-off-by: irbekrm <irbekrm@gmail.com>
    @irbekrm
    irbekrm authored and jetstack-bot committed Jan 19, 2023
    Copy the full SHA
    8d1f410 View commit details

  4. Code review feedback: fix imports 

    Signed-off-by: irbekrm <irbekrm@gmail.com>
    @irbekrm
    irbekrm authored and jetstack-bot committed Jan 19, 2023
    Copy the full SHA
    faadbdd View commit details

  5. Merge pull request #5738 from jetstack-bot/cherry-pick-5736-to-releas… 

    …e-1.11

[release-1.11] Webhook solver conformance bugfix
    @jetstack-bot
    jetstack-bot authored Jan 19, 2023

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    7ebb5f5 View commit details

Commits on Jan 30, 2023

  1. bump base images to latest 

    Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
    @SgtCoDFish
    SgtCoDFish authored and jetstack-bot committed Jan 30, 2023
    Copy the full SHA
    59dc385 View commit details

  2. Merge pull request #5762 from jetstack-bot/cherry-pick-5758-to-releas… 

    …e-1.11

[release-1.11] Bump base images to latest
    @jetstack-bot
    jetstack-bot authored Jan 30, 2023

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    4c0f3db View commit details

Commits on Feb 10, 2023

  1. e2e: the vault addon was incorrectly using StdoutPipe 

    The documentation [1] mentions that `StdoutPipe` should not be used
along with `Run`:

"Wait will close the pipe after seeing the command exit, so most callers
need not close the pipe themselves. It is thus incorrect to call Wait
before all reads from the pipe have completed. For the same reason, it
is incorrect to call Run when using StdoutPipe. See the example for
idiomatic usage."

It seems we are using `Run`, meaning that the StdoutPipe gets closed
when `Run` returns (because `Run` calls `Wait` and closes the StdoutPipe
before returning).

To reproduce:

    git fetch fa4c2cf
    git checkout fa4c2cf
    go test -tags=e2e_test ./test/e2e -- -test.outputdir=$PWD/_bin/artifacts \
      -ginkgo.junit-report=junit__01.xml -ginkgo.flake-attempts=1            \
      -test.timeout=24h -ginkgo.v -test.v -ginkgo.randomize-all              \
      -ginkgo.progress -ginkgo.trace -ginkgo.slow-spec-threshold=300s        \
      --repo-root=/home/mvalais/code/cert-manager                            \
      --report-dir=/home/mvalais/code/cert-manager/_bin/artifacts            \
      --acme-dns-server=10.0.0.16 --acme-ingress-ip=10.0.0.15                \
      --acme-gateway-ip=10.0.0.14                                            \
      --ingress-controller-domain=ingress-nginx.http01.example.com           \
      --gateway-domain=gateway.http01.example.com                            \
      --feature-gates=""                                                     \
      --ginkgo.focus=".*should be ready with a valid serviceAccountRef"

Result:

  error install helm chart: cmd.Run: exit status 1: io.Copy: write /dev/stdout: copy_file_range: use of closed file

Signed-off-by: Maël Valais <mael@vls.dev>
    @maelvls
    maelvls committed Feb 10, 2023
    Copy the full SHA
    ef32cbe View commit details

Commits on Feb 16, 2023

  1. Merge pull request #5795 from maelvls/backport-stdoutpipe 

    [release-1.11] e2e flakiness: vault addon incorrectly using StdoutPipe
    @jetstack-bot
    jetstack-bot authored Feb 16, 2023

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    6ff2080 View commit details

Commits on Feb 21, 2023

  1. bump dependencies to fix CVEs 

    manually edited from original to minimise changes

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
    @SgtCoDFish
    SgtCoDFish committed Feb 21, 2023

    Verified

    This commit was signed with the committer’s verified signature.
    SgtCoDFish Ashley Davis
    GPG key ID: DD14CC017E32BEB1
    Verified
    Learn about vigilant mode
    Copy the full SHA
    a934605 View commit details

  2. update base images to latest 

    Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
    @SgtCoDFish
    SgtCoDFish committed Feb 21, 2023

    Verified

    This commit was signed with the committer’s verified signature.
    SgtCoDFish Ashley Davis
    GPG key ID: DD14CC017E32BEB1
    Verified
    Learn about vigilant mode
    Copy the full SHA
    29757f7 View commit details

  3. bump go version 

    Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
    @SgtCoDFish
    SgtCoDFish committed Feb 21, 2023

    Verified

    This commit was signed with the committer’s verified signature.
    SgtCoDFish Ashley Davis
    GPG key ID: DD14CC017E32BEB1
    Verified
    Learn about vigilant mode
    Copy the full SHA
    19259ae View commit details

  4. Merge pull request #5815 from SgtCoDFish/release-1.11-bumphelm 

    [release-1.11] Bump deps, go and base images
    @jetstack-bot
    jetstack-bot authored Feb 21, 2023

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    1ff4238 View commit details

  5. use jetstack vcert fork to properly reset on error for TPP 

    Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
    @inteon @maelvls
    inteon authored and maelvls committed Feb 21, 2023
    Copy the full SHA
    8b6b8cd View commit details

  6. Merge pull request #5819 from maelvls/backport-1.11 

    [release-1.11] use jetstack vcert fork to properly reset on error for TPP
    @jetstack-bot
    jetstack-bot authored Feb 21, 2023

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    785c311 View commit details

Commits on Mar 9, 2023

  1. update k8s.gcr.io to registry.k8s.io 

    Signed-off-by: Rayan Das <rayandas91@gmail.com>
    @rayandas
    rayandas authored and jetstack-bot committed Mar 9, 2023
    Copy the full SHA
    87fa565 View commit details

  2. make: force the use of registry.k8s.io by ingressnginx 

    Signed-off-by: Maël Valais <mael@vls.dev>
    @maelvls
    maelvls authored and jetstack-bot committed Mar 9, 2023
    Copy the full SHA
    e1a5457 View commit details

  3. Merge pull request #5857 from jetstack-bot/cherry-pick-5812-to-releas… 

    …e-1.11

[release-1.11] Update k8s.gcr.io to registry.k8s.io
    @jetstack-bot
    jetstack-bot authored Mar 9, 2023

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    fe544bf View commit details

Commits on Apr 7, 2023

  1. Bump distroless base images and kind versions 

    Signed-off-by: Maël Valais <mael@vls.dev>
    @maelvls
    maelvls committed Apr 7, 2023
    Copy the full SHA
    b16cbc9 View commit details

  2. Merge pull request #5930 from maelvls/bump-distroless-1.11 

    [release-1.11] Bump distroless base images and kind versions
    @jetstack-bot
    jetstack-bot authored Apr 7, 2023

