From 52320fbeeab57434e4f1e1bdaa80dc9fb2fa1357 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Tue, 30 Apr 2024 10:37:22 +0200 Subject: [PATCH 1/3] fix contextcheck linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .golangci.yaml | 1 - cmd/acmesolver/app/app.go | 6 +- cmd/cainjector/app/controller.go | 1 + cmd/controller/app/controller.go | 18 ++-- internal/vault/vault.go | 14 +-- internal/vault/vault_test.go | 5 +- pkg/controller/acmechallenges/sync.go | 2 +- pkg/controller/builder.go | 6 +- .../certificaterequests/vault/vault.go | 2 +- .../certificaterequests/vault/vault_test.go | 2 +- .../requestmanager_controller.go | 6 +- .../certificatesigningrequests/vault/vault.go | 2 +- .../vault/vault_test.go | 10 +- pkg/controller/context.go | 5 - pkg/controller/controller.go | 19 ++-- pkg/controller/register.go | 4 +- pkg/healthz/healthz.go | 2 + pkg/issuer/acme/dns/acmedns/acmedns.go | 5 +- pkg/issuer/acme/dns/acmedns/acmedns_test.go | 3 +- pkg/issuer/acme/dns/akamai/akamai.go | 17 ++- pkg/issuer/acme/dns/akamai/akamai_test.go | 30 +++--- pkg/issuer/acme/dns/azuredns/azuredns.go | 22 ++-- pkg/issuer/acme/dns/azuredns/azuredns_test.go | 6 +- pkg/issuer/acme/dns/clouddns/clouddns.go | 59 +++++----- pkg/issuer/acme/dns/clouddns/clouddns_test.go | 24 ++--- pkg/issuer/acme/dns/cloudflare/cloudflare.go | 34 +++--- .../acme/dns/cloudflare/cloudflare_test.go | 11 +- .../acme/dns/digitalocean/digitalocean.go | 29 +++-- .../dns/digitalocean/digitalocean_test.go | 5 +- pkg/issuer/acme/dns/dns.go | 35 +++--- pkg/issuer/acme/dns/route53/route53.go | 34 +++--- pkg/issuer/acme/dns/route53/route53_test.go | 20 ++-- pkg/issuer/acme/dns/util/dns.go | 5 +- pkg/issuer/acme/dns/util/wait.go | 50 ++++----- pkg/issuer/acme/dns/util/wait_test.go | 31 +++--- pkg/issuer/acme/dns/util_test.go | 5 +- pkg/issuer/vault/setup.go | 2 +- pkg/webhook/server/server.go | 10 +- test/acme/util.go | 4 +- test/e2e/e2e.go | 13 +-- test/e2e/framework/addon/base/base.go | 6 +- test/e2e/framework/addon/chart/addon.go | 36 +++---- test/e2e/framework/addon/globals.go | 9 +- test/e2e/framework/addon/internal/globals.go | 6 +- test/e2e/framework/addon/vault/proxy.go | 13 ++- test/e2e/framework/addon/vault/setup.go | 92 +++++++--------- test/e2e/framework/addon/vault/vault.go | 26 ++--- test/e2e/framework/addon/venafi/cloud.go | 12 +-- test/e2e/framework/addon/venafi/tpp.go | 12 +-- test/e2e/framework/cleanup.go | 15 +-- test/e2e/framework/framework.go | 20 ++-- .../framework/helper/certificaterequests.go | 20 ++-- test/e2e/framework/helper/certificates.go | 46 ++++---- .../helper/certificatesigningrequests.go | 6 +- test/e2e/framework/helper/pod_start.go | 10 +- test/e2e/framework/helper/secret.go | 6 +- test/e2e/framework/testenv.go | 16 +-- .../certificates/additionaloutputformats.go | 13 +-- .../suite/certificates/duplicatesecretname.go | 18 ++-- .../suite/certificates/literalsubjectrdns.go | 6 +- test/e2e/suite/certificates/othernamesan.go | 11 +- test/e2e/suite/certificates/secrettemplate.go | 87 +++++++-------- .../conformance/certificates/acme/acme.go | 64 +++++------ .../suite/conformance/certificates/ca/ca.go | 22 ++-- .../certificates/external/external.go | 8 +- .../certificates/selfsigned/selfsigned.go | 16 +-- .../suite/conformance/certificates/suite.go | 12 ++- .../suite/conformance/certificates/tests.go | 80 +++++++------- .../certificates/vault/vault_approle.go | 36 +++---- .../conformance/certificates/venafi/venafi.go | 22 ++-- .../certificates/venaficloud/cloud.go | 22 ++-- .../certificatesigningrequests/acme/acme.go | 10 +- .../certificatesigningrequests/acme/dns01.go | 16 +-- .../certificatesigningrequests/acme/http01.go | 16 +-- .../certificatesigningrequests/ca/ca.go | 22 ++-- .../selfsigned/selfsigned.go | 24 ++--- .../certificatesigningrequests/suite.go | 19 ++-- .../certificatesigningrequests/tests.go | 16 +-- .../vault/approle.go | 36 +++---- .../vault/kubernetes.go | 34 +++--- .../venafi/cloud.go | 22 ++-- .../certificatesigningrequests/venafi/tpp.go | 18 ++-- .../suite/issuers/acme/certificate/http01.go | 63 +++++------ .../issuers/acme/certificate/notafter.go | 19 ++-- .../suite/issuers/acme/certificate/webhook.go | 33 +++--- .../issuers/acme/certificaterequest/dns01.go | 25 ++--- .../issuers/acme/certificaterequest/http01.go | 39 +++---- .../issuers/acme/dnsproviders/rfc2136.go | 6 +- test/e2e/suite/issuers/acme/issuer.go | 27 ++--- test/e2e/suite/issuers/ca/certificate.go | 45 ++++---- .../suite/issuers/ca/certificaterequest.go | 29 ++--- test/e2e/suite/issuers/ca/clusterissuer.go | 11 +- test/e2e/suite/issuers/ca/issuer.go | 9 +- .../suite/issuers/selfsigned/certificate.go | 25 ++--- .../issuers/selfsigned/certificaterequest.go | 33 +++--- .../issuers/vault/certificate/approle.go | 43 ++++---- .../vault/certificaterequest/approle.go | 43 ++++---- test/e2e/suite/issuers/vault/issuer.go | 41 +++---- test/e2e/suite/issuers/vault/mtls.go | 101 +++++++++--------- test/e2e/suite/issuers/venafi/cloud/setup.go | 9 +- .../suite/issuers/venafi/tpp/certificate.go | 5 +- .../issuers/venafi/tpp/certificaterequest.go | 11 +- test/e2e/suite/issuers/venafi/tpp/setup.go | 15 +-- test/e2e/suite/serving/cainjector.go | 7 +- test/e2e/util/util.go | 28 ++--- .../acme/orders_controller_test.go | 1 - ...erates_new_private_key_per_request_test.go | 18 ++-- .../certificates/issuing_controller_test.go | 8 +- .../certificates/metrics_controller_test.go | 1 - .../revisionmanager_controller_test.go | 1 - .../certificates/trigger_controller_test.go | 3 - test/integration/framework/helpers.go | 10 +- 112 files changed, 1147 insertions(+), 1122 deletions(-) diff --git a/.golangci.yaml b/.golangci.yaml index 73c76c4c2d8..4a3c8779219 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -3,7 +3,6 @@ issues: - linters: - dogsled - errcheck - - contextcheck - promlinter - errname - exhaustive diff --git a/cmd/acmesolver/app/app.go b/cmd/acmesolver/app/app.go index b14569f5b51..cd638b10230 100644 --- a/cmd/acmesolver/app/app.go +++ b/cmd/acmesolver/app/app.go @@ -54,11 +54,13 @@ func NewACMESolverCommand(_ context.Context) *cobra.Command { go func() { defer close(completedCh) <-runCtx.Done() + // allow a timeout for graceful shutdown - ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) + shutdownCtx, cancel := context.WithTimeout(context.Background(), 5*time.Second) defer cancel() - if err := s.Shutdown(ctx); err != nil { + // nolint: contextcheck + if err := s.Shutdown(shutdownCtx); err != nil { log.Error(err, "error shutting down acmesolver server") } }() diff --git a/cmd/cainjector/app/controller.go b/cmd/cainjector/app/controller.go index c2b891db2b4..a242bfc1bdf 100644 --- a/cmd/cainjector/app/controller.go +++ b/cmd/cainjector/app/controller.go @@ -118,6 +118,7 @@ func Run(opts *config.CAInjectorConfiguration, ctx context.Context) error { shutdownCtx, cancel := context.WithTimeout(context.Background(), 5*time.Second) defer cancel() + // nolint: contextcheck return server.Shutdown(shutdownCtx) })) diff --git a/cmd/controller/app/controller.go b/cmd/controller/app/controller.go index 269bb0d84cf..9490c3ca1d6 100644 --- a/cmd/controller/app/controller.go +++ b/cmd/controller/app/controller.go @@ -116,13 +116,11 @@ func Run(rootCtx context.Context, opts *config.ControllerConfiguration) error { g.Go(func() error { <-rootCtx.Done() // allow a timeout for graceful shutdown - ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) + shutdownCtx, cancel := context.WithTimeout(context.Background(), 5*time.Second) defer cancel() - if err := metricsServer.Shutdown(ctx); err != nil { - return err - } - return nil + // nolint: contextcheck + return metricsServer.Shutdown(shutdownCtx) }) g.Go(func() error { log.V(logf.InfoLevel).Info("starting metrics server", "address", metricsLn.Addr()) @@ -149,13 +147,11 @@ func Run(rootCtx context.Context, opts *config.ControllerConfiguration) error { g.Go(func() error { <-rootCtx.Done() // allow a timeout for graceful shutdown - ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) + shutdownCtx, cancel := context.WithTimeout(context.Background(), 5*time.Second) defer cancel() - if err := profilerServer.Shutdown(ctx); err != nil { - return err - } - return nil + // nolint: contextcheck + return profilerServer.Shutdown(shutdownCtx) }) g.Go(func() error { log.V(logf.InfoLevel).Info("starting profiler", "address", profilerLn.Addr()) @@ -250,7 +246,7 @@ func Run(rootCtx context.Context, opts *config.ControllerConfiguration) error { g.Go(func() error { log.V(logf.InfoLevel).Info("starting controller") - return iface.Run(opts.NumberOfConcurrentWorkers, rootCtx.Done()) + return iface.Run(opts.NumberOfConcurrentWorkers, rootCtx) }) } diff --git a/internal/vault/vault.go b/internal/vault/vault.go index e9a24307b46..5bf82cebd9b 100644 --- a/internal/vault/vault.go +++ b/internal/vault/vault.go @@ -45,7 +45,7 @@ var _ Interface = &Vault{} // ClientBuilder is a function type that returns a new Interface. // Can be used in tests to create a mock signer of Vault certificate requests. -type ClientBuilder func(namespace string, _ func(ns string) CreateToken, _ internalinformers.SecretLister, _ v1.GenericIssuer) (Interface, error) +type ClientBuilder func(ctx context.Context, namespace string, _ func(ns string) CreateToken, _ internalinformers.SecretLister, _ v1.GenericIssuer) (Interface, error) // Interface implements various high level functionality related to connecting // with a Vault server, verifying its status and signing certificate request for @@ -95,7 +95,7 @@ type Vault struct { // secrets lister. // Returned errors may be network failures and should be considered for // retrying. -func New(namespace string, createTokenFn func(ns string) CreateToken, secretsLister internalinformers.SecretLister, issuer v1.GenericIssuer) (Interface, error) { +func New(ctx context.Context, namespace string, createTokenFn func(ns string) CreateToken, secretsLister internalinformers.SecretLister, issuer v1.GenericIssuer) (Interface, error) { v := &Vault{ createToken: createTokenFn(namespace), secretsLister: secretsLister, @@ -120,7 +120,7 @@ func New(namespace string, createTokenFn func(ns string) CreateToken, secretsLis // Use the (maybe) namespaced client to authenticate. // If a Vault namespace is configured, then the authentication endpoints are // expected to be in that namespace. - if err := v.setToken(clientNS); err != nil { + if err := v.setToken(ctx, clientNS); err != nil { return nil, err } @@ -180,7 +180,7 @@ func (v *Vault) Sign(csrPEM []byte, duration time.Duration) (cert []byte, ca []b return extractCertificatesFromVaultCertificateSecret(&vaultResult) } -func (v *Vault) setToken(client Client) error { +func (v *Vault) setToken(ctx context.Context, client Client) error { // IMPORTANT: Because of backwards compatibility with older versions that // incorrectly allowed multiple authentication methods to be specified at // the time of validation, we must still allow multiple authentication methods @@ -212,7 +212,7 @@ func (v *Vault) setToken(client Client) error { kubernetesAuth := v.issuer.GetSpec().Vault.Auth.Kubernetes if kubernetesAuth != nil { - token, err := v.requestTokenWithKubernetesAuth(client, kubernetesAuth) + token, err := v.requestTokenWithKubernetesAuth(ctx, client, kubernetesAuth) if err != nil { return fmt.Errorf("while requesting a Vault token using the Kubernetes auth: %w", err) } @@ -429,7 +429,7 @@ func (v *Vault) requestTokenWithAppRoleRef(client Client, appRole *v1.VaultAppRo return token, nil } -func (v *Vault) requestTokenWithKubernetesAuth(client Client, kubernetesAuth *v1.VaultKubernetesAuth) (string, error) { +func (v *Vault) requestTokenWithKubernetesAuth(ctx context.Context, client Client, kubernetesAuth *v1.VaultKubernetesAuth) (string, error) { var jwt string switch { case kubernetesAuth.SecretRef.Name != "": @@ -460,7 +460,7 @@ func (v *Vault) requestTokenWithKubernetesAuth(client Client, kubernetesAuth *v1 audiences := append([]string(nil), kubernetesAuth.ServiceAccountRef.TokenAudiences...) audiences = append(audiences, defaultAudience) - tokenrequest, err := v.createToken(context.Background(), kubernetesAuth.ServiceAccountRef.Name, &authv1.TokenRequest{ + tokenrequest, err := v.createToken(ctx, kubernetesAuth.ServiceAccountRef.Name, &authv1.TokenRequest{ Spec: authv1.TokenRequestSpec{ // Default audience is generated by cert-manager. // This is the most secure configuration as vault role must explicitly mandate the audience. diff --git a/internal/vault/vault_test.go b/internal/vault/vault_test.go index 95ee32de98c..03838e0a08a 100644 --- a/internal/vault/vault_test.go +++ b/internal/vault/vault_test.go @@ -871,7 +871,7 @@ func TestSetToken(t *testing.T) { issuer: test.issuer, } - err := v.setToken(test.fakeClient) + err := v.setToken(context.TODO(), test.fakeClient) if ((test.expectedErr == nil) != (err == nil)) && test.expectedErr != nil && test.expectedErr.Error() != err.Error() { @@ -1511,6 +1511,7 @@ func TestNewWithVaultNamespaces(t *testing.T) { tc := tc t.Run(tc.name, func(t *testing.T) { c, err := New( + context.TODO(), "k8s-ns1", func(ns string) CreateToken { return nil }, listers.FakeSecretListerFrom(listers.NewFakeSecretLister(), @@ -1567,6 +1568,7 @@ func TestIsVaultInitiatedAndUnsealedIntegration(t *testing.T) { defer server.Close() v, err := New( + context.TODO(), "k8s-ns1", func(ns string) CreateToken { return nil }, listers.FakeSecretListerFrom(listers.NewFakeSecretLister(), @@ -1632,6 +1634,7 @@ func TestSignIntegration(t *testing.T) { defer server.Close() v, err := New( + context.TODO(), "k8s-ns1", func(ns string) CreateToken { return nil }, listers.FakeSecretListerFrom(listers.NewFakeSecretLister(), diff --git a/pkg/controller/acmechallenges/sync.go b/pkg/controller/acmechallenges/sync.go index b49583b270a..895d046b9ce 100644 --- a/pkg/controller/acmechallenges/sync.go +++ b/pkg/controller/acmechallenges/sync.go @@ -160,7 +160,7 @@ func (c *controller) Sync(ctx context.Context, chOriginal *cmacme.Challenge) (er // means no CAA check is performed by ACME server or if any valid // CAA would stop issuance (strongly suspect the former) if len(dir.CAA) != 0 { - err := dnsutil.ValidateCAA(ch.Spec.DNSName, dir.CAA, ch.Spec.Wildcard, c.dns01Nameservers) + err := dnsutil.ValidateCAA(ctx, ch.Spec.DNSName, dir.CAA, ch.Spec.Wildcard, c.dns01Nameservers) if err != nil { ch.Status.Reason = fmt.Sprintf("CAA self-check failed: %s", err) return err diff --git a/pkg/controller/builder.go b/pkg/controller/builder.go index 18475cd2b77..a9f8f227593 100644 --- a/pkg/controller/builder.go +++ b/pkg/controller/builder.go @@ -20,8 +20,6 @@ import ( "context" "fmt" "time" - - logf "github.com/cert-manager/cert-manager/pkg/logs" ) // Builder is used to build controllers that implement the queuingController @@ -72,8 +70,6 @@ func (b *Builder) Complete() (Interface, error) { return nil, err } - ctx := logf.NewContext(controllerctx.RootContext, logf.FromContext(controllerctx.RootContext), b.name) - if b.impl == nil { return nil, fmt.Errorf("controller implementation must be non-nil") } @@ -82,5 +78,5 @@ func (b *Builder) Complete() (Interface, error) { return nil, fmt.Errorf("error registering controller: %v", err) } - return NewController(ctx, b.name, controllerctx.Metrics, b.impl.ProcessItem, mustSync, b.runDurationFuncs, queue), nil + return NewController(b.name, controllerctx.Metrics, b.impl.ProcessItem, mustSync, b.runDurationFuncs, queue), nil } diff --git a/pkg/controller/certificaterequests/vault/vault.go b/pkg/controller/certificaterequests/vault/vault.go index ef0d7b3b7c7..242f923a576 100644 --- a/pkg/controller/certificaterequests/vault/vault.go +++ b/pkg/controller/certificaterequests/vault/vault.go @@ -78,7 +78,7 @@ func (v *Vault) Sign(ctx context.Context, cr *v1.CertificateRequest, issuerObj v resourceNamespace := v.issuerOptions.ResourceNamespace(issuerObj) - client, err := v.vaultClientBuilder(resourceNamespace, v.createTokenFn, v.secretsLister, issuerObj) + client, err := v.vaultClientBuilder(ctx, resourceNamespace, v.createTokenFn, v.secretsLister, issuerObj) if k8sErrors.IsNotFound(err) { message := "Required secret resource not found" diff --git a/pkg/controller/certificaterequests/vault/vault_test.go b/pkg/controller/certificaterequests/vault/vault_test.go index 2224eb91295..6996b4c6713 100644 --- a/pkg/controller/certificaterequests/vault/vault_test.go +++ b/pkg/controller/certificaterequests/vault/vault_test.go @@ -521,7 +521,7 @@ func runTest(t *testing.T, test testT) { vault := NewVault(test.builder.Context).(*Vault) if test.fakeVault != nil { - vault.vaultClientBuilder = func(ns string, _ func(ns string) internalvault.CreateToken, sl internalinformers.SecretLister, + vault.vaultClientBuilder = func(_ context.Context, ns string, _ func(ns string) internalvault.CreateToken, sl internalinformers.SecretLister, iss cmapi.GenericIssuer) (internalvault.Interface, error) { return test.fakeVault.New(ns, sl, iss) } diff --git a/pkg/controller/certificates/requestmanager/requestmanager_controller.go b/pkg/controller/certificates/requestmanager/requestmanager_controller.go index 0bdb6628a33..75c9ef10fdc 100644 --- a/pkg/controller/certificates/requestmanager/requestmanager_controller.go +++ b/pkg/controller/certificates/requestmanager/requestmanager_controller.go @@ -430,14 +430,14 @@ func (c *controller) createNewCertificateRequest(ctx context.Context, crt *cmapi return nil } - if err := c.waitForCertificateRequestToExist(cr.Namespace, cr.Name); err != nil { + if err := c.waitForCertificateRequestToExist(ctx, cr.Namespace, cr.Name); err != nil { return fmt.Errorf("failed whilst waiting for CertificateRequest to exist - this may indicate an apiserver running slowly. Request will be retried. %w", err) } return nil } -func (c *controller) waitForCertificateRequestToExist(namespace, name string) error { - return wait.PollUntilContextTimeout(context.TODO(), time.Millisecond*100, time.Second*5, false, func(ctx context.Context) (bool, error) { +func (c *controller) waitForCertificateRequestToExist(ctx context.Context, namespace, name string) error { + return wait.PollUntilContextTimeout(ctx, time.Millisecond*100, time.Second*5, false, func(_ context.Context) (bool, error) { _, err := c.certificateRequestLister.CertificateRequests(namespace).Get(name) if apierrors.IsNotFound(err) { return false, nil diff --git a/pkg/controller/certificatesigningrequests/vault/vault.go b/pkg/controller/certificatesigningrequests/vault/vault.go index cf5dca0490d..2ffff36205c 100644 --- a/pkg/controller/certificatesigningrequests/vault/vault.go +++ b/pkg/controller/certificatesigningrequests/vault/vault.go @@ -89,7 +89,7 @@ func (v *Vault) Sign(ctx context.Context, csr *certificatesv1.CertificateSigning resourceNamespace := v.issuerOptions.ResourceNamespace(issuerObj) createTokenFn := func(ns string) internalvault.CreateToken { return v.kclient.CoreV1().ServiceAccounts(ns).CreateToken } - client, err := v.clientBuilder(resourceNamespace, createTokenFn, v.secretsLister, issuerObj) + client, err := v.clientBuilder(ctx, resourceNamespace, createTokenFn, v.secretsLister, issuerObj) if apierrors.IsNotFound(err) { message := "Required secret resource not found" log.Error(err, message) diff --git a/pkg/controller/certificatesigningrequests/vault/vault_test.go b/pkg/controller/certificatesigningrequests/vault/vault_test.go index f4b52897755..5c457f41d38 100644 --- a/pkg/controller/certificatesigningrequests/vault/vault_test.go +++ b/pkg/controller/certificatesigningrequests/vault/vault_test.go @@ -130,7 +130,7 @@ func TestProcessItem(t *testing.T) { Status: corev1.ConditionTrue, }), ), - clientBuilder: func(_ string, _ func(ns string) internalvault.CreateToken, _ internalinformers.SecretLister, _ cmapi.GenericIssuer) (internalvault.Interface, error) { + clientBuilder: func(_ context.Context, _ string, _ func(ns string) internalvault.CreateToken, _ internalinformers.SecretLister, _ cmapi.GenericIssuer) (internalvault.Interface, error) { return nil, apierrors.NewNotFound(schema.GroupResource{}, "test-secret") }, builder: &testpkg.Builder{ @@ -191,7 +191,7 @@ func TestProcessItem(t *testing.T) { Status: corev1.ConditionTrue, }), ), - clientBuilder: func(_ string, _ func(ns string) internalvault.CreateToken, _ internalinformers.SecretLister, _ cmapi.GenericIssuer) (internalvault.Interface, error) { + clientBuilder: func(_ context.Context, _ string, _ func(ns string) internalvault.CreateToken, _ internalinformers.SecretLister, _ cmapi.GenericIssuer) (internalvault.Interface, error) { return nil, errors.New("generic error") }, expectedErr: true, @@ -235,7 +235,7 @@ func TestProcessItem(t *testing.T) { Status: corev1.ConditionTrue, }), ), - clientBuilder: func(_ string, _ func(ns string) internalvault.CreateToken, _ internalinformers.SecretLister, _ cmapi.GenericIssuer) (internalvault.Interface, error) { + clientBuilder: func(_ context.Context, _ string, _ func(ns string) internalvault.CreateToken, _ internalinformers.SecretLister, _ cmapi.GenericIssuer) (internalvault.Interface, error) { return fakevault.New(), nil }, builder: &testpkg.Builder{ @@ -297,7 +297,7 @@ func TestProcessItem(t *testing.T) { Status: corev1.ConditionTrue, }), ), - clientBuilder: func(_ string, _ func(ns string) internalvault.CreateToken, _ internalinformers.SecretLister, _ cmapi.GenericIssuer) (internalvault.Interface, error) { + clientBuilder: func(_ context.Context, _ string, _ func(ns string) internalvault.CreateToken, _ internalinformers.SecretLister, _ cmapi.GenericIssuer) (internalvault.Interface, error) { return fakevault.New().WithSign(nil, nil, errors.New("sign error")), nil }, builder: &testpkg.Builder{ @@ -358,7 +358,7 @@ func TestProcessItem(t *testing.T) { Status: corev1.ConditionTrue, }), ), - clientBuilder: func(_ string, _ func(ns string) internalvault.CreateToken, _ internalinformers.SecretLister, _ cmapi.GenericIssuer) (internalvault.Interface, error) { + clientBuilder: func(_ context.Context, _ string, _ func(ns string) internalvault.CreateToken, _ internalinformers.SecretLister, _ cmapi.GenericIssuer) (internalvault.Interface, error) { return fakevault.New().WithSign([]byte("signed-cert"), []byte("signing-ca"), nil), nil }, builder: &testpkg.Builder{ diff --git a/pkg/controller/context.go b/pkg/controller/context.go index bb76b295c10..5b412195f84 100644 --- a/pkg/controller/context.go +++ b/pkg/controller/context.go @@ -75,10 +75,6 @@ type Context struct { // RootContext is the root context for the controller RootContext context.Context - // StopCh is a channel that will be closed when the controller is signalled - // to exit - StopCh <-chan struct{} - // FieldManager is the string that should be used as the field manager when // applying API object. This value is derived from the user agent. FieldManager string @@ -316,7 +312,6 @@ func NewContextFactory(ctx context.Context, opts ContextOptions) (*ContextFactor log: logf.FromContext(ctx), ctx: &Context{ RootContext: ctx, - StopCh: ctx.Done(), KubeSharedInformerFactory: kubeSharedInformerFactory, SharedInformerFactory: sharedInformerFactory, GWShared: gwSharedInformerFactory, diff --git a/pkg/controller/controller.go b/pkg/controller/controller.go index 72e7a6dc9e0..21132d389e0 100644 --- a/pkg/controller/controller.go +++ b/pkg/controller/controller.go @@ -45,7 +45,6 @@ type queueingController interface { } func NewController( - ctx context.Context, name string, metrics *metrics.Metrics, syncFunc func(ctx context.Context, key string) error, @@ -54,7 +53,6 @@ func NewController( queue workqueue.RateLimitingInterface, ) Interface { return &controller{ - ctx: ctx, name: name, metrics: metrics, syncHandler: syncFunc, @@ -65,9 +63,6 @@ func NewController( } type controller struct { - // ctx is the root golang context for the controller - ctx context.Context - // name is the name for this controller name string @@ -94,14 +89,14 @@ type controller struct { } // Run starts the controller loop -func (c *controller) Run(workers int, stopCh <-chan struct{}) error { - ctx, cancel := context.WithCancel(c.ctx) +func (c *controller) Run(workers int, ctx context.Context) error { + ctx, cancel := context.WithCancel(ctx) defer cancel() - log := logf.FromContext(ctx) + log := logf.FromContext(ctx, c.name) log.V(logf.DebugLevel).Info("starting control loop") // wait for all the informer caches we depend on are synced - if !cache.WaitForCacheSync(stopCh, c.mustSync...) { + if !cache.WaitForCacheSync(ctx.Done(), c.mustSync...) { return fmt.Errorf("error waiting for informer caches to sync") } @@ -120,10 +115,10 @@ func (c *controller) Run(workers int, stopCh <-chan struct{}) error { for _, f := range c.runDurationFuncs { f := f // capture range variable - go wait.Until(func() { f.fn(ctx) }, f.duration, stopCh) + go wait.Until(func() { f.fn(ctx) }, f.duration, ctx.Done()) } - <-stopCh + <-ctx.Done() log.V(logf.InfoLevel).Info("shutting down queue as workqueue signaled shutdown") c.queue.ShutDown() log.V(logf.DebugLevel).Info("waiting for workers to exit...") @@ -133,7 +128,7 @@ func (c *controller) Run(workers int, stopCh <-chan struct{}) error { } func (c *controller) worker(ctx context.Context) { - log := logf.FromContext(c.ctx) + log := logf.FromContext(ctx) log.V(logf.DebugLevel).Info("starting worker") for { diff --git a/pkg/controller/register.go b/pkg/controller/register.go index ccd6d6e0054..7a22d1feb77 100644 --- a/pkg/controller/register.go +++ b/pkg/controller/register.go @@ -16,6 +16,8 @@ limitations under the License. package controller +import "context" + // This file defines types for controllers to register themselves with the // controller package. @@ -26,7 +28,7 @@ type Interface interface { // run, and the workers should shut down upon a signal on stopCh. // This method should block until all workers have exited cleanly, thus // allowing for graceful shutdown of control loops. - Run(workers int, stopCh <-chan struct{}) error + Run(workers int, ctx context.Context) error } // Constructor is a function that creates a new control loop given a diff --git a/pkg/healthz/healthz.go b/pkg/healthz/healthz.go index 6f720ad75e0..efbf58105dc 100644 --- a/pkg/healthz/healthz.go +++ b/pkg/healthz/healthz.go @@ -83,6 +83,8 @@ func (o *Server) Start(ctx context.Context, l net.Listener) error { // allow a timeout for graceful shutdown shutdownCtx, cancel := context.WithTimeout(context.Background(), 5*time.Second) defer cancel() + + // nolint: contextcheck return o.server.Shutdown(shutdownCtx) }) return g.Wait() diff --git a/pkg/issuer/acme/dns/acmedns/acmedns.go b/pkg/issuer/acme/dns/acmedns/acmedns.go index 26427a664fb..98ee11f8dd5 100644 --- a/pkg/issuer/acme/dns/acmedns/acmedns.go +++ b/pkg/issuer/acme/dns/acmedns/acmedns.go @@ -25,6 +25,7 @@ limitations under the License. package acmedns import ( + "context" "encoding/json" "fmt" "os" @@ -66,7 +67,7 @@ func NewDNSProviderHostBytes(host string, accountJSON []byte, dns01Nameservers [ } // Present creates a TXT record to fulfil the dns-01 challenge -func (c *DNSProvider) Present(domain, fqdn, value string) error { +func (c *DNSProvider) Present(_ context.Context, domain, fqdn, value string) error { if account, exists := c.accounts[domain]; exists { // Update the acme-dns TXT record. return c.client.UpdateTXTRecord(account, value) @@ -77,7 +78,7 @@ func (c *DNSProvider) Present(domain, fqdn, value string) error { // CleanUp removes the record matching the specified parameters. It is not // implemented for the ACME-DNS provider. -func (c *DNSProvider) CleanUp(_, _, _ string) error { +func (c *DNSProvider) CleanUp(_ context.Context, _, _, _ string) error { // ACME-DNS doesn't support the notion of removing a record. For users of // ACME-DNS it is expected the stale records remain in-place. return nil diff --git a/pkg/issuer/acme/dns/acmedns/acmedns_test.go b/pkg/issuer/acme/dns/acmedns/acmedns_test.go index 40cde27bf0c..2c65fcc1519 100644 --- a/pkg/issuer/acme/dns/acmedns/acmedns_test.go +++ b/pkg/issuer/acme/dns/acmedns/acmedns_test.go @@ -17,6 +17,7 @@ limitations under the License. package acmedns import ( + "context" "os" "testing" @@ -75,6 +76,6 @@ func TestLiveAcmeDnsPresent(t *testing.T) { assert.NoError(t, err) // ACME-DNS requires 43 character keys or it throws a bad TXT error - err = provider.Present(acmednsDomain, "", "LG3tptA6W7T1vw4ujbmDxH2lLu6r8TUIqLZD3pzPmgE") + err = provider.Present(context.TODO(), acmednsDomain, "", "LG3tptA6W7T1vw4ujbmDxH2lLu6r8TUIqLZD3pzPmgE") assert.NoError(t, err) } diff --git a/pkg/issuer/acme/dns/akamai/akamai.go b/pkg/issuer/acme/dns/akamai/akamai.go index 05d1e819dcc..58777bed552 100644 --- a/pkg/issuer/acme/dns/akamai/akamai.go +++ b/pkg/issuer/acme/dns/akamai/akamai.go @@ -20,6 +20,7 @@ limitations under the License. package akamai import ( + "context" "fmt" "strings" @@ -50,7 +51,7 @@ type DNSProvider struct { serviceConsumerDomain string dnsclient OpenEdgegridDNSService TTL int - findHostedDomainByFqdn func(string, []string) (string, error) + findHostedDomainByFqdn func(context.Context, string, []string) (string, error) isNotFound func(error) bool log logr.Logger } @@ -85,8 +86,8 @@ func NewDNSProvider(serviceConsumerDomain, clientToken, clientSecret, accessToke return dnsp, nil } -func findHostedDomainByFqdn(fqdn string, ns []string) (string, error) { - zone, err := util.FindZoneByFqdn(fqdn, ns) +func findHostedDomainByFqdn(ctx context.Context, fqdn string, ns []string) (string, error) { + zone, err := util.FindZoneByFqdn(ctx, fqdn, ns) if err != nil { return "", err } @@ -95,11 +96,10 @@ func findHostedDomainByFqdn(fqdn string, ns []string) (string, error) { } // Present creates/updates a TXT record to fulfill the dns-01 challenge. -func (a *DNSProvider) Present(domain, fqdn, value string) error { - +func (a *DNSProvider) Present(ctx context.Context, domain, fqdn, value string) error { logf.V(logf.DebugLevel).Infof("entering Present. domain: %s, fqdn: %s, value: %s", domain, fqdn, value) - hostedDomain, err := a.findHostedDomainByFqdn(fqdn, a.dns01Nameservers) + hostedDomain, err := a.findHostedDomainByFqdn(ctx, fqdn, a.dns01Nameservers) if err != nil { return fmt.Errorf("edgedns: failed to determine hosted domain for %q: %w", fqdn, err) } @@ -156,11 +156,10 @@ func (a *DNSProvider) Present(domain, fqdn, value string) error { } // CleanUp removes/updates the TXT record matching the specified parameters. -func (a *DNSProvider) CleanUp(domain, fqdn, value string) error { - +func (a *DNSProvider) CleanUp(ctx context.Context, domain, fqdn, value string) error { logf.V(logf.DebugLevel).Infof("entering CleanUp. domain: %s, fqdn: %s, value: %s", domain, fqdn, value) - hostedDomain, err := a.findHostedDomainByFqdn(fqdn, a.dns01Nameservers) + hostedDomain, err := a.findHostedDomainByFqdn(ctx, fqdn, a.dns01Nameservers) if err != nil { return fmt.Errorf("edgedns: failed to determine hosted domain for %q: %w", fqdn, err) } diff --git a/pkg/issuer/acme/dns/akamai/akamai_test.go b/pkg/issuer/acme/dns/akamai/akamai_test.go index 17caa573a3c..e66cdf98b90 100644 --- a/pkg/issuer/acme/dns/akamai/akamai_test.go +++ b/pkg/issuer/acme/dns/akamai/akamai_test.go @@ -17,6 +17,7 @@ limitations under the License. package akamai import ( + "context" "fmt" "reflect" "testing" @@ -53,8 +54,7 @@ type StubOpenDNSConfig struct { FuncErrors map[string]error } -func findStubHostedDomainByFqdn(fqdn string, ns []string) (string, error) { - +func findStubHostedDomainByFqdn(_ context.Context, fqdn string, ns []string) (string, error) { return "test.example.com", nil } @@ -93,7 +93,7 @@ func TestPresentBasicFlow(t *testing.T) { akamai.dnsclient.(*StubOpenDNSConfig).FuncErrors["RecordUpdate"] = fmt.Errorf("Update not expected") akamai.dnsclient.(*StubOpenDNSConfig).FuncErrors["RecordDelete"] = fmt.Errorf("Delete not expected") - assert.NoError(t, akamai.Present("test.example.com", "_acme-challenge.test.example.com.", "dns01-key")) + assert.NoError(t, akamai.Present(context.TODO(), "test.example.com", "_acme-challenge.test.example.com.", "dns01-key")) } @@ -110,7 +110,7 @@ func TestPresentExists(t *testing.T) { akamai.dnsclient.(*StubOpenDNSConfig).FuncErrors["RecordSave"] = fmt.Errorf("Save not expected") akamai.dnsclient.(*StubOpenDNSConfig).FuncErrors["RecordDelete"] = fmt.Errorf("Delete not expected") - assert.NoError(t, akamai.Present("test.example.com", "_acme-challenge.test.example.com.", "dns01-key-stub")) + assert.NoError(t, akamai.Present(context.TODO(), "test.example.com", "_acme-challenge.test.example.com.", "dns01-key-stub")) } @@ -127,7 +127,7 @@ func TestPresentValueExists(t *testing.T) { akamai.dnsclient.(*StubOpenDNSConfig).FuncErrors["RecordUpdate"] = fmt.Errorf("Update not expected") akamai.dnsclient.(*StubOpenDNSConfig).FuncErrors["RecordDelete"] = fmt.Errorf("Delete not expected") - assert.NoError(t, akamai.Present("test.example.com", "_acme-challenge.test.example.com.", "dns01-key")) + assert.NoError(t, akamai.Present(context.TODO(), "test.example.com", "_acme-challenge.test.example.com.", "dns01-key")) } @@ -144,7 +144,7 @@ func TestPresentFailGetRecord(t *testing.T) { akamai.dnsclient.(*StubOpenDNSConfig).FuncErrors["RecordUpdate"] = fmt.Errorf("Update not expected") akamai.dnsclient.(*StubOpenDNSConfig).FuncErrors["RecordDelete"] = fmt.Errorf("Delete not expected") - assert.Error(t, akamai.Present("test.example.com", "_acme-challenge.test.example.com.", "dns01-key")) + assert.Error(t, akamai.Present(context.TODO(), "test.example.com", "_acme-challenge.test.example.com.", "dns01-key")) } @@ -160,7 +160,7 @@ func TestPresentFailSaveRecord(t *testing.T) { akamai.dnsclient.(*StubOpenDNSConfig).FuncErrors["RecordUpdate"] = fmt.Errorf("Update not expected") akamai.dnsclient.(*StubOpenDNSConfig).FuncErrors["RecordDelete"] = fmt.Errorf("Delete not expected") - assert.Error(t, akamai.Present("test.example.com", "_acme-challenge.test.example.com.", "dns01-key")) + assert.Error(t, akamai.Present(context.TODO(), "test.example.com", "_acme-challenge.test.example.com.", "dns01-key")) } @@ -177,7 +177,7 @@ func TestPresentFailUpdateRecord(t *testing.T) { akamai.dnsclient.(*StubOpenDNSConfig).FuncErrors["RecordUpdate"] = fmt.Errorf("Update failed") akamai.dnsclient.(*StubOpenDNSConfig).FuncErrors["RecordDelete"] = fmt.Errorf("Delete not expected") - assert.Error(t, akamai.Present("test.example.com", "_acme-challenge.test.example.com.", "dns01-key-stub")) + assert.Error(t, akamai.Present(context.TODO(), "test.example.com", "_acme-challenge.test.example.com.", "dns01-key-stub")) } @@ -194,7 +194,7 @@ func TestCleanUpBasicFlow(t *testing.T) { akamai.dnsclient.(*StubOpenDNSConfig).FuncErrors["RecordSave"] = fmt.Errorf("Save not expected") akamai.dnsclient.(*StubOpenDNSConfig).FuncErrors["RecordUpdate"] = fmt.Errorf("Update not expected") - assert.NoError(t, akamai.CleanUp("test.example.com", "_acme-challenge.test.example.com.", "dns01-key")) + assert.NoError(t, akamai.CleanUp(context.TODO(), "test.example.com", "_acme-challenge.test.example.com.", "dns01-key")) } @@ -211,7 +211,7 @@ func TestCleanUpExists(t *testing.T) { akamai.dnsclient.(*StubOpenDNSConfig).FuncErrors["RecordSave"] = fmt.Errorf("Save not expected") akamai.dnsclient.(*StubOpenDNSConfig).FuncErrors["RecordDelete"] = fmt.Errorf("Delete not expected") - assert.NoError(t, akamai.CleanUp("test.example.com", "_acme-challenge.test.example.com.", "dns01-key-stub")) + assert.NoError(t, akamai.CleanUp(context.TODO(), "test.example.com", "_acme-challenge.test.example.com.", "dns01-key-stub")) } @@ -228,7 +228,7 @@ func TestCleanUpExistsNoValue(t *testing.T) { akamai.dnsclient.(*StubOpenDNSConfig).FuncErrors["RecordUpdate"] = fmt.Errorf("Update not expected") akamai.dnsclient.(*StubOpenDNSConfig).FuncErrors["RecordDelete"] = fmt.Errorf("Delete not expected") - assert.NoError(t, akamai.CleanUp("test.example.com", "_acme-challenge.test.example.com.", "dns01-key-stub")) + assert.NoError(t, akamai.CleanUp(context.TODO(), "test.example.com", "_acme-challenge.test.example.com.", "dns01-key-stub")) } @@ -245,7 +245,7 @@ func TestCleanUpNoRecord(t *testing.T) { akamai.dnsclient.(*StubOpenDNSConfig).FuncErrors["RecordUpdate"] = fmt.Errorf("Update not expected") akamai.dnsclient.(*StubOpenDNSConfig).FuncErrors["RecordDelete"] = fmt.Errorf("Delete not expected") - assert.NoError(t, akamai.CleanUp("test.example.com", "_acme-challenge.test.example.com.", "dns01")) + assert.NoError(t, akamai.CleanUp(context.TODO(), "test.example.com", "_acme-challenge.test.example.com.", "dns01")) } @@ -262,7 +262,7 @@ func TestCleanUpFailGetRecord(t *testing.T) { akamai.dnsclient.(*StubOpenDNSConfig).FuncErrors["RecordUpdate"] = fmt.Errorf("Update not expected") akamai.dnsclient.(*StubOpenDNSConfig).FuncErrors["RecordDelete"] = fmt.Errorf("Delete not expected") - assert.Error(t, akamai.CleanUp("test.example.com", "_acme-challenge.test.example.com.", "dns01-key")) + assert.Error(t, akamai.CleanUp(context.TODO(), "test.example.com", "_acme-challenge.test.example.com.", "dns01-key")) } @@ -279,7 +279,7 @@ func TestCleanUpFailUpdateRecord(t *testing.T) { akamai.dnsclient.(*StubOpenDNSConfig).FuncErrors["RecordUpdate"] = fmt.Errorf("Update failed") akamai.dnsclient.(*StubOpenDNSConfig).FuncErrors["RecordDelete"] = fmt.Errorf("Delete not expected") - assert.Error(t, akamai.CleanUp("test.example.com", "_acme-challenge.test.example.com.", "dns01-key-stub")) + assert.Error(t, akamai.CleanUp(context.TODO(), "test.example.com", "_acme-challenge.test.example.com.", "dns01-key-stub")) } @@ -296,7 +296,7 @@ func TestCleanUpFailDeleteRecord(t *testing.T) { akamai.dnsclient.(*StubOpenDNSConfig).FuncErrors["RecordUpdate"] = fmt.Errorf("Update not expected") akamai.dnsclient.(*StubOpenDNSConfig).FuncErrors["RecordDelete"] = fmt.Errorf("Delete failed") - assert.Error(t, akamai.CleanUp("test.example.com", "_acme-challenge.test.example.com.", "dns01-key")) + assert.Error(t, akamai.CleanUp(context.TODO(), "test.example.com", "_acme-challenge.test.example.com.", "dns01-key")) } diff --git a/pkg/issuer/acme/dns/azuredns/azuredns.go b/pkg/issuer/acme/dns/azuredns/azuredns.go index eecee07a8c0..da5a768e1ff 100644 --- a/pkg/issuer/acme/dns/azuredns/azuredns.go +++ b/pkg/issuer/acme/dns/azuredns/azuredns.go @@ -137,20 +137,20 @@ func getAuthorization(clientOpt policy.ClientOptions, clientID, clientSecret, te } // Present creates a TXT record using the specified parameters -func (c *DNSProvider) Present(domain, fqdn, value string) error { - return c.createRecord(fqdn, value, 60) +func (c *DNSProvider) Present(ctx context.Context, domain, fqdn, value string) error { + return c.createRecord(ctx, fqdn, value, 60) } // CleanUp removes the TXT record matching the specified parameters -func (c *DNSProvider) CleanUp(domain, fqdn, value string) error { - z, err := c.getHostedZoneName(fqdn) +func (c *DNSProvider) CleanUp(ctx context.Context, domain, fqdn, value string) error { + z, err := c.getHostedZoneName(ctx, fqdn) if err != nil { c.log.Error(err, "Error getting hosted zone name for fqdn", "fqdn", fqdn) return err } _, err = c.recordClient.Delete( - context.TODO(), + ctx, c.resourceGroupName, z, c.trimFqdn(fqdn, z), @@ -162,7 +162,7 @@ func (c *DNSProvider) CleanUp(domain, fqdn, value string) error { return nil } -func (c *DNSProvider) createRecord(fqdn, value string, ttl int) error { +func (c *DNSProvider) createRecord(ctx context.Context, fqdn, value string, ttl int) error { rparams := &dns.RecordSet{ Properties: &dns.RecordSetProperties{ TTL: to.Ptr(int64(ttl)), @@ -172,13 +172,13 @@ func (c *DNSProvider) createRecord(fqdn, value string, ttl int) error { }, } - z, err := c.getHostedZoneName(fqdn) + z, err := c.getHostedZoneName(ctx, fqdn) if err != nil { return err } _, err = c.recordClient.CreateOrUpdate( - context.TODO(), + ctx, c.resourceGroupName, z, c.trimFqdn(fqdn, z), @@ -191,11 +191,11 @@ func (c *DNSProvider) createRecord(fqdn, value string, ttl int) error { return nil } -func (c *DNSProvider) getHostedZoneName(fqdn string) (string, error) { +func (c *DNSProvider) getHostedZoneName(ctx context.Context, fqdn string) (string, error) { if c.zoneName != "" { return c.zoneName, nil } - z, err := util.FindZoneByFqdn(fqdn, c.dns01Nameservers) + z, err := util.FindZoneByFqdn(ctx, fqdn, c.dns01Nameservers) if err != nil { return "", err } @@ -203,7 +203,7 @@ func (c *DNSProvider) getHostedZoneName(fqdn string) (string, error) { return "", fmt.Errorf("Zone %s not found for domain %s", z, fqdn) } - if _, err := c.zoneClient.Get(context.TODO(), c.resourceGroupName, util.UnFqdn(z), nil); err != nil { + if _, err := c.zoneClient.Get(ctx, c.resourceGroupName, util.UnFqdn(z), nil); err != nil { c.log.Error(err, "Error getting Zone for domain", "zone", z, "domain", fqdn, "resource group", c.resourceGroupName) return "", fmt.Errorf("Zone %s not found in AzureDNS for domain %s. Err: %v", z, fqdn, stabilizeError(err)) } diff --git a/pkg/issuer/acme/dns/azuredns/azuredns_test.go b/pkg/issuer/acme/dns/azuredns/azuredns_test.go index 1639136017e..1d5947e4bba 100644 --- a/pkg/issuer/acme/dns/azuredns/azuredns_test.go +++ b/pkg/issuer/acme/dns/azuredns/azuredns_test.go @@ -65,7 +65,7 @@ func TestLiveAzureDnsPresent(t *testing.T) { provider, err := NewDNSProviderCredentials("", azureClientID, azureClientSecret, azuresubscriptionID, azureTenantID, azureResourceGroupName, azureHostedZoneName, util.RecursiveNameservers, false, &v1.AzureManagedIdentity{}) assert.NoError(t, err) - err = provider.Present(azureDomain, "_acme-challenge."+azureDomain+".", "123d==") + err = provider.Present(context.TODO(), azureDomain, "_acme-challenge."+azureDomain+".", "123d==") assert.NoError(t, err) } @@ -79,7 +79,7 @@ func TestLiveAzureDnsCleanUp(t *testing.T) { provider, err := NewDNSProviderCredentials("", azureClientID, azureClientSecret, azuresubscriptionID, azureTenantID, azureResourceGroupName, azureHostedZoneName, util.RecursiveNameservers, false, &v1.AzureManagedIdentity{}) assert.NoError(t, err) - err = provider.CleanUp(azureDomain, "_acme-challenge."+azureDomain+".", "123d==") + err = provider.CleanUp(context.TODO(), azureDomain, "_acme-challenge."