[cert] Make sure DNSNames and IPAddresses are sorted

To reduce possibility of changing certs, make sure lists of DNSNames and IPAddresses are sorted. Signed-off-by: Martin Schuppert <[email protected]>
openstack-k8s-operators · Aug 5, 2024 · d26ee38 · d26ee38
1 parent 7fd3da6
commit d26ee38
Show file tree

Hide file tree

Showing 2 changed files with 67 additions and 1 deletion.
diff --git a/modules/certmanager/certificate.go b/modules/certmanager/certificate.go
@@ -19,6 +19,7 @@ package certmanager
 import (
 	"context"
 	"fmt"
+	"sort"
 	"time"
 
 	certmgrv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
@@ -66,10 +67,15 @@ func NewCertificate(
 	certificate *certmgrv1.Certificate,
 	timeout time.Duration,
 ) *Certificate {
-	return &Certificate{
+	crt := &Certificate{
 		certificate: certificate,
 		timeout:     timeout,
 	}
+
+	sort.Strings(crt.certificate.Spec.IPAddresses)
+	sort.Strings(crt.certificate.Spec.DNSNames)
+
+	return crt
 }
 
 // Cert returns an initialized certificate request obj.

diff --git a/modules/certmanager/test/functional/certmanager_test.go b/modules/certmanager/test/functional/certmanager_test.go
@@ -166,6 +166,66 @@ var _ = Describe("certmanager module", func() {
 		Expect(cert.Labels["f"]).To(Equal("l"))
 	})
 
+	It("creates certificate with orderdered DNSNames", func() {
+		c := certmanager.NewCertificate(
+			certmanager.Cert(
+				names.CertName.Name,
+				names.CertName.Namespace,
+				map[string]string{"f": "l"},
+				certmgrv1.CertificateSpec{
+					CommonName: "keystone-public-openstack.apps-crc.testing",
+					DNSNames: []string{
+						"keystone-public-openstack.apps-crc.testing",
+						"keystone-public-openstack",
+					},
+					IssuerRef: certmgrmetav1.ObjectReference{
+						Kind: "Issuer",
+						Name: "issuerName",
+					},
+					SecretName: "secret",
+				},
+			),
+			timeout,
+		)
+
+		_, _, err := c.CreateOrPatch(ctx, h, nil)
+		Expect(err).ShouldNot(HaveOccurred())
+		cert := th.GetCert(names.CertName)
+		Expect(cert.Spec.DNSNames[0]).To(Equal("keystone-public-openstack"))
+		Expect(cert.Spec.DNSNames[1]).To(Equal("keystone-public-openstack.apps-crc.testing"))
+	})
+
+	It("creates certificate with orderdered IPAddresses", func() {
+		c := certmanager.NewCertificate(
+			certmanager.Cert(
+				names.CertName.Name,
+				names.CertName.Namespace,
+				map[string]string{"f": "l"},
+				certmgrv1.CertificateSpec{
+					CommonName: "keystone-public-openstack.apps-crc.testing",
+					IPAddresses: []string{
+						"2.2.2.2",
+						"1.1.1.1",
+						"2.2.2.1",
+					},
+					IssuerRef: certmgrmetav1.ObjectReference{
+						Kind: "Issuer",
+						Name: "issuerName",
+					},
+					SecretName: "secret",
+				},
+			),
+			timeout,
+		)
+
+		_, _, err := c.CreateOrPatch(ctx, h, nil)
+		Expect(err).ShouldNot(HaveOccurred())
+		cert := th.GetCert(names.CertName)
+		Expect(cert.Spec.IPAddresses[0]).To(Equal("1.1.1.1"))
+		Expect(cert.Spec.IPAddresses[1]).To(Equal("2.2.2.1"))
+		Expect(cert.Spec.IPAddresses[2]).To(Equal("2.2.2.2"))
+	})
+
 	It("deletes certificate", func() {
 		c := certmanager.NewCertificate(
 			certmanager.Cert(