diff --git a/go.mod b/go.mod index 9337cea22..8e41de05d 100644 --- a/go.mod +++ b/go.mod @@ -6,8 +6,6 @@ require ( github.com/cert-manager/cert-manager v1.8.0 github.com/ghodss/yaml v1.0.0 github.com/google/go-cmp v0.5.9 - github.com/google/uuid v1.3.0 - github.com/martinlindhe/base36 v1.1.1 go.uber.org/zap v1.19.1 k8s.io/api v0.26.5 k8s.io/apimachinery v0.26.5 @@ -40,6 +38,7 @@ require ( github.com/golang/protobuf v1.5.3 // indirect github.com/google/gnostic v0.5.7-v3refs // indirect github.com/google/gofuzz v1.2.0 // indirect + github.com/google/uuid v1.3.0 // indirect github.com/gorilla/websocket v1.4.2 // indirect github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3 // indirect github.com/hashicorp/golang-lru v0.5.4 // indirect diff --git a/go.sum b/go.sum index a0f1bcea8..8d44ae752 100644 --- a/go.sum +++ b/go.sum @@ -387,8 +387,6 @@ github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7 github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= -github.com/martinlindhe/base36 v1.1.1 h1:1F1MZ5MGghBXDZ2KJ3QfxmiydlWOGB8HCEtkap5NkVg= -github.com/martinlindhe/base36 v1.1.1/go.mod h1:vMS8PaZ5e/jV9LwFKlm0YLnXl/hpOihiBxKkIoc3g08= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.8/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= diff --git a/pkg/reconciler/certificate/certificate.go b/pkg/reconciler/certificate/certificate.go index a849a2c8c..6785a00a7 100644 --- a/pkg/reconciler/certificate/certificate.go +++ b/pkg/reconciler/certificate/certificate.go @@ -123,10 +123,10 @@ func (c *Reconciler) reconcile(ctx context.Context, knCert *v1alpha1.Certificate switch { case cmCertReadyCondition == nil: knCert.Status.MarkNotReady(noCMConditionReason, noCMConditionMessage) - return c.setHTTP01Challenges(knCert, cmCert) + return c.setHTTP01Challenges(ctx, knCert, cmCert) case cmCertReadyCondition.Status == cmmeta.ConditionUnknown: knCert.Status.MarkNotReady(cmCertReadyCondition.Reason, cmCertReadyCondition.Message) - return c.setHTTP01Challenges(knCert, cmCert) + return c.setHTTP01Challenges(ctx, knCert, cmCert) case cmCertReadyCondition.Status == cmmeta.ConditionTrue: if cmCert.Status.RenewalTime != nil && time.Now().After(cmCert.Status.RenewalTime.Time) { // add a temporary renewing state when cm certificate is being renewed @@ -139,7 +139,7 @@ func (c *Reconciler) reconcile(ctx context.Context, knCert *v1alpha1.Certificate Status: corev1.ConditionTrue, } certificateCondSet.Manage(&knCert.Status).SetCondition(renewCondition) - return c.setHTTP01Challenges(knCert, cmCert) + return c.setHTTP01Challenges(ctx, knCert, cmCert) } // remove renew condition if exists certificateCondSet.Manage(&knCert.Status).ClearCondition(renewingEvent) @@ -151,7 +151,7 @@ func (c *Reconciler) reconcile(ctx context.Context, knCert *v1alpha1.Certificate } else { knCert.Status.MarkFailed(cmCertReadyCondition.Reason, cmCertReadyCondition.Message) } - return c.setHTTP01Challenges(knCert, cmCert) + return c.setHTTP01Challenges(ctx, knCert, cmCert) } return nil } @@ -190,7 +190,8 @@ func (c *Reconciler) reconcileCMCertificate(ctx context.Context, knCert *v1alpha return cmCert, nil } -func (c *Reconciler) setHTTP01Challenges(knCert *v1alpha1.Certificate, cmCert *cmv1.Certificate) error { +func (c *Reconciler) setHTTP01Challenges(ctx context.Context, knCert *v1alpha1.Certificate, cmCert *cmv1.Certificate) error { + logger := logging.FromContext(ctx) if isHTTP, err := c.isHTTPChallenge(cmCert); err != nil { return err } else if !isHTTP { @@ -213,8 +214,14 @@ func (c *Reconciler) setHTTP01Challenges(knCert *v1alpha1.Certificate, cmCert *c return fmt.Errorf("failed to list services: %w", err) } if len(svcs) == 0 { - //If the cert is renewing, it could be possible that this isn't an error. Should this change depending on the case? - return fmt.Errorf("no challenge solver service for domain %s; selector=%v", dnsName, selector) + if dnsName == resources.Prefix+knCert.Spec.Domain { + logger.Info("No challenge service found for shortened commonname, could be cached? continuing") + continue + } else { + //If the cert is renewing, it could be possible that this isn't an error. Should this change depending on the case? + return fmt.Errorf("no challenge solver service for domain %s; selector=%v", dnsName, selector) + + } } for _, svc := range svcs { diff --git a/pkg/reconciler/certificate/certificate_test.go b/pkg/reconciler/certificate/certificate_test.go index ef2857c2f..bbac041f6 100644 --- a/pkg/reconciler/certificate/certificate_test.go +++ b/pkg/reconciler/certificate/certificate_test.go @@ -62,7 +62,8 @@ import ( const generation = 23132 var ( - correctDNSNames = []string{"k.example.com", "correct-dns1.example.com", "correct-dns2.example.com"} + correctDNSNames = []string{"correct-dns1.example.com", "correct-dns2.example.com"} + shortenedDNSNames = []string{"k.example.com", "reallyreallyreallyreallyreallyreallylongname.namespace.example.com"} incorrectDNSNames = []string{"incorrect-dns.example.com"} exampleDomain = "example.com" notAfter = &metav1.Time{ @@ -95,8 +96,9 @@ var ( }, } - externalCert, _ = resources.MakeCertManagerCertificate(certmanagerConfig(), knCert("knCert", "foo")) - internalCert, _ = resources.MakeCertManagerCertificate(certmanagerConfig(), withClusterLocalVisibility(knCert("knCert", "foo"))) + externalCert, _ = resources.MakeCertManagerCertificate(certmanagerConfig(), knCert("knCert", "foo")) + internalCert, _ = resources.MakeCertManagerCertificate(certmanagerConfig(), withClusterLocalVisibility(knCert("knCert", "foo"))) + externalCertShortenedDNSNames, _ = resources.MakeCertManagerCertificate(certmanagerConfig(), knCertShortenedDNSNames("knCert", "foo")) ) func TestNewController(t *testing.T) { @@ -332,7 +334,7 @@ func TestReconcile(t *testing.T) { }, WantErr: true, WantEvents: []string{ - "Warning InternalError error creating cert-manager certificate: cannot create valid length CommonName: (hello.ns.reallyreallyreallyreallyreallyreallyreallylong.domainname) still longer than 63 characters, cannot shorten", + "Warning InternalError error creating cert-manager certificate: CommonName (reallyreallyreallyreallyreallyreallyreallyreallylong.domainname)(length: 63) too long, prepending short prefix of (k.)(length: 2) will be longer than 64 bytes", }, WantStatusUpdates: []clientgotesting.UpdateActionImpl{{ Object: knCertDomainTooLong("knCert", "foo", @@ -345,7 +347,7 @@ func TestReconcile(t *testing.T) { Status: corev1.ConditionFalse, Severity: apis.ConditionSeverityError, Reason: "CommonName Too Long", - Message: "error creating cert-manager certificate: cannot create valid length CommonName: (hello.ns.reallyreallyreallyreallyreallyreallyreallylong.domainname) still longer than 63 characters, cannot shorten", + Message: "error creating cert-manager certificate: CommonName (reallyreallyreallyreallyreallyreallyreallyreallylong.domainname)(length: 63) too long, prepending short prefix of (k.)