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    e3a2a80 View commit details
66 changes: 33 additions & 33 deletions LICENSES
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
cloud.google.com/go/compute/metadata,https://github.com/googleapis/google-cloud-go/blob/compute/v1.7.0/compute/LICENSE,Apache-2.0
cloud.google.com/go/compute/metadata,https://github.com/googleapis/google-cloud-go/blob/compute/metadata/v0.2.3/compute/metadata/LICENSE,Apache-2.0
github.com/Azure/azure-sdk-for-go,https://github.com/Azure/azure-sdk-for-go/blob/v66.0.0/LICENSE.txt,MIT
github.com/Azure/go-autorest/autorest,https://github.com/Azure/go-autorest/blob/autorest/v0.11.28/autorest/LICENSE,Apache-2.0
github.com/Azure/go-autorest/autorest/adal,https://github.com/Azure/go-autorest/blob/autorest/adal/v0.9.21/autorest/adal/LICENSE,Apache-2.0
@@ -8,14 +8,14 @@ github.com/Azure/go-autorest/autorest/validation,https://github.com/Azure/go-aut
github.com/Azure/go-autorest/logger,https://github.com/Azure/go-autorest/blob/logger/v0.2.1/logger/LICENSE,Apache-2.0
github.com/Azure/go-autorest/tracing,https://github.com/Azure/go-autorest/blob/tracing/v0.6.0/tracing/LICENSE,Apache-2.0
github.com/Azure/go-ntlmssp,https://github.com/Azure/go-ntlmssp/blob/cb9428e4ac1e/LICENSE,MIT
github.com/BurntSushi/toml,https://github.com/BurntSushi/toml/blob/v1.1.0/COPYING,MIT
github.com/BurntSushi/toml,https://github.com/BurntSushi/toml/blob/v1.2.1/COPYING,MIT
github.com/MakeNowJust/heredoc,https://github.com/MakeNowJust/heredoc/blob/v1.0.0/LICENSE,MIT
github.com/Masterminds/goutils,https://github.com/Masterminds/goutils/blob/v1.1.1/LICENSE.txt,Apache-2.0
github.com/Masterminds/semver/v3,https://github.com/Masterminds/semver/blob/v3.1.1/LICENSE.txt,MIT
github.com/Masterminds/sprig/v3,https://github.com/Masterminds/sprig/blob/v3.2.2/LICENSE.txt,MIT
github.com/Masterminds/semver/v3,https://github.com/Masterminds/semver/blob/v3.2.0/LICENSE.txt,MIT
github.com/Masterminds/sprig/v3,https://github.com/Masterminds/sprig/blob/v3.2.3/LICENSE.txt,MIT
github.com/Masterminds/squirrel,https://github.com/Masterminds/squirrel/blob/v1.5.3/LICENSE.txt,MIT
github.com/NYTimes/gziphandler,https://github.com/NYTimes/gziphandler/blob/v1.1.1/LICENSE,Apache-2.0
github.com/Venafi/vcert/v4,https://github.com/Venafi/vcert/blob/v4.23.0/LICENSE,Apache-2.0
github.com/Venafi/vcert/v4,https://github.com/jetstack/vcert/blob/3aa3dfd6613d/LICENSE,Apache-2.0
github.com/akamai/AkamaiOPEN-edgegrid-golang,https://github.com/akamai/AkamaiOPEN-edgegrid-golang/blob/v1.2.1/LICENSE,Apache-2.0
github.com/antlr/antlr4/runtime/Go/antlr,https://github.com/antlr/antlr4/blob/runtime/Go/antlr/v1.4.10/runtime/Go/antlr/LICENSE,BSD-3-Clause
github.com/armon/go-metrics,https://github.com/armon/go-metrics/blob/v0.3.9/LICENSE,MIT
@@ -33,21 +33,21 @@ github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/clouddns,https://github
github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/cloudflare,https://github.com/cert-manager/cert-manager/blob/HEAD/pkg/issuer/acme/dns/cloudflare/LICENSE,MIT
github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/route53,https://github.com/cert-manager/cert-manager/blob/HEAD/pkg/issuer/acme/dns/route53/LICENSE,MIT
github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/util,https://github.com/cert-manager/cert-manager/blob/HEAD/pkg/issuer/acme/dns/util/LICENSE,MIT
github.com/cespare/xxhash/v2,https://github.com/cespare/xxhash/blob/v2.1.2/LICENSE.txt,MIT
github.com/cespare/xxhash/v2,https://github.com/cespare/xxhash/blob/v2.2.0/LICENSE.txt,MIT
github.com/chai2010/gettext-go,https://github.com/chai2010/gettext-go/blob/v1.0.2/LICENSE,BSD-3-Clause
github.com/cloudflare/cloudflare-go,https://github.com/cloudflare/cloudflare-go/blob/v0.50.0/LICENSE,BSD-3-Clause
github.com/containerd/containerd,https://github.com/containerd/containerd/blob/v1.6.15/LICENSE,Apache-2.0
github.com/containerd/containerd,https://github.com/containerd/containerd/blob/v1.6.18/LICENSE,Apache-2.0
github.com/coreos/go-semver/semver,https://github.com/coreos/go-semver/blob/v0.3.0/LICENSE,Apache-2.0
github.com/coreos/go-systemd/v22,https://github.com/coreos/go-systemd/blob/v22.3.2/LICENSE,Apache-2.0
github.com/cpu/goacmedns,https://github.com/cpu/goacmedns/blob/v0.1.1/LICENSE,MIT
github.com/cpuguy83/go-md2man/v2/md2man,https://github.com/cpuguy83/go-md2man/blob/v2.0.2/LICENSE.md,MIT
github.com/cyphar/filepath-securejoin,https://github.com/cyphar/filepath-securejoin/blob/v0.2.3/LICENSE,BSD-3-Clause
github.com/davecgh/go-spew/spew,https://github.com/davecgh/go-spew/blob/v1.1.1/LICENSE,ISC
github.com/digitalocean/godo,https://github.com/digitalocean/godo/blob/v1.86.0/LICENSE.txt,MIT
github.com/docker/cli/cli/config,https://github.com/docker/cli/blob/v20.10.17/LICENSE,Apache-2.0
github.com/docker/cli/cli/config,https://github.com/docker/cli/blob/v20.10.21/LICENSE,Apache-2.0
github.com/docker/distribution,https://github.com/docker/distribution/blob/v2.8.1/LICENSE,Apache-2.0
github.com/docker/docker,https://github.com/docker/docker/blob/v20.10.17/LICENSE,Apache-2.0
github.com/docker/docker-credential-helpers,https://github.com/docker/docker-credential-helpers/blob/v0.6.4/LICENSE,MIT
github.com/docker/docker,https://github.com/docker/docker/blob/v20.10.21/LICENSE,Apache-2.0
github.com/docker/docker-credential-helpers,https://github.com/docker/docker-credential-helpers/blob/v0.7.0/LICENSE,MIT
github.com/docker/go-connections,https://github.com/docker/go-connections/blob/v0.4.0/LICENSE,Apache-2.0
github.com/docker/go-metrics,https://github.com/docker/go-metrics/blob/v0.0.1/LICENSE,Apache-2.0
github.com/docker/go-units,https://github.com/docker/go-units/blob/v0.4.0/LICENSE,Apache-2.0
@@ -82,8 +82,8 @@ github.com/google/go-querystring/query,https://github.com/google/go-querystring/
github.com/google/gofuzz,https://github.com/google/gofuzz/blob/v1.2.0/LICENSE,Apache-2.0
github.com/google/shlex,https://github.com/google/shlex/blob/e7afc7fbc510/COPYING,Apache-2.0
github.com/google/uuid,https://github.com/google/uuid/blob/v1.3.0/LICENSE,BSD-3-Clause
github.com/googleapis/enterprise-certificate-proxy/client,https://github.com/googleapis/enterprise-certificate-proxy/blob/v0.1.0/LICENSE,Apache-2.0
github.com/googleapis/gax-go/v2,https://github.com/googleapis/gax-go/blob/v2.4.0/v2/LICENSE,BSD-3-Clause
github.com/googleapis/enterprise-certificate-proxy/client,https://github.com/googleapis/enterprise-certificate-proxy/blob/v0.2.0/LICENSE,Apache-2.0
github.com/googleapis/gax-go/v2,https://github.com/googleapis/gax-go/blob/v2.7.0/v2/LICENSE,BSD-3-Clause
github.com/gorilla/mux,https://github.com/gorilla/mux/blob/v1.8.0/LICENSE,BSD-3-Clause
github.com/gosuri/uitable,https://github.com/gosuri/uitable/blob/v0.0.4/LICENSE,MIT
github.com/gosuri/uitable/util/wordwrap,https://github.com/gosuri/uitable/blob/v0.0.4/util/wordwrap/LICENSE.md,MIT
@@ -109,15 +109,15 @@ github.com/hashicorp/hcl,https://github.com/hashicorp/hcl/blob/v1.0.0/LICENSE,MP
github.com/hashicorp/vault/api,https://github.com/hashicorp/vault/blob/api/v1.8.0/api/LICENSE,MPL-2.0
github.com/hashicorp/vault/sdk,https://github.com/hashicorp/vault/blob/sdk/v0.6.0/sdk/LICENSE,MPL-2.0
github.com/hashicorp/yamux,https://github.com/hashicorp/yamux/blob/3520598351bb/LICENSE,MPL-2.0
github.com/huandu/xstrings,https://github.com/huandu/xstrings/blob/v1.3.2/LICENSE,MIT
github.com/huandu/xstrings,https://github.com/huandu/xstrings/blob/v1.3.3/LICENSE,MIT
github.com/imdario/mergo,https://github.com/imdario/mergo/blob/v0.3.12/LICENSE,BSD-3-Clause
github.com/jmespath/go-jmespath,https://github.com/jmespath/go-jmespath/blob/v0.4.0/LICENSE,Apache-2.0
github.com/jmoiron/sqlx,https://github.com/jmoiron/sqlx/blob/v1.3.5/LICENSE,MIT
github.com/josharian/intern,https://github.com/josharian/intern/blob/v1.0.0/license.md,MIT
github.com/json-iterator/go,https://github.com/json-iterator/go/blob/v1.1.12/LICENSE,MIT
github.com/klauspost/compress,https://github.com/klauspost/compress/blob/v1.13.6/LICENSE,Apache-2.0
github.com/klauspost/compress/internal/snapref,https://github.com/klauspost/compress/blob/v1.13.6/internal/snapref/LICENSE,BSD-3-Clause
github.com/klauspost/compress/zstd/internal/xxhash,https://github.com/klauspost/compress/blob/v1.13.6/zstd/internal/xxhash/LICENSE.txt,MIT
github.com/klauspost/compress,https://github.com/klauspost/compress/blob/v1.15.15/LICENSE,Apache-2.0
github.com/klauspost/compress/internal/snapref,https://github.com/klauspost/compress/blob/v1.15.15/internal/snapref/LICENSE,BSD-3-Clause
github.com/klauspost/compress/zstd/internal/xxhash,https://github.com/klauspost/compress/blob/v1.15.15/zstd/internal/xxhash/LICENSE.txt,MIT
github.com/kr/pretty,https://github.com/kr/pretty/blob/v0.3.1/License,MIT
github.com/kr/text,https://github.com/kr/text/blob/v0.2.0/License,MIT
github.com/lann/builder,https://github.com/lann/builder/blob/47ae307949d0/LICENSE,MIT
@@ -138,7 +138,7 @@ github.com/mitchellh/mapstructure,https://github.com/mitchellh/mapstructure/blob
github.com/mitchellh/reflectwalk,https://github.com/mitchellh/reflectwalk/blob/v1.0.2/LICENSE,MIT
github.com/moby/locker,https://github.com/moby/locker/blob/v1.0.1/LICENSE,Apache-2.0
github.com/moby/spdystream,https://github.com/moby/spdystream/blob/v0.2.0/LICENSE,Apache-2.0
github.com/moby/term,https://github.com/moby/term/blob/39b0c02b01ae/LICENSE,Apache-2.0