+azureDomain+".", "123d==") assert.NoError(t, err) } @@ -375,7 +375,7 @@ func TestStabilizeResponseError(t *testing.T) { zoneClient: zc, } - err = dnsProvider.Present("test.com", "fqdn.test.com.", "test123") + err = dnsProvider.Present(context.TODO(), "test.com", "fqdn.test.com.", "test123") require.Error(t, err) require.ErrorContains(t, err, fmt.Sprintf(`Zone test.com. not found in AzureDNS for domain fqdn.test.com.. Err: GET %s/subscriptions/subscriptionID/resourceGroups/resourceGroupName/providers/Microsoft.Network/dnsZones/test.com -------------------------------------------------------------------------------- diff --git a/pkg/issuer/acme/dns/clouddns/clouddns.go b/pkg/issuer/acme/dns/clouddns/clouddns.go index 9f5d24c04d5..60e85aa2bb9 100644 --- a/pkg/issuer/acme/dns/clouddns/clouddns.go +++ b/pkg/issuer/acme/dns/clouddns/clouddns.go @@ -36,7 +36,7 @@ type DNSProvider struct { } // NewDNSProvider returns a new DNSProvider Instance with configuration -func NewDNSProvider(project string, saBytes []byte, dns01Nameservers []string, ambient bool, hostedZoneName string) (*DNSProvider, error) { +func NewDNSProvider(ctx context.Context, project string, saBytes []byte, dns01Nameservers []string, ambient bool, hostedZoneName string) (*DNSProvider, error) { // project is a required field if project == "" { return nil, fmt.Errorf("Google Cloud project name missing") @@ -47,11 +47,11 @@ func NewDNSProvider(project string, saBytes []byte, dns01Nameservers []string, a if !ambient { return nil, fmt.Errorf("unable to construct clouddns provider: empty credentials; perhaps you meant to enable ambient credentials?") } - return NewDNSProviderCredentials(project, dns01Nameservers, hostedZoneName) + return NewDNSProviderCredentials(ctx, project, dns01Nameservers, hostedZoneName) } // if service account data is provided, we instantiate using that if len(saBytes) != 0 { - return NewDNSProviderServiceAccountBytes(project, saBytes, dns01Nameservers, hostedZoneName) + return NewDNSProviderServiceAccountBytes(ctx, project, saBytes, dns01Nameservers, hostedZoneName) } return nil, fmt.Errorf("missing Google Cloud DNS provider credentials") } @@ -60,30 +60,31 @@ func NewDNSProvider(project string, saBytes []byte, dns01Nameservers []string, a // DNS. Project name must be passed in the environment variable: GCE_PROJECT. // A Service Account file can be passed in the environment variable: // GCE_SERVICE_ACCOUNT_FILE -func NewDNSProviderEnvironment(dns01Nameservers []string, hostedZoneName string) (*DNSProvider, error) { +func NewDNSProviderEnvironment(ctx context.Context, dns01Nameservers []string, hostedZoneName string) (*DNSProvider, error) { project := os.Getenv("GCE_PROJECT") if saFile, ok := os.LookupEnv("GCE_SERVICE_ACCOUNT_FILE"); ok { - return NewDNSProviderServiceAccount(project, saFile, dns01Nameservers, hostedZoneName) + return NewDNSProviderServiceAccount(ctx, project, saFile, dns01Nameservers, hostedZoneName) } - return NewDNSProviderCredentials(project, dns01Nameservers, hostedZoneName) + return NewDNSProviderCredentials(ctx, project, dns01Nameservers, hostedZoneName) } // NewDNSProviderCredentials uses the supplied credentials to return a // DNSProvider instance configured for Google Cloud DNS. -func NewDNSProviderCredentials(project string, dns01Nameservers []string, hostedZoneName string) (*DNSProvider, error) { +func NewDNSProviderCredentials(ctx context.Context, project string, dns01Nameservers []string, hostedZoneName string) (*DNSProvider, error) { if project == "" { return nil, fmt.Errorf("Google Cloud project name missing") } - ctx := context.Background() client, err := google.DefaultClient(ctx, dns.NdevClouddnsReadwriteScope) if err != nil { return nil, fmt.Errorf("Unable to get Google Cloud client: %v", err) } + svc, err := dns.NewService(ctx, option.WithHTTPClient(client)) if err != nil { return nil, fmt.Errorf("Unable to create Google Cloud DNS service: %v", err) } + return &DNSProvider{ project: project, client: svc, @@ -95,7 +96,7 @@ func NewDNSProviderCredentials(project string, dns01Nameservers []string, hosted // NewDNSProviderServiceAccount uses the supplied service account JSON file to // return a DNSProvider instance configured for Google Cloud DNS. -func NewDNSProviderServiceAccount(project string, saFile string, dns01Nameservers []string, hostedZoneName string) (*DNSProvider, error) { +func NewDNSProviderServiceAccount(ctx context.Context, project string, saFile string, dns01Nameservers []string, hostedZoneName string) (*DNSProvider, error) { if project == "" { return nil, fmt.Errorf("Google Cloud project name missing") } @@ -107,12 +108,12 @@ func NewDNSProviderServiceAccount(project string, saFile string, dns01Nameserver if err != nil { return nil, fmt.Errorf("Unable to read Service Account file: %v", err) } - return NewDNSProviderServiceAccountBytes(project, dat, dns01Nameservers, hostedZoneName) + return NewDNSProviderServiceAccountBytes(ctx, project, dat, dns01Nameservers, hostedZoneName) } // NewDNSProviderServiceAccountBytes uses the supplied service account JSON // file data to return a DNSProvider instance configured for Google Cloud DNS. -func NewDNSProviderServiceAccountBytes(project string, saBytes []byte, dns01Nameservers []string, hostedZoneName string) (*DNSProvider, error) { +func NewDNSProviderServiceAccountBytes(ctx context.Context, project string, saBytes []byte, dns01Nameservers []string, hostedZoneName string) (*DNSProvider, error) { if project == "" { return nil, fmt.Errorf("Google Cloud project name missing") } @@ -125,7 +126,6 @@ func NewDNSProviderServiceAccountBytes(project string, saBytes []byte, dns01Name return nil, fmt.Errorf("Unable to acquire config: %v", err) } - ctx := context.Background() client := conf.Client(ctx) svc, err := dns.NewService(ctx, option.WithHTTPClient(client)) @@ -142,8 +142,8 @@ func NewDNSProviderServiceAccountBytes(project string, saBytes []byte, dns01Name } // Present creates a TXT record to fulfil the dns-01 challenge. -func (c *DNSProvider) Present(domain, fqdn, value string) error { - zone, err := c.getHostedZone(fqdn) +func (c *DNSProvider) Present(ctx context.Context, domain, fqdn, value string) error { + zone, err := c.getHostedZone(ctx, fqdn) if err != nil { return err } @@ -157,7 +157,12 @@ func (c *DNSProvider) Present(domain, fqdn, value string) error { change := &dns.Change{} // Look for existing records. - list, err := c.client.ResourceRecordSets.List(c.project, zone).Name(fqdn).Type("TXT").Do() + list, err := c.client.ResourceRecordSets. + List(c.project, zone). + Name(fqdn). + Type("TXT"). + Context(ctx). + Do() if err != nil { return err } @@ -180,7 +185,7 @@ func (c *DNSProvider) Present(domain, fqdn, value string) error { } change.Additions = []*dns.ResourceRecordSet{rec} - chg, err := c.client.Changes.Create(c.project, zone, change).Do() + chg, err := c.client.Changes.Create(c.project, zone, change).Context(ctx).Do() if err != nil { return err } @@ -189,7 +194,7 @@ func (c *DNSProvider) Present(domain, fqdn, value string) error { for chg.Status == "pending" { time.Sleep(time.Second) - chg, err = c.client.Changes.Get(c.project, zone, chg.Id).Do() + chg, err = c.client.Changes.Get(c.project, zone, chg.Id).Context(ctx).Do() if err != nil { return err } @@ -199,13 +204,13 @@ func (c *DNSProvider) Present(domain, fqdn, value string) error { } // CleanUp removes the TXT record matching the specified parameters. -func (c *DNSProvider) CleanUp(domain, fqdn, value string) error { - zone, err := c.getHostedZone(fqdn) +func (c *DNSProvider) CleanUp(ctx context.Context, domain, fqdn, value string) error { + zone, err := c.getHostedZone(ctx, fqdn) if err != nil { return err } - records, err := c.findTxtRecords(zone, fqdn, value) + records, err := c.findTxtRecords(ctx, zone, fqdn, value) if err != nil { return err } @@ -227,7 +232,7 @@ func (c *DNSProvider) CleanUp(domain, fqdn, value string) error { } change.Additions = []*dns.ResourceRecordSet{filtered} } - _, err = c.client.Changes.Create(c.project, zone, change).Do() + _, err = c.client.Changes.Create(c.project, zone, change).Context(ctx).Do() if err != nil { return err } @@ -236,12 +241,12 @@ func (c *DNSProvider) CleanUp(domain, fqdn, value string) error { } // getHostedZone returns the managed-zone -func (c *DNSProvider) getHostedZone(domain string) (string, error) { +func (c *DNSProvider) getHostedZone(ctx context.Context, domain string) (string, error) { if c.hostedZoneName != "" { return c.hostedZoneName, nil } - authZone, err := util.FindZoneByFqdn(util.ToFqdn(domain), c.dns01Nameservers) + authZone, err := util.FindZoneByFqdn(ctx, util.ToFqdn(domain), c.dns01Nameservers) if err != nil { return "", err } @@ -249,6 +254,7 @@ func (c *DNSProvider) getHostedZone(domain string) (string, error) { zones, err := c.client.ManagedZones. List(c.project). DnsName(authZone). + Context(ctx). Do() if err != nil { return "", fmt.Errorf("GoogleCloud API call failed: %v", err) @@ -270,8 +276,11 @@ func (c *DNSProvider) getHostedZone(domain string) (string, error) { return zones.ManagedZones[0].Name, nil } -func (c *DNSProvider) findTxtRecords(zone, fqdn, value string) ([]*dns.ResourceRecordSet, error) { - recs, err := c.client.ResourceRecordSets.List(c.project, zone).Do() +func (c *DNSProvider) findTxtRecords(ctx context.Context, zone, fqdn, value string) ([]*dns.ResourceRecordSet, error) { + recs, err := c.client.ResourceRecordSets. + List(c.project, zone). + Context(ctx). + Do() if err != nil { return nil, err } diff --git a/pkg/issuer/acme/dns/clouddns/clouddns_test.go b/pkg/issuer/acme/dns/clouddns/clouddns_test.go index 7c2591c3bb5..d40b1e08f43 100644 --- a/pkg/issuer/acme/dns/clouddns/clouddns_test.go +++ b/pkg/issuer/acme/dns/clouddns/clouddns_test.go @@ -41,7 +41,7 @@ func TestNewDNSProviderValid(t *testing.T) { t.Skip("skipping live test (requires credentials)") } t.Setenv("GCE_PROJECT", "") - _, err := NewDNSProviderCredentials("my-project", util.RecursiveNameservers, "") + _, err := NewDNSProviderCredentials(context.TODO(), "my-project", util.RecursiveNameservers, "") assert.NoError(t, err) } @@ -50,13 +50,13 @@ func TestNewDNSProviderValidEnv(t *testing.T) { t.Skip("skipping live test (requires credentials)") } t.Setenv("GCE_PROJECT", "my-project") - _, err := NewDNSProviderEnvironment(util.RecursiveNameservers, "") + _, err := NewDNSProviderEnvironment(context.TODO(), util.RecursiveNameservers, "") assert.NoError(t, err) } func TestNewDNSProviderMissingCredErr(t *testing.T) { t.Setenv("GCE_PROJECT", "") - _, err := NewDNSProviderEnvironment(util.RecursiveNameservers, "") + _, err := NewDNSProviderEnvironment(context.TODO(), util.RecursiveNameservers, "") assert.EqualError(t, err, "Google Cloud project name missing") } @@ -65,10 +65,10 @@ func TestLiveGoogleCloudPresent(t *testing.T) { t.Skip("skipping live test") } - provider, err := NewDNSProviderCredentials(gcloudProject, util.RecursiveNameservers, "") + provider, err := NewDNSProviderCredentials(context.TODO(), gcloudProject, util.RecursiveNameservers, "") assert.NoError(t, err) - err = provider.Present(gcloudDomain, "_acme-challenge."+gcloudDomain+".", "123d==") + err = provider.Present(context.TODO(), gcloudDomain, "_acme-challenge."+gcloudDomain+".", "123d==") assert.NoError(t, err) } @@ -77,13 +77,13 @@ func TestLiveGoogleCloudPresentMultiple(t *testing.T) { t.Skip("skipping live test") } - provider, err := NewDNSProviderCredentials(gcloudProject, util.RecursiveNameservers, "") + provider, err := NewDNSProviderCredentials(context.TODO(), gcloudProject, util.RecursiveNameservers, "") assert.NoError(t, err) // Check that we're able to create multiple entries - err = provider.Present(gcloudDomain, "_acme-challenge."+gcloudDomain+".", "123d==") + err = provider.Present(context.TODO(), gcloudDomain, "_acme-challenge."+gcloudDomain+".", "123d==") assert.NoError(t, err) - err = provider.Present(gcloudDomain, "_acme-challenge."+gcloudDomain+".", "1123d==") + err = provider.Present(context.TODO(), gcloudDomain, "_acme-challenge."+gcloudDomain+".", "1123d==") assert.NoError(t, err) } @@ -94,10 +94,10 @@ func TestLiveGoogleCloudCleanUp(t *testing.T) { time.Sleep(time.Second * 1) - provider, err := NewDNSProviderCredentials(gcloudProject, util.RecursiveNameservers, "") + provider, err := NewDNSProviderCredentials(context.TODO(), gcloudProject, util.RecursiveNameservers, "") assert.NoError(t, err) - err = provider.CleanUp(gcloudDomain, "_acme-challenge."+gcloudDomain+".", "123d==") + err = provider.CleanUp(context.TODO(), gcloudDomain, "_acme-challenge."+gcloudDomain+".", "123d==") assert.NoError(t, err) } @@ -106,7 +106,7 @@ func TestDNSProvider_getHostedZone(t *testing.T) { t.Skip("skipping live test") } - testProvider, err := NewDNSProviderCredentials("my-project", util.RecursiveNameservers, "test-zone") + testProvider, err := NewDNSProviderCredentials(context.TODO(), "my-project", util.RecursiveNameservers, "test-zone") assert.NoError(t, err) type args struct { @@ -130,7 +130,7 @@ func TestDNSProvider_getHostedZone(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { c := tt.provider - got, err := c.getHostedZone(tt.args.domain) + got, err := c.getHostedZone(context.TODO(), tt.args.domain) if (err != nil) != tt.wantErr { t.Errorf("getHostedZone() error = %v, wantErr %v", err, tt.wantErr) return diff --git a/pkg/issuer/acme/dns/cloudflare/cloudflare.go b/pkg/issuer/acme/dns/cloudflare/cloudflare.go index 91a005f314c..c9284dce1e7 100644 --- a/pkg/issuer/acme/dns/cloudflare/cloudflare.go +++ b/pkg/issuer/acme/dns/cloudflare/cloudflare.go @@ -12,6 +12,7 @@ package cloudflare import ( "bytes" + "context" "encoding/json" "errors" "fmt" @@ -34,7 +35,7 @@ const cloudFlareMaxBodySize = 1024 * 1024 // 1mb // DNSProviderType is the Mockable Interface type DNSProviderType interface { - makeRequest(method, uri string, body io.Reader) (json.RawMessage, error) + makeRequest(ctx context.Context, method, uri string, body io.Reader) (json.RawMessage, error) } // DNSProvider is an implementation of the acme.ChallengeProvider interface @@ -104,7 +105,7 @@ func NewDNSProviderCredentials(email, key, token string, dns01Nameservers []stri // // It will try to call the API for each branch (from bottom to top) and see if there's a Zone-Record returned. // Calling See https://api.cloudflare.com/#zone-list-zones -func FindNearestZoneForFQDN(c DNSProviderType, fqdn string) (DNSZone, error) { +func FindNearestZoneForFQDN(ctx context.Context, c DNSProviderType, fqdn string) (DNSZone, error) { if fqdn == "" { return DNSZone{}, fmt.Errorf("FindNearestZoneForFQDN: FQDN-Parameter can't be empty, please specify a domain!") } @@ -121,7 +122,7 @@ func FindNearestZoneForFQDN(c DNSProviderType, fqdn string) (DNSZone, error) { continue } lastErr = nil - result, err := c.makeRequest("GET", "/zones?name="+nextName, nil) + result, err := c.makeRequest(ctx, "GET", "/zones?name="+nextName, nil) if err != nil { lastErr = err continue @@ -144,8 +145,8 @@ func FindNearestZoneForFQDN(c DNSProviderType, fqdn string) (DNSZone, error) { } // Present creates a TXT record to fulfil the dns-01 challenge -func (c *DNSProvider) Present(domain, fqdn, value string) error { - _, err := c.findTxtRecord(fqdn, value) +func (c *DNSProvider) Present(ctx context.Context, domain, fqdn, value string) error { + _, err := c.findTxtRecord(ctx, fqdn, value) if err == errNoExistingRecord { rec := cloudFlareRecord{ Type: "TXT", @@ -159,12 +160,12 @@ func (c *DNSProvider) Present(domain, fqdn, value string) error { return err } - zoneID, err := c.getHostedZoneID(fqdn) + zoneID, err := c.getHostedZoneID(ctx, fqdn) if err != nil { return err } - _, err = c.makeRequest("POST", fmt.Sprintf("/zones/%s/dns_records", zoneID), bytes.NewReader(body)) + _, err = c.makeRequest(ctx, "POST", fmt.Sprintf("/zones/%s/dns_records", zoneID), bytes.NewReader(body)) if err != nil { return err } @@ -180,8 +181,8 @@ func (c *DNSProvider) Present(domain, fqdn, value string) error { } // CleanUp removes the TXT record matching the specified parameters -func (c *DNSProvider) CleanUp(domain, fqdn, value string) error { - record, err := c.findTxtRecord(fqdn, value) +func (c *DNSProvider) CleanUp(ctx context.Context, domain, fqdn, value string) error { + record, err := c.findTxtRecord(ctx, fqdn, value) // Nothing to cleanup if err == errNoExistingRecord { return nil @@ -190,7 +191,7 @@ func (c *DNSProvider) CleanUp(domain, fqdn, value string) error { return err } - _, err = c.makeRequest("DELETE", fmt.Sprintf("/zones/%s/dns_records/%s", record.ZoneID, record.ID), nil) + _, err = c.makeRequest(ctx, "DELETE", fmt.Sprintf("/zones/%s/dns_records/%s", record.ZoneID, record.ID), nil) if err != nil { return err } @@ -198,8 +199,8 @@ func (c *DNSProvider) CleanUp(domain, fqdn, value string) error { return nil } -func (c *DNSProvider) getHostedZoneID(fqdn string) (string, error) { - hostedZone, err := FindNearestZoneForFQDN(c, fqdn) +func (c *DNSProvider) getHostedZoneID(ctx context.Context, fqdn string) (string, error) { + hostedZone, err := FindNearestZoneForFQDN(ctx, c, fqdn) if err != nil { return "", err } @@ -208,13 +209,14 @@ func (c *DNSProvider) getHostedZoneID(fqdn string) (string, error) { var errNoExistingRecord = errors.New("No existing record found") -func (c *DNSProvider) findTxtRecord(fqdn, content string) (*cloudFlareRecord, error) { - zoneID, err := c.getHostedZoneID(fqdn) +func (c *DNSProvider) findTxtRecord(ctx context.Context, fqdn, content string) (*cloudFlareRecord, error) { + zoneID, err := c.getHostedZoneID(ctx, fqdn) if err != nil { return nil, err } result, err := c.makeRequest( + ctx, "GET", fmt.Sprintf("/zones/%s/dns_records?per_page=100&type=TXT&name=%s", zoneID, util.UnFqdn(fqdn)), nil, @@ -238,7 +240,7 @@ func (c *DNSProvider) findTxtRecord(fqdn, content string) (*cloudFlareRecord, er return nil, errNoExistingRecord } -func (c *DNSProvider) makeRequest(method, uri string, body io.Reader) (json.RawMessage, error) { +func (c *DNSProvider) makeRequest(ctx context.Context, method, uri string, body io.Reader) (json.RawMessage, error) { // APIError contains error details for failed requests type APIError struct { Code int `json:"code,omitempty"` @@ -253,7 +255,7 @@ func (c *DNSProvider) makeRequest(method, uri string, body io.Reader) (json.RawM Result json.RawMessage `json:"result"` } - req, err := http.NewRequest(method, fmt.Sprintf("%s%s", CloudFlareAPIURL, uri), body) + req, err := http.NewRequestWithContext(ctx, method, fmt.Sprintf("%s%s", CloudFlareAPIURL, uri), body) if err != nil { return nil, err } diff --git a/pkg/issuer/acme/dns/cloudflare/cloudflare_test.go b/pkg/issuer/acme/dns/cloudflare/cloudflare_test.go index 9f6b37d7f0c..a0ddb50f1fe 100644 --- a/pkg/issuer/acme/dns/cloudflare/cloudflare_test.go +++ b/pkg/issuer/acme/dns/cloudflare/cloudflare_test.go @@ -9,6 +9,7 @@ this directory. package cloudflare import ( + "context" "encoding/json" "fmt" "io" @@ -34,7 +35,7 @@ type DNSProviderMock struct { mock.Mock } -func (c *DNSProviderMock) makeRequest(method, uri string, body io.Reader) (json.RawMessage, error) { +func (c *DNSProviderMock) makeRequest(ctx context.Context, method, uri string, body io.Reader) (json.RawMessage, error) { // stub makeRequest args := c.Called(method, uri, nil) return args.Get(0).([]uint8), args.Error(1) @@ -96,7 +97,7 @@ func TestFindNearestZoneForFQDN(t *testing.T) { {"id":"1a23cc4567b8def91a01c23a456e78cd","name":"sub.domain.com"} ]`), nil) - zone, err := FindNearestZoneForFQDN(dnsProvider, "_acme-challenge.test.sub.domain.com.") + zone, err := FindNearestZoneForFQDN(context.TODO(), dnsProvider, "_acme-challenge.test.sub.domain.com.") assert.NoError(t, err) assert.Equal(t, zone, DNSZone{ID: "1a23cc4567b8def91a01c23a456e78cd", Name: "sub.domain.com"}) @@ -115,7 +116,7 @@ func TestFindNearestZoneForFQDNInvalidToken(t *testing.T) { while querying the Cloudflare API for GET "/zones?name=_acme-challenge.test.sub.domain.com" Error: 9109: Invalid access token`)) - _, err := FindNearestZoneForFQDN(dnsProvider, "_acme-challenge.test.sub.domain.com.") + _, err := FindNearestZoneForFQDN(context.TODO(), dnsProvider, "_acme-challenge.test.sub.domain.com.") assert.Error(t, err) assert.Contains(t, err.Error(), "Invalid access token") @@ -129,7 +130,7 @@ func TestCloudFlarePresent(t *testing.T) { provider, err := NewDNSProviderCredentials(cflareEmail, cflareAPIKey, cflareAPIToken, util.RecursiveNameservers, "cert-manager-test") assert.NoError(t, err) - err = provider.Present(cflareDomain, "_acme-challenge."+cflareDomain+".", "123d==") + err = provider.Present(context.TODO(), cflareDomain, "_acme-challenge."+cflareDomain+".", "123d==") assert.NoError(t, err) } @@ -143,6 +144,6 @@ func TestCloudFlareCleanUp(t *testing.T) { provider, err := NewDNSProviderCredentials(cflareEmail, cflareAPIKey, cflareAPIToken, util.RecursiveNameservers, "cert-manager-test") assert.NoError(t, err) - err = provider.CleanUp(cflareDomain, "_acme-challenge."+cflareDomain+".", "123d==") + err = provider.CleanUp(context.TODO(), cflareDomain, "_acme-challenge."