(length: 2) will be longer than 64 bytes", }, }, }, @@ -555,7 +557,7 @@ func TestReconcile_HTTP01Challenges(t *testing.T) { }, WantEvents: []string{ Eventf(corev1.EventTypeNormal, "Created", "Created Cert-Manager Certificate %s/%s", "foo", "knCert"), - Eventf(corev1.EventTypeWarning, "InternalError", "no challenge solver service for domain %s; selector=acme.cert-manager.io/http-domain=574162163", correctDNSNames[0]), + Eventf(corev1.EventTypeWarning, "InternalError", "no challenge solver service for domain %s; selector=acme.cert-manager.io/http-domain=1930889501", correctDNSNames[0]), }, WantStatusUpdates: []clientgotesting.UpdateActionImpl{{ Object: knCertWithStatus("knCert", "foo", @@ -578,10 +580,8 @@ func TestReconcile_HTTP01Challenges(t *testing.T) { Objects: []runtime.Object{ cmSolverService(correctDNSNames[0], "foo"), cmSolverService(correctDNSNames[1], "foo"), - cmSolverService(correctDNSNames[2], "foo"), cmChallenge(correctDNSNames[0], "foo"), cmChallenge(correctDNSNames[1], "foo"), - cmChallenge(correctDNSNames[2], "foo"), cmCert("knCert", "foo", correctDNSNames), knCert("knCert", "foo"), http01Issuer, @@ -605,14 +605,6 @@ func TestReconcile_HTTP01Challenges(t *testing.T) { }, ServiceName: "cm-solver-" + correctDNSNames[1], ServiceNamespace: "foo", - }, { - URL: &apis.URL{ - Scheme: "http", - Host: correctDNSNames[2], - Path: "/.well-known/acme-challenge/cm-challenge-token", - }, - ServiceName: "cm-solver-" + correctDNSNames[2], - ServiceNamespace: "foo", }}, Status: duckv1.Status{ ObservedGeneration: generation, @@ -632,10 +624,8 @@ func TestReconcile_HTTP01Challenges(t *testing.T) { Objects: []runtime.Object{ cmSolverService(correctDNSNames[0], "foo"), cmSolverService(correctDNSNames[1], "foo"), - cmSolverService(correctDNSNames[2], "foo"), cmChallenge(correctDNSNames[0], "foo"), cmChallenge(correctDNSNames[1], "foo"), - cmChallenge(correctDNSNames[2], "foo"), cmCertWithStatus("knCert", "foo", correctDNSNames, []cmv1.CertificateCondition{{ Type: cmv1.CertificateConditionReady, Status: cmmeta.ConditionFalse, @@ -663,14 +653,6 @@ func TestReconcile_HTTP01Challenges(t *testing.T) { }, ServiceName: "cm-solver-" + correctDNSNames[1], ServiceNamespace: "foo", - }, { - URL: &apis.URL{ - Scheme: "http", - Host: correctDNSNames[2], - Path: "/.well-known/acme-challenge/cm-challenge-token", - }, - ServiceName: "cm-solver-" + correctDNSNames[2], - ServiceNamespace: "foo", }}, Status: duckv1.Status{ ObservedGeneration: generation, @@ -683,6 +665,49 @@ func TestReconcile_HTTP01Challenges(t *testing.T) { }, }), }}, + }, { + //It is possible for a challenge to not be created for a k.{{Domain}} dnsname, since it may have already been created in a previous Kservice + Name: "set Status.HTTP01Challenges on Knative certificate when shortened domain with prefix (k.) is reused", + Key: "foo/knCert", + Objects: []runtime.Object{ + cmSolverService(shortenedDNSNames[1], "foo"), + cmChallenge(shortenedDNSNames[1], "foo"), + cmCert("knCert", "foo", shortenedDNSNames), + knCertShortenedDNSNames("knCert", "foo"), + http01Issuer, + }, + WantStatusUpdates: []clientgotesting.UpdateActionImpl{ + { + Object: knCertShortenedDNSNamesWithStatus("knCert", "foo", + &v1alpha1.CertificateStatus{ + HTTP01Challenges: []v1alpha1.HTTP01Challenge{{ + URL: &apis.URL{ + Scheme: "http", + Host: shortenedDNSNames[1], + Path: "/.well-known/acme-challenge/cm-challenge-token", + }, + ServiceName: "cm-solver-" + shortenedDNSNames[1], + ServiceNamespace: "foo", + }}, + Status: duckv1.Status{ + ObservedGeneration: generation, + Conditions: duckv1.Conditions{{ + Type: v1alpha1.CertificateConditionReady, + Status: corev1.ConditionUnknown, + Severity: apis.ConditionSeverityError, + Reason: noCMConditionReason, + Message: noCMConditionMessage, + }}, + }, + }), + }, + }, + WantUpdates: []clientgotesting.UpdateActionImpl{{ + Object: externalCertShortenedDNSNames, + }}, + WantEvents: []string{ + Eventf(corev1.EventTypeNormal, "Updated", "Updated Spec for Cert-Manager Certificate %s/%s", "foo", "knCert"), + }, }} table.Test(t, MakeFactory(func(ctx context.Context, listers *Listers, cmw configmap.Watcher) controller.Reconciler { @@ -733,6 +758,12 @@ func knCert(name, namespace string) *v1alpha1.Certificate { return knCertWithStatus(name, namespace, &v1alpha1.CertificateStatus{}) } +func knCertShortenedDNSNames(name, namespace string) *v1alpha1.Certificate { + cert := knCertWithStatus(name, namespace, &v1alpha1.CertificateStatus{}) + cert.Spec.DNSNames = shortenedDNSNames + return cert +} + func knCertDomainTooLong(name, namespace string, status *v1alpha1.CertificateStatus, gen int) *v1alpha1.Certificate { return &v1alpha1.Certificate{ ObjectMeta: metav1.ObjectMeta{ @@ -744,8 +775,8 @@ func knCertDomainTooLong(name, namespace string, status *v1alpha1.CertificateSta }, }, Spec: v1alpha1.CertificateSpec{ - DNSNames: []string{"hello.ns.reallyreallyreallyreallyreallyreallyreallylong.domainname"}, - Domain: "reallyreallyreallyreallyreallyreallyreallylong.domainname", + DNSNames: []string{"hello.ns.reallyreallyreallyreallyreallyreallyreallyreallylong.domainname"}, + Domain: "reallyreallyreallyreallyreallyreallyreallyreallylong.domainname", SecretName: "secret0", }, Status: *status, @@ -756,6 +787,12 @@ func knCertWithStatus(name, namespace string, status *v1alpha1.CertificateStatus return knCertWithStatusAndGeneration(name, namespace, status, generation) } +func knCertShortenedDNSNamesWithStatus(name, namespace string, status *v1alpha1.CertificateStatus) *v1alpha1.Certificate { + cert := knCertWithStatus(name, namespace, status) + cert.Spec.DNSNames = shortenedDNSNames + return cert +} + func knCertWithStatusAndGeneration(name, namespace string, status *v1alpha1.CertificateStatus, gen int) *v1alpha1.Certificate { return &v1alpha1.Certificate{ ObjectMeta: metav1.ObjectMeta{ diff --git a/pkg/reconciler/certificate/resources/cert_manager_certificate.go b/pkg/reconciler/certificate/resources/cert_manager_certificate.go index 6c361e85e..d1d68a54c 100644 --- a/pkg/reconciler/certificate/resources/cert_manager_certificate.go +++ b/pkg/reconciler/certificate/resources/cert_manager_certificate.go @@ -18,11 +18,9 @@ package resources import ( "fmt" - "strings" cmv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" cmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" - "github.com/google/uuid" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "knative.dev/net-certmanager/pkg/reconciler/certificate/config" @@ -30,13 +28,12 @@ import ( "knative.dev/networking/pkg/apis/networking/v1alpha1" "knative.dev/pkg/apis" "knative.dev/pkg/kmeta" - - "github.com/martinlindhe/base36" ) const ( longest = 63 - base36Len = 25 + longestDomain = 61 + Prefix = "k." CreateCertManagerCertificateCondition = "CreateCertManagerCertificate" IssuerNotSetCondition = "IssuerNotSet" VisibilityClusterLocal = "cluster-local" @@ -46,94 +43,70 @@ const ( func MakeCertManagerCertificate(cmConfig *config.CertManagerConfig, knCert *v1alpha1.Certificate) (*cmv1.Certificate, *apis.Condition) { var commonName string var dnsNames []string - attemptedToShorten := false if len(knCert.Spec.DNSNames) > 0 { commonName = knCert.Spec.DNSNames[0] } - // https://github.com/knative-sandbox/net-certmanager/issues/214 - // Only use the domain template if the commonName is too big. + // Only