github.com/moby/term,https://github.com/moby/term/blob/1aeaba878587/LICENSE,Apache-2.0
github.com/modern-go/concurrent,https://github.com/modern-go/concurrent/blob/bacd9c7ef1dd/LICENSE,Apache-2.0
github.com/modern-go/reflect2,https://github.com/modern-go/reflect2/blob/v1.0.2/LICENSE,Apache-2.0
github.com/monochromegane/go-gitignore,https://github.com/monochromegane/go-gitignore/blob/205db1a8cc00/LICENSE,MIT
@@ -148,9 +148,9 @@ github.com/oklog/run,https://github.com/oklog/run/blob/v1.0.0/LICENSE,Apache-2.0
github.com/onsi/ginkgo/v2,https://github.com/onsi/ginkgo/blob/v2.6.1/LICENSE,MIT
github.com/onsi/gomega,https://github.com/onsi/gomega/blob/v1.24.2/LICENSE,MIT
github.com/opencontainers/go-digest,https://github.com/opencontainers/go-digest/blob/v1.0.0/LICENSE,Apache-2.0
github.com/opencontainers/image-spec/specs-go,https://github.com/opencontainers/image-spec/blob/c5a74bcca799/LICENSE,Apache-2.0
github.com/opencontainers/image-spec/specs-go,https://github.com/opencontainers/image-spec/blob/v1.1.0-rc2/LICENSE,Apache-2.0
github.com/patrickmn/go-cache,https://github.com/patrickmn/go-cache/blob/v2.1.0/LICENSE,MIT
github.com/pavlo-v-chernykh/keystore-go/v4,https://github.com/pavlo-v-chernykh/keystore-go/blob/v4.4.0/LICENSE,MIT
github.com/pavlo-v-chernykh/keystore-go/v4,https://github.com/pavlo-v-chernykh/keystore-go/blob/v4.4.1/LICENSE,MIT
github.com/peterbourgon/diskv,https://github.com/peterbourgon/diskv/blob/v2.0.1/LICENSE,MIT
github.com/pierrec/lz4,https://github.com/pierrec/lz4/blob/v2.5.2/LICENSE,BSD-3-Clause
github.com/pkg/errors,https://github.com/pkg/errors/blob/v0.9.1/LICENSE,BSD-2-Clause
@@ -161,13 +161,13 @@ github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg,https://github.
github.com/prometheus/procfs,https://github.com/prometheus/procfs/blob/v0.8.0/LICENSE,Apache-2.0
github.com/rivo/uniseg,https://github.com/rivo/uniseg/blob/v0.2.0/LICENSE.txt,MIT
github.com/rogpeppe/go-internal/fmtsort,https://github.com/rogpeppe/go-internal/blob/v1.9.0/LICENSE,BSD-3-Clause
github.com/rubenv/sql-migrate,https://github.com/rubenv/sql-migrate/blob/v1.1.2/LICENSE,MIT
github.com/rubenv/sql-migrate/sqlparse,https://github.com/rubenv/sql-migrate/blob/v1.1.2/sqlparse/LICENSE,MIT
github.com/rubenv/sql-migrate,https://github.com/rubenv/sql-migrate/blob/v1.2.0/LICENSE,MIT
github.com/rubenv/sql-migrate/sqlparse,https://github.com/rubenv/sql-migrate/blob/v1.2.0/sqlparse/LICENSE,MIT
github.com/russross/blackfriday/v2,https://github.com/russross/blackfriday/blob/v2.1.0/LICENSE.txt,BSD-2-Clause
github.com/ryanuber/go-glob,https://github.com/ryanuber/go-glob/blob/v1.0.0/LICENSE,MIT
github.com/sergi/go-diff/diffmatchpatch,https://github.com/sergi/go-diff/blob/v1.2.0/LICENSE,MIT
github.com/shopspring/decimal,https://github.com/shopspring/decimal/blob/v1.2.0/LICENSE,MIT
github.com/sirupsen/logrus,https://github.com/sirupsen/logrus/blob/v1.8.1/LICENSE,MIT
github.com/sirupsen/logrus,https://github.com/sirupsen/logrus/blob/v1.9.0/LICENSE,MIT
github.com/spf13/cast,https://github.com/spf13/cast/blob/v1.4.1/LICENSE,MIT
github.com/spf13/cobra,https://github.com/spf13/cobra/blob/v1.6.1/LICENSE.txt,Apache-2.0
github.com/spf13/pflag,https://github.com/spf13/pflag/blob/v1.0.5/LICENSE,BSD-3-Clause
@@ -180,7 +180,7 @@ github.com/youmark/pkcs8,https://github.com/youmark/pkcs8/blob/1326539a0a0a/LICE
go.etcd.io/etcd/api/v3,https://github.com/etcd-io/etcd/blob/api/v3.5.5/api/LICENSE,Apache-2.0
go.etcd.io/etcd/client/pkg/v3,https://github.com/etcd-io/etcd/blob/client/pkg/v3.5.5/client/pkg/LICENSE,Apache-2.0
go.etcd.io/etcd/client/v3,https://github.com/etcd-io/etcd/blob/client/v3.5.5/client/v3/LICENSE,Apache-2.0
go.opencensus.io,https://github.com/census-instrumentation/opencensus-go/blob/v0.23.0/LICENSE,Apache-2.0
go.opencensus.io,https://github.com/census-instrumentation/opencensus-go/blob/v0.24.0/LICENSE,Apache-2.0
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc,https://github.com/open-telemetry/opentelemetry-go-contrib/blob/instrumentation/google.golang.org/grpc/otelgrpc/v0.35.0/instrumentation/google.golang.org/grpc/otelgrpc/LICENSE,Apache-2.0
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp,https://github.com/open-telemetry/opentelemetry-go-contrib/blob/instrumentation/net/http/otelhttp/v0.35.0/instrumentation/net/http/otelhttp/LICENSE,Apache-2.0
go.opentelemetry.io/otel,https://github.com/open-telemetry/opentelemetry-go/blob/v1.10.0/LICENSE,Apache-2.0
@@ -196,18 +196,18 @@ go.uber.org/atomic,https://github.com/uber-go/atomic/blob/v1.9.0/LICENSE.txt,MIT
go.uber.org/multierr,https://github.com/uber-go/multierr/blob/v1.6.0/LICENSE.txt,MIT
go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.24.0/LICENSE.txt,MIT
golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.5.0:LICENSE,BSD-3-Clause
golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.5.0:LICENSE,BSD-3-Clause
golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.7.0:LICENSE,BSD-3-Clause
golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.4.0:LICENSE,BSD-3-Clause
golang.org/x/sync,https://cs.opensource.google/go/x/sync/+/v0.1.0:LICENSE,BSD-3-Clause
golang.org/x/sys,https://cs.opensource.google/go/x/sys/+/v0.4.0:LICENSE,BSD-3-Clause
golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.4.0:LICENSE,BSD-3-Clause
golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.6.0:LICENSE,BSD-3-Clause
golang.org/x/sys,https://cs.opensource.google/go/x/sys/+/v0.5.0:LICENSE,BSD-3-Clause
golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.5.0:LICENSE,BSD-3-Clause
golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.7.0:LICENSE,BSD-3-Clause
golang.org/x/time/rate,https://cs.opensource.google/go/x/time/+/v0.3.0:LICENSE,BSD-3-Clause
gomodules.xyz/jsonpatch/v2,https://github.com/gomodules/jsonpatch/blob/v2.2.0/v2/LICENSE,Apache-2.0
google.golang.org/api,https://github.com/googleapis/google-api-go-client/blob/v0.97.0/LICENSE,BSD-3-Clause
google.golang.org/api/internal/third_party/uritemplates,https://github.com/googleapis/google-api-go-client/blob/v0.97.0/internal/third_party/uritemplates/LICENSE,BSD-3-Clause
google.golang.org/genproto,https://github.com/googleapis/go-genproto/blob/8cd45d7dbd1f/LICENSE,Apache-2.0
google.golang.org/grpc,https://github.com/grpc/grpc-go/blob/v1.49.0/LICENSE,Apache-2.0
google.golang.org/api,https://github.com/googleapis/google-api-go-client/blob/v0.103.0/LICENSE,BSD-3-Clause
google.golang.org/api/internal/third_party/uritemplates,https://github.com/googleapis/google-api-go-client/blob/v0.103.0/internal/third_party/uritemplates/LICENSE,BSD-3-Clause
google.golang.org/genproto,https://github.com/googleapis/go-genproto/blob/67e5cbc046fd/LICENSE,Apache-2.0
google.golang.org/grpc,https://github.com/grpc/grpc-go/blob/v1.50.1/LICENSE,Apache-2.0
google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v1.28.1/LICENSE,BSD-3-Clause
gopkg.in/inf.v0,https://github.com/go-inf/inf/blob/v0.9.1/LICENSE,BSD-3-Clause
gopkg.in/ini.v1,https://github.com/go-ini/ini/blob/v1.62.0/LICENSE,Apache-2.0
@@ -216,7 +216,7 @@ gopkg.in/square/go-jose.v2,https://github.com/square/go-jose/blob/v2.5.1/LICENSE
gopkg.in/square/go-jose.v2/json,https://github.com/square/go-jose/blob/v2.5.1/json/LICENSE,BSD-3-Clause
gopkg.in/yaml.v2,https://github.com/go-yaml/yaml/blob/v2.4.0/LICENSE,Apache-2.0
gopkg.in/yaml.v3,https://github.com/go-yaml/yaml/blob/v3.0.1/LICENSE,MIT
helm.sh/helm/v3,https://github.com/helm/helm/blob/v3.10.3/LICENSE,Apache-2.0
helm.sh/helm/v3,https://github.com/helm/helm/blob/v3.11.1/LICENSE,Apache-2.0
k8s.io/api,https://github.com/kubernetes/api/blob/v0.26.0/LICENSE,Apache-2.0
k8s.io/apiextensions-apiserver/pkg,https://github.com/kubernetes/apiextensions-apiserver/blob/v0.26.0/LICENSE,Apache-2.0
k8s.io/apimachinery/pkg,https://github.com/kubernetes/apimachinery/blob/v0.26.0/LICENSE,Apache-2.0
@@ -235,7 +235,7 @@ k8s.io/kube-openapi/pkg/validation/spec,https://github.com/kubernetes/kube-opena
k8s.io/kubectl/pkg,https://github.com/kubernetes/kubectl/blob/v0.26.0/LICENSE,Apache-2.0
k8s.io/utils,https://github.com/kubernetes/utils/blob/99ec85e7a448/LICENSE,Apache-2.0
k8s.io/utils/internal/third_party/forked/golang,https://github.com/kubernetes/utils/blob/99ec85e7a448/internal/third_party/forked/golang/LICENSE,BSD-3-Clause
oras.land/oras-go/pkg,https://github.com/oras-project/oras-go/blob/v1.2.0/LICENSE,Apache-2.0
oras.land/oras-go/pkg,https://github.com/oras-project/oras-go/blob/v1.2.2/LICENSE,Apache-2.0
sigs.k8s.io/apiserver-network-proxy/konnectivity-client,https://github.com/kubernetes-sigs/apiserver-network-proxy/blob/konnectivity-client/v0.0.33/konnectivity-client/LICENSE,Apache-2.0
sigs.k8s.io/controller-runtime,https://github.com/kubernetes-sigs/controller-runtime/blob/v0.14.1/LICENSE,Apache-2.0
sigs.k8s.io/gateway-api,https://github.com/kubernetes-sigs/gateway-api/blob/v0.6.0/LICENSE,Apache-2.0
16 changes: 14 additions & 2 deletions cmd/ctl/pkg/install/install.go
View file
Original file line number Diff line number Diff line change
@@ -29,6 +29,7 @@ import (
"helm.sh/helm/v3/pkg/action"
"helm.sh/helm/v3/pkg/chart"
"helm.sh/helm/v3/pkg/chart/loader"
"helm.sh/helm/v3/pkg/chartutil"
"helm.sh/helm/v3/pkg/cli"
"helm.sh/helm/v3/pkg/cli/values"
"helm.sh/helm/v3/pkg/getter"
@@ -191,12 +192,22 @@ func (o *InstallOptions) runInstall(ctx context.Context) (*release.Release, erro
}