+cflareDomain+".", "123d==") assert.NoError(t, err) } diff --git a/pkg/issuer/acme/dns/digitalocean/digitalocean.go b/pkg/issuer/acme/dns/digitalocean/digitalocean.go index 20b0ba40774..254517436c1 100644 --- a/pkg/issuer/acme/dns/digitalocean/digitalocean.go +++ b/pkg/issuer/acme/dns/digitalocean/digitalocean.go @@ -50,10 +50,8 @@ func NewDNSProviderCredentials(token string, dns01Nameservers []string, userAgen return nil, fmt.Errorf("DigitalOcean token missing") } - c := oauth2.NewClient( - context.Background(), - oauth2.StaticTokenSource(&oauth2.Token{AccessToken: token}), - ) + unusedCtx := context.Background() // context is not actually used + c := oauth2.NewClient(unusedCtx, oauth2.StaticTokenSource(&oauth2.Token{AccessToken: token})) clientOpts := []godo.ClientOpt{godo.SetUserAgent(userAgent)} client, err := godo.New(c, clientOpts...) @@ -68,15 +66,15 @@ func NewDNSProviderCredentials(token string, dns01Nameservers []string, userAgen } // Present creates a TXT record to fulfil the dns-01 challenge -func (c *DNSProvider) Present(domain, fqdn, value string) error { +func (c *DNSProvider) Present(ctx context.Context, domain, fqdn, value string) error { // if DigitalOcean does not have this zone then we will find out later - zoneName, err := util.FindZoneByFqdn(fqdn, c.dns01Nameservers) + zoneName, err := util.FindZoneByFqdn(ctx, fqdn, c.dns01Nameservers) if err != nil { return err } // check if the record has already been created - records, err := c.findTxtRecord(fqdn) + records, err := c.findTxtRecord(ctx, fqdn) if err != nil { return err } @@ -96,7 +94,7 @@ func (c *DNSProvider) Present(domain, fqdn, value string) error { } _, _, err = c.client.Domains.CreateRecord( - context.Background(), + ctx, util.UnFqdn(zoneName), createRequest, ) @@ -109,19 +107,19 @@ func (c *DNSProvider) Present(domain, fqdn, value string) error { } // CleanUp removes the TXT record matching the specified parameters -func (c *DNSProvider) CleanUp(domain, fqdn, value string) error { - zoneName, err := util.FindZoneByFqdn(fqdn, c.dns01Nameservers) +func (c *DNSProvider) CleanUp(ctx context.Context, domain, fqdn, value string) error { + zoneName, err := util.FindZoneByFqdn(ctx, fqdn, c.dns01Nameservers) if err != nil { return err } - records, err := c.findTxtRecord(fqdn) + records, err := c.findTxtRecord(ctx, fqdn) if err != nil { return err } for _, record := range records { - _, err = c.client.Domains.DeleteRecord(context.Background(), util.UnFqdn(zoneName), record.ID) + _, err = c.client.Domains.DeleteRecord(ctx, util.UnFqdn(zoneName), record.ID) if err != nil { return err @@ -131,15 +129,14 @@ func (c *DNSProvider) CleanUp(domain, fqdn, value string) error { return nil } -func (c *DNSProvider) findTxtRecord(fqdn string) ([]godo.DomainRecord, error) { - - zoneName, err := util.FindZoneByFqdn(fqdn, c.dns01Nameservers) +func (c *DNSProvider) findTxtRecord(ctx context.Context, fqdn string) ([]godo.DomainRecord, error) { + zoneName, err := util.FindZoneByFqdn(ctx, fqdn, c.dns01Nameservers) if err != nil { return nil, err } allRecords, _, err := c.client.Domains.RecordsByType( - context.Background(), + ctx, util.UnFqdn(zoneName), "TXT", nil, diff --git a/pkg/issuer/acme/dns/digitalocean/digitalocean_test.go b/pkg/issuer/acme/dns/digitalocean/digitalocean_test.go index 2f2e8aecf9d..ec2b4096725 100644 --- a/pkg/issuer/acme/dns/digitalocean/digitalocean_test.go +++ b/pkg/issuer/acme/dns/digitalocean/digitalocean_test.go @@ -17,6 +17,7 @@ limitations under the License. package digitalocean import ( + "context" "os" "testing" "time" @@ -66,7 +67,7 @@ func TestDigitalOceanPresent(t *testing.T) { provider, err := NewDNSProviderCredentials(doToken, util.RecursiveNameservers, "cert-manager-test") assert.NoError(t, err) - err = provider.Present(doDomain, "_acme-challenge."+doDomain+".", "123d==") + err = provider.Present(context.TODO(), doDomain, "_acme-challenge."+doDomain+".", "123d==") assert.NoError(t, err) } @@ -80,7 +81,7 @@ func TestDigitalOceanCleanUp(t *testing.T) { provider, err := NewDNSProviderCredentials(doToken, util.RecursiveNameservers, "cert-manager-test") assert.NoError(t, err) - err = provider.CleanUp(doDomain, "_acme-challenge."+doDomain+".", "123d==") + err = provider.CleanUp(context.TODO(), doDomain, "_acme-challenge."+doDomain+".", "123d==") assert.NoError(t, err) } diff --git a/pkg/issuer/acme/dns/dns.go b/pkg/issuer/acme/dns/dns.go index 1364a63d59c..2a1dd92949a 100644 --- a/pkg/issuer/acme/dns/dns.go +++ b/pkg/issuer/acme/dns/dns.go @@ -48,17 +48,17 @@ import ( // solver is the old solver type interface. // All new solvers should be implemented using the new webhook.Solver interface. type solver interface { - Present(domain, fqdn, value string) error - CleanUp(domain, fqdn, value string) error + Present(ctx context.Context, domain, fqdn, value string) error + CleanUp(ctx context.Context, domain, fqdn, value string) error } // dnsProviderConstructors defines how each provider may be constructed. // It is useful for mocking out a given provider since an alternate set of // constructors may be set. type dnsProviderConstructors struct { - cloudDNS func(project string, serviceAccount []byte, dns01Nameservers []string, ambient bool, hostedZoneName string) (*clouddns.DNSProvider, error) + cloudDNS func(ctx context.Context, project string, serviceAccount []byte, dns01Nameservers []string, ambient bool, hostedZoneName string) (*clouddns.DNSProvider, error) cloudFlare func(email, apikey, apiToken string, dns01Nameservers []string, userAgent string) (*cloudflare.DNSProvider, error) - route53 func(accessKey, secretKey, hostedZoneID, region, role string, ambient bool, dns01Nameservers []string, userAgent string) (*route53.DNSProvider, error) + route53 func(ctx context.Context, accessKey, secretKey, hostedZoneID, region, role string, ambient bool, dns01Nameservers []string, userAgent string) (*route53.DNSProvider, error) azureDNS func(environment, clientID, clientSecret, subscriptionID, tenantID, resourceGroupName, hostedZoneName string, dns01Nameservers []string, ambient bool, managedIdentity *cmacme.AzureManagedIdentity) (*azuredns.DNSProvider, error) acmeDNS func(host string, accountJson []byte, dns01Nameservers []string) (*acmedns.DNSProvider, error) digitalOcean func(token string, dns01Nameservers []string, userAgent string) (*digitalocean.DNSProvider, error) @@ -79,7 +79,7 @@ func (s *Solver) Present(ctx context.Context, issuer v1.GenericIssuer, ch *cmacm log := logf.WithResource(logf.FromContext(ctx, "Present"), ch).WithValues("domain", ch.Spec.DNSName) ctx = logf.NewContext(ctx, log) - webhookSolver, req, err := s.prepareChallengeRequest(issuer, ch) + webhookSolver, req, err := s.prepareChallengeRequest(ctx, issuer, ch) if err != nil && err != errNotFound { return err } @@ -93,28 +93,28 @@ func (s *Solver) Present(ctx context.Context, issuer v1.GenericIssuer, ch *cmacm return err } - fqdn, err := util.DNS01LookupFQDN(ch.Spec.DNSName, followCNAME(providerConfig.CNAMEStrategy), s.DNS01Nameservers...) + fqdn, err := util.DNS01LookupFQDN(ctx, ch.Spec.DNSName, followCNAME(providerConfig.CNAMEStrategy), s.DNS01Nameservers...) if err != nil { return err } log.V(logf.DebugLevel).Info("presenting DNS01 challenge for domain") - return slv.Present(ch.Spec.DNSName, fqdn, ch.Spec.Key) + return slv.Present(ctx, ch.Spec.DNSName, fqdn, ch.Spec.Key) } // Check verifies that the DNS records for the ACME challenge have propagated. func (s *Solver) Check(ctx context.Context, issuer v1.GenericIssuer, ch *cmacme.Challenge) error { log := logf.WithResource(logf.FromContext(ctx, "Check"), ch).WithValues("domain", ch.Spec.DNSName) - fqdn, err := util.DNS01LookupFQDN(ch.Spec.DNSName, false, s.DNS01Nameservers...) + fqdn, err := util.DNS01LookupFQDN(ctx, ch.Spec.DNSName, false, s.DNS01Nameservers...) if err != nil { return err } log.V(logf.DebugLevel).Info("checking DNS propagation", "nameservers", s.Context.DNS01Nameservers) - ok, err := util.PreCheckDNS(fqdn, ch.Spec.Key, s.Context.DNS01Nameservers, + ok, err := util.PreCheckDNS(ctx, fqdn, ch.Spec.Key, s.Context.DNS01Nameservers, s.Context.DNS01CheckAuthoritative) if err != nil { return err @@ -137,7 +137,7 @@ func (s *Solver) CleanUp(ctx context.Context, issuer v1.GenericIssuer, ch *cmacm log := logf.WithResource(logf.FromContext(ctx, "CleanUp"), ch).WithValues("domain", ch.Spec.DNSName) ctx = logf.NewContext(ctx, log) - webhookSolver, req, err := s.prepareChallengeRequest(issuer, ch) + webhookSolver, req, err := s.prepareChallengeRequest(ctx, issuer, ch) if err != nil && err != errNotFound { return err } @@ -151,12 +151,12 @@ func (s *Solver) CleanUp(ctx context.Context, issuer v1.GenericIssuer, ch *cmacm return err } - fqdn, err := util.DNS01LookupFQDN(ch.Spec.DNSName, followCNAME(providerConfig.CNAMEStrategy), s.DNS01Nameservers...) + fqdn, err := util.DNS01LookupFQDN(ctx, ch.Spec.DNSName, followCNAME(providerConfig.CNAMEStrategy), s.DNS01Nameservers...) if err != nil { return err } - return slv.CleanUp(ch.Spec.DNSName, fqdn, ch.Spec.Key) + return slv.CleanUp(ctx, ch.Spec.DNSName, fqdn, ch.Spec.Key) } func followCNAME(strategy cmacme.CNAMEStrategy) bool { @@ -235,7 +235,7 @@ func (s *Solver) solverForChallenge(ctx context.Context, issuer v1.GenericIssuer } // attempt to construct the cloud dns provider - impl, err = s.dnsProviderConstructors.cloudDNS(providerConfig.CloudDNS.Project, keyData, s.DNS01Nameservers, s.CanUseAmbientCredentials(issuer), providerConfig.CloudDNS.HostedZoneName) + impl, err = s.dnsProviderConstructors.cloudDNS(ctx, providerConfig.CloudDNS.Project, keyData, s.DNS01Nameservers, s.CanUseAmbientCredentials(issuer), providerConfig.CloudDNS.HostedZoneName) if err != nil { return nil, nil, fmt.Errorf("error instantiating google clouddns challenge solver: %s", err) } @@ -344,6 +344,7 @@ func (s *Solver) solverForChallenge(ctx context.Context, issuer v1.GenericIssuer } impl, err = s.dnsProviderConstructors.route53( + ctx, secretAccessKeyID, strings.TrimSpace(secretAccessKey), providerConfig.Route53.HostedZoneID, @@ -415,7 +416,7 @@ func (s *Solver) solverForChallenge(ctx context.Context, issuer v1.GenericIssuer return impl, providerConfig, nil } -func (s *Solver) prepareChallengeRequest(issuer v1.GenericIssuer, ch *cmacme.Challenge) (webhook.Solver, *whapi.ChallengeRequest, error) { +func (s *Solver) prepareChallengeRequest(ctx context.Context, issuer v1.GenericIssuer, ch *cmacme.Challenge) (webhook.Solver, *whapi.ChallengeRequest, error) { dns01Config, err := extractChallengeSolverConfig(ch) if err != nil { return nil, nil, err @@ -426,12 +427,12 @@ func (s *Solver) prepareChallengeRequest(issuer v1.GenericIssuer, ch *cmacme.Cha return nil, nil, err } - fqdn, err := util.DNS01LookupFQDN(ch.Spec.DNSName, followCNAME(dns01Config.CNAMEStrategy), s.DNS01Nameservers...) + fqdn, err := util.DNS01LookupFQDN(ctx, ch.Spec.DNSName, followCNAME(dns01Config.CNAMEStrategy), s.DNS01Nameservers...) if err != nil { return nil, nil, err } - zone, err := util.FindZoneByFqdn(fqdn, s.DNS01Nameservers) + zone, err := util.FindZoneByFqdn(ctx, fqdn, s.DNS01Nameservers) if err != nil { return nil, nil, err } @@ -500,7 +501,7 @@ func NewSolver(ctx *controller.Context) (*Solver, error) { if ctx.RESTConfig != nil { // initialize all DNS providers for _, s := range webhookSolvers { - err := s.Initialize(ctx.RESTConfig, ctx.StopCh) + err := s.Initialize(ctx.RESTConfig, ctx.RootContext.Done()) if err != nil { return nil, fmt.Errorf("error initializing DNS provider %q: %v", s.Name(), err) } diff --git a/pkg/issuer/acme/dns/route53/route53.go b/pkg/issuer/acme/dns/route53/route53.go index 84b4095672e..17cca403a4b 100644 --- a/pkg/issuer/acme/dns/route53/route53.go +++ b/pkg/issuer/acme/dns/route53/route53.go @@ -61,7 +61,7 @@ type StsClient interface { AssumeRole(ctx context.Context, params *sts.AssumeRoleInput, optFns ...func(*sts.Options)) (*sts.AssumeRoleOutput, error) } -func (d *sessionProvider) GetSession() (aws.Config, error) { +func (d *sessionProvider) GetSession(ctx context.Context) (aws.Config, error) { if d.AccessKeyID == "" && d.SecretAccessKey == "" { if !d.Ambient { return aws.Config{}, fmt.Errorf("unable to construct route53 provider: empty credentials; perhaps you meant to enable ambient credentials?") @@ -85,7 +85,7 @@ func (d *sessionProvider) GetSession() (aws.Config, error) { optFns = append(optFns, config.WithCredentialsProvider(credentials.NewStaticCredentialsProvider(d.AccessKeyID, d.SecretAccessKey, ""))) } - cfg, err := config.LoadDefaultConfig(context.TODO(), optFns...) + cfg, err := config.LoadDefaultConfig(ctx, optFns...) if err != nil { return aws.Config{}, fmt.Errorf("unable to create aws config: %s", err) } @@ -93,7 +93,7 @@ func (d *sessionProvider) GetSession() (aws.Config, error) { if d.Role != "" { d.log.V(logf.DebugLevel).WithValues("role", d.Role).Info("assuming role") stsSvc := d.StsProvider(cfg) - result, err := stsSvc.AssumeRole(context.TODO(), &sts.AssumeRoleInput{ + result, err := stsSvc.AssumeRole(ctx, &sts.AssumeRoleInput{ RoleArn: aws.String(d.Role), RoleSessionName: aws.String("cert-manager"), }) @@ -142,14 +142,16 @@ func defaultSTSProvider(cfg aws.Config) StsClient { // NewDNSProvider returns a DNSProvider instance configured for the AWS // Route 53 service using static credentials from its parameters or, if they're // unset and the 'ambient' option is set, credentials from the environment. -func NewDNSProvider(accessKeyID, secretAccessKey, hostedZoneID, region, role string, +func NewDNSProvider( + ctx context.Context, + accessKeyID, secretAccessKey, hostedZoneID, region, role string, ambient bool, dns01Nameservers []string, userAgent string, ) (*DNSProvider, error) { provider := newSessionProvider(accessKeyID, secretAccessKey, region, role, ambient, userAgent) - cfg, err := provider.GetSession() + cfg, err := provider.GetSession(ctx) if err != nil { return nil, err } @@ -166,19 +168,19 @@ func NewDNSProvider(accessKeyID, secretAccessKey, hostedZoneID, region, role str } // Present creates a TXT record using the specified parameters -func (r *DNSProvider) Present(domain, fqdn, value string) error { +func (r *DNSProvider) Present(ctx context.Context, domain, fqdn, value string) error { value = `"` + value + `"` - return r.changeRecord(route53types.ChangeActionUpsert, fqdn, value, route53TTL) + return r.changeRecord(ctx, route53types.ChangeActionUpsert, fqdn, value, route53TTL) } // CleanUp removes the TXT record matching the specified parameters -func (r *DNSProvider) CleanUp(domain, fqdn, value string) error { +func (r *DNSProvider) CleanUp(ctx context.Context, domain, fqdn, value string) error { value = `"` + value + `"` - return r.changeRecord(route53types.ChangeActionDelete, fqdn, value, route53TTL) + return r.changeRecord(ctx, route53types.ChangeActionDelete, fqdn, value, route53TTL) } -func (r *DNSProvider) changeRecord(action route53types.ChangeAction, fqdn, value string, ttl int) error { - hostedZoneID, err := r.getHostedZoneID(fqdn) +func (r *DNSProvider) changeRecord(ctx context.Context, action route53types.ChangeAction, fqdn, value string, ttl int) error { + hostedZoneID, err := r.getHostedZoneID(ctx, fqdn) if err != nil { return fmt.Errorf("failed to determine Route 53 hosted zone ID: %v", err) } @@ -197,7 +199,7 @@ func (r *DNSProvider) changeRecord(action route53types.ChangeAction, fqdn, value }, } - resp, err := r.client.ChangeResourceRecordSets(context.TODO(), reqParams) + resp, err := r.client.ChangeResourceRecordSets(ctx, reqParams) if err != nil { if errors.Is(err, &route53types.InvalidChangeBatch{}) && action == route53types.ChangeActionDelete { r.log.V(logf.DebugLevel).WithValues("error", err).Info("ignoring InvalidChangeBatch error") @@ -215,7 +217,7 @@ func (r *DNSProvider) changeRecord(action route53types.ChangeAction, fqdn, value reqParams := &route53.GetChangeInput{ Id: statusID, } - resp, err := r.client.GetChange(context.TODO(), reqParams) + resp, err := r.client.GetChange(ctx, reqParams) if err != nil { return false, fmt.Errorf("failed to query Route 53 change status: %v", removeReqID(err)) } @@ -226,12 +228,12 @@ func (r *DNSProvider) changeRecord(action route53types.ChangeAction, fqdn, value }) } -func (r *DNSProvider) getHostedZoneID(fqdn string) (string, error) { +func (r *DNSProvider) getHostedZoneID(ctx context.Context, fqdn string) (string, error) { if r.hostedZoneID != "" { return r.hostedZoneID, nil } - authZone, err := util.FindZoneByFqdn(fqdn, r.dns01Nameservers) + authZone, err := util.FindZoneByFqdn(ctx, fqdn, r.dns01Nameservers) if err != nil { return "", fmt.Errorf("error finding zone from fqdn: %v", err) } @@ -240,7 +242,7 @@ func (r *DNSProvider) getHostedZoneID(fqdn string) (string, error) { reqParams := &route53.ListHostedZonesByNameInput{ DNSName: aws.String(util.UnFqdn(authZone)), } - resp, err := r.client.ListHostedZonesByName(context.TODO(), reqParams) + resp, err := r.client.ListHostedZonesByName(ctx, reqParams) if err != nil { return "", removeReqID(err) } diff --git a/pkg/issuer/acme/dns/route53/route53_test.go b/pkg/issuer/acme/dns/route53/route53_test.go index 89cc41627fe..232987cfb42 100644 --- a/pkg/issuer/acme/dns/route53/route53_test.go +++ b/pkg/issuer/acme/dns/route53/route53_test.go @@ -58,7 +58,7 @@ func TestAmbientCredentialsFromEnv(t *testing.T) { t.Setenv("AWS_SECRET_ACCESS_KEY", "123") t.Setenv("AWS_REGION", "us-east-1") - provider, err := NewDNSProvider("", "", "", "", "", true, util.RecursiveNameservers, "cert-manager-test") + provider, err := NewDNSProvider(context.TODO(), "", "", "", "", "", true, util.RecursiveNameservers, "cert-manager-test") assert.NoError(t, err, "Expected no error constructing DNSProvider") _, err = provider.client.Options().Credentials.Retrieve(context.TODO()) @@ -72,14 +72,14 @@ func TestNoCredentialsFromEnv(t *testing.T) { t.Setenv("AWS_SECRET_ACCESS_KEY", "123") t.Setenv("AWS_REGION", "us-east-1") - _, err := NewDNSProvider("", "", "", "", "", false, util.RecursiveNameservers, "cert-manager-test") + _, err := NewDNSProvider(context.TODO(), "", "", "", "", "", false, util.RecursiveNameservers, "cert-manager-test") assert.Error(t, err, "Expected error constructing DNSProvider with no credentials and not ambient") } func TestAmbientRegionFromEnv(t *testing.T) { t.Setenv("AWS_REGION", "us-east-1") - provider, err := NewDNSProvider("", "", "", "", "", true, util.RecursiveNameservers, "cert-manager-test") + provider, err := NewDNSProvider(context.TODO(), "", "", "", "", "", true, util.RecursiveNameservers, "cert-manager-test") assert.NoError(t, err, "Expected no error constructing DNSProvider") assert.Equal(t, "us-east-1", provider.client.Options().Region, "Expected Region to be set from environment") @@ -88,7 +88,7 @@ func TestAmbientRegionFromEnv(t *testing.T) { func TestNoRegionFromEnv(t *testing.T) { t.Setenv("AWS_REGION", "us-east-1") - provider, err := NewDNSProvider("marx", "swordfish", "", "", "", false, util.RecursiveNameservers, "cert-manager-test") + provider, err := NewDNSProvider(context.TODO(), "marx", "swordfish", "", "", "", false, util.RecursiveNameservers, "cert-manager-test") assert.NoError(t, err, "Expected no error constructing DNSProvider") assert.Equal(t, "", provider.client.Options().Region, "Expected Region to not be set from environment") @@ -112,25 +112,25 @@ func TestRoute53Present(t *testing.T) { domain := "example.com" keyAuth := "123456d==" - err = provider.Present(domain, "_acme-challenge."+domain+".", keyAuth) + err = provider.Present(context.TODO(), domain, "_acme-challenge."+domain+".", keyAuth) assert.NoError(t, err, "Expected Present to return no error") subDomain := "foo.example.com" - err = provider.Present(subDomain, "_acme-challenge."+subDomain+".", keyAuth) + err = provider.Present(context.TODO(), subDomain, "_acme-challenge."+subDomain+".", keyAuth) assert.NoError(t, err, "Expected Present to return no error") nonExistentSubDomain := "bar.foo.example.com" - err = provider.Present(nonExistentSubDomain, nonExistentSubDomain+".", keyAuth) + err = provider.Present(context.TODO(), nonExistentSubDomain, nonExistentSubDomain+".", keyAuth) assert.NoError(t, err, "Expected Present to return no error") nonExistentDomain := "baz.com" - err = provider.Present(nonExistentDomain, nonExistentDomain+".", keyAuth) + err = provider.Present(context.TODO(), nonExistentDomain, nonExistentDomain+".", keyAuth) assert.Error(t, err, "Expected Present to return an error") // This test case makes sure that the request id has been properly // stripped off. It has to be stripped because it changes on every // request which causes spurious challenge updates. - err = provider.Present("bar.example.com", "bar.example.com.", keyAuth) + err = provider.Present(context.TODO(), "bar.example.com", "bar.example.com.", keyAuth) require.Error(t, err, "Expected Present to return an error") assert.Equal(t, `failed to change Route 53 record set: operation error Route 53: ChangeResourceRecordSets, https response error StatusCode: 403, RequestID: , api error AccessDenied: User: arn:aws:iam::0123456789:user/test-cert-manager is not authorized to perform: route53:ChangeResourceRecordSets on resource: arn:aws:route53:::hostedzone/OPQRSTU`, err.Error()) } @@ -231,7 +231,7 @@ func TestAssumeRole(t *testing.T) { provider := makeMockSessionProvider(func(aws.Config) StsClient { return c.mockSTS }, c.key, c.secret, c.region, c.role, c.ambient) - cfg, err := provider.GetSession() + cfg, err := provider.GetSession(context.TODO()) if c.expErr { assert.NotNil(t, err) } else { diff --git a/pkg/issuer/acme/dns/util/dns.go b/pkg/issuer/acme/dns/util/dns.go index db2b4e47944..4aac28d789e 100644 --- a/pkg/issuer/acme/dns/util/dns.go +++ b/pkg/issuer/acme/dns/util/dns.go @@ -9,6 +9,7 @@ this directory. package util import ( + "context" "fmt" "github.com/miekg/dns" @@ -17,13 +18,13 @@ import ( // DNS01LookupFQDN returns a DNS name which will be updated to solve the dns-01 // challenge // TODO: move this into the pkg/acme package -func DNS01LookupFQDN(domain string, followCNAME bool, nameservers ...string) (string, error) { +func DNS01LookupFQDN(ctx context.Context, domain string, followCNAME bool, nameservers ...string) (string, error) { fqdn := fmt.Sprintf("_acme-challenge.