attempt to do something special if the entry from DNSNames[0] is too big. // This is to make the upgrade path easier and reduce churn on certificates. // The Route controller adds spec.domain to existing KCerts // The KCert controller requests new certs with same domain names, but a different CN if spec.domain is set and the other domain name would be too long // cert-manager Certificates are updated only if the existing domain name kept them from being issued. if len(commonName) > longest { - if knCert.Spec.Domain != "" && knCert.Spec.Domain != commonName { - //Split out the domain, and create a hash of the remaining part - domainSuffix := "." + knCert.Spec.Domain - prefix := strings.TrimSuffix(commonName, domainSuffix) - if len(prefix) > base36Len { - attemptedToShorten = true - - parsedUUID, err := uuid.Parse(string(knCert.UID)) - if err != nil { - return nil, &apis.Condition{ - Type: CreateCertManagerCertificateCondition, - Status: corev1.ConditionFalse, - Reason: "Failed To Parse UID", - Message: fmt.Sprintf( - "error creating cert-manager certificate: failed to parse UID (%s) on KCert (%s): %s", - knCert.UID, - knCert.Name, - err, - ), - } + //if we have a domain field, we can attempt to shorten, or check if we are dealing with a domainMapping + if knCert.Spec.Domain != "" { + // if the domain and commonName pulled from DNSNames are the same, we are dealing with a domainmapping + if knCert.Spec.Domain == commonName { + return nil, &apis.Condition{ + Type: CreateCertManagerCertificateCondition, + Status: corev1.ConditionFalse, + Reason: "CommonName Too Long", + Message: fmt.Sprintf( + "error creating cert-manager certificate: CommonName (%s) longer than 63 characters", + commonName, + ), } - parsedUUIDbytes := [16]byte(parsedUUID) - prefix = strings.ToLower(base36.EncodeBytes(parsedUUIDbytes[:])) - } - commonName = prefix + domainSuffix - - //If the new name is still too long, then error - if len(commonName) > longest { - if attemptedToShorten { - return nil, &apis.Condition{ - Type: CreateCertManagerCertificateCondition, - Status: corev1.ConditionFalse, - Reason: "CommonName Too Long After Shortening", - Message: fmt.Sprintf( - "error creating cert-manager certificate: cannot create valid length CommonName: (%s) still longer than 63 characters after shortening", - commonName, - ), - } - } else { + } else { + // we have a domain field and are not a domainMapping + // if the domain is too long, even if we shorten, it will still be too big. We should error in that case + if len(knCert.Spec.Domain) > (longest - len(Prefix)) { return nil, &apis.Condition{ Type: CreateCertManagerCertificateCondition, Status: corev1.ConditionFalse, Reason: "CommonName Too Long", Message: fmt.Sprintf( - "error creating cert-manager certificate: cannot create valid length CommonName: (%s) still longer than 63 characters, cannot shorten", - commonName, + "error creating cert-manager certificate: CommonName (%s)(length: %v) too long, prepending short prefix of (%s)(length: %v) will be longer than 64 bytes", + knCert.Spec.Domain, + len(knCert.Spec.Domain), + Prefix, + len(Prefix), ), } + } else { + // by this point we know: + // - we have a domain on the kcert + // - this is not a domain mapping + // - the first entry on the kcert for dnsNames is too long + // - the domain is not too long, even with the shortening + // we can safely shorten the domain and know that it won't be too long + + commonName = Prefix + knCert.Spec.Domain + dnsNames = append(dnsNames, commonName) } } - dnsNames = append(dnsNames, commonName) } else { - if knCert.Spec.Domain == commonName { - return nil, &apis.Condition{ - Type: CreateCertManagerCertificateCondition, - Status: corev1.ConditionFalse, - Reason: "DomainMapping Name Too Long", - Message: fmt.Sprintf( - "error creating cert-manager certificate: DomainMapping name (%s) longer than 63 characters", - commonName, - ), - } - } else { - return nil, &apis.Condition{ - Type: CreateCertManagerCertificateCondition, - Status: corev1.ConditionFalse, - Reason: "CommonName Too Long", - Message: fmt.Sprintf( - "error creating cert-manager certificate: CommonName (%s) too long and no Domain available", - commonName, - ), - } + //If there was no domain, we can't shorten anything. We must error. + return nil, &apis.Condition{ + Type: apis.ConditionType(CreateCertManagerCertificateCondition), + Status: corev1.ConditionFalse, + Reason: "CommonName Too Long", + Message: fmt.Sprintf( + "error creating cert-manager certificate: CommonName (%s) too long and field spec.Domain on Kcert is empty, cannot attempt to shorten", + commonName, + ), } } - } dnsNames = append(dnsNames, knCert.Spec.DNSNames...) diff --git a/pkg/reconciler/certificate/resources/cert_manager_certificate_test.go b/pkg/reconciler/certificate/resources/cert_manager_certificate_test.go index a23c5c5b2..ae6720556 100644 --- a/pkg/reconciler/certificate/resources/cert_manager_certificate_test.go +++ b/pkg/reconciler/certificate/resources/cert_manager_certificate_test.go @@ -104,7 +104,7 @@ var ( }, } - longDomain = fmt.Sprintf("%s.%s", strings.Repeat("a", 54), "com") + longDomain = fmt.Sprintf("%s.%s", strings.Repeat("a", 60), "com") longDomainDNSNames = []string{"host1." + longDomain, "host2." + longDomain} certWithLongDomain = &v1alpha1.Certificate{ ObjectMeta: metav1.ObjectMeta{ @@ -227,8 +227,8 @@ func TestMakeCertManagerCertificateLongCommonName(t *testing.T) { }, Spec: cmv1.CertificateSpec{ SecretName: "secret0", - CommonName: "21ylrip1w1ch9t68q4rx0zt6n.some.domain.test", - DNSNames: append([]string{"21ylrip1w1ch9t68q4rx0zt6n.some.domain.test"}, longHostDNSNames...), + CommonName: "k.some.domain.test", + DNSNames: append([]string{"k.some.domain.test"}, longHostDNSNames...), IssuerRef: cmmeta.ObjectReference{ Kind: "ClusterIssuer", Name: "Letsencrypt-issuer", @@ -248,7 +248,7 @@ func TestMakeCertManagerCertificateLongCommonName(t *testing.T) { } func TestMakeCertManagerCertificateDomainMappingIsTooLong(t *testing.T) { - wantError := fmt.Errorf("error creating cert-manager certificate: DomainMapping name (this.is.aaaaaaaaaaaaaaa.reallyreallyreallyreallyreallylong.domainmapping) longer than 63 characters") + wantError := fmt.Errorf("error creating cert-manager certificate: CommonName (this.is.aaaaaaaaaaaaaaa.reallyreallyreallyreallyreallylong.domainmapping) longer than 63 characters") cert, gotError := MakeCertManagerCertificate(cmConfig, &v1alpha1.Certificate{ ObjectMeta: metav1.ObjectMeta{ Name: "test-cert-from-domain-mapping", @@ -279,7 +279,7 @@ func TestMakeCertManagerCertificateDomainMappingIsTooLong(t *testing.T) { } func TestMakeCertManagerCertificateDomainIsTooLong(t *testing.T) { - wantError := fmt.Errorf("error creating cert-manager certificate: cannot create valid length CommonName: (host1.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.com) still longer than 63 characters, cannot shorten") + wantError := fmt.Errorf("error creating cert-manager certificate: CommonName (aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.com)(length: 64) too long, prepending short prefix of (k.)