// Dryrun template generation (used for rendering the CRDs in /templates)
o.client.DryRun = true // Do not apply install
o.client.ClientOnly = true // Do not validate against cluster (otherwise double CRDs can cause error)
o.client.DryRun = true // Do not apply install
o.client.ClientOnly = true // Do not validate against cluster (otherwise double CRDs can cause error)
// Kube version to be used in dry run template generation which does not
// talk to kube apiserver. This is to ensure that template generation
// does not fail because our Kubernetes minimum version requirement is
// higher than that hardcoded in Helm codebase for client-only runs
o.client.KubeVersion = &chartutil.KubeVersion{
Version: "v999.999.999",
Major: "999",
Minor: "999",
}
chartValues[installCRDsFlagName] = true // Make sure to render CRDs
dryRunResult, err := o.client.Run(chart, chartValues)
if err != nil {
return nil, err

}

if o.DryRun {
@@ -239,6 +250,7 @@ func (o *InstallOptions) runInstall(ctx context.Context) (*release.Release, erro
// Install chart
o.client.DryRun = false // Apply DryRun cli flags
o.client.ClientOnly = false // Perform install against cluster
o.client.KubeVersion = nil

o.client.Wait = o.Wait // Wait for resources to be ready
// If part of the install fails and the Atomic option is set to True,
69 changes: 38 additions & 31 deletions go.mod
View file
Original file line number Diff line number Diff line change
@@ -7,7 +7,7 @@ require (
github.com/Azure/go-autorest/autorest v0.11.28
github.com/Azure/go-autorest/autorest/adal v0.9.21
github.com/Azure/go-autorest/autorest/to v0.4.0
github.com/Venafi/vcert/v4 v4.23.0
github.com/Venafi/vcert/v4 v4.0.0-00010101000000-000000000000
github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.1
github.com/aws/aws-sdk-go v1.44.105
github.com/cloudflare/cloudflare-go v0.50.0
@@ -25,7 +25,7 @@ require (
github.com/munnerz/crd-schema-fuzz v1.0.0
github.com/onsi/ginkgo/v2 v2.6.1
github.com/onsi/gomega v1.24.2
github.com/pavlo-v-chernykh/keystore-go/v4 v4.4.0
github.com/pavlo-v-chernykh/keystore-go/v4 v4.4.1
github.com/pkg/errors v0.9.1
github.com/prometheus/client_golang v1.14.0
github.com/segmentio/encoding v0.3.5
@@ -37,8 +37,8 @@ require (
golang.org/x/oauth2 v0.4.0
golang.org/x/sync v0.1.0
gomodules.xyz/jsonpatch/v2 v2.2.0
google.golang.org/api v0.97.0
helm.sh/helm/v3 v3.10.3
google.golang.org/api v0.103.0
helm.sh/helm/v3 v3.11.1
k8s.io/api v0.26.0
k8s.io/apiextensions-apiserver v0.26.0
k8s.io/apimachinery v0.26.0
@@ -61,20 +61,22 @@ require (
)

require (
cloud.google.com/go/compute v1.7.0 // indirect
cloud.google.com/go/compute v1.14.0 // indirect
cloud.google.com/go/compute/metadata v0.2.3 // indirect
github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
github.com/Azure/go-autorest v14.2.0+incompatible // indirect
github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
github.com/Azure/go-autorest/autorest/validation v0.3.1 // indirect
github.com/Azure/go-autorest/logger v0.2.1 // indirect
github.com/Azure/go-autorest/tracing v0.6.0 // indirect
github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e // indirect
github.com/BurntSushi/toml v1.1.0 // indirect
github.com/BurntSushi/toml v1.2.1 // indirect
github.com/MakeNowJust/heredoc v1.0.0 // indirect
github.com/Masterminds/goutils v1.1.1 // indirect
github.com/Masterminds/semver/v3 v3.1.1 // indirect
github.com/Masterminds/sprig/v3 v3.2.2 // indirect
github.com/Masterminds/semver/v3 v3.2.0 // indirect
github.com/Masterminds/sprig/v3 v3.2.3 // indirect
github.com/Masterminds/squirrel v1.5.3 // indirect
github.com/Microsoft/go-winio v0.6.0 // indirect
github.com/NYTimes/gziphandler v1.1.1 // indirect
github.com/antlr/antlr4/runtime/Go/antlr v1.4.10 // indirect
github.com/armon/go-metrics v0.3.9 // indirect
@@ -84,18 +86,19 @@ require (
github.com/blang/semver/v4 v4.0.0 // indirect
github.com/cenkalti/backoff/v3 v3.0.0 // indirect
github.com/cenkalti/backoff/v4 v4.1.3 // indirect
github.com/cespare/xxhash/v2 v2.1.2 // indirect
github.com/cespare/xxhash/v2 v2.2.0 // indirect
github.com/chai2010/gettext-go v1.0.2 // indirect
github.com/containerd/containerd v1.6.15 // indirect
github.com/containerd/cgroups v1.1.0 // indirect
github.com/containerd/containerd v1.6.18 // indirect
github.com/coreos/go-semver v0.3.0 // indirect
github.com/coreos/go-systemd/v22 v22.3.2 // indirect
github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
github.com/cyphar/filepath-securejoin v0.2.3 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/docker/cli v20.10.17+incompatible // indirect
github.com/docker/cli v20.10.21+incompatible // indirect
github.com/docker/distribution v2.8.1+incompatible // indirect
github.com/docker/docker v20.10.17+incompatible // indirect
github.com/docker/docker-credential-helpers v0.6.4 // indirect
github.com/docker/docker v20.10.21+incompatible // indirect
github.com/docker/docker-credential-helpers v0.7.0 // indirect
github.com/docker/go-connections v0.4.0 // indirect
github.com/docker/go-metrics v0.0.1 // indirect
github.com/docker/go-units v0.4.0 // indirect
@@ -129,8 +132,8 @@ require (
github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 // indirect
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
github.com/google/uuid v1.3.0 // indirect
github.com/googleapis/enterprise-certificate-proxy v0.1.0 // indirect
github.com/googleapis/gax-go/v2 v2.4.0 // indirect
github.com/googleapis/enterprise-certificate-proxy v0.2.0 // indirect
github.com/googleapis/gax-go/v2 v2.7.0 // indirect
github.com/gorilla/mux v1.8.0 // indirect
github.com/gosuri/uitable v0.0.4 // indirect
github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 // indirect
@@ -153,14 +156,14 @@ require (
github.com/hashicorp/golang-lru v0.5.4 // indirect
github.com/hashicorp/hcl v1.0.0 // indirect
github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb // indirect
github.com/huandu/xstrings v1.3.2 // indirect
github.com/huandu/xstrings v1.3.3 // indirect
github.com/imdario/mergo v0.3.12 // indirect
github.com/inconshreveable/mousetrap v1.0.1 // indirect
github.com/jmespath/go-jmespath v0.4.0 // indirect
github.com/jmoiron/sqlx v1.3.5 // indirect
github.com/josharian/intern v1.0.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/klauspost/compress v1.13.6 // indirect
github.com/klauspost/compress v1.15.15 // indirect
github.com/kr/text v0.2.0 // indirect
github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
@@ -178,15 +181,16 @@ require (
github.com/mitchellh/reflectwalk v1.0.2 // indirect
github.com/moby/locker v1.0.1 // indirect
github.com/moby/spdystream v0.2.0 // indirect
github.com/moby/term v0.0.0-20220808134915-39b0c02b01ae // indirect
github.com/moby/sys/mountinfo v0.6.2 // indirect
github.com/moby/term v0.0.0-20221205130635-1aeaba878587 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
github.com/morikuni/aec v1.0.0 // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
github.com/oklog/run v1.0.0 // indirect
github.com/opencontainers/go-digest v1.0.0 // indirect
github.com/opencontainers/image-spec v1.0.3-0.20211202183452-c5a74bcca799 // indirect
github.com/opencontainers/image-spec v1.1.0-rc2 // indirect
github.com/patrickmn/go-cache v2.1.0+incompatible // indirect
github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
github.com/pierrec/lz4 v2.5.2+incompatible // indirect
@@ -196,12 +200,12 @@ require (
github.com/prometheus/procfs v0.8.0 // indirect
github.com/rivo/uniseg v0.2.0 // indirect
github.com/rogpeppe/go-internal v1.9.0 // indirect
github.com/rubenv/sql-migrate v1.1.2 // indirect
github.com/rubenv/sql-migrate v1.2.0 // indirect
github.com/russross/blackfriday/v2 v2.1.0 // indirect
github.com/ryanuber/go-glob v1.0.0 // indirect
github.com/segmentio/asm v1.1.3 // indirect
github.com/shopspring/decimal v1.2.0 // indirect
github.com/sirupsen/logrus v1.8.1 // indirect
github.com/sirupsen/logrus v1.9.0 // indirect
github.com/spf13/cast v1.4.1 // indirect
github.com/stoewer/go-strcase v1.2.0 // indirect
github.com/stretchr/objx v0.5.0 // indirect
@@ -213,7 +217,7 @@ require (
go.etcd.io/etcd/api/v3 v3.5.5 // indirect
go.etcd.io/etcd/client/pkg/v3 v3.5.5 // indirect
go.etcd.io/etcd/client/v3 v3.5.5 // indirect
go.opencensus.io v0.23.0 // indirect
go.opencensus.io v0.24.0 // indirect
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.35.0 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.35.0 // indirect
go.opentelemetry.io/otel v1.10.0 // indirect
@@ -228,16 +232,16 @@ require (
go.uber.org/atomic v1.9.0 // indirect
go.uber.org/multierr v1.6.0 // indirect
go.uber.org/zap v1.24.0 // indirect
golang.org/x/mod v0.7.0 // indirect
golang.org/x/net v0.5.0 // indirect
golang.org/x/sys v0.4.0 // indirect
golang.org/x/term v0.4.0 // indirect
golang.org/x/text v0.6.0 // indirect
golang.org/x/mod v0.8.0 // indirect
golang.org/x/net v0.7.0 // indirect
golang.org/x/sys v0.5.0 // indirect
golang.org/x/term v0.5.0 // indirect
golang.org/x/text v0.7.0 // indirect
golang.org/x/time v0.3.0 // indirect
golang.org/x/tools v0.4.0 // indirect
golang.org/x/tools v0.6.0 // indirect
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/genproto v0.0.0-20220624142145-8cd45d7dbd1f // indirect
google.golang.org/grpc v1.49.0 // indirect
google.golang.org/genproto v0.0.0-20221202195650-67e5cbc046fd // indirect
google.golang.org/grpc v1.50.1 // indirect
google.golang.org/protobuf v1.28.1 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/ini.v1 v1.62.0 // indirect
@@ -247,11 +251,14 @@ require (
gopkg.in/yaml.v3 v3.0.1 // indirect
k8s.io/gengo v0.0.0-20220902162205-c0856e24416d // indirect
k8s.io/kms v0.26.0 // indirect
oras.land/oras-go v1.2.0 // indirect
oras.land/oras-go v1.2.2 // indirect
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.33 // indirect
sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect
sigs.k8s.io/kustomize/api v0.12.1 // indirect
sigs.k8s.io/kustomize/kyaml v0.13.9 // indirect
)

replace github.com/miekg/dns v1.1.41 => github.com/miekg/dns v1.1.34

// remove this once https://github.com/jetstack/vcert/pull/3 is merged upstream
replace github.com/Venafi/vcert/v4 => github.com/jetstack/vcert/v4 v4.9.6-0.20230127103832-3aa3dfd6613d
296 changes: 90 additions & 206 deletions go.sum
View file

Large diffs are not rendered by default.

20 changes: 10 additions & 10 deletions make/base_images.mk
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
# autogenerated by hack/latest-base-images.sh
STATIC_BASE_IMAGE_amd64 := gcr.io/distroless/static@sha256:ea2ed73931ecd5d70f0bf3fdaa481c84f556cc205d6ceec78dff335fc4a313b2
STATIC_BASE_IMAGE_arm64 := gcr.io/distroless/static@sha256:59a12639776ac4711629733e0b84fcf8c790cced9e43a607cfae71ddc52b03a1
STATIC_BASE_IMAGE_s390x := gcr.io/distroless/static@sha256:5dd8516dee7953ce750ad8266f8270fdf83a23db6637b988fb6e5c561596758d
STATIC_BASE_IMAGE_arm := gcr.io/distroless/static@sha256:eb2ff3d43dfd61f1f58c175191017439e6eb1e337d1d4a1e1b50b47ea76485e7
STATIC_BASE_IMAGE_ppc64le := gcr.io/distroless/static@sha256:02b030910780d033776981411311bc73accc2d364c36e0cba7f115b365c6b750
DYNAMIC_BASE_IMAGE_amd64 := gcr.io/distroless/base@sha256:0216d8712854b61db71b95f836caa48f5ace55fa66584f5a0b346765398b2520
DYNAMIC_BASE_IMAGE_arm64 := gcr.io/distroless/base@sha256:31ef0cacc560882180cfdfa23f734652bd1a94d63c65129a1ac37f710accc2c7
DYNAMIC_BASE_IMAGE_s390x := gcr.io/distroless/base@sha256:1a7bbe8de1939308fc8a07dc3e713db9b083044888238f9424c3edb0944872a4
DYNAMIC_BASE_IMAGE_arm := gcr.io/distroless/base@sha256:251a910de5d80be4c9ce52e9448ba3f9b799187395a4c72f0fc1bdb7a614a5a1
DYNAMIC_BASE_IMAGE_ppc64le := gcr.io/distroless/base@sha256:b41cc0e19028f1ac460e8049d4b0214514f36ac5375a692df2d9173338084799
STATIC_BASE_IMAGE_amd64 := gcr.io/distroless/static@sha256:8d4cc4a622ce09a75bd7b1eea695008bdbff9e91fea426c2d353ea127dcdc9e3
STATIC_BASE_IMAGE_arm64 := gcr.io/distroless/static@sha256:c98239bd892490f2ab1f29c5321613eedbb9b96863b3109b93e14de7641ea97a
STATIC_BASE_IMAGE_s390x := gcr.io/distroless/static@sha256:8bf5eed87652c8c97b4bea6bfab4c7162f3dad09381bd160ddc8f8853fc6bbce
STATIC_BASE_IMAGE_arm := gcr.io/distroless/static@sha256:31b88f1a22bd3676d8d2fad1022e06ce5ee1a66de896fd2cc141746f2681ae2f
STATIC_BASE_IMAGE_ppc64le := gcr.io/distroless/static@sha256:2937a574d0b8257cfbb98b47ef46e3c3330b1dbe18f0ad0ccd826569f46ed57b
DYNAMIC_BASE_IMAGE_amd64 := gcr.io/distroless/base@sha256:8267a5d9fa15a538227a8850e81cf6c548a78de73458e99a67e8799bbffb1ba0
DYNAMIC_BASE_IMAGE_arm64 := gcr.io/distroless/base@sha256:f19b05270bbd5c38e12c5610f23c1dfe4441858d959102a83074cf17ec074b50
DYNAMIC_BASE_IMAGE_s390x := gcr.io/distroless/base@sha256:5275b5b17f9dff2f3f20fa51b80d259477726d8584494cbe51fdda07b5c4072b
DYNAMIC_BASE_IMAGE_arm := gcr.io/distroless/base@sha256:4cb05eb0f96b30360d4a0e602dc51ec7847463727ee1a66e03629ea60e11eca4
DYNAMIC_BASE_IMAGE_ppc64le := gcr.io/distroless/base@sha256:653822f53b4b7e3caa2fa5b9a77fa1bd599655515c4325982a141c6ffac234fa
5 changes: 3 additions & 2 deletions make/e2e-setup.mk
View file
Original file line number Diff line number Diff line change
@@ -12,7 +12,7 @@ CRI_ARCH := $(HOST_ARCH)
# is set in one place only.
K8S_VERSION := 1.26

IMAGE_ingressnginx_amd64 := k8s.gcr.io/ingress-nginx/controller:v1.1.0@sha256:7464dc90abfaa084204176bcc0728f182b0611849395787143f6854dc6c38c85
IMAGE_ingressnginx_amd64 := registry.k8s.io/ingress-nginx/controller:v1.1.0@sha256:7464dc90abfaa084204176bcc0728f182b0611849395787143f6854dc6c38c85
IMAGE_kyverno_amd64 := ghcr.io/kyverno/kyverno:v1.7.1@sha256:aec4b029660d47aea025336150fdc2822c991f592d5170d754b6acaf158b513e
IMAGE_kyvernopre_amd64 := ghcr.io/kyverno/kyvernopre:v1.7.1@sha256:1bcec6bc854720e22f439c6dcea02fcf689f31976babcf03a449d750c2b1f34a
IMAGE_vault_amd64 := index.docker.io/library/vault:1.12.1@sha256:08dd1cb922624c51a5aefd4d9ce0ac5ed9688d96d8a5ad94664fa10e84702ed6
@@ -22,7 +22,7 @@ IMAGE_projectcontour_amd64 := ghcr.io/projectcontour/contour:v1.23.2@sha256:4b9e
IMAGE_pebble_amd64 := local/pebble:local
IMAGE_vaultretagged_amd64 := local/vault:local

IMAGE_ingressnginx_arm64 := k8s.gcr.io/ingress-nginx/controller:v1.1.0@sha256:86be28e506653cbe29214cb272d60e7c8841ddaf530da29aa22b1b1017faa956
IMAGE_ingressnginx_arm64 := registry.k8s.io/ingress-nginx/controller:v1.1.0@sha256:86be28e506653cbe29214cb272d60e7c8841ddaf530da29aa22b1b1017faa956
IMAGE_kyverno_arm64 := ghcr.io/kyverno/kyverno:v1.7.1@sha256:4355f1f65ea5e952886e929a15628f0c6704905035b4741c6f560378871c9335
IMAGE_kyvernopre_arm64 := ghcr.io/kyverno/kyvernopre:v1.7.1@sha256:141234fb74242155c7b843180b90ee5fb6a20c9e77598bd9c138c687059cdafd
IMAGE_vault_arm64 := $(IMAGE_vault_amd64)
@@ -231,6 +231,7 @@ e2e-setup-ingressnginx: $(call image-tar,ingressnginx) load-$(call image-tar,ing
--namespace ingress-nginx \
--create-namespace \
--set controller.image.tag=$(TAG) \
--set controller.image.registry=registry.k8s.io \
--set controller.image.digest= \
--set controller.image.pullPolicy=Never \
--set controller.service.clusterIP=${SERVICE_IP_PREFIX}.15 \
38 changes: 19 additions & 19 deletions make/kind_images.sh
View file
Original file line number Diff line number Diff line change
@@ -15,11 +15,11 @@
# generated by ./hack/latest-kind-images.sh

KIND_IMAGE_K8S_120=docker.io/kindest/node@sha256:a32bf55309294120616886b5338f95dd98a2f7231519c7dedcec32ba29699394
KIND_IMAGE_K8S_121=docker.io/kindest/node@sha256:9d9eb5fb26b4fbc0c6d95fa8c790414f9750dd583f5d7cee45d92e8c26670aa1
KIND_IMAGE_K8S_122=docker.io/kindest/node@sha256:7d9708c4b0873f0fe2e171e2b1b7f45ae89482617778c1c875f1053d4cef2e41
KIND_IMAGE_K8S_123=docker.io/kindest/node@sha256:ef453bb7c79f0e3caba88d2067d4196f427794086a7d0df8df4f019d5e336b61
KIND_IMAGE_K8S_124=docker.io/kindest/node@sha256:577c630ce8e509131eab1aea12c022190978dd2f745aac5eb1fe65c0807eb315
KIND_IMAGE_K8S_125=docker.io/kindest/node@sha256:cd248d1438192f7814fbca8fede13cfe5b9918746dfa12583976158a834fd5c5
KIND_IMAGE_K8S_121=docker.io/kindest/node@sha256:27ef72ea623ee879a25fe6f9982690a3e370c68286f4356bf643467c552a3888
KIND_IMAGE_K8S_122=docker.io/kindest/node@sha256:c8a828709a53c25cbdc0790c8afe12f25538617c7be879083248981945c38693
KIND_IMAGE_K8S_123=docker.io/kindest/node@sha256:e5fd1d9cd7a9a50939f9c005684df5a6d145e8d695e78463637b79464292e66c
KIND_IMAGE_K8S_124=docker.io/kindest/node@sha256:1e12918b8bc3d4253bc08f640a231bb0d3b2c5a9b28aa3f2ca1aee93e1e8db16
KIND_IMAGE_K8S_125=docker.io/kindest/node@sha256:00d3f5314cc35327706776e95b2f8e504198ce59ac545d0200a89e69fce10b7f

# Manually set - see hack/latest-kind-images.sh for details
KIND_IMAGE_K8S_126=docker.io/kindest/node@sha256:691e24bd2417609db7e589e1a479b902d2e209892a10ce375fab60a8407c7352
@@ -28,19 +28,19 @@ KIND_IMAGE_K8S_126=docker.io/kindest/node@sha256:691e24bd2417609db7e589e1a479b90
KIND_IMAGE_SHA_K8S_120=sha256:a32bf55309294120616886b5338f95dd98a2f7231519c7dedcec32ba29699394

# docker.io/kindest/node:v1.21.14
KIND_IMAGE_SHA_K8S_121=sha256:9d9eb5fb26b4fbc0c6d95fa8c790414f9750dd583f5d7cee45d92e8c26670aa1
KIND_IMAGE_SHA_K8S_121=sha256:27ef72ea623ee879a25fe6f9982690a3e370c68286f4356bf643467c552a3888

# docker.io/kindest/node:v1.22.15
KIND_IMAGE_SHA_K8S_122=sha256:7d9708c4b0873f0fe2e171e2b1b7f45ae89482617778c1c875f1053d4cef2e41
# docker.io/kindest/node:v1.22.17
KIND_IMAGE_SHA_K8S_122=sha256:c8a828709a53c25cbdc0790c8afe12f25538617c7be879083248981945c38693

# docker.io/kindest/node:v1.23.13
KIND_IMAGE_SHA_K8S_123=sha256:ef453bb7c79f0e3caba88d2067d4196f427794086a7d0df8df4f019d5e336b61
# docker.io/kindest/node:v1.23.17
KIND_IMAGE_SHA_K8S_123=sha256:e5fd1d9cd7a9a50939f9c005684df5a6d145e8d695e78463637b79464292e66c

# docker.io/kindest/node:v1.24.7
KIND_IMAGE_SHA_K8S_124=sha256:577c630ce8e509131eab1aea12c022190978dd2f745aac5eb1fe65c0807eb315
# docker.io/kindest/node:v1.24.12
KIND_IMAGE_SHA_K8S_124=sha256:1e12918b8bc3d4253bc08f640a231bb0d3b2c5a9b28aa3f2ca1aee93e1e8db16

# docker.io/kindest/node:v1.25.3
KIND_IMAGE_SHA_K8S_125=sha256:cd248d1438192f7814fbca8fede13cfe5b9918746dfa12583976158a834fd5c5
# docker.io/kindest/node:v1.25.8
KIND_IMAGE_SHA_K8S_125=sha256:00d3f5314cc35327706776e95b2f8e504198ce59ac545d0200a89e69fce10b7f

# Manually set - see hack/latest-kind-images.sh for details
# docker.io/kindest/node:v1.26.0
@@ -49,11 +49,11 @@ KIND_IMAGE_SHA_K8S_126=sha256:691e24bd2417609db7e589e1a479b902d2e209892a10ce375f
# note that these 'full' digests should be avoided since not all tools support them
# prefer KIND_IMAGE_K8S_*** instead
KIND_IMAGE_FULL_K8S_120=docker.io/kindest/node:v1.20.15@sha256:a32bf55309294120616886b5338f95dd98a2f7231519c7dedcec32ba29699394
KIND_IMAGE_FULL_K8S_121=docker.io/kindest/node:v1.21.14@sha256:9d9eb5fb26b4fbc0c6d95fa8c790414f9750dd583f5d7cee45d92e8c26670aa1
KIND_IMAGE_FULL_K8S_122=docker.io/kindest/node:v1.22.15@sha256:7d9708c4b0873f0fe2e171e2b1b7f45ae89482617778c1c875f1053d4cef2e41
KIND_IMAGE_FULL_K8S_123=docker.io/kindest/node:v1.23.13@sha256:ef453bb7c79f0e3caba88d2067d4196f427794086a7d0df8df4f019d5e336b61
KIND_IMAGE_FULL_K8S_124=docker.io/kindest/node:v1.24.7@sha256:577c630ce8e509131eab1aea12c022190978dd2f745aac5eb1fe65c0807eb315
KIND_IMAGE_FULL_K8S_125=docker.io/kindest/node:v1.25.3@sha256:cd248d1438192f7814fbca8fede13cfe5b9918746dfa12583976158a834fd5c5
KIND_IMAGE_FULL_K8S_121=docker.io/kindest/node:v1.21.14@sha256:27ef72ea623ee879a25fe6f9982690a3e370c68286f4356bf643467c552a3888
KIND_IMAGE_FULL_K8S_122=docker.io/kindest/node:v1.22.17@sha256:c8a828709a53c25cbdc0790c8afe12f25538617c7be879083248981945c38693
KIND_IMAGE_FULL_K8S_123=docker.io/kindest/node:v1.23.17@sha256:e5fd1d9cd7a9a50939f9c005684df5a6d145e8d695e78463637b79464292e66c
KIND_IMAGE_FULL_K8S_124=docker.io/kindest/node:v1.24.12@sha256:1e12918b8bc3d4253bc08f640a231bb0d3b2c5a9b28aa3f2ca1aee93e1e8db16
KIND_IMAGE_FULL_K8S_125=docker.io/kindest/node:v1.25.8@sha256:00d3f5314cc35327706776e95b2f8e504198ce59ac545d0200a89e69fce10b7f

# Manually set - see hack/latest-kind-images.sh for details
KIND_IMAGE_FULL_K8S_126=docker.io/kindest/node:v1.26.0@sha256:691e24bd2417609db7e589e1a479b902d2e209892a10ce375fab60a8407c7352
10 changes: 5 additions & 5 deletions make/tools.mk
View file
Original file line number Diff line number Diff line change
@@ -11,7 +11,7 @@ export PATH := $(PWD)/$(BINDIR)/tools:$(PATH)
CTR=docker

TOOLS :=
TOOLS += helm=v3.10.0
TOOLS += helm=v3.11.1
TOOLS += kubectl=v1.25.2
TOOLS += kind=v0.16.0
TOOLS += controller-gen=v0.11.1
@@ -38,7 +38,7 @@ KUBEBUILDER_ASSETS_VERSION=1.25.0
TOOLS += etcd=$(KUBEBUILDER_ASSETS_VERSION)
TOOLS += kube-apiserver=$(KUBEBUILDER_ASSETS_VERSION)

VENDORED_GO_VERSION := 1.19.5
VENDORED_GO_VERSION := 1.19.6

# When switching branches which use different versions of the tools, we
# need a way to re-trigger the symlinking from $(BINDIR)/downloaded to $(BINDIR)/tools.
@@ -213,9 +213,9 @@ $(foreach GO_DEPENDENCY,$(GO_DEPENDENCIES),$(eval $(call go_dependency,$(word 1,
# Helm #
########

HELM_linux_amd64_SHA256SUM=bf56beb418bb529b5e0d6d43d56654c5a03f89c98400b409d1013a33d9586474
HELM_darwin_amd64_SHA256SUM=1e7fd528482ac2ef2d79fe300724b3e07ff6f846a2a9b0b0fe6f5fa05691786b
HELM_darwin_arm64_SHA256SUM=f7f6558ebc8211824032a7fdcf0d55ad064cb33ec1eeec3d18057b9fe2e04dbe
HELM_linux_amd64_SHA256SUM=0b1be96b66fab4770526f136f5f1a385a47c41923d33aab0dcb500e0f6c1bf7c
HELM_darwin_amd64_SHA256SUM=2548a90e5cc957ccc5016b47060665a9d2cd4d5b4d61dcc32f5de3144d103826
HELM_darwin_arm64_SHA256SUM=43d0198a7a2ea2639caafa81bb0596c97bee2d4e40df50b36202343eb4d5c46b

$(BINDIR)/downloaded/tools/helm@$(HELM_VERSION)_%: | $(BINDIR)/downloaded/tools
$(CURL) https://get.helm.sh/helm-$(HELM_VERSION)-$(subst _,-,$*).tar.gz -o $@.tar.gz
5 changes: 4 additions & 1 deletion pkg/acme/webhook/apiserver/apiserver.go
View file
Original file line number Diff line number Diff line change
@@ -112,7 +112,10 @@ func (c *Config) Complete() CompletedConfig {
return CompletedConfig{&completedCfg}
}

// New returns a new instance of AdmissionServer from the given config.
// New returns a new instance of apiserver from the given config. Each of the
// configured solvers will have an API GroupVersion registered with the new
// apiserver and will have its Initialize function passed as post-start hook
// with the server.
func (c completedConfig) New() (*ChallengeServer, error) {
genericServer, err := c.GenericConfig.New("challenge-server", genericapiserver.NewEmptyDelegate()) // completion is done in Complete, no need for a second time
if err != nil {
5 changes: 5 additions & 0 deletions pkg/acme/webhook/cmd/cmd.go
View file
Original file line number Diff line number Diff line change
@@ -29,6 +29,11 @@ import (
logf "github.com/cert-manager/cert-manager/pkg/logs"
)

// RunWebhookServer creates and starts a new apiserver that acts as a external
// webhook server for solving DNS challenges using the provided solver
// implementations. This can be used as an entry point by external webhook
// implementations, see
// https://github.com/cert-manager/webhook-example/blob/899c408751425f8d0842b61c0e62fd8035d00316/main.go#L23-L31
func RunWebhookServer(groupName string, hooks ...webhook.Solver) {
stopCh, exit := util.SetupExitHandler(util.GracefulShutdown)
defer exit() // This function might call os.Exit, so defer last
5 changes: 5 additions & 0 deletions pkg/acme/webhook/cmd/server/start.go
View file
Original file line number Diff line number Diff line change
@@ -97,6 +97,9 @@ func (o *WebhookServerOptions) Complete() error {
return nil
}

// Config creates a new webhook server config that includes generic upstream
// apiserver options, rest client config and the Solvers configured for this
// webhook server
func (o WebhookServerOptions) Config() (*apiserver.Config, error) {
// TODO have a "real" external address
if err := o.RecommendedOptions.SecureServing.MaybeDefaultWithSelfSignedCerts("localhost", nil, []net.IP{net.ParseIP("127.0.0.1")}); err != nil {
@@ -118,6 +121,8 @@ func (o WebhookServerOptions) Config() (*apiserver.Config, error) {
return config, nil
}

// RunWebhookServer creates a new apiserver, registers an API Group for each of
// the configured solvers and runs the new apiserver.
func (o WebhookServerOptions) RunWebhookServer(stopCh <-chan struct{}) error {
config, err := o.Config()
if err != nil {
5 changes: 4 additions & 1 deletion pkg/acme/webhook/webhook.go
View file
Original file line number Diff line number Diff line change
@@ -24,7 +24,9 @@ import (
whapi "github.com/cert-manager/cert-manager/pkg/acme/webhook/apis/acme/v1alpha1"
)

// Solver has the functionality to solve ACME challenges.
// Solver has the functionality to solve ACME challenges. This interface is
// implemented internally by RFC2136 DNS provider and by external webhook solver
// implementations see https://github.com/cert-manager/webhook-example
type Solver interface {
// Name is the name of this ACME solver as part of the API group.
// This must match what you configure in the ACME Issuer's DNS01 config.
@@ -41,5 +43,6 @@ type Solver interface {
CleanUp(ch *whapi.ChallengeRequest) error

// Initialize is called as a post-start hook when the apiserver starts.
// https://github.com/kubernetes/apiserver/blob/release-1.26/pkg/server/hooks.go#L32-L42
Initialize(kubeClientConfig *restclient.Config, stopCh <-chan struct{}) error
}
25 changes: 21 additions & 4 deletions pkg/issuer/acme/dns/rfc2136/provider.go
View file
Original file line number Diff line number Diff line change
@@ -37,6 +37,8 @@ const SolverName = "rfc2136"

type Solver struct {
secretLister corelisters.SecretLister
// options to apply when the lister gets initialized
initOpts []Option

// If specified, namespace will cause the rfc2136 provider to limit the
// scope of the lister/watcher to a single namespace, to allow for
@@ -58,6 +60,21 @@ func WithSecretsLister(secretLister corelisters.SecretLister) Option {
}
}

// InitializeResetLister is a hack to make RFC2136 solver fit the Solver
// interface. Unlike external solvers that are run as apiserver implementations,
// this solver is created as part of challenge controller initialization. That
// makes its Initialize method not fit the Solver interface very well as we want
// a way to initialize the solver with the existing Secrets lister rather than a
// new kube apiserver client. InitializeResetLister allows to reset secrets
// lister when Initialize function is called so that a new lister can be
// created. This is useful in tests where a kube clientset can get recreated for
// an existing solver (which would not happen when this solver runs normally).
func InitializeResetLister() Option {
return func(s *Solver) {
s.initOpts = []Option{func(s *Solver) { s.secretLister = nil }}
}
}

func New(opts ...Option) *Solver {
s := &Solver{}
for _, o := range opts {
@@ -99,12 +116,12 @@ func (s *Solver) CleanUp(ch *whapi.ChallengeRequest) error {
}

func (s *Solver) Initialize(kubeClientConfig *restclient.Config, stopCh <-chan struct{}) error {
for _, opt := range s.initOpts {
opt(s)
}
// Only start a secrets informerfactory if it is needed (if the solver
// is not already initialized with a secrets lister) This is legacy
// functionality. If you have a secrets watcher already available in the
// caller, you probably want to use that to avoid double caching the
// Secrets
// TODO: refactor and remove this functionality
// functionality and is currently only used in integration tests.
if s.secretLister == nil {
cl, err := kubernetes.NewForConfig(kubeClientConfig)
if err != nil {
78 changes: 28 additions & 50 deletions test/acme/dns/fixture.go
View file
Original file line number Diff line number Diff line change
@@ -24,12 +24,10 @@ import (
"time"

apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
"k8s.io/client-go/informers"
"k8s.io/client-go/kubernetes"
"sigs.k8s.io/controller-runtime/pkg/envtest"

"github.com/cert-manager/cert-manager/pkg/acme/webhook"
"github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/rfc2136"
"github.com/cert-manager/cert-manager/test/internal/apiserver"
)

@@ -44,9 +42,7 @@ func init() {
type fixture struct {
// testSolver is the actual DNS solver that is under test.
// It is set when calling the NewFixture function.
testSolver webhook.Solver
testSolverType string

testSolver webhook.Solver
resolvedFQDN string
resolvedZone string
allowAmbientCredentials bool
@@ -81,6 +77,32 @@ type fixture struct {
propagationLimit time.Duration
}

// RunConformance will execute all conformance tests using the supplied
// configuration These conformance tests should be run by all external DNS
// solver webhook implementations, see
// https://github.com/cert-manager/webhook-example
func (f *fixture) RunConformance(t *testing.T) {
defer f.setup(t)()
t.Run("Conformance", func(t *testing.T) {
f.RunBasic(t)
f.RunExtended(t)
})
}

func (f *fixture) RunBasic(t *testing.T) {
defer f.setup(t)()
t.Run("Basic", func(t *testing.T) {
t.Run("PresentRecord", f.TestBasicPresentRecord)
})
}

func (f *fixture) RunExtended(t *testing.T) {
defer f.setup(t)()
t.Run("Extended", func(t *testing.T) {
t.Run("DeletingOneRecordRetainsOthers", f.TestExtendedDeletingOneRecordRetainsOthers)
})
}

func (f *fixture) setup(t *testing.T) func() {
f.setupLock.Lock()
defer f.setupLock.Unlock()
@@ -100,54 +122,10 @@ func (f *fixture) setup(t *testing.T) func() {

stopCh := make(chan struct{})

var testSolver webhook.Solver
switch f.testSolverType {
case rfc2136.SolverName:
cl, err := kubernetes.NewForConfig(env.Config)
if err != nil {
t.Errorf("error initializing solver: %#+v", err)
}

// obtain a secret lister and start the informer factory to populate the
// secret cache
factory := informers.NewSharedInformerFactoryWithOptions(cl, time.Minute*5)
secretLister := factory.Core().V1().Secrets().Lister()
factory.Start(stopCh)
factory.WaitForCacheSync(stopCh)
testSolver = rfc2136.New(rfc2136.WithSecretsLister(secretLister))
f.testSolver = testSolver
default:
t.Errorf("unknown solver type: %s", f.testSolverType)
}

testSolver.Initialize(env.Config, stopCh)
f.testSolver.Initialize(env.Config, stopCh)

return func() {
close(stopCh)
stopFunc()
}
}

// RunConformance will execute all conformance tests using the supplied
// configuration
func (f *fixture) RunConformance(t *testing.T) {
defer f.setup(t)()
t.Run("Conformance", func(t *testing.T) {
f.RunBasic(t)
f.RunExtended(t)
})
}

func (f *fixture) RunBasic(t *testing.T) {
defer f.setup(t)()
t.Run("Basic", func(t *testing.T) {
t.Run("PresentRecord", f.TestBasicPresentRecord)
})
}

func (f *fixture) RunExtended(t *testing.T) {
defer f.setup(t)()
t.Run("Extended", func(t *testing.T) {
t.Run("DeletingOneRecordRetainsOthers", f.TestExtendedDeletingOneRecordRetainsOthers)
})
}
11 changes: 8 additions & 3 deletions test/acme/dns/options.go
View file
Original file line number Diff line number Diff line change
@@ -24,16 +24,21 @@ import (
"time"

apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"

"github.com/cert-manager/cert-manager/pkg/acme/webhook"
)

// Option applies a configuration option to the test fixture being built
type Option func(*fixture)

// NewFixture constructs a new *fixture, applying the given Options before
// returning.
func NewFixture(solverType string, opts ...Option) *fixture {
// returning. Solver is an implementation of
// https://github.com/cert-manager/cert-manager/blob/v1.11.0/pkg/acme/webhook/webhook.go#L27-L45
// and could be RFC2136 solver or any of external solvers that run these
// conformance tests.
func NewFixture(solver webhook.Solver, opts ...Option) *fixture {
f := &fixture{
testSolverType: solverType,
testSolver: solver,
}
for _, o := range opts {
o(f)
37 changes: 13 additions & 24 deletions test/e2e/framework/addon/chart/addon.go
View file
Original file line number Diff line number Diff line change
@@ -17,6 +17,7 @@ limitations under the License.
package chart

import (
"bytes"
"context"
"fmt"
"io"
@@ -164,16 +165,12 @@ func (c *Chart) runInstall() error {
}

cmd := c.buildHelmCmd(args...)
cmd.Stdout = nil
out, err := cmd.StdoutPipe()
if err != nil {
return err
}
defer out.Close()
stdoutBuf := &bytes.Buffer{}
cmd.Stdout = stdoutBuf

err = cmd.Run()
err := cmd.Run()
if err != nil {
_, err2 := io.Copy(os.Stdout, out)
_, err2 := io.Copy(os.Stdout, stdoutBuf)
if err2 != nil {
return fmt.Errorf("cmd.Run: %v: io.Copy: %v", err, err2)
}
@@ -197,19 +194,15 @@ func (c *Chart) buildHelmCmd(args ...string) *exec.Cmd {

func (c *Chart) getHelmVersion() (string, error) {
cmd := c.buildHelmCmd("version", "--template", "{{.Client.Version}}")
cmd.Stdout = nil
out, err := cmd.StdoutPipe()
if err != nil {
return "", err
}
defer out.Close()
stdoutBuf := &bytes.Buffer{}
cmd.Stdout = stdoutBuf

err = cmd.Run()
err := cmd.Run()
if err != nil {
return "", err
}

outBytes, err := io.ReadAll(out)
outBytes, err := io.ReadAll(stdoutBuf)
if err != nil {
return "", err
}
@@ -220,16 +213,12 @@ func (c *Chart) getHelmVersion() (string, error) {
// Deprovision the deployed instance of tiller-deploy
func (c *Chart) Deprovision() error {
cmd := c.buildHelmCmd("delete", "--namespace", c.Namespace, c.ReleaseName)
cmd.Stdout = nil
out, err := cmd.StdoutPipe()
if err != nil {
return err
}
defer out.Close()
stdoutBuf := &bytes.Buffer{}
cmd.Stdout = stdoutBuf

err = cmd.Run()
err := cmd.Run()
if err != nil {
_, err2 := io.Copy(os.Stdout, out)
_, err2 := io.Copy(os.Stdout, stdoutBuf)
if err2 != nil {
return fmt.Errorf("cmd.Run: %v: io.Copy: %v", err, err2)
}
4 changes: 2 additions & 2 deletions test/integration/rfc2136_dns01/provider_test.go
View file
Original file line number Diff line number Diff line change
@@ -59,7 +59,7 @@ func TestRunSuiteWithTSIG(t *testing.T) {
TSIGKeyName: rfc2136TestTsigKeyName,
}

fixture := dns.NewFixture(rfc2136.SolverName,
fixture := dns.NewFixture(rfc2136.New(rfc2136.InitializeResetLister()),
dns.SetResolvedZone(rfc2136TestZone),
dns.SetResolvedFQDN(rfc2136TestFqdn),
dns.SetAllowAmbientCredentials(false),
@@ -91,7 +91,7 @@ func TestRunSuiteNoTSIG(t *testing.T) {
Nameserver: server.ListenAddr(),
}

fixture := dns.NewFixture(rfc2136.SolverName,
fixture := dns.NewFixture(rfc2136.New(rfc2136.InitializeResetLister()),
dns.SetResolvedZone(rfc2136TestZone),
dns.SetResolvedFQDN(rfc2136TestFqdn),
dns.SetAllowAmbientCredentials(false),