%s.", domain) // Check if the domain has CNAME then return that if followCNAME { var err error - fqdn, err = followCNAMEs(fqdn, nameservers) + fqdn, err = followCNAMEs(ctx, fqdn, nameservers) if err != nil { return "", err } diff --git a/pkg/issuer/acme/dns/util/wait.go b/pkg/issuer/acme/dns/util/wait.go index 5cdde9b2431..0251238b7a1 100644 --- a/pkg/issuer/acme/dns/util/wait.go +++ b/pkg/issuer/acme/dns/util/wait.go @@ -24,9 +24,9 @@ import ( logf "github.com/cert-manager/cert-manager/pkg/logs" ) -type preCheckDNSFunc func(fqdn, value string, nameservers []string, +type preCheckDNSFunc func(ctx context.Context, fqdn, value string, nameservers []string, useAuthoritative bool) (bool, error) -type dnsQueryFunc func(fqdn string, rtype uint16, nameservers []string, recursive bool) (in *dns.Msg, err error) +type dnsQueryFunc func(ctx context.Context, fqdn string, rtype uint16, nameservers []string, recursive bool) (in *dns.Msg, err error) var ( // PreCheckDNS checks DNS propagation before notifying ACME that @@ -78,8 +78,8 @@ func getNameservers(path string, defaults []string) []string { // that it finds. Returns an error when a loop is found in the CNAME chain. The // argument fqdnChain is used by the function itself to keep track of which fqdns it // already encountered and detect loops. -func followCNAMEs(fqdn string, nameservers []string, fqdnChain ...string) (string, error) { - r, err := dnsQuery(fqdn, dns.TypeCNAME, nameservers, true) +func followCNAMEs(ctx context.Context, fqdn string, nameservers []string, fqdnChain ...string) (string, error) { + r, err := dnsQuery(ctx, fqdn, dns.TypeCNAME, nameservers, true) if err != nil { return "", err } @@ -99,26 +99,26 @@ func followCNAMEs(fqdn string, nameservers []string, fqdnChain ...string) (strin } return "", fmt.Errorf("Found recursive CNAME record to %q when looking up %q", cn.Target, fqdn) } - return followCNAMEs(cn.Target, nameservers, append(fqdnChain, fqdn)...) + return followCNAMEs(ctx, cn.Target, nameservers, append(fqdnChain, fqdn)...) } return fqdn, nil } // checkDNSPropagation checks if the expected TXT record has been propagated to all authoritative nameservers. -func checkDNSPropagation(fqdn, value string, nameservers []string, +func checkDNSPropagation(ctx context.Context, fqdn, value string, nameservers []string, useAuthoritative bool) (bool, error) { var err error - fqdn, err = followCNAMEs(fqdn, nameservers) + fqdn, err = followCNAMEs(ctx, fqdn, nameservers) if err != nil { return false, err } if !useAuthoritative { - return checkAuthoritativeNss(fqdn, value, nameservers) + return checkAuthoritativeNss(ctx, fqdn, value, nameservers) } - authoritativeNss, err := lookupNameservers(fqdn, nameservers) + authoritativeNss, err := lookupNameservers(ctx, fqdn, nameservers) if err != nil { return false, err } @@ -126,13 +126,13 @@ func checkDNSPropagation(fqdn, value string, nameservers []string, for i, ans := range authoritativeNss { authoritativeNss[i] = net.JoinHostPort(ans, "53") } - return checkAuthoritativeNss(fqdn, value, authoritativeNss) + return checkAuthoritativeNss(ctx, fqdn, value, authoritativeNss) } // checkAuthoritativeNss queries each of the given nameservers for the expected TXT record. -func checkAuthoritativeNss(fqdn, value string, nameservers []string) (bool, error) { +func checkAuthoritativeNss(ctx context.Context, fqdn, value string, nameservers []string) (bool, error) { for _, ns := range nameservers { - r, err := DNSQuery(fqdn, dns.TypeTXT, []string{ns}, true) + r, err := DNSQuery(ctx, fqdn, dns.TypeTXT, []string{ns}, true) if err != nil { return false, err } @@ -163,7 +163,7 @@ func checkAuthoritativeNss(fqdn, value string, nameservers []string) (bool, erro // DNSQuery will query a nameserver, iterating through the supplied servers as it retries // The nameserver should include a port, to facilitate testing where we talk to a mock dns server. -func DNSQuery(fqdn string, rtype uint16, nameservers []string, recursive bool) (in *dns.Msg, err error) { +func DNSQuery(ctx context.Context, fqdn string, rtype uint16, nameservers []string, recursive bool) (in *dns.Msg, err error) { switch rtype { case dns.TypeCAA, dns.TypeCNAME, dns.TypeNS, dns.TypeSOA, dns.TypeTXT: default: @@ -191,17 +191,17 @@ func DNSQuery(fqdn string, rtype uint16, nameservers []string, recursive bool) ( for _, ns := range nameservers { // If the TCP request succeeds, the err will reset to nil if strings.HasPrefix(ns, "https://") { - in, _, err = http.Exchange(context.TODO(), m, ns) + in, _, err = http.Exchange(ctx, m, ns) } else { - in, _, err = udp.Exchange(m, ns) + in, _, err = udp.ExchangeContext(ctx, m, ns) // Try TCP if UDP fails if (in != nil && in.Truncated) || (err != nil && strings.HasPrefix(err.Error(), "read udp") && strings.HasSuffix(err.Error(), "i/o timeout")) { logf.V(logf.DebugLevel).Infof("UDP dns lookup failed, retrying with TCP: %v", err) // If the TCP request succeeds, the err will reset to nil - in, _, err = tcp.Exchange(m, ns) + in, _, err = tcp.ExchangeContext(ctx, m, ns) } } @@ -270,7 +270,7 @@ func (c *httpDNSClient) Exchange(ctx context.Context, m *dns.Msg, a string) (r * return r, rtt, nil } -func ValidateCAA(domain string, issuerID []string, iswildcard bool, nameservers []string) error { +func ValidateCAA(ctx context.Context, domain string, issuerID []string, iswildcard bool, nameservers []string) error { // see https://tools.ietf.org/html/rfc6844#section-4 // for more information about how CAA lookup is performed fqdn := ToFqdn(domain) @@ -291,14 +291,14 @@ func ValidateCAA(domain string, issuerID []string, iswildcard bool, nameservers // nameserver for CAA records, but some setups will return SERVFAIL // on unknown types like CAA. Instead, ask the authoritative server var authNS []string - authNS, err = lookupNameservers(queryDomain, nameservers) + authNS, err = lookupNameservers(ctx, queryDomain, nameservers) if err != nil { return fmt.Errorf("Could not validate CAA record: %s", err) } for i, ans := range authNS { authNS[i] = net.JoinHostPort(ans, "53") } - msg, err = DNSQuery(queryDomain, dns.TypeCAA, authNS, false) + msg, err = DNSQuery(ctx, queryDomain, dns.TypeCAA, authNS, false) if err != nil { return fmt.Errorf("Could not validate CAA record: %s", err) } @@ -312,7 +312,7 @@ func ValidateCAA(domain string, issuerID []string, iswildcard bool, nameservers dns.RcodeToString[msg.Rcode], domain) } oldQuery := queryDomain - queryDomain, err := followCNAMEs(queryDomain, nameservers) + queryDomain, err := followCNAMEs(ctx, queryDomain, nameservers) if err != nil { return fmt.Errorf("while trying to follow CNAMEs for domain %s using nameservers %v: %w", queryDomain, nameservers, err) } @@ -373,16 +373,16 @@ func matchCAA(caas []*dns.CAA, issuerIDs map[string]bool, iswildcard bool) bool } // lookupNameservers returns the authoritative nameservers for the given fqdn. -func lookupNameservers(fqdn string, nameservers []string) ([]string, error) { +func lookupNameservers(ctx context.Context, fqdn string, nameservers []string) ([]string, error) { var authoritativeNss []string logf.V(logf.DebugLevel).Infof("Searching fqdn %q using seed nameservers [%s]", fqdn, strings.Join(nameservers, ", ")) - zone, err := FindZoneByFqdn(fqdn, nameservers) + zone, err := FindZoneByFqdn(ctx, fqdn, nameservers) if err != nil { return nil, fmt.Errorf("Could not determine the zone for %q: %v", fqdn, err) } - r, err := DNSQuery(zone, dns.TypeNS, nameservers, true) + r, err := DNSQuery(ctx, zone, dns.TypeNS, nameservers, true) if err != nil { return nil, err } @@ -402,7 +402,7 @@ func lookupNameservers(fqdn string, nameservers []string) ([]string, error) { // FindZoneByFqdn determines the zone apex for the given fqdn by recursing up the // domain labels until the nameserver returns a SOA record in the answer section. -func FindZoneByFqdn(fqdn string, nameservers []string) (string, error) { +func FindZoneByFqdn(ctx context.Context, fqdn string, nameservers []string) (string, error) { fqdnToZoneLock.RLock() // Do we have it cached? if zone, ok := fqdnToZone[fqdn]; ok { @@ -430,7 +430,7 @@ func FindZoneByFqdn(fqdn string, nameservers []string) (string, error) { for _, index := range labelIndexes { domain := fqdn[index:] - in, err := DNSQuery(domain, dns.TypeSOA, nameservers, true) + in, err := DNSQuery(ctx, domain, dns.TypeSOA, nameservers, true) if err != nil { return "", err } diff --git a/pkg/issuer/acme/dns/util/wait_test.go b/pkg/issuer/acme/dns/util/wait_test.go index 41eb63adfe3..722d7f769ab 100644 --- a/pkg/issuer/acme/dns/util/wait_test.go +++ b/pkg/issuer/acme/dns/util/wait_test.go @@ -9,6 +9,7 @@ this directory. package util import ( + "context" "fmt" "reflect" "sort" @@ -172,14 +173,14 @@ func TestMatchCAA(t *testing.T) { } func TestPreCheckDNSOverHTTPSNoAuthoritative(t *testing.T) { - ok, err := PreCheckDNS("google.com.", "v=spf1 include:_spf.google.com ~all", []string{"https://1.1.1.1/dns-query"}, false) + ok, err := PreCheckDNS(context.TODO(), "google.com.", "v=spf1 include:_spf.google.com ~all", []string{"https://1.1.1.1/dns-query"}, false) if err != nil || !ok { t.Errorf("preCheckDNS failed for acme-staging.api.letsencrypt.org: %s", err.Error()) } } func TestPreCheckDNSOverHTTPS(t *testing.T) { - ok, err := PreCheckDNS("google.com.", "v=spf1 include:_spf.google.com ~all", []string{"https://8.8.8.8/dns-query"}, true) + ok, err := PreCheckDNS(context.TODO(), "google.com.", "v=spf1 include:_spf.google.com ~all", []string{"https://8.8.8.8/dns-query"}, true) if err != nil || !ok { t.Errorf("preCheckDNS failed for acme-staging.api.letsencrypt.org: %s", err.Error()) } @@ -187,7 +188,7 @@ func TestPreCheckDNSOverHTTPS(t *testing.T) { func TestPreCheckDNS(t *testing.T) { // TODO: find a better TXT record to use in tests - ok, err := PreCheckDNS("google.com.", "v=spf1 include:_spf.google.com ~all", []string{"8.8.8.8:53"}, true) + ok, err := PreCheckDNS(context.TODO(), "google.com.", "v=spf1 include:_spf.google.com ~all", []string{"8.8.8.8:53"}, true) if err != nil || !ok { t.Errorf("preCheckDNS failed for acme-staging.api.letsencrypt.org: %s", err.Error()) } @@ -195,7 +196,7 @@ func TestPreCheckDNS(t *testing.T) { func TestPreCheckDNSNonAuthoritative(t *testing.T) { // TODO: find a better TXT record to use in tests - ok, err := PreCheckDNS("google.com.", "v=spf1 include:_spf.google.com ~all", []string{"1.1.1.1:53"}, false) + ok, err := PreCheckDNS(context.TODO(), "google.com.", "v=spf1 include:_spf.google.com ~all", []string{"1.1.1.1:53"}, false) if err != nil || !ok { t.Errorf("preCheckDNS failed for acme-staging.api.letsencrypt.org: %s", err.Error()) } @@ -203,7 +204,7 @@ func TestPreCheckDNSNonAuthoritative(t *testing.T) { func TestLookupNameserversOK(t *testing.T) { for _, tt := range lookupNameserversTestsOK { - nss, err := lookupNameservers(tt.fqdn, RecursiveNameservers) + nss, err := lookupNameservers(context.TODO(), tt.fqdn, RecursiveNameservers) if err != nil { t.Fatalf("#%s: got %q; want nil", tt.fqdn, err) } @@ -219,7 +220,7 @@ func TestLookupNameserversOK(t *testing.T) { func TestLookupNameserversErr(t *testing.T) { for _, tt := range lookupNameserversTestsErr { - _, err := lookupNameservers(tt.fqdn, RecursiveNameservers) + _, err := lookupNameservers(context.TODO(), tt.fqdn, RecursiveNameservers) if err == nil { t.Fatalf("#%s: expected %q (error); got ", tt.fqdn, tt.error) } @@ -233,7 +234,7 @@ func TestLookupNameserversErr(t *testing.T) { func TestFindZoneByFqdn(t *testing.T) { for _, tt := range findZoneByFqdnTests { - res, err := FindZoneByFqdn(tt.fqdn, RecursiveNameservers) + res, err := FindZoneByFqdn(context.TODO(), tt.fqdn, RecursiveNameservers) if err != nil { t.Errorf("FindZoneByFqdn failed for %s: %v", tt.fqdn, err) } @@ -245,7 +246,7 @@ func TestFindZoneByFqdn(t *testing.T) { func TestCheckAuthoritativeNss(t *testing.T) { for _, tt := range checkAuthoritativeNssTests { - ok, _ := checkAuthoritativeNss(tt.fqdn, tt.value, tt.ns) + ok, _ := checkAuthoritativeNss(context.TODO(), tt.fqdn, tt.value, tt.ns) if ok != tt.ok { t.Errorf("%s: got %t; want %t", tt.fqdn, ok, tt.ok) } @@ -254,7 +255,7 @@ func TestCheckAuthoritativeNss(t *testing.T) { func TestCheckAuthoritativeNssErr(t *testing.T) { for _, tt := range checkAuthoritativeNssTestsErr { - _, err := checkAuthoritativeNss(tt.fqdn, tt.value, tt.ns) + _, err := checkAuthoritativeNss(context.TODO(), tt.fqdn, tt.value, tt.ns) if err == nil { t.Fatalf("#%s: expected %q (error); got ", tt.fqdn, tt.error) } @@ -285,25 +286,25 @@ func TestValidateCAA(t *testing.T) { // google installs a CAA record at google.com // ask for the www.google.com record to test that // we recurse up the labels - err := ValidateCAA("www.google.com", []string{"letsencrypt", "pki.goog"}, false, nameservers) + err := ValidateCAA(context.TODO(), "www.google.com", []string{"letsencrypt", "pki.goog"}, false, nameservers) if err != nil { t.Fatalf("unexpected error: %s", err) } // now ask, expecting a CA that won't match - err = ValidateCAA("www.google.com", []string{"daniel.homebrew.ca"}, false, nameservers) + err = ValidateCAA(context.TODO(), "www.google.com", []string{"daniel.homebrew.ca"}, false, nameservers) if err == nil { t.Fatalf("expected err, got success") } // if the CAA record allows non-wildcards then it has an `issue` tag, // and it is known that it has no issuewild tags, then wildcard certificates // will also be allowed - err = ValidateCAA("www.google.com", []string{"pki.goog"}, true, nameservers) + err = ValidateCAA(context.TODO(), "www.google.com", []string{"pki.goog"}, true, nameservers) if err != nil { t.Fatalf("unexpected error: %s", err) } // ask for a domain you know does not have CAA records. // it should succeed - err = ValidateCAA("www.example.org", []string{"daniel.homebrew.ca"}, false, nameservers) + err = ValidateCAA(context.TODO(), "www.example.org", []string{"daniel.homebrew.ca"}, false, nameservers) if err != nil { t.Fatalf("expected err, got %s", err) } @@ -311,7 +312,7 @@ func TestValidateCAA(t *testing.T) { } func Test_followCNAMEs(t *testing.T) { - dnsQuery = func(fqdn string, rtype uint16, nameservers []string, recursive bool) (in *dns.Msg, err error) { + dnsQuery = func(ctx context.Context, fqdn string, rtype uint16, nameservers []string, recursive bool) (in *dns.Msg, err error) { msg := &dns.Msg{} msg.Rcode = dns.RcodeSuccess switch fqdn { @@ -404,7 +405,7 @@ func Test_followCNAMEs(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - got, err := followCNAMEs(tt.args.fqdn, tt.args.nameservers, tt.args.fqdnChain...) + got, err := followCNAMEs(context.TODO(), tt.args.fqdn, tt.args.nameservers, tt.args.fqdnChain...) if (err != nil) != tt.wantErr { t.Errorf("followCNAMEs() error = %v, wantErr %v", err, tt.wantErr) return diff --git a/pkg/issuer/acme/dns/util_test.go b/pkg/issuer/acme/dns/util_test.go index bc6f5e82424..4f142526a96 100644 --- a/pkg/issuer/acme/dns/util_test.go +++ b/pkg/issuer/acme/dns/util_test.go @@ -17,6 +17,7 @@ limitations under the License. package dns import ( + "context" "errors" "testing" @@ -128,7 +129,7 @@ func newFakeDNSProviders() *fakeDNSProviders { calls: []fakeDNSProviderCall{}, } f.constructors = dnsProviderConstructors{ - cloudDNS: func(project string, serviceAccount []byte, dns01Nameservers []string, ambient bool, hostedZoneName string) (*clouddns.DNSProvider, error) { + cloudDNS: func(ctx context.Context, project string, serviceAccount []byte, dns01Nameservers []string, ambient bool, hostedZoneName string) (*clouddns.DNSProvider, error) { f.call("clouddns", project, serviceAccount, util.RecursiveNameservers, ambient, hostedZoneName) return nil, nil }, @@ -139,7 +140,7 @@ func newFakeDNSProviders() *fakeDNSProviders { } return nil, nil }, - route53: func(accessKey, secretKey, hostedZoneID, region, role string, ambient bool, dns01Nameservers []string, userAgent string) (*route53.DNSProvider, error) { + route53: func(ctx context.Context, accessKey, secretKey, hostedZoneID, region, role string, ambient bool, dns01Nameservers []string, userAgent string) (*route53.DNSProvider, error) { f.call("route53", accessKey, secretKey, hostedZoneID, region, role, ambient, util.RecursiveNameservers) return nil, nil }, diff --git a/pkg/issuer/vault/setup.go b/pkg/issuer/vault/setup.go index 980134e52fb..fba4b946c85 100644 --- a/pkg/issuer/vault/setup.go +++ b/pkg/issuer/vault/setup.go @@ -124,7 +124,7 @@ func (v *Vault) Setup(ctx context.Context) error { return nil } - client, err := vaultinternal.New(v.resourceNamespace, v.createTokenFn, v.secretsLister, v.issuer) + client, err := vaultinternal.New(ctx, v.resourceNamespace, v.createTokenFn, v.secretsLister, v.issuer) if err != nil { s := messageVaultClientInitFailed + err.Error() logf.V(logf.WarnLevel).Infof("%s: %s", v.issuer.GetObjectMeta().Name, s) diff --git a/pkg/webhook/server/server.go b/pkg/webhook/server/server.go index ae2690c1e68..bd6bcd7bb0c 100644 --- a/pkg/webhook/server/server.go +++ b/pkg/webhook/server/server.go @@ -159,10 +159,11 @@ func (s *Server) Run(ctx context.Context) error { <-ctx.Done() // allow a timeout for graceful shutdown - ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) + shutdownCtx, cancel := context.WithTimeout(context.Background(), 5*time.Second) defer cancel() - if err := server.Shutdown(ctx); err != nil { + // nolint: contextcheck + if err := server.Shutdown(shutdownCtx); err != nil { return err } return nil @@ -200,10 +201,11 @@ func (s *Server) Run(ctx context.Context) error { <-ctx.Done() // allow a timeout for graceful shutdown - ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) + shutdownCtx, cancel := context.WithTimeout(context.Background(), 5*time.Second) defer cancel() - if err := server.Shutdown(ctx); err != nil { + // nolint: contextcheck + if err := server.Shutdown(shutdownCtx); err != nil { return err } return nil diff --git a/test/acme/util.go b/test/acme/util.go index 4ce9813048a..a561473f5c9 100644 --- a/test/acme/util.go +++ b/test/acme/util.go @@ -112,13 +112,13 @@ func allConditions(c ...wait.ConditionWithContextFunc) wait.ConditionWithContext func (f *fixture) recordHasPropagatedCheck(fqdn, value string) func(ctx context.Context) (bool, error) { return func(ctx context.Context) (bool, error) { - return util.PreCheckDNS(fqdn, value, []string{f.testDNSServer}, *f.useAuthoritative) + return util.PreCheckDNS(ctx, fqdn, value, []string{f.testDNSServer}, *f.useAuthoritative) } } func (f *fixture) recordHasBeenDeletedCheck(fqdn, value string) func(ctx context.Context) (bool, error) { return func(ctx context.Context) (bool, error) { - msg, err := util.DNSQuery(fqdn, dns.TypeTXT, []string{f.testDNSServer}, *f.useAuthoritative) + msg, err := util.DNSQuery(ctx, fqdn, dns.TypeTXT, []string{f.testDNSServer}, *f.useAuthoritative) if err != nil { return false, err } diff --git a/test/e2e/e2e.go b/test/e2e/e2e.go index f816a169bdb..f3c9d5d80a4 100644 --- a/test/e2e/e2e.go +++ b/test/e2e/e2e.go @@ -17,6 +17,7 @@ limitations under the License. package e2e import ( + "context" "encoding/json" "os" "path" @@ -37,7 +38,7 @@ var cfg = framework.DefaultConfig // the data transferred from the Setup function on the first ginkgo process. var isGinkgoProcessNumberOne = false -var _ = ginkgo.SynchronizedBeforeSuite(func() []byte { +var _ = ginkgo.SynchronizedBeforeSuite(func(ctx context.Context) []byte { addon.InitGlobals(cfg) isGinkgoProcessNumberOne = true @@ -56,7 +57,7 @@ var _ = ginkgo.SynchronizedBeforeSuite(func() []byte { } return encodedData -}, func(encodedData []byte) { +}, func(ctx context.Context, encodedData []byte) { transferredData := []addon.AddonTransferableData{} err := json.Unmarshal(encodedData, &transferredData) if err != nil { @@ -66,7 +67,7 @@ var _ = ginkgo.SynchronizedBeforeSuite(func() []byte { if isGinkgoProcessNumberOne { // For ginkgo process #1, we need to run ProvisionGlobals to // actually provision the global addons. - err = addon.ProvisionGlobals(cfg) + err = addon.ProvisionGlobals(ctx, cfg) if err != nil { framework.Failf("Error configuring global addons: %v", err) } @@ -82,10 +83,10 @@ var _ = ginkgo.SynchronizedBeforeSuite(func() []byte { } }) -var _ = ginkgo.SynchronizedAfterSuite(func() { +var _ = ginkgo.SynchronizedAfterSuite(func(ctx context.Context) { // Reset the isGinkgoProcessNumberOne flag to false for the next run (when --repeat flag is used) isGinkgoProcessNumberOne = false -}, func() { +}, func(ctx context.Context) { ginkgo.By("Retrieving logs for global addons") globalLogs, err := addon.GlobalLogs() if err != nil { @@ -110,7 +111,7 @@ var _ = ginkgo.SynchronizedAfterSuite(func() { } ginkgo.By("Cleaning up the provisioned globals") - err = addon.DeprovisionGlobals(cfg) + err = addon.DeprovisionGlobals(ctx, cfg) if err != nil { framework.Failf("Error deprovisioning global addons: %v", err) } diff --git