certmanager

package
v0.0.11 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 16, 2025 License: MIT Imports: 13 Imported by: 0

Documentation

Overview

Package certmanager provides Terratest-style helpers for testing cert-manager resources including Certificates, Issuers, ClusterIssuers, CertificateRequests, ACME Orders, and Challenges. These helpers use client-go and polling logic to wait for readiness conditions and validate associated Secrets.

Index

Constants

This section is empty.

Variables

View Source 
var NewClient = newClient

NewClient creates and returns a new cert-manager clientset.Interface using the provided testing context and kubectl options. If the RestConfig in options is nil, it attempts to generate a new rest.Config using the provided options. Returns the cert-manager clientset.Interface or an error if the configuration could not be created.

Parameters:

  • t: The testing context, used for error reporting and helper annotation.
  • options: The kubectl options containing cluster access configuration. If options.RestConfig is nil, the function will attempt to generate a rest.Config using utils.GetRestConfigE.

Returns:

  • cmclientset.Interface: The cert-manager clientset for interacting with cert-manager resources.
  • error: An error if the configuration or clientset could not be created.

Example usage: 

client, err := NewClient(t, options)
require.NoError(t, err)
issuers, err := client.CertmanagerV1().Issuers("default").List(context.TODO(), metav1.ListOptions{})
require.NoError(t, err)

Functions

func HasCondition 

func HasCondition(conds []cmv1.CertificateRequestCondition, condType cmv1.CertificateRequestConditionType, status cmmetav1.ConditionStatus) bool

HasCondition checks if a slice of CertificateRequestCondition contains a condition with the specified type and status.

Parameters: 

conds    - Slice of CertificateRequestCondition to search.
condType - The condition type to look for.
status   - The condition status to match.

Returns: 

true if a condition with the specified type and status exists, false otherwise.

func ListCertificateRequests added in v0.0.5 

func ListCertificateRequests(t *testing.T, options *k8s.KubectlOptions, namespace string) []cmv1.CertificateRequest

ListCertificateRequests retrieves all CertificateRequest resources in the specified namespace using the provided kubectl options. It returns a slice of CertificateRequest objects. The function fails the test if there is an error creating the cert-manager client or listing the resources.

Parameters:

  • t: The testing context.
  • options: The kubectl options for connecting to the Kubernetes cluster.
  • namespace: The namespace from which to list CertificateRequests.

Returns:

  • A slice of cmv1.CertificateRequest representing the CertificateRequests found in the namespace.

func ListCertificates added in v0.0.5 

func ListCertificates(t *testing.T, options *k8s.KubectlOptions, namespace string) []certv1.Certificate

ListCertificates retrieves all cert-manager Certificate resources in the specified namespace. It uses the provided testing context and kubectl options to create a cert-manager client, then lists and returns the Certificate objects found in the namespace. The function will fail the test if there is an error creating the client or listing the certificates.

Parameters:

  • t: The testing context.
  • options: The kubectl options for connecting to the Kubernetes cluster.
  • namespace: The namespace from which to list Certificate resources.

Returns:

  • A slice of certv1.Certificate objects found in the specified namespace.

func ListChallenges added in v0.0.5 

func ListChallenges(t *testing.T, options *k8s.KubectlOptions, namespace string) []acmev1.Challenge

ListChallenges retrieves a list of ACME Challenge resources from the specified namespace using the cert-manager client. It requires a testing context, kubectl options, and the target namespace. The function will fail the test if the client cannot be created or if the challenges cannot be listed.

Parameters:

  • t: The testing context.
  • options: The kubectl options for connecting to the Kubernetes cluster.
  • namespace: The namespace from which to list ACME Challenges.

Returns:

  • A slice of acmev1.Challenge objects found in the specified namespace.

func ListClusterIssuers added in v0.0.5 

func ListClusterIssuers(t *testing.T, options *k8s.KubectlOptions) []cmv1.ClusterIssuer

ListClusterIssuers retrieves a list of cert-manager ClusterIssuer resources from the Kubernetes cluster using the provided KubectlOptions. It requires a testing.T instance for error handling and test context. The function returns a slice of ClusterIssuer objects. If the client creation or resource listing fails, the test will fail with an appropriate error message.

Parameters:

  • t: A pointer to testing.T, used for test context and error reporting.
  • options: A pointer to k8s.KubectlOptions, containing configuration for accessing the Kubernetes cluster.

Returns:

  • A slice of cmv1.ClusterIssuer representing the ClusterIssuers found in the cluster.

func ListIssuers added in v0.0.5 

func ListIssuers(t *testing.T, options *k8s.KubectlOptions, namespace string) []cmv1.Issuer

ListIssuers retrieves a list of cert-manager Issuer resources from the specified namespace. It uses the provided testing context and kubectl options to create a cert-manager client, then queries for Issuers in the given namespace. The function fails the test if any error occurs during client creation or resource listing.

Parameters:

  • t: The testing context.
  • options: The kubectl options used to configure the client.
  • namespace: The Kubernetes namespace from which to list Issuers.

Returns:

  • A slice of cmv1.Issuer objects found in the specified namespace.

func ListOrders added in v0.0.5 

func ListOrders(t *testing.T, options *k8s.KubectlOptions, namespace string) []acmev1.Order

ListOrders retrieves a list of ACME Order resources from the specified namespace using the cert-manager client. It requires a testing context, kubectl options, and the target namespace as input. The function fails the test if the client cannot be created or if listing the Orders fails.

Parameters:

  • t: The testing context.
  • options: The kubectl options used to configure the client.
  • namespace: The Kubernetes namespace to search for Orders.