(length: 2) will be longer than 64 bytes") cert, gotError := MakeCertManagerCertificate(cmConfig, certWithLongDomain) if cert != nil { @@ -291,23 +291,6 @@ func TestMakeCertManagerCertificateDomainIsTooLong(t *testing.T) { } } -func TestMakeCertManagerCertificateInvalidUID(t *testing.T) { - wantError := fmt.Errorf("error creating cert-manager certificate: failed to parse UID (wrong) on KCert (test-cert): invalid UUID length: 5") - - wrongUIDCert := certWithLongHost.DeepCopy() - wrongUIDCert.UID = "wrong" - - cert, gotError := MakeCertManagerCertificate(cmConfig, wrongUIDCert) - - if cert != nil { - t.Errorf("Expected no cert, got: %s", cmp.Diff(nil, cert)) - } - - if diff := cmp.Diff(wantError.Error(), gotError.Message); diff != "" { - t.Errorf("MakeCertManagerCertificate (-want, +got) = %s", diff) - } -} - func TestMakeCertManagerCertificateIssuerNotSet(t *testing.T) { wantError := fmt.Errorf("error creating cert-manager certificate: issuerRef was not set in config-certmanager") diff --git a/third_party/VENDOR-LICENSE/github.com/martinlindhe/base36/LICENSE b/third_party/VENDOR-LICENSE/github.com/martinlindhe/base36/LICENSE deleted file mode 100644 index 4082ac8bb..000000000 --- a/third_party/VENDOR-LICENSE/github.com/martinlindhe/base36/LICENSE +++ /dev/null @@ -1,21 +0,0 @@ -The MIT License (MIT) - -Copyright (c) 2015-2021 Martin Lindhe - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. diff --git a/vendor/github.com/martinlindhe/base36/LICENSE b/vendor/github.com/martinlindhe/base36/LICENSE deleted file mode 100644 index 4082ac8bb..000000000 --- a/vendor/github.com/martinlindhe/base36/LICENSE +++ /dev/null @@ -1,21 +0,0 @@ -The MIT License (MIT) - -Copyright (c) 2015-2021 Martin Lindhe - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. diff --git a/vendor/github.com/martinlindhe/base36/README.md b/vendor/github.com/martinlindhe/base36/README.md deleted file mode 100644 index e266df7ed..000000000 --- a/vendor/github.com/martinlindhe/base36/README.md +++ /dev/null @@ -1,28 +0,0 @@ -# About - -[![GoDoc](https://godoc.org/github.com/martinlindhe/base36?status.svg)](https://godoc.org/github.com/martinlindhe/base36) - -Implements Base36 encoding and decoding, which is useful to represent -large integers in a case-insensitive alphanumeric way. - -## Examples - -```go -import "github.com/martinlindhe/base36" - -fmt.Println(base36.Encode(5481594952936519619)) -// Output: 15N9Z8L3AU4EB - -fmt.Println(base36.Decode("15N9Z8L3AU4EB")) -// Output: 5481594952936519619 - -fmt.Println(base36.EncodeBytes([]byte{1, 2, 3, 4})) -// Output: A2F44 - -fmt.Println(base36.DecodeToBytes("A2F44")) -// Output: [1 2 3 4] -``` - -## License - -Under [MIT](LICENSE) diff --git a/vendor/github.com/martinlindhe/base36/base36.go b/vendor/github.com/martinlindhe/base36/base36.go deleted file mode 100644 index 8e4f3dccf..000000000 --- a/vendor/github.com/martinlindhe/base36/base36.go +++ /dev/null @@ -1,167 +0,0 @@ -package base36 - -import ( - "math/big" - "strings" -) - -var ( - base36 = []byte{ - '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', - 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', - 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', - 'U', 'V', 'W', 'X', 'Y', 'Z'} - - //index = map[byte]int{ - // '0': 0, '1': 1, '2': 2, '3': 3, '4': 4, - // '5': 5, '6': 6, '7': 7, '8': 8, '9': 9, - // 'A': 10, 'B': 11, 'C': 12, 'D': 13, 'E': 14, - // 'F': 15, 'G': 16, 'H': 17, 'I': 18, 'J': 19, - // 'K': 20, 'L': 21, 'M': 22, 'N': 23, 'O': 24, - // 'P': 25, 'Q': 26, 'R': 27, 'S': 28, 'T': 29, - // 'U': 30, 'V': 31, 