a/test/e2e/framework/addon/base/base.go b/test/e2e/framework/addon/base/base.go index a46c04bec1f..f1bb934388c 100644 --- a/test/e2e/framework/addon/base/base.go +++ b/test/e2e/framework/addon/base/base.go @@ -19,6 +19,8 @@ limitations under the License. package base import ( + "context" + "k8s.io/client-go/kubernetes" "k8s.io/client-go/rest" @@ -80,11 +82,11 @@ func (b *Base) Setup(c *config.Config, _ ...internal.AddonTransferableData) (int return nil, nil } -func (b *Base) Provision() error { +func (b *Base) Provision(_ context.Context) error { return nil } -func (b *Base) Deprovision() error { +func (b *Base) Deprovision(_ context.Context) error { return nil } diff --git a/test/e2e/framework/addon/chart/addon.go b/test/e2e/framework/addon/chart/addon.go index 519c3342cad..102b3a88c2c 100644 --- a/test/e2e/framework/addon/chart/addon.go +++ b/test/e2e/framework/addon/chart/addon.go @@ -117,22 +117,22 @@ func (c *Chart) Setup(cfg *config.Config, _ ...internal.AddonTransferableData) ( } // Provision an instance of tiller-deploy -func (c *Chart) Provision() error { +func (c *Chart) Provision(ctx context.Context) error { if len(c.Repo.Name) > 0 && len(c.Repo.Url) > 0 { - err := c.addRepo() + err := c.addRepo(ctx) if err != nil { return fmt.Errorf("error adding helm repo: %v", err) } } if c.UpdateDeps { - err := c.runDepUpdate() + err := c.runDepUpdate(ctx) if err != nil { return fmt.Errorf("error updating helm chart dependencies: %v", err) } } - err := c.runInstall() + err := c.runInstall(ctx) if err != nil { return fmt.Errorf("error install helm chart: %v", err) } @@ -140,15 +140,15 @@ func (c *Chart) Provision() error { return nil } -func (c *Chart) runDepUpdate() error { - err := c.buildHelmCmd("dep", "update", c.ChartName).Run() +func (c *Chart) runDepUpdate(ctx context.Context) error { + err := c.buildHelmCmd(ctx, "dep", "update", c.ChartName).Run() if err != nil { return err } return nil } -func (c *Chart) runInstall() error { +func (c *Chart) runInstall(ctx context.Context) error { args := []string{"upgrade", c.ReleaseName, c.ChartName, "--install", "--wait", @@ -164,25 +164,25 @@ func (c *Chart) runInstall() error { args = append(args, "--set", fmt.Sprintf("%s=%s", s.Key, s.Value)) } - cmd := c.buildHelmCmd(args...) + cmd := c.buildHelmCmd(ctx, args...) return cmd.Run() } -func (c *Chart) buildHelmCmd(args ...string) *exec.Cmd { +func (c *Chart) buildHelmCmd(ctx context.Context, args ...string) *exec.Cmd { args = append([]string{ "--kubeconfig", c.config.KubeConfig, "--kube-context", c.config.KubeContext, }, args...) - cmd := exec.Command(c.config.Addons.Helm.Path, args...) + cmd := exec.CommandContext(ctx, c.config.Addons.Helm.Path, args...) cmd.Stdout = os.Stdout cmd.Stderr = os.Stderr return cmd } // Deprovision the deployed chart -func (c *Chart) Deprovision() error { - cmd := c.buildHelmCmd("delete", "--namespace", c.Namespace, c.ReleaseName) +func (c *Chart) Deprovision(ctx context.Context) error { + cmd := c.buildHelmCmd(ctx, "delete", "--namespace", c.Namespace, c.ReleaseName) stdoutBuf := &bytes.Buffer{} cmd.Stdout = stdoutBuf @@ -223,15 +223,15 @@ func (c *Chart) SupportsGlobal() bool { return c.ReleaseName != "" } -func (c *Chart) Logs() (map[string]string, error) { +func (c *Chart) Logs(ctx context.Context) (map[string]string, error) { kc := c.Base.Details().KubeClient - oldLabelPods, err := kc.CoreV1().Pods(c.Namespace).List(context.TODO(), metav1.ListOptions{LabelSelector: "release=" + c.ReleaseName}) + oldLabelPods, err := kc.CoreV1().Pods(c.Namespace).List(ctx, metav1.ListOptions{LabelSelector: "release=" + c.ReleaseName}) if err != nil { return nil, err } // also check pods with the new style labels used in the cert-manager chart - newLabelPods, err := kc.CoreV1().Pods(c.Namespace).List(context.TODO(), metav1.ListOptions{LabelSelector: "app.kubernetes.io/instance=" + c.ReleaseName}) + newLabelPods, err := kc.CoreV1().Pods(c.Namespace).List(ctx, metav1.ListOptions{LabelSelector: "app.kubernetes.io/instance=" + c.ReleaseName}) if err != nil { return nil, err } @@ -245,7 +245,7 @@ func (c *Chart) Logs() (map[string]string, error) { resp := kc.CoreV1().Pods(pod.Namespace).GetLogs(pod.Name, &corev1.PodLogOptions{ Container: con.Name, Previous: b, - }).Do(context.TODO()) + }).Do(ctx) err := resp.Error() if err != nil { @@ -272,8 +272,8 @@ func (c *Chart) Logs() (map[string]string, error) { return out, nil } -func (c *Chart) addRepo() error { - err := c.buildHelmCmd("repo", "add", c.Repo.Name, c.Repo.Url).Run() +func (c *Chart) addRepo(ctx context.Context) error { + err := c.buildHelmCmd(ctx, "repo", "add", c.Repo.Name, c.Repo.Url).Run() if err != nil { return err } diff --git a/test/e2e/framework/addon/globals.go b/test/e2e/framework/addon/globals.go index 411dd1a29a7..b4a93c19b49 100644 --- a/test/e2e/framework/addon/globals.go +++ b/test/e2e/framework/addon/globals.go @@ -17,6 +17,7 @@ limitations under the License. package addon import ( + "context" "fmt" utilerrors "k8s.io/apimachinery/pkg/util/errors" @@ -129,10 +130,10 @@ func SetupGlobalsNonPrimary(cfg *config.Config, transferred []AddonTransferableD // the API server for a resource that the addon creates or by checking that an // HTTP endpoint is available) // This function should be run only on ginkgo process #1. -func ProvisionGlobals(cfg *config.Config) error { +func ProvisionGlobals(ctx context.Context, cfg *config.Config) error { for _, g := range allAddons { provisioned = append(provisioned, g) - if err := g.Provision(); err != nil { + if err := g.Provision(ctx); err != nil { return err } } @@ -170,7 +171,7 @@ func GlobalLogs() (map[string]string, error) { // This should be called by the test suite in a SynchronizedAfterSuite to ensure // all global addons are cleaned up after a run. This should be run only on ginkgo // process #1. -func DeprovisionGlobals(cfg *config.Config) error { +func DeprovisionGlobals(ctx context.Context, cfg *config.Config) error { if !cfg.Cleanup { log.Logf("Skipping deprovisioning as cleanup set to false.") return nil @@ -179,7 +180,7 @@ func DeprovisionGlobals(cfg *config.Config) error { // deprovision addons in the reverse order to that of provisioning for i := len(provisioned) - 1; i >= 0; i-- { a := provisioned[i] - errs = append(errs, a.Deprovision()) + errs = append(errs, a.Deprovision(ctx)) } return utilerrors.NewAggregate(errs) } diff --git a/test/e2e/framework/addon/internal/globals.go b/test/e2e/framework/addon/internal/globals.go index e5b4537a13b..83a3274f9e0 100644 --- a/test/e2e/framework/addon/internal/globals.go +++ b/test/e2e/framework/addon/internal/globals.go @@ -17,6 +17,8 @@ limitations under the License. package internal import ( + "context" + "github.com/cert-manager/cert-manager/e2e-tests/framework/config" ) @@ -30,11 +32,11 @@ type Addon interface { // For non-global addons, this function is called on all ginkgo processes. For global // addons, this function is called only on ginkgo process #1. - Provision() error + Provision(ctx context.Context) error // For non-global addons, this function is called on all ginkgo processes. For global // addons, this function is called only on ginkgo process #1. - Deprovision() error + Deprovision(ctx context.Context) error SupportsGlobal() bool } diff --git a/test/e2e/framework/addon/vault/proxy.go b/test/e2e/framework/addon/vault/proxy.go index 050bb4b453d..4286489444a 100644 --- a/test/e2e/framework/addon/vault/proxy.go +++ b/test/e2e/framework/addon/vault/proxy.go @@ -17,6 +17,7 @@ limitations under the License. package vault import ( + "context" "fmt" "io" "net" @@ -135,7 +136,7 @@ func (p *proxy) start() error { return nil } -func (p *proxy) stop() error { +func (p *proxy) stop(ctx context.Context) error { close(p.stopCh) p.mu.Lock() @@ -145,9 +146,13 @@ func (p *proxy) stop() error { return nil } - err := <-p.doneCh - if err != nil { - return fmt.Errorf("error while forwarding port: %v", err) + select { + case <-ctx.Done(): + return ctx.Err() + case err := <-p.doneCh: + if err != nil { + return fmt.Errorf("error while forwarding port: %v", err) + } } return nil diff --git a/test/e2e/framework/addon/vault/setup.go b/test/e2e/framework/addon/vault/setup.go index ab0a4017e50..70a5fe515cf 100644 --- a/test/e2e/framework/addon/vault/setup.go +++ b/test/e2e/framework/addon/vault/setup.go @@ -198,7 +198,7 @@ func NewVaultClientCertificateSecret(secretName string, certificate, key []byte) } // Set up a new Vault client, port-forward to the Vault instance. -func (v *VaultInitializer) Init() error { +func (v *VaultInitializer) Init(ctx context.Context) error { cfg := vault.DefaultConfiguration() cfg.Address = v.details.ProxyURL @@ -235,8 +235,8 @@ func (v *VaultInitializer) Init() error { // The timeout below must be aligned with the time taken by the Vault addons to start, // each addon safely takes about 20 seconds to start and two addons are started one after another, // one for without mTLS enforced and another with mTLS enforced - err = wait.PollUntilContextTimeout(context.TODO(), time.Second, 45*time.Second, true, func(ctx context.Context) (bool, error) { - conn, err := net.DialTimeout("tcp", proxyUrl.Host, time.Second) + err = wait.PollUntilContextTimeout(ctx, time.Second, 45*time.Second, true, func(ctx context.Context) (bool, error) { + conn, err := (&net.Dialer{Timeout: time.Second}).DialContext(ctx, "tcp", proxyUrl.Host) if err != nil { lastError = err return false, nil @@ -253,8 +253,8 @@ func (v *VaultInitializer) Init() error { // Wait for Vault to be ready { var lastError error - err = wait.PollUntilContextTimeout(context.TODO(), time.Second, 20*time.Second, true, func(ctx context.Context) (bool, error) { - _, err := v.client.System.ReadHealthStatus(context.TODO()) + err = wait.PollUntilContextTimeout(ctx, time.Second, 20*time.Second, true, func(ctx context.Context) (bool, error) { + _, err := v.client.System.ReadHealthStatus(ctx) if err != nil { lastError = err return false, nil @@ -271,38 +271,38 @@ func (v *VaultInitializer) Init() error { } // Set up a Vault PKI. -func (v *VaultInitializer) Setup() error { +func (v *VaultInitializer) Setup(ctx context.Context) error { // Enable a new Vault secrets engine at v.RootMount - if err := v.mountPKI(v.rootMount, "87600h"); err != nil { + if err := v.mountPKI(ctx, v.rootMount, "87600h"); err != nil { return err } // Generate a self-signed CA cert using the engine at v.RootMount - rootCa, err := v.generateRootCert() + rootCa, err := v.generateRootCert(ctx) if err != nil { return err } // Configure issuing certificate endpoints and CRL distribution points to be // set on certs issued by v.RootMount. - if err := v.configureCert(v.rootMount); err != nil { + if err := v.configureCert(ctx, v.rootMount); err != nil { return err } // Enable a new Vault secrets engine at v.intermediateMount - if err := v.mountPKI(v.intermediateMount, "43800h"); err != nil { + if err := v.mountPKI(ctx, v.intermediateMount, "43800h"); err != nil { return err } // Generate a CSR for secrets engine at v.intermediateMount - csr, err := v.generateIntermediateSigningReq() + csr, err := v.generateIntermediateSigningReq(ctx) if err != nil { return err } // Issue a new intermediate CA from v.RootMount for the CSR created above. - intermediateCa, err := v.signCertificate(csr) + intermediateCa, err := v.signCertificate(ctx, csr) if err != nil { return err } @@ -313,28 +313,28 @@ func (v *VaultInitializer) Setup() error { if v.configureWithRoot { caChain = fmt.Sprintf("%s\n%s", intermediateCa, rootCa) } - if err := v.importSignIntermediate(caChain, v.intermediateMount); err != nil { + if err := v.importSignIntermediate(ctx, caChain, v.intermediateMount); err != nil { return err } // Configure issuing certificate endpoints and CRL distribution points to be // set on certs issued by v.intermediateMount. - if err := v.configureCert(v.intermediateMount); err != nil { + if err := v.configureCert(ctx, v.intermediateMount); err != nil { return err } - if err := v.configureIntermediateRoles(); err != nil { + if err := v.configureIntermediateRoles(ctx); err != nil { return err } if v.appRoleAuthPath != "" { - if err := v.setupAppRoleAuth(); err != nil { + if err := v.setupAppRoleAuth(ctx); err != nil { return err } } if v.kubernetesAuthPath != "" { - if err := v.setupKubernetesBasedAuth(); err != nil { + if err := v.setupKubernetesBasedAuth(ctx); err != nil { return err } } @@ -342,9 +342,7 @@ func (v *VaultInitializer) Setup() error { return nil } -func (v *VaultInitializer) Clean() error { - ctx := context.Background() - +func (v *VaultInitializer) Clean(ctx context.Context) error { if _, err := v.client.System.MountsDisableSecretsEngine(ctx, "/"+v.intermediateMount); err != nil { return fmt.Errorf("unable to unmount %v: %v", v.intermediateMount, err) } @@ -355,9 +353,7 @@ func (v *VaultInitializer) Clean() error { return nil } -func (v *VaultInitializer) CreateAppRole() (string, string, error) { - ctx := context.Background() - +func (v *VaultInitializer) CreateAppRole(ctx context.Context) (string, string, error) { // create policy policy := fmt.Sprintf(`path "%s" { capabilities = [ "create", "update" ] }`, v.IntermediateSignPath()) _, err := v.client.System.PoliciesWriteAclPolicy( @@ -406,8 +402,7 @@ func (v *VaultInitializer) CreateAppRole() (string, string, error) { return respRoleId.Data.RoleId, resp.Data["secret_id"].(string), nil } -func (v *VaultInitializer) CleanAppRole() error { - ctx := context.Background() +func (v *VaultInitializer) CleanAppRole(ctx context.Context) error { _, err := v.client.Auth.AppRoleDeleteRole( ctx, v.role, @@ -425,8 +420,7 @@ func (v *VaultInitializer) CleanAppRole() error { return nil } -func (v *VaultInitializer) mountPKI(mount, ttl string) error { - ctx := context.Background() +func (v *VaultInitializer) mountPKI(ctx context.Context, mount, ttl string) error { _, err := v.client.System.MountsEnableSecretsEngine( ctx, "/"+mount, @@ -444,8 +438,7 @@ func (v *VaultInitializer) mountPKI(mount, ttl string) error { return nil } -func (v *VaultInitializer) generateRootCert() (string, error) { - ctx := context.Background() +func (v *VaultInitializer) generateRootCert(ctx context.Context) (string, error) { resp, err := v.client.Secrets.PkiGenerateRoot( ctx, "internal", @@ -464,8 +457,7 @@ func (v *VaultInitializer) generateRootCert() (string, error) { return resp.Data.Certificate, nil } -func (v *VaultInitializer) generateIntermediateSigningReq() (string, error) { - ctx := context.Background() +func (v *VaultInitializer) generateIntermediateSigningReq(ctx context.Context) (string, error) { resp, err := v.client.Secrets.PkiGenerateIntermediate( ctx, "internal", @@ -485,8 +477,7 @@ func (v *VaultInitializer) generateIntermediateSigningReq() (string, error) { return resp.Data.Csr, nil } -func (v *VaultInitializer) signCertificate(csr string) (string, error) { - ctx := context.Background() +func (v *VaultInitializer) signCertificate(ctx context.Context, csr string) (string, error) { resp, err := v.client.Secrets.PkiRootSignIntermediate( ctx, schema.PkiRootSignIntermediateRequest{ @@ -504,8 +495,7 @@ func (v *VaultInitializer) signCertificate(csr string) (string, error) { return resp.Data.Certificate, nil } -func (v *VaultInitializer) importSignIntermediate(caChain, intermediateMount string) error { - ctx := context.Background() +func (v *VaultInitializer) importSignIntermediate(ctx context.Context, caChain, intermediateMount string) error { _, err := v.client.Secrets.PkiSetSignedIntermediate( ctx, schema.PkiSetSignedIntermediateRequest{ @@ -520,8 +510,7 @@ func (v *VaultInitializer) importSignIntermediate(caChain, intermediateMount str return nil } -func (v *VaultInitializer) configureCert(mount string) error { - ctx := context.Background() +func (v *VaultInitializer) configureCert(ctx context.Context, mount string) error { _, err := v.client.Secrets.PkiConfigureUrls( ctx, schema.PkiConfigureUrlsRequest{ @@ -541,8 +530,7 @@ func (v *VaultInitializer) configureCert(mount string) error { return nil } -func (v *VaultInitializer) configureIntermediateRoles() error { - ctx := context.Background() +func (v *VaultInitializer) configureIntermediateRoles(ctx context.Context) error { // TODO: Should use Secrets.PkiWriteRole here, // but it is broken. See: // https://github.com/hashicorp/vault-client-go/issues/195 @@ -567,8 +555,7 @@ func (v *VaultInitializer) configureIntermediateRoles() error { return nil } -func (v *VaultInitializer) setupAppRoleAuth() error { - ctx := context.Background() +func (v *VaultInitializer) setupAppRoleAuth(ctx context.Context) error { // vault auth-enable approle resp, err := v.client.System.AuthListEnabledMethods(ctx) if err != nil { @@ -593,8 +580,7 @@ func (v *VaultInitializer) setupAppRoleAuth() error { return nil } -func (v *VaultInitializer) setupKubernetesBasedAuth() error { - ctx := context.Background() +func (v *VaultInitializer) setupKubernetesBasedAuth(ctx context.Context) error { // vault auth-enable kubernetes resp, err := v.client.System.AuthListEnabledMethods(ctx) if err != nil { @@ -643,8 +629,7 @@ func (v *VaultInitializer) setupKubernetesBasedAuth() error { // CreateKubernetesrole creates a service account and ClusterRoleBinding for // Kubernetes auth delegation. The name "boundSA" refers to the Vault param // "bound_service_account_names". -func (v *VaultInitializer) CreateKubernetesRole(client kubernetes.Interface, boundNS, boundSA string) error { - ctx := context.Background() +func (v *VaultInitializer) CreateKubernetesRole(ctx context.Context, client kubernetes.Interface, boundNS, boundSA string) error { serviceAccount := &corev1.ServiceAccount{ ObjectMeta: metav1.ObjectMeta{ Name: boundSA, @@ -692,8 +677,7 @@ func (v *VaultInitializer) IntermediateSignPath() string { } // CleanKubernetesRole cleans up the ClusterRoleBinding and ServiceAccount for Kubernetes auth delegation -func (v *VaultInitializer) CleanKubernetesRole(client kubernetes.Interface, boundNS, boundSA string) error { - ctx := context.Background() +func (v *VaultInitializer) CleanKubernetesRole(ctx context.Context, client kubernetes.Interface, boundNS, boundSA string) error { if err := client.CoreV1().ServiceAccounts(boundNS).Delete(ctx, boundSA, metav1.DeleteOptions{}); err != nil { return err } @@ -748,13 +732,13 @@ func RoleAndBindingForServiceAccountRefAuth(roleName, namespace, serviceAccount // CreateKubernetesRoleForServiceAccountRefAuth creates a service account and a // role for using the "serviceAccountRef" field. -func CreateKubernetesRoleForServiceAccountRefAuth(client kubernetes.Interface, roleName, saNS, saName string) error { +func CreateKubernetesRoleForServiceAccountRefAuth(ctx context.Context, client kubernetes.Interface, roleName, saNS, saName string) error { role, binding := RoleAndBindingForServiceAccountRefAuth(roleName, saNS, saName) - _, err := client.RbacV1().Roles(saNS).Create(context.TODO(), role, metav1.CreateOptions{}) + _, err := client.RbacV1().Roles(saNS).Create(ctx, role, metav1.CreateOptions{}) if err != nil { return fmt.Errorf("error creating Role for Kubernetes auth ServiceAccount with serviceAccountRef: %s", err.Error()) } - _, err = client.RbacV1().RoleBindings(saNS).Create(context.TODO(), binding, metav1.CreateOptions{}) + _, err = client.RbacV1().RoleBindings(saNS).Create(ctx, binding, metav1.CreateOptions{}) if err != nil { return fmt.Errorf("error creating RoleBinding for Kubernetes auth ServiceAccount with serviceAccountRef: %s", err.Error()) } @@ -762,16 +746,16 @@ func CreateKubernetesRoleForServiceAccountRefAuth(client kubernetes.Interface, r return nil } -func CleanKubernetesRoleForServiceAccountRefAuth(client kubernetes.Interface, roleName, saNS, saName string) error { - if err := client.RbacV1().RoleBindings(saNS).Delete(context.TODO(), roleName, metav1.DeleteOptions{}); err != nil { +func CleanKubernetesRoleForServiceAccountRefAuth(ctx context.Context, client kubernetes.Interface, roleName, saNS, saName string) error { + if err := client.RbacV1().RoleBindings(saNS).Delete(ctx, roleName, metav1.DeleteOptions{}); err != nil { return err } - if err := client.RbacV1().Roles(saNS).Delete(context.TODO(), roleName, metav1.DeleteOptions{}); err != nil { + if err := client.RbacV1().Roles(saNS).Delete(ctx, roleName, metav1.DeleteOptions{}); err != nil { return err } - if err := client.CoreV1().ServiceAccounts(saNS).Delete(context.TODO(), saName, metav1.DeleteOptions{}); err != nil { + if err := client.CoreV1().ServiceAccounts(saNS).Delete(ctx, saName, metav1.DeleteOptions{}); err != nil { return err } diff --git a/test/e2e/framework/addon/vault/vault.go b/test/e2e/framework/addon/vault/vault.go index 8dfd485882d..4556f5694d1 100644 --- a/test/e2e/framework/addon/vault/vault.go +++ b/test/e2e/framework/addon/vault/vault.go @@ -312,11 +312,11 @@ func (v *Vault) Setup(cfg *config.Config, leaderData ...internal.AddonTransferab } // Provision will actually deploy this instance of Vault to the cluster. -func (v *Vault) Provision() error { +func (v *Vault) Provision(ctx context.Context) error { kubeClient := v.Base.Details().KubeClient // If the namespace doesn't exist, create it - _, err := kubeClient.CoreV1().Namespaces().Create(context.TODO(), &corev1.Namespace{ + _, err := kubeClient.CoreV1().Namespaces().Create(ctx, &corev1.Namespace{ ObjectMeta: metav1.ObjectMeta{ Name: v.Namespace, }, @@ -343,13 +343,13 @@ func (v *Vault) Provision() error { "client.key": string(v.details.VaultClientPrivateKey), }, } - _, err = kubeClient.CoreV1().Secrets(v.Namespace).Create(context.TODO(), tlsSecret, metav1.CreateOptions{}) + _, err = kubeClient.CoreV1().Secrets(v.Namespace).Create(ctx, tlsSecret, metav1.CreateOptions{}) if err != nil { return err } // Deploy the vault chart - err = v.chart.Provision() + err = v.chart.Provision(ctx) if err != nil { return err } @@ -366,8 +366,8 @@ func (v *Vault) Provision() error { } var lastError error - err = wait.PollUntilContextTimeout(context.TODO(), 5*time.Second, 5*time.Minute, true, func(ctx context.Context) (bool, error) { - pod, err := kubeClient.CoreV1().Pods(v.proxy.podNamespace).Get(context.TODO(), v.proxy.podName, metav1.GetOptions{}) + err = wait.PollUntilContextTimeout(ctx, 5*time.Second, 5*time.Minute, true, func(ctx context.Context) (bool, error) { + pod, err := kubeClient.CoreV1().Pods(v.proxy.podNamespace).Get(ctx, v.proxy.podName, metav1.GetOptions{}) if err != nil && !apierrors.IsNotFound(err) { return false, err } @@ -396,7 +396,7 @@ func (v *Vault) Provision() error { GetLogs(v.proxy.podName, &corev1.PodLogOptions{ TailLines: ptr.To(int64(100)), }). - DoRaw(context.TODO()) + DoRaw(ctx) if err != nil { return fmt.Errorf("error waiting for vault pod to be ready: %w; failed to retrieve logs: %w", lastError, err) @@ -419,26 +419,26 @@ func (v *Vault) Details() *Details { } // Deprovision will destroy this instance of Vault -func (v *Vault) Deprovision() error { - if err := v.proxy.stop(); err != nil { +func (v *Vault) Deprovision(ctx context.Context) error { + if err := v.proxy.stop(ctx); err != nil { return err } kubeClient := v.Base.Details().KubeClient - err := kubeClient.CoreV1().Secrets(v.Namespace).Delete(context.TODO(), "vault-tls", metav1.DeleteOptions{}) + err := kubeClient.CoreV1().Secrets(v.Namespace).Delete(ctx, "vault-tls", metav1.DeleteOptions{}) if err != nil { return err } - return v.chart.Deprovision() + return v.chart.Deprovision(ctx) } func (v *Vault) SupportsGlobal() bool { return v.chart.SupportsGlobal() } -func (v *Vault) Logs() (map[string]string, error) { - return v.chart.Logs() +func (v *Vault) Logs(ctx context.Context) (map[string]string, error) { + return v.chart.Logs(ctx) } func generateVaultServingCert(vaultCA []byte, vaultCAPrivateKey []byte, dnsName string) ([]byte, []byte) { diff --git a/test/e2e/framework/addon/venafi/cloud.go b/test/e2e/framework/addon/venafi/cloud.go index ea3273d194f..98c68c9a208 100644 --- a/test/e2e/framework/addon/venafi/cloud.go +++ b/test/e2e/framework/addon/venafi/cloud.go @@ -70,7 +70,7 @@ func (v *VenafiCloud) Setup(cfg *config.Config, _ ...internal.AddonTransferableD return nil, nil } -func (v *VenafiCloud) Provision() error { +func (v *VenafiCloud) Provision(ctx context.Context) error { secret := &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ GenerateName: "cm-e2e-venafi-cloud-", @@ -81,7 +81,7 @@ func (v *VenafiCloud) Provision() error { }, } - s, err := v.Base.Details().KubeClient.CoreV1().Secrets(v.Namespace).Create(context.TODO(), secret, metav1.CreateOptions{}) + s, err := v.Base.Details().KubeClient.CoreV1().Secrets(v.Namespace).Create(ctx, secret, metav1.CreateOptions{}) if err != nil { return err } @@ -106,8 +106,8 @@ func (v *VenafiCloud) Details() *CloudDetails { return &v.details } -func (v *VenafiCloud) Deprovision() error { - return v.Base.Details().KubeClient.CoreV1().Secrets(v.createdSecret.Namespace).Delete(context.TODO(), v.createdSecret.Name, metav1.DeleteOptions{}) +func (v *VenafiCloud) Deprovision(ctx context.Context) error { + return v.Base.Details().KubeClient.CoreV1().Secrets(v.createdSecret.Namespace).Delete(ctx, v.createdSecret.Name, metav1.DeleteOptions{}) } func (v *VenafiCloud) SupportsGlobal() bool { @@ -141,9 +141,9 @@ func (t *CloudDetails) BuildClusterIssuer() *cmapi.ClusterIssuer { } // SetAPIKey sets the Secret data["apikey"] value -func (v *VenafiCloud) SetAPIKey(token string) error { +func (v *VenafiCloud) SetAPIKey(ctx context.Context, token string) error { v.createdSecret.Data["apikey"] = []byte(token) - s, err := v.Base.Details().KubeClient.CoreV1().Secrets(v.Namespace).Update(context.TODO(), v.createdSecret, metav1.UpdateOptions{}) + s, err := v.Base.Details().KubeClient.CoreV1().Secrets(v.Namespace).Update(ctx, v.createdSecret, metav1.UpdateOptions{}) if err != nil { return err } diff --git a/test/e2e/framework/addon/venafi/tpp.go b/test/e2e/framework/addon/venafi/tpp.go index 1939b6c5a1f..5387be92821 100644 --- a/test/e2e/framework/addon/venafi/tpp.go +++ b/test/e2e/framework/addon/venafi/tpp.go @@ -79,7 +79,7 @@ func (v *VenafiTPP) Setup(cfg *config.Config, _ ...internal.AddonTransferableDat return nil, nil } -func (v *VenafiTPP) Provision() error { +func (v *VenafiTPP) Provision(ctx context.Context) error { secret := &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ GenerateName: "cm-e2e-venafi-", @@ -92,7 +92,7 @@ func (v *VenafiTPP) Provision() error { }, } - s, err := v.Base.Details().KubeClient.CoreV1().Secrets(v.Namespace).Create(context.TODO(), secret, metav1.CreateOptions{}) + s, err := v.Base.Details().KubeClient.CoreV1().Secrets(v.Namespace).Create(ctx, secret, metav1.CreateOptions{}) if err != nil { return err } @@ -114,12 +114,12 @@ func (v *VenafiTPP) Details() *TPPDetails { return &v.details } -func (v *VenafiTPP) Deprovision() error { +func (v *VenafiTPP) Deprovision(ctx context.Context) error { if v.createdSecret == nil { return nil } - return v.Base.Details().KubeClient.CoreV1().Secrets(v.createdSecret.Namespace).Delete(context.TODO(), v.createdSecret.Name, metav1.DeleteOptions{}) + return v.Base.Details().KubeClient.CoreV1().Secrets(v.createdSecret.Namespace).Delete(ctx, v.createdSecret.Name, metav1.DeleteOptions{}) } func (v *VenafiTPP) SupportsGlobal() bool { @@ -153,9 +153,9 @@ func (t *TPPDetails) BuildClusterIssuer() *cmapi.ClusterIssuer { } // SetAccessToken sets the Secret data["access-token"] value -func (v *VenafiTPP) SetAccessToken(token string) error { +func (v *VenafiTPP) SetAccessToken(ctx context.Context, token string) error { v.createdSecret.Data["access-token"] = []byte(token) - s, err := v.Base.Details().KubeClient.CoreV1().Secrets(v.Namespace).Update(context.TODO(), v.createdSecret, metav1.UpdateOptions{}) + s, err := v.Base.Details().KubeClient.CoreV1().Secrets(v.Namespace).Update(ctx, v.createdSecret, metav1.UpdateOptions{}) if err != nil { return err } diff --git a/test/e2e/framework/cleanup.go b/test/e2e/framework/cleanup.go index b3063ba430b..3da587d209b 100644 --- a/test/e2e/framework/cleanup.go +++ b/test/e2e/framework/cleanup.go @@ -18,17 +18,20 @@ limitations under the License. package framework -import "sync" +import ( + "context" + "sync" +) type CleanupActionHandle *int var cleanupActionsLock sync.Mutex -var cleanupActions = map[CleanupActionHandle]func(){} +var cleanupActions = map[CleanupActionHandle]func(ctx context.Context){} // AddCleanupAction installs a function that will be called in the event of the // whole test being terminated. This allows arbitrary pieces of the overall // test to hook into SynchronizedAfterSuite(). -func AddCleanupAction(fn func()) CleanupActionHandle { +func AddCleanupAction(fn func(ctx context.Context)) CleanupActionHandle { p := CleanupActionHandle(new(int)) cleanupActionsLock.Lock() defer cleanupActionsLock.Unlock() @@ -47,8 +50,8 @@ func RemoveCleanupAction(p CleanupActionHandle) { // RunCleanupActions runs all functions installed by AddCleanupAction. It does // not remove them (see RemoveCleanupAction) but it does run unlocked, so they // may remove themselves. -func RunCleanupActions() { - list := []func(){} +func RunCleanupActions(ctx context.Context) { + list := []func(ctx context.Context){} func() { cleanupActionsLock.Lock() defer cleanupActionsLock.Unlock() @@ -58,6 +61,6 @@ func RunCleanupActions() { }() // Run unlocked. for _, fn := range list { - fn() + fn(ctx) } } diff --git a/test/e2e/framework/framework.go b/test/e2e/framework/framework.go index 3157afb7b4a..7712f3db7f5 100644 --- a/test/e2e/framework/framework.go +++ b/test/e2e/framework/framework.go @@ -114,7 +114,7 @@ func NewFramework(baseName string, cfg *config.Config) *Framework { } // BeforeEach gets a client and makes a namespace. -func (f *Framework) BeforeEach() { +func (f *Framework) BeforeEach(ctx context.Context) { f.cleanupHandle = AddCleanupAction(f.AfterEach) By("Creating a kubernetes client") @@ -146,13 +146,13 @@ func (f *Framework) BeforeEach() { Expect(err).NotTo(HaveOccurred()) By("Building a namespace api object") - f.Namespace, err = f.CreateKubeNamespace(f.BaseName) + f.Namespace, err = f.CreateKubeNamespace(ctx, f.BaseName) Expect(err).NotTo(HaveOccurred()) By("Using the namespace " + f.Namespace.Name) By("Building a ResourceQuota api object") - _, err = f.CreateKubeResourceQuota() + _, err = f.CreateKubeResourceQuota(ctx) Expect(err).NotTo(HaveOccurred()) f.helper.CMClient = f.CertManagerClientSet @@ -160,7 +160,7 @@ func (f *Framework) BeforeEach() { } // AfterEach deletes the namespace, after reading its events. -func (f *Framework) AfterEach() { +func (f *Framework) AfterEach(ctx context.Context) { RemoveCleanupAction(f.cleanupHandle) f.printAddonLogs() @@ -172,12 +172,12 @@ func (f *Framework) AfterEach() { for i := len(f.requiredAddons) - 1; i >= 0; i-- { a := f.requiredAddons[i] By("De-provisioning test-scoped addon") - err := a.Deprovision() + err := a.Deprovision(ctx) Expect(err).NotTo(HaveOccurred()) } By("Deleting test namespace") - err := f.DeleteKubeNamespace(f.Namespace.Name) + err := f.DeleteKubeNamespace(ctx, f.Namespace.Name) Expect(err).NotTo(HaveOccurred()) } @@ -220,7 +220,7 @@ type loggableAddon interface { func (f *Framework) RequireAddon(a addon.Addon) { f.requiredAddons = append(f.requiredAddons, a) - BeforeEach(func() { + BeforeEach(func(ctx context.Context) { By("Provisioning test-scoped addon") _, err := a.Setup(f.Config) if errors.IsSkip(err) { @@ -228,7 +228,7 @@ func (f *Framework) RequireAddon(a addon.Addon) { } Expect(err).NotTo(HaveOccurred()) - err = a.Provision() + err = a.Provision(ctx) Expect(err).NotTo(HaveOccurred()) }) } @@ -237,9 +237,9 @@ func (f *Framework) Helper() *helper.Helper { return f.helper } -func (f *Framework) CertificateDurationValid(c *v1.Certificate, duration, fuzz time.Duration) { +func (f *Framework) CertificateDurationValid(ctx context.Context, c *v1.Certificate, duration, fuzz time.Duration) { By("Verifying TLS certificate exists") - secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.TODO(), c.Spec.SecretName, metav1.GetOptions{}) + secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, c.Spec.SecretName, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) certBytes, ok := secret.Data[api.TLSCertKey] if !ok { diff --git a/test/e2e/framework/helper/certificaterequests.go b/test/e2e/framework/helper/certificaterequests.go index 34cdd97da91..c4ce6f3d30c 100644 --- a/test/e2e/framework/helper/certificaterequests.go +++ b/test/e2e/framework/helper/certificaterequests.go @@ -40,14 +40,14 @@ import ( // WaitForCertificateRequestReady waits for the CertificateRequest resource to // enter a Ready state. -func (h *Helper) WaitForCertificateRequestReady(ns, name string, timeout time.Duration) (*cmapi.CertificateRequest, error) { +func (h *Helper) WaitForCertificateRequestReady(ctx context.Context, ns, name string, timeout time.Duration) (*cmapi.CertificateRequest, error) { var cr *cmapi.CertificateRequest logf, done := log.LogBackoff() defer done() - err := wait.PollUntilContextTimeout(context.TODO(), time.Second, timeout, true, func(ctx context.Context) (bool, error) { + err := wait.PollUntilContextTimeout(ctx, time.Second, timeout, true, func(ctx context.Context) (bool, error) { var err error logf("Waiting for CertificateRequest %s to be ready", name) - cr, err = h.CMClient.CertmanagerV1().CertificateRequests(ns).Get(context.TODO(), name, metav1.GetOptions{}) + cr, err = h.CMClient.CertmanagerV1().CertificateRequests(ns).Get(ctx, name, metav1.GetOptions{}) if err != nil { return false, fmt.Errorf("error getting CertificateRequest %s: %v", name, err) } @@ -73,7 +73,7 @@ func (h *Helper) WaitForCertificateRequestReady(ns, name string, timeout time.Du // CertificateRequest has a certificate issued for it, and that the details on // the x509 certificate are correct as defined by the CertificateRequest's // spec. -func (h *Helper) ValidateIssuedCertificateRequest(cr *cmapi.CertificateRequest, key crypto.Signer, rootCAPEM []byte) (*x509.Certificate, error) { +func (h *Helper) ValidateIssuedCertificateRequest(ctx context.Context, cr *cmapi.CertificateRequest, key crypto.Signer, rootCAPEM []byte) (*x509.Certificate, error) { csr, err := pki.DecodeX509CertificateRequestBytes(cr.Spec.Request) if err != nil { return nil, fmt.Errorf("failed to decode CertificateRequest's Spec.Request: %s", err) @@ -155,7 +155,7 @@ func (h *Helper) ValidateIssuedCertificateRequest(cr *cmapi.CertificateRequest, return nil, fmt.Errorf("unsupported key algorithm type: %s", csr.PublicKeyAlgorithm) } - defaultCertKeyUsages, defaultCertExtKeyUsages, err := h.defaultKeyUsagesToAdd(cr.Namespace, &cr.Spec.IssuerRef) + defaultCertKeyUsages, defaultCertExtKeyUsages, err := h.defaultKeyUsagesToAdd(ctx, cr.Namespace, &cr.Spec.IssuerRef) if err != nil { return nil, err } @@ -205,12 +205,12 @@ func (h *Helper) ValidateIssuedCertificateRequest(cr *cmapi.CertificateRequest, return cert, nil } -func (h *Helper) WaitCertificateRequestIssuedValid(ns, name string, timeout time.Duration, key crypto.Signer) error { - return h.WaitCertificateRequestIssuedValidTLS(ns, name, timeout, key, nil) +func (h *Helper) WaitCertificateRequestIssuedValid(ctx context.Context, ns, name string, timeout time.Duration, key crypto.Signer) error { + return h.WaitCertificateRequestIssuedValidTLS(ctx, ns, name, timeout, key, nil) } -func (h *Helper) WaitCertificateRequestIssuedValidTLS(ns, name string, timeout time.Duration, key crypto.Signer, rootCAPEM []byte) error { - cr, err := h.WaitForCertificateRequestReady(ns, name, timeout) +func (h *Helper) WaitCertificateRequestIssuedValidTLS(ctx context.Context, ns, name string, timeout time.Duration, key crypto.Signer, rootCAPEM []byte) error { + cr, err := h.WaitForCertificateRequestReady(ctx, ns, name, timeout) if err != nil { log.Logf("Error waiting for CertificateRequest to become Ready: %v", err) h.Kubectl(ns).DescribeResource("certificaterequest", name) @@ -218,7 +218,7 @@ func (h *Helper) WaitCertificateRequestIssuedValidTLS(ns, name string, timeout t return err } - _, err = h.ValidateIssuedCertificateRequest(cr, key, rootCAPEM) + _, err = h.ValidateIssuedCertificateRequest(ctx, cr, key, rootCAPEM) if err != nil { log.Logf("Error validating issued certificate: %v", err) h.Kubectl(ns).DescribeResource("certificaterequest", name) diff --git a/test/e2e/framework/helper/certificates.go b/test/e2e/framework/helper/certificates.go index c8513c0d7a7..262281649f2 100644 --- a/test/e2e/framework/helper/certificates.go +++ b/test/e2e/framework/helper/certificates.go @@ -36,16 +36,16 @@ import ( ) // WaitForCertificateToExist waits for the named certificate to exist and returns the certificate -func (h *Helper) WaitForCertificateToExist(namespace string, name string, timeout time.Duration) (*cmapi.Certificate, error) { +func (h *Helper) WaitForCertificateToExist(ctx context.Context, namespace string, name string, timeout time.Duration) (*cmapi.Certificate, error) { client := h.CMClient.CertmanagerV1().Certificates(namespace) var certificate *v1.Certificate logf, done := log.LogBackoff() defer done() - pollErr := wait.PollUntilContextTimeout(context.TODO(), 500*time.Millisecond, timeout, true, func(ctx context.Context) (bool, error) { + pollErr := wait.PollUntilContextTimeout(ctx, 500*time.Millisecond, timeout, true, func(ctx context.Context) (bool, error) { logf("Waiting for Certificate %v to exist", name) var err error - certificate, err = client.Get(context.TODO(), name, metav1.GetOptions{}) + certificate, err = client.Get(ctx, name, metav1.GetOptions{}) if errors.IsNotFound(err) { return false, nil } @@ -58,11 +58,11 @@ func (h *Helper) WaitForCertificateToExist(namespace string, name string, timeou return certificate, pollErr } -func (h *Helper) waitForCertificateCondition(client clientset.CertificateInterface, name string, check func(*v1.Certificate) bool, timeout time.Duration) (*cmapi.Certificate, error) { +func (h *Helper) waitForCertificateCondition(ctx context.Context, client clientset.CertificateInterface, name string, check func(*v1.Certificate) bool, timeout time.Duration) (*cmapi.Certificate, error) { var certificate *v1.Certificate - pollErr := wait.PollUntilContextTimeout(context.TODO(), 500*time.Millisecond, timeout, true, func(ctx context.Context) (bool, error) { + pollErr := wait.PollUntilContextTimeout(ctx, 500*time.Millisecond, timeout, true, func(ctx context.Context) (bool, error) { var err error - certificate, err = client.Get(context.TODO(), name, metav1.GetOptions{}) + certificate, err = client.Get(ctx, name, metav1.GetOptions{}) if nil != err { certificate = nil return false, fmt.Errorf("error getting Certificate %v: %v", name, err) @@ -93,7 +93,7 @@ func (h *Helper) waitForCertificateCondition(client clientset.CertificateInterfa // WaitForCertificateReadyAndDoneIssuing waits for the certificate resource to be in a Ready=True state and not be in an Issuing state. // The Ready=True condition will be checked against the provided certificate to make sure that it is up-to-date (condition gen. >= cert gen.). -func (h *Helper) WaitForCertificateReadyAndDoneIssuing(cert *cmapi.Certificate, timeout time.Duration) (*cmapi.Certificate, error) { +func (h *Helper) WaitForCertificateReadyAndDoneIssuing(ctx context.Context, cert *cmapi.Certificate, timeout time.Duration) (*cmapi.Certificate, error) { ready_true_condition := cmapi.CertificateCondition{ Type: cmapi.CertificateConditionReady, Status: cmmeta.ConditionTrue, @@ -105,7 +105,7 @@ func (h *Helper) WaitForCertificateReadyAndDoneIssuing(cert *cmapi.Certificate, } logf, done := log.LogBackoff() defer done() - return h.waitForCertificateCondition(h.CMClient.CertmanagerV1().Certificates(cert.Namespace), cert.Name, func(certificate *v1.Certificate) bool { + return h.waitForCertificateCondition(ctx, h.CMClient.CertmanagerV1().Certificates(cert.Namespace), cert.Name, func(certificate *v1.Certificate) bool { if !apiutil.CertificateHasConditionWithObservedGeneration(certificate, ready_true_condition) { logf( "Expected Certificate %v condition %v=%v (generation >= %v) but it has: %v", @@ -134,7 +134,7 @@ func (h *Helper) WaitForCertificateReadyAndDoneIssuing(cert *cmapi.Certificate, // WaitForCertificateNotReadyAndDoneIssuing waits for the certificate resource to be in a Ready=False state and not be in an Issuing state. // The Ready=False condition will be checked against the provided certificate to make sure that it is up-to-date (condition gen. >= cert gen.). -func (h *Helper) WaitForCertificateNotReadyAndDoneIssuing(cert *cmapi.Certificate, timeout time.Duration) (*cmapi.Certificate, error) { +func (h *Helper) WaitForCertificateNotReadyAndDoneIssuing(ctx context.Context, cert *cmapi.Certificate, timeout time.Duration) (*cmapi.Certificate, error) { ready_false_condition := cmapi.CertificateCondition{ Type: cmapi.CertificateConditionReady, Status: cmmeta.ConditionFalse, @@ -146,7 +146,7 @@ func (h *Helper) WaitForCertificateNotReadyAndDoneIssuing(cert *cmapi.Certificat } logf, done := log.LogBackoff() defer done() - return h.waitForCertificateCondition(h.CMClient.CertmanagerV1().Certificates(cert.Namespace), cert.Name, func(certificate *v1.Certificate) bool { + return h.waitForCertificateCondition(ctx, h.CMClient.CertmanagerV1().Certificates(cert.Namespace), cert.Name, func(certificate *v1.Certificate) bool { if !apiutil.CertificateHasConditionWithObservedGeneration(certificate, ready_false_condition) { logf( "Expected Certificate %v condition %v=%v (generation >= %v) but it has: %v", @@ -173,11 +173,11 @@ func (h *Helper) WaitForCertificateNotReadyAndDoneIssuing(cert *cmapi.Certificat }, timeout) } -func (h *Helper) waitForIssuerCondition(client clientset.IssuerInterface, name string, check func(issuer *v1.Issuer) bool, timeout time.Duration) (*cmapi.Issuer, error) { +func (h *Helper) waitForIssuerCondition(ctx context.Context, client clientset.IssuerInterface, name string, check func(issuer *v1.Issuer) bool, timeout time.Duration) (*cmapi.Issuer, error) { var issuer *v1.Issuer - pollErr := wait.PollUntilContextTimeout(context.TODO(), 500*time.Millisecond, timeout, true, func(ctx context.Context) (bool, error) { + pollErr := wait.PollUntilContextTimeout(ctx, 500*time.Millisecond, timeout, true, func(ctx context.Context) (bool, error) { var err error - issuer, err = client.Get(context.TODO(), name, metav1.GetOptions{}) + issuer, err = client.Get(ctx, name, metav1.GetOptions{}) if nil != err { issuer = nil return false, fmt.Errorf("error getting Issuer %v: %v", name, err) @@ -197,7 +197,7 @@ func (h *Helper) waitForIssuerCondition(client clientset.IssuerInterface, name s // WaitIssuerReady waits for the Issuer resource to be in a Ready=True state // The Ready=True condition will be checked against the provided issuer to make sure its ready. -func (h *Helper) WaitIssuerReady(issuer *cmapi.Issuer, timeout time.Duration) (*cmapi.Issuer, error) { +func (h *Helper) WaitIssuerReady(ctx context.Context, issuer *cmapi.Issuer, timeout time.Duration) (*cmapi.Issuer, error) { ready_true_condition := cmapi.IssuerCondition{ Type: cmapi.IssuerConditionReady, Status: cmmeta.ConditionTrue, @@ -205,7 +205,7 @@ func (h *Helper) WaitIssuerReady(issuer *cmapi.Issuer, timeout time.Duration) (* logf, done := log.LogBackoff() defer done() - return h.waitForIssuerCondition(h.CMClient.CertmanagerV1().Issuers(issuer.Namespace), issuer.Name, func(issuer *v1.Issuer) bool { + return h.waitForIssuerCondition(ctx, h.CMClient.CertmanagerV1().Issuers(issuer.Namespace), issuer.Name, func(issuer *v1.Issuer) bool { if !apiutil.IssuerHasCondition(issuer, ready_true_condition) { logf( "Expected Issuer %v condition %v=%v but it has: %v", @@ -220,11 +220,11 @@ func (h *Helper) WaitIssuerReady(issuer *cmapi.Issuer, timeout time.Duration) (* }, timeout) } -func (h *Helper) waitForClusterIssuerCondition(client clientset.ClusterIssuerInterface, name string, check func(issuer *v1.ClusterIssuer) bool, timeout time.Duration) (*cmapi.ClusterIssuer, error) { +func (h *Helper) waitForClusterIssuerCondition(ctx context.Context, client clientset.ClusterIssuerInterface, name string, check func(issuer *v1.ClusterIssuer) bool, timeout time.Duration) (*cmapi.ClusterIssuer, error) { var issuer *v1.ClusterIssuer - pollErr := wait.PollUntilContextTimeout(context.TODO(), 500*time.Millisecond, timeout, true, func(ctx context.Context) (bool, error) { + pollErr := wait.PollUntilContextTimeout(ctx, 500*time.Millisecond, timeout, true, func(ctx context.Context) (bool, error) { var err error - issuer, err = client.Get(context.TODO(), name, metav1.GetOptions{}) + issuer, err = client.Get(ctx, name, metav1.GetOptions{}) if nil != err { issuer = nil return false, fmt.Errorf("error getting Issuer %v: %v", name, err) @@ -244,14 +244,14 @@ func (h *Helper) waitForClusterIssuerCondition(client clientset.ClusterIssuerInt // WaitClusterIssuerReady waits for the Cluster Issuer resource to be in a Ready=True state // The Ready=True condition will be checked against the provided issuer to make sure its ready. -func (h *Helper) WaitClusterIssuerReady(issuer *cmapi.ClusterIssuer, timeout time.Duration) (*cmapi.ClusterIssuer, error) { +func (h *Helper) WaitClusterIssuerReady(ctx context.Context, issuer *cmapi.ClusterIssuer, timeout time.Duration) (*cmapi.ClusterIssuer, error) { ready_true_condition := cmapi.IssuerCondition{ Type: cmapi.IssuerConditionReady, Status: cmmeta.ConditionTrue, } logf, done := log.LogBackoff() defer done() - return h.waitForClusterIssuerCondition(h.CMClient.CertmanagerV1().ClusterIssuers(), issuer.Name, func(issuer *v1.ClusterIssuer) bool { + return h.waitForClusterIssuerCondition(ctx, h.CMClient.CertmanagerV1().ClusterIssuers(), issuer.Name, func(issuer *v1.ClusterIssuer) bool { if !apiutil.IssuerHasCondition(issuer, ready_true_condition) { logf( "Expected Cluster Issuer %v condition %v=%v but it has: %v", @@ -282,11 +282,11 @@ func (h *Helper) deduplicateExtKeyUsages(us []x509.ExtKeyUsage) []x509.ExtKeyUsa return us } -func (h *Helper) defaultKeyUsagesToAdd(ns string, issuerRef *cmmeta.ObjectReference) (x509.KeyUsage, []x509.ExtKeyUsage, error) { +func (h *Helper) defaultKeyUsagesToAdd(ctx context.Context, ns string, issuerRef *cmmeta.ObjectReference) (x509.KeyUsage, []x509.ExtKeyUsage, error) { var issuerSpec *cmapi.IssuerSpec switch issuerRef.Kind { case "ClusterIssuer": - issuerObj, err := h.CMClient.CertmanagerV1().ClusterIssuers().Get(context.TODO(), issuerRef.Name, metav1.GetOptions{}) + issuerObj, err := h.CMClient.CertmanagerV1().ClusterIssuers().Get(ctx, issuerRef.Name, metav1.GetOptions{}) if err != nil { return 0, nil, fmt.Errorf("failed to find referenced ClusterIssuer %v: %s", issuerRef, err) @@ -294,7 +294,7 @@ func (h *Helper) defaultKeyUsagesToAdd(ns string, issuerRef *cmmeta.ObjectRefere issuerSpec = &issuerObj.Spec default: - issuerObj, err := h.CMClient.CertmanagerV1().Issuers(ns).Get(context.TODO(), issuerRef.Name, metav1.GetOptions{}) + issuerObj, err := h.CMClient.CertmanagerV1().Issuers(ns).Get(ctx, issuerRef.Name, metav1.GetOptions{}) if err != nil { return 0, nil, fmt.Errorf("failed to find referenced Issuer %v: %s", issuerRef, err) diff --git a/test/e2e/framework/helper/certificatesigningrequests.go b/test/e2e/framework/helper/certificatesigningrequests.go index acdd5b9bbe1..569c6afbd74 100644 --- a/test/e2e/framework/helper/certificatesigningrequests.go +++ b/test/e2e/framework/helper/certificatesigningrequests.go @@ -31,14 +31,14 @@ import ( // WaitForCertificateSigningRequestSigned waits for the // CertificateSigningRequest resource to be signed. -func (h *Helper) WaitForCertificateSigningRequestSigned(name string, timeout time.Duration) (*certificatesv1.CertificateSigningRequest, error) { +func (h *Helper) WaitForCertificateSigningRequestSigned(ctx context.Context, name string, timeout time.Duration) (*certificatesv1.CertificateSigningRequest, error) { var csr *certificatesv1.CertificateSigningRequest logf, done := log.LogBackoff() defer done() - err := wait.PollUntilContextTimeout(context.TODO(), time.Second, timeout, true, func(ctx context.Context) (bool, error) { + err := wait.PollUntilContextTimeout(ctx, time.Second, timeout, true, func(ctx context.Context) (bool, error) { var err error logf("Waiting for CertificateSigningRequest %s to be ready", name) - csr, err = h.KubeClient.CertificatesV1().CertificateSigningRequests().Get(context.TODO(), name, metav1.GetOptions{}) + csr, err = h.KubeClient.CertificatesV1().CertificateSigningRequests().Get(ctx, name, metav1.GetOptions{}) if err != nil { return false, fmt.Errorf("error getting CertificateSigningRequest %s: %v", name, err) } diff --git a/test/e2e/framework/helper/pod_start.go b/test/e2e/framework/helper/pod_start.go index e1e3d814b8a..486e4199727 100644 --- a/test/e2e/framework/helper/pod_start.go +++ b/test/e2e/framework/helper/pod_start.go @@ -39,16 +39,16 @@ const ( // WaitForAllPodsRunningInNamespace waits default amount of time (PodStartTimeout) // for all pods in the specified namespace to become running. -func (h *Helper) WaitForAllPodsRunningInNamespace(ns string) error { - return h.WaitForAllPodsRunningInNamespaceTimeout(ns, PodStartTimeout) +func (h *Helper) WaitForAllPodsRunningInNamespace(ctx context.Context, ns string) error { + return h.WaitForAllPodsRunningInNamespaceTimeout(ctx, ns, PodStartTimeout) } -func (h *Helper) WaitForAllPodsRunningInNamespaceTimeout(ns string, timeout time.Duration) error { +func (h *Helper) WaitForAllPodsRunningInNamespaceTimeout(ctx context.Context, ns string, timeout time.Duration) error { ginkgo.By("Waiting " + timeout.String() + " for all pods in namespace '" + ns + "' to be Ready") logf, done := log.LogBackoff() defer done() - return wait.PollUntilContextTimeout(context.TODO(), Poll, timeout, true, func(ctx context.Context) (bool, error) { - pods, err := h.KubeClient.CoreV1().Pods(ns).List(context.TODO(), metav1.ListOptions{}) + return wait.PollUntilContextTimeout(ctx, Poll, timeout, true, func(ctx context.Context) (bool, error) { + pods, err := h.KubeClient.CoreV1().Pods(ns).List(ctx, metav1.ListOptions{}) if err != nil { return false, err } diff --git a/test/e2e/framework/helper/secret.go b/test/e2e/framework/helper/secret.go index cfff38c3281..9312cf62537 100644 --- a/test/e2e/framework/helper/secret.go +++ b/test/e2e/framework/helper/secret.go @@ -30,14 +30,14 @@ import ( // WaitForSecretCertificateData waits for the certificate data to be ready // inside a Secret created by cert-manager. -func (h *Helper) WaitForSecretCertificateData(ns, name string, timeout time.Duration) (*corev1.Secret, error) { +func (h *Helper) WaitForSecretCertificateData(ctx context.Context, ns, name string, timeout time.Duration) (*corev1.Secret, error) { var secret *corev1.Secret logf, done := log.LogBackoff() defer done() - err := wait.PollUntilContextTimeout(context.TODO(), time.Second, timeout, true, func(ctx context.Context) (bool, error) { + err := wait.PollUntilContextTimeout(ctx, time.Second, timeout, true, func(ctx context.Context) (bool, error) { var err error logf("Waiting for Secret %s:%s to contain a certificate", ns, name) - secret, err = h.KubeClient.CoreV1().Secrets(ns).Get(context.TODO(), name, metav1.GetOptions{}) + secret, err = h.KubeClient.CoreV1().Secrets(ns).Get(ctx, name, metav1.GetOptions{}) if err != nil { return false, fmt.Errorf("error getting secret %s: %s", name, err) } diff --git a/test/e2e/framework/testenv.go b/test/e2e/framework/testenv.go index 9ad1feeb74e..9135abfb73b 100644 --- a/test/e2e/framework/testenv.go +++ b/test/e2e/framework/testenv.go @@ -36,19 +36,19 @@ const ( ) // CreateKubeNamespace creates a new Kubernetes Namespace for a test. -func (f *Framework) CreateKubeNamespace(baseName string) (*v1.Namespace, error) { +func (f *Framework) CreateKubeNamespace(ctx context.Context, baseName string) (*v1.Namespace, error) { ns := &v1.Namespace{ ObjectMeta: metav1.ObjectMeta{ GenerateName: fmt.Sprintf("e2e-tests-%v-", baseName), }, } - return f.KubeClientSet.CoreV1().Namespaces().Create(context.TODO(), ns, metav1.CreateOptions{}) + return f.KubeClientSet.CoreV1().Namespaces().Create(ctx, ns, metav1.CreateOptions{}) } // CreateKubeResourceQuota provisions a ResourceQuota resource in the target // namespace. -func (f *Framework) CreateKubeResourceQuota() (*v1.ResourceQuota, error) { +func (f *Framework) CreateKubeResourceQuota(ctx context.Context) (*v1.ResourceQuota, error) { quota := &v1.ResourceQuota{ ObjectMeta: metav1.ObjectMeta{ Name: "default-e2e-quota", @@ -65,18 +65,18 @@ func (f *Framework) CreateKubeResourceQuota() (*v1.ResourceQuota, error) { }, }, } - return f.KubeClientSet.CoreV1().ResourceQuotas(f.Namespace.Name).Create(context.TODO(), quota, metav1.CreateOptions{}) + return f.KubeClientSet.CoreV1().ResourceQuotas(f.Namespace.Name).Create(ctx, quota, metav1.CreateOptions{}) } // DeleteKubeNamespace will delete a namespace resource -func (f *Framework) DeleteKubeNamespace(namespace string) error { - return f.KubeClientSet.CoreV1().Namespaces().Delete(context.TODO(), namespace, metav1.DeleteOptions{}) +func (f *Framework) DeleteKubeNamespace(ctx context.Context, namespace string) error { + return f.KubeClientSet.CoreV1().Namespaces().Delete(ctx, namespace, metav1.DeleteOptions{}) } // WaitForKubeNamespaceNotExist will wait for the namespace with the given name // to not exist for up to 2 minutes. -func (f *Framework) WaitForKubeNamespaceNotExist(namespace string) error { - return wait.PollUntilContextTimeout(context.TODO(), Poll, time.Minute*2, true, func(ctx context.Context) (bool, error) { +func (f *Framework) WaitForKubeNamespaceNotExist(ctx context.Context, namespace string) error { + return wait.PollUntilContextTimeout(ctx, Poll, time.Minute*2, true, func(ctx context.Context) (bool, error) { _, err := f.KubeClientSet.CoreV1().Namespaces().Get(ctx, namespace, metav1.GetOptions{}) if apierrors.IsNotFound(err) { return true, nil diff --git a/test/e2e/suite/certificates/additionaloutputformats.go b/test/e2e/suite/certificates/additionaloutputformats.go index 28ce4ff0140..6b0d3bb2810 100644 --- a/test/e2e/suite/certificates/additionaloutputformats.go +++ b/test/e2e/suite/certificates/additionaloutputformats.go @@ -50,6 +50,9 @@ var _ = framework.CertManagerDescribe("Certificate AdditionalCertificateOutputFo secretName = "test-additional-output-formats" ) + ctx := context.TODO() + f := framework.NewDefaultFramework("certificates-additional-output-formats") + createCertificate := func(f *framework.Framework, aof []cmapi.CertificateAdditionalOutputFormat) (string, *cmapi.Certificate) { framework.RequireFeatureGate(f, utilfeature.DefaultFeatureGate, feature.AdditionalCertificateOutputFormats) @@ -70,16 +73,14 @@ var _ = framework.CertManagerDescribe("Certificate AdditionalCertificateOutputFo } By("creating Certificate with AdditionalOutputFormats") - crt, err := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Create(context.Background(), crt, metav1.CreateOptions{}) + crt, err := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Create(ctx, crt, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) - crt, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(crt, time.Minute*2) + crt, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, crt, time.Minute*2) Expect(err).NotTo(HaveOccurred(), "failed to wait for Certificate to become Ready") return crt.Name, crt } - f := framework.NewDefaultFramework("certificates-additional-output-formats") - BeforeEach(func() { By("creating a self-signing issuer") issuer := gen.Issuer(issuerName, @@ -88,7 +89,7 @@ var _ = framework.CertManagerDescribe("Certificate AdditionalCertificateOutputFo Expect(f.CRClient.Create(context.Background(), issuer)).To(Succeed()) By("Waiting for Issuer to become Ready") - err := e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err := e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, cmapi.IssuerCondition{Type: cmapi.IssuerConditionReady, Status: cmmeta.ConditionTrue}) Expect(err).NotTo(HaveOccurred()) }) @@ -311,7 +312,7 @@ var _ = framework.CertManagerDescribe("Certificate AdditionalCertificateOutputFo }) Expect(err).NotTo(HaveOccurred()) - crt, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(crt, time.Minute*2) + crt, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, crt, time.Minute*2) Expect(err).NotTo(HaveOccurred(), "failed to wait for Certificate to become Ready") By("ensuring additional output formats reflect the new private key and certificate") diff --git a/test/e2e/suite/certificates/duplicatesecretname.go b/test/e2e/suite/certificates/duplicatesecretname.go index a2259ec7c96..22667ba3c5f 100644 --- a/test/e2e/suite/certificates/duplicatesecretname.go +++ b/test/e2e/suite/certificates/duplicatesecretname.go @@ -71,7 +71,7 @@ var _ = framework.CertManagerDescribe("Certificate Duplicate Secret Name", func( By("creating Certificate") - crt, err := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Create(context.Background(), crt, metav1.CreateOptions{}) + crt, err := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Create(ctx, crt, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) return crt.Name @@ -82,10 +82,10 @@ var _ = framework.CertManagerDescribe("Certificate Duplicate Secret Name", func( issuer := gen.Issuer("self-signed", gen.SetIssuerNamespace(f.Namespace.Name), gen.SetIssuerSelfSigned(cmapi.SelfSignedIssuer{})) - Expect(f.CRClient.Create(context.Background(), issuer)).To(Succeed()) + Expect(f.CRClient.Create(ctx, issuer)).To(Succeed()) By("Waiting for Issuer to become Ready") - err := e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err := e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), "self-signed", cmapi.IssuerCondition{Type: cmapi.IssuerConditionReady, Status: cmmeta.ConditionTrue}) Expect(err).NotTo(HaveOccurred()) @@ -102,21 +102,21 @@ var _ = framework.CertManagerDescribe("Certificate Duplicate Secret Name", func( gen.SetCertificateIsCA(true), gen.SetCertificateSecretName("ca-issuer"), ) - Expect(f.CRClient.Create(context.Background(), crt)).To(Succeed()) - _, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(crt, time.Second*10) + Expect(f.CRClient.Create(ctx, crt)).To(Succeed()) + _, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, crt, time.Second*10) Expect(err).NotTo(HaveOccurred()) issuer = gen.Issuer(issuerName, gen.SetIssuerNamespace(f.Namespace.Name), gen.SetIssuerCA(cmapi.CAIssuer{SecretName: "ca-issuer"}), ) - Expect(f.CRClient.Create(context.Background(), issuer)).To(Succeed()) - err = e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + Expect(f.CRClient.Create(ctx, issuer)).To(Succeed()) + err = e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, cmapi.IssuerCondition{Type: cmapi.IssuerConditionReady, Status: cmmeta.ConditionTrue}) Expect(err).NotTo(HaveOccurred()) }) AfterEach(func() { - Expect(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(context.Background(), issuerName, metav1.DeleteOptions{})).NotTo(HaveOccurred()) + Expect(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(ctx, issuerName, metav1.DeleteOptions{})).NotTo(HaveOccurred()) }) It("if Certificates are created in the same Namsespace with the same spec.secretName, they should block issuance, and never create more than one request.", func() { @@ -168,7 +168,7 @@ var _ = framework.CertManagerDescribe("Certificate Duplicate Secret Name", func( for _, crtName := range []string{crt1, crt2, crt3} { crt, err := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Get(ctx, crtName, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) - _, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(crt, time.Second*10) + _, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, crt, time.Second*10) Expect(err).NotTo(HaveOccurred(), "failed to wait for Certificate to become Ready") } }) diff --git a/test/e2e/suite/certificates/literalsubjectrdns.go b/test/e2e/suite/certificates/literalsubjectrdns.go index 329e3e86395..3e4fec9e3c7 100644 --- a/test/e2e/suite/certificates/literalsubjectrdns.go +++ b/test/e2e/suite/certificates/literalsubjectrdns.go @@ -39,13 +39,13 @@ import ( ) var _ = framework.CertManagerDescribe("literalsubject rdn parsing", func() { - const ( testName = "test-literalsubject-rdn-parsing" issuerName = "certificate-literalsubject-rdns" secretName = testName ) + ctx := context.TODO() f := framework.NewDefaultFramework("certificate-literalsubject-rdns") createCertificate := func(f *framework.Framework, literalSubject string) (*cmapi.Certificate, error) { @@ -78,7 +78,7 @@ var _ = framework.CertManagerDescribe("literalsubject rdn parsing", func() { Expect(f.CRClient.Create(context.Background(), issuer)).To(Succeed()) By("Waiting for Issuer to become Ready") - err := e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err := e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, cmapi.IssuerCondition{Type: cmapi.IssuerConditionReady, Status: cmmeta.ConditionTrue}) Expect(err).NotTo(HaveOccurred()) }) @@ -92,7 +92,7 @@ var _ = framework.CertManagerDescribe("literalsubject rdn parsing", func() { It("Should create a certificate with all the supplied RDNs as subject names in reverse string order, including DC and UID", func() { crt, err := createCertificate(f, "CN=James \\\"Jim\\\" Smith\\, III,UID=jamessmith,SERIALNUMBER=1234512345,OU=Admins,OU=IT,DC=net,DC=dc,O=Acme,STREET=La Rambla,L=Barcelona,C=Spain") Expect(err).NotTo(HaveOccurred()) - _, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(crt, time.Minute*2) + _, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, crt, time.Minute*2) Expect(err).NotTo(HaveOccurred(), "failed to wait for Certificate to become Ready") secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.TODO(), secretName, metav1.GetOptions{}) diff --git a/test/e2e/suite/certificates/othernamesan.go b/test/e2e/suite/certificates/othernamesan.go index 44bf3692b40..39f24b6d908 100644 --- a/test/e2e/suite/certificates/othernamesan.go +++ b/test/e2e/suite/certificates/othernamesan.go @@ -50,6 +50,7 @@ var _ = framework.CertManagerDescribe("othername san processing", func() { ) f := framework.NewDefaultFramework("certificate-othername-san-processing") + ctx := context.TODO() createCertificate := func(f *framework.Framework, OtherNames []cmapi.OtherName) (*cmapi.Certificate, error) { crt := &cmapi.Certificate{ @@ -69,7 +70,7 @@ var _ = framework.CertManagerDescribe("othername san processing", func() { }, } By("creating Certificate with OtherNames") - return f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Create(context.Background(), crt, metav1.CreateOptions{}) + return f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Create(ctx, crt, metav1.CreateOptions{}) } BeforeEach(func() { @@ -79,16 +80,16 @@ var _ = framework.CertManagerDescribe("othername san processing", func() { issuer := gen.Issuer(issuerName, gen.SetIssuerNamespace(f.Namespace.Name), gen.SetIssuerSelfSigned(cmapi.SelfSignedIssuer{})) - Expect(f.CRClient.Create(context.Background(), issuer)).To(Succeed()) + Expect(f.CRClient.Create(ctx, issuer)).To(Succeed()) By("Waiting for Issuer to become Ready") - err := e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err := e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, cmapi.IssuerCondition{Type: cmapi.IssuerConditionReady, Status: cmmeta.ConditionTrue}) Expect(err).NotTo(HaveOccurred()) }) AfterEach(func() { - Expect(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(context.Background(), issuerName, metav1.DeleteOptions{})).NotTo(HaveOccurred()) + Expect(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(ctx, issuerName, metav1.DeleteOptions{})).NotTo(HaveOccurred()) }) It("Should create a certificate with the supplied otherName SAN value and emailAddress included", func() { @@