Returns:

  • A slice of acmev1.Order objects found in the specified namespace.

func ValidateCertificateSecret 

func ValidateCertificateSecret(t *testing.T, options *k8s.KubectlOptions, cert *certv1.Certificate)

ValidateCertificateSecret verifies that the Kubernetes Secret referenced by the given cert-manager Certificate contains both the "tls.crt" and "tls.key" data fields. It fails the test if either field is missing. The function sets the namespace in the provided KubectlOptions to match the Certificate's namespace before retrieving and validating the Secret.

Parameters: 

t       - The testing context.
options - Kubectl options for accessing the Kubernetes cluster.
cert    - The cert-manager Certificate resource whose Secret should be validated.

func WaitForCertificateReady 

func WaitForCertificateReady(t *testing.T, options *k8s.KubectlOptions, name, namespace string, timeout time.Duration)

WaitForCertificateReady waits until the specified cert-manager Certificate resource is in the Ready state. It polls the Certificate status at regular intervals until the Ready condition is true or the timeout is reached. If the Certificate does not become Ready within the timeout, the test fails. Parameters:

  • t: The testing context.
  • options: Kubectl options containing the Kubernetes REST config.
  • name: The name of the Certificate resource.
  • namespace: The namespace of the Certificate resource.
  • timeout: The maximum duration to wait for the Certificate to become Ready.

func WaitForCertificateRequestReady 

func WaitForCertificateRequestReady(t *testing.T, options *k8s.KubectlOptions, name, namespace string, timeout time.Duration)

WaitForCertificateRequestReady waits until the specified CertificateRequest resource in the given namespace reaches the "Ready" condition or the timeout is exceeded. It fails the test if the CertificateRequest does not become ready within the specified duration.

Parameters:

  • t: The testing context.
  • options: The kubectl options to use for interacting with the Kubernetes cluster.
  • name: The name of the CertificateRequest resource.
  • namespace: The namespace where the CertificateRequest is located.
  • timeout: The maximum duration to wait for the CertificateRequest to become ready.

func WaitForCertificateRequestReadyE added in v0.0.6 

func WaitForCertificateRequestReadyE(t *testing.T, options *k8s.KubectlOptions, name, namespace string, timeout time.Duration) error

WaitForCertificateRequestReadyE waits until the specified CertificateRequest resource in the given namespace reaches the Ready condition within the provided timeout duration. It polls the resource status every 2 seconds. If the CertificateRequest does not become Ready within the timeout, the test fails with a fatal error.

Parameters: 

t        - The testing context.
options  - The kubectl options containing the Kubernetes REST config.
name     - The name of the CertificateRequest resource.
namespace- The namespace where the CertificateRequest resides.
timeout  - The maximum duration to wait for the CertificateRequest to become Ready.

This function requires cert-manager clientset and is intended for use in integration tests.

func WaitForChallengeValid 

func WaitForChallengeValid(t *testing.T, options *k8s.KubectlOptions, name, namespace string, timeout time.Duration)

WaitForChallengeValid waits until the specified ACME Challenge resource in the given namespace reaches the "Valid" state or the timeout is exceeded. It polls the challenge status at regular intervals using the cert-manager clientset. If the challenge does not become valid within the timeout, the test fails with a fatal error.

Parameters: 

t         - The testing context.
options   - Kubectl options containing the REST config for Kubernetes API access.
name      - The name of the ACME Challenge resource.
namespace - The namespace where the challenge resource resides.
timeout   - The maximum duration to wait for the challenge to become valid.

Fails the test if the challenge does not reach the "Valid" state within the timeout.

func WaitForClusterIssuerReady 

func WaitForClusterIssuerReady(t *testing.T, options *k8s.KubectlOptions, name string, timeout time.Duration)

WaitForClusterIssuerReady waits until the specified cert-manager ClusterIssuer resource is in the Ready state. It polls the ClusterIssuer status at regular intervals until the Ready condition is true or the timeout is reached. If the ClusterIssuer does not become Ready within the timeout, the test fails.

Parameters: 

t       - The testing context.
options - The kubectl options containing Kubernetes REST config.
name    - The name of the ClusterIssuer to check.
timeout - The maximum duration to wait for the ClusterIssuer to become Ready.

This function requires a cert-manager clientset and uses the provided REST config to interact with the Kubernetes API.

func WaitForIssuerReady 

func WaitForIssuerReady(t *testing.T, options *k8s.KubectlOptions, name, namespace string, timeout time.Duration)

WaitForIssuerReady waits until the specified cert-manager Issuer resource is in the Ready condition within the given timeout. It polls the Issuer status every 2 seconds and fails the test if the Issuer does not become Ready within the timeout period. Parameters:

  • t: The testing context.
  • options: Kubectl options containing the Kubernetes REST config.
  • name: The name of the Issuer resource.
  • namespace: The namespace of the Issuer resource.
  • timeout: The maximum duration to wait for the Issuer to become Ready.

Fails the test if the Issuer is not Ready within the timeout or if there is an error creating the cert-manager clientset.

func WaitForOrderValid 

func WaitForOrderValid(t *testing.T, options *k8s.KubectlOptions, name, namespace string, timeout time.Duration)

WaitForOrderValid waits until the specified ACME Order resource in the given namespace reaches the "Valid" state or the timeout is exceeded. It polls the Order status every 2 seconds using the cert-manager clientset. If the Order does not reach the "Valid" state within the timeout, the test fails with a fatal error.

Parameters: 

t        - The testing context.
options  - Kubectl options containing the REST config for Kubernetes API access.
name     - The name of the ACME Order resource.
namespace- The namespace where the ACME Order resource resides.
timeout  - The maximum duration to wait for the Order to become valid.

Fails the test if the Order does not reach the "Valid" state within the specified timeout.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.