certmanager

package
v0.0.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 25, 2025 License: MIT Imports: 13 Imported by: 0

Documentation

Overview

Package certmanager provides Terratest-style helpers for testing cert-manager resources including Certificates, Issuers, ClusterIssuers, CertificateRequests, ACME Orders, and Challenges. These helpers use client-go and polling logic to wait for readiness conditions and validate associated Secrets.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func HasCondition 

func HasCondition(conds []cmv1.CertificateRequestCondition, condType cmv1.CertificateRequestConditionType, status cmmetav1.ConditionStatus) bool

HasCondition checks if a slice of CertificateRequestCondition contains a condition with the specified type and status.

Parameters: 

conds    - Slice of CertificateRequestCondition to search.
condType - The condition type to look for.
status   - The condition status to match.

Returns: 

true if a condition with the specified type and status exists, false otherwise.

func ListCertificateRequests added in v0.0.5 

func ListCertificateRequests(t *testing.T, options *k8s.KubectlOptions, namespace string) []cmv1.CertificateRequest

func ListCertificates added in v0.0.5 

func ListCertificates(t *testing.T, options *k8s.KubectlOptions, namespace string) []certv1.Certificate

func ListChallenges added in v0.0.5 

func ListChallenges(t *testing.T, options *k8s.KubectlOptions, namespace string) []acmev1.Challenge

func ListClusterIssuers added in v0.0.5 

func ListClusterIssuers(t *testing.T, options *k8s.KubectlOptions) []cmv1.ClusterIssuer

func ListIssuers added in v0.0.5 

func ListIssuers(t *testing.T, options *k8s.KubectlOptions, namespace string) []cmv1.Issuer

func ListOrders added in v0.0.5 

func ListOrders(t *testing.T, options *k8s.KubectlOptions, namespace string) []acmev1.Order

func NewCertManagerClient added in v0.0.5 

func NewCertManagerClient(t *testing.T, options *k8s.KubectlOptions) (cmclientset.Interface, error)

NewCertManagerClient creates and returns a new cert-manager clientset.Interface using the provided testing context and kubectl options. If the RestConfig in options is nil, it attempts to generate a new rest.Config using the provided options. Returns the cert-manager clientset.Interface or an error if the configuration could not be created.

func ValidateCertificateSecret 

func ValidateCertificateSecret(t *testing.T, options *k8s.KubectlOptions, cert *certv1.Certificate)

ValidateCertificateSecret verifies that the Kubernetes Secret referenced by the given cert-manager Certificate contains both the "tls.crt" and "tls.key" data fields. It fails the test if either field is missing. The function sets the namespace in the provided KubectlOptions to match the Certificate's namespace before retrieving and validating the Secret.

Parameters: 

t       - The testing context.
options - Kubectl options for accessing the Kubernetes cluster.
cert    - The cert-manager Certificate resource whose Secret should be validated.

func WaitForCertificateReady 

func WaitForCertificateReady(t *testing.T, options *k8s.KubectlOptions, name, namespace string, timeout time.Duration)

WaitForCertificateReady waits until the specified cert-manager Certificate resource is in the Ready state. It polls the Certificate status at regular intervals until the Ready condition is true or the timeout is reached. If the Certificate does not become Ready within the timeout, the test fails. Parameters:

  • t: The testing context.
  • options: Kubectl options containing the Kubernetes REST config.
  • name: The name of the Certificate resource.
  • namespace: The namespace of the Certificate resource.
  • timeout: The maximum duration to wait for the Certificate to become Ready.

func WaitForCertificateRequestReady 

func WaitForCertificateRequestReady(t *testing.T, options *k8s.KubectlOptions, name, namespace string, timeout time.Duration)

WaitForCertificateRequestReady waits until the specified CertificateRequest resource in the given namespace reaches the Ready condition within the provided timeout duration. It polls the resource status every 2 seconds. If the CertificateRequest does not become Ready within the timeout, the test fails with a fatal error.

Parameters: 

t        - The testing context.
options  - The kubectl options containing the Kubernetes REST config.
name     - The name of the CertificateRequest resource.
namespace- The namespace where the CertificateRequest resides.
timeout  - The maximum duration to wait for the CertificateRequest to become Ready.

This function requires cert-manager clientset and is intended for use in integration tests.

func WaitForChallengeValid 

func WaitForChallengeValid(t *testing.T, options *k8s.KubectlOptions, name, namespace string, timeout time.Duration)

WaitForChallengeValid waits until the specified ACME Challenge resource in the given namespace reaches the "Valid" state or the timeout is exceeded. It polls the challenge status at regular intervals using the cert-manager clientset. If the challenge does not become valid within the timeout, the test fails with a fatal error.

Parameters: 

t         - The testing context.
options   - Kubectl options containing the REST config for Kubernetes API access.
name      - The name of the ACME Challenge resource.
namespace - The namespace where the challenge resource resides.
timeout   - The maximum duration to wait for the challenge to become valid.

Fails the test if the challenge does not reach the "Valid" state within the timeout.

func WaitForClusterIssuerReady 

func WaitForClusterIssuerReady(t *testing.T, options *k8s.KubectlOptions, name string, timeout time.Duration)

WaitForClusterIssuerReady waits until the specified cert-manager ClusterIssuer resource is in the Ready state. It polls the ClusterIssuer status at regular intervals until the Ready condition is true or the timeout is reached. If the ClusterIssuer does not become Ready within the timeout, the test fails.

Parameters: 

t       - The testing context.
options - The kubectl options containing Kubernetes REST config.
name    - The name of the ClusterIssuer to check.
timeout - The maximum duration to wait for the ClusterIssuer to become Ready.

This function requires a cert-manager clientset and uses the provided REST config to interact with the Kubernetes API.

func WaitForIssuerReady 

func WaitForIssuerReady(t *testing.T, options *k8s.KubectlOptions, name, namespace string, timeout time.Duration)

WaitForIssuerReady waits until the specified cert-manager Issuer resource is in the Ready condition within the given timeout. It polls the Issuer status every 2 seconds and fails the test if the Issuer does not become Ready within the timeout period. Parameters:

  • t: The testing context.
  • options: Kubectl options containing the Kubernetes REST config.
  • name: The name of the Issuer resource.
  • namespace: The namespace of the Issuer resource.
  • timeout: The maximum duration to wait for the Issuer to become Ready.

Fails the test if the Issuer is not Ready within the timeout or if there is an error creating the cert-manager clientset.

func WaitForOrderValid 

func WaitForOrderValid(t *testing.T, options *k8s.KubectlOptions, name, namespace string, timeout time.Duration)

WaitForOrderValid waits until the specified ACME Order resource in the given namespace reaches the "Valid" state or the timeout is exceeded. It polls the Order status every 2 seconds using the cert-manager clientset. If the Order does not reach the "Valid" state within the timeout, the test fails with a fatal error.

Parameters: 

t        - The testing context.
options  - Kubectl options containing the REST config for Kubernetes API access.
name     - The name of the ACME Order resource.
namespace- The namespace where the ACME Order resource resides.
timeout  - The maximum duration to wait for the Order to become valid.

Fails the test if the Order does not reach the "Valid" state within the specified timeout.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.