'W': 32, 'X': 33, 'Y': 34, - // 'Z': 35, - // 'a': 10, 'b': 11, 'c': 12, 'd': 13, 'e': 14, - // 'f': 15, 'g': 16, 'h': 17, 'i': 18, 'j': 19, - // 'k': 20, 'l': 21, 'm': 22, 'n': 23, 'o': 24, - // 'p': 25, 'q': 26, 'r': 27, 's': 28, 't': 29, - // 'u': 30, 'v': 31, 'w': 32, 'x': 33, 'y': 34, - // 'z': 35, - //} - uint8Index = []uint64{ - 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 1, 2, - 3, 4, 5, 6, 7, 8, 9, 0, 0, 0, - 0, 0, 0, 0, 10, 11, 12, 13, 14, - 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, - 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, - 35, 0, 0, 0, 0, 0, 0, 10, 11, 12, 13, - 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, - 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, - 34, 35, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, // 256 - } - pow36Index = []uint64{ - 1, 36, 1296, 46656, 1679616, 60466176, - 2176782336, 78364164096, 2821109907456, - 101559956668416, 3656158440062976, - 131621703842267136, 4738381338321616896, - 9223372036854775808, - } -) - -// Encode encodes a number to base36. -func Encode(value uint64) string { - var res [16]byte - var i int - for i = len(res) - 1; ; i-- { - res[i] = base36[value%36] - value /= 36 - if value == 0 { - break - } - } - - return string(res[i:]) -} - -// Decode decodes a base36-encoded string. -func Decode(s string) uint64 { - if len(s) > 13 { - s = s[:12] - } - res := uint64(0) - l := len(s) - 1 - for idx := 0; idx < len(s); idx++ { - c := s[l-idx] - res += uint8Index[c] * pow36Index[idx] - } - return res -} - -var bigRadix = big.NewInt(36) -var bigZero = big.NewInt(0) - -// EncodeBytesAsBytes encodes a byte slice to base36. -func EncodeBytesAsBytes(b []byte) []byte { - x := new(big.Int) - x.SetBytes(b) - - answer := make([]byte, 0, len(b)*136/100) - for x.Cmp(bigZero) > 0 { - mod := new(big.Int) - x.DivMod(x, bigRadix, mod) - answer = append(answer, base36[mod.Int64()]) - } - - // leading zero bytes - for _, i := range b { - if i != 0 { - break - } - answer = append(answer, base36[0]) - } - - // reverse - alen := len(answer) - for i := 0; i < alen/2; i++ { - answer[i], answer[alen-1-i] = answer[alen-1-i], answer[i] - } - - return answer -} - -// EncodeBytes encodes a byte slice to base36 string. -func EncodeBytes(b []byte) string { - return string(EncodeBytesAsBytes(b)) -} - -// DecodeToBytes decodes a base36 string to a byte slice, using alphabet. -func DecodeToBytes(b string) []byte { - alphabet := string(base36) - answer := big.NewInt(0) - j := big.NewInt(1) - - for i := len(b) - 1; i >= 0; i-- { - tmp := strings.IndexAny(alphabet, string(b[i])) - if tmp == -1 { - return []byte("") - } - idx := big.NewInt(int64(tmp)) - tmp1 := big.NewInt(0) - tmp1.Mul(j, idx) - - answer.Add(answer, tmp1) - j.Mul(j, bigRadix) - } - - tmpval := answer.Bytes() - - var numZeros int - for numZeros = 0; numZeros < len(b); numZeros++ { - if b[numZeros] != alphabet[0] { - break - } - } - flen := numZeros + len(tmpval) - val := make([]byte, flen, flen) - copy(val[numZeros:], tmpval) - - return val -} diff --git a/vendor/modules.txt b/vendor/modules.txt index 7a7a72300..d5ba8b38e 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -134,9 +134,6 @@ github.com/kelseyhightower/envconfig github.com/mailru/easyjson/buffer github.com/mailru/easyjson/jlexer github.com/mailru/easyjson/jwriter -# github.com/martinlindhe/base36 v1.1.1 -## explicit; go 1.16 -github.com/martinlindhe/base36 # github.com/matttproud/golang_protobuf_extensions v1.0.2 ## explicit; go 1.9 github.com/matttproud/golang_protobuf_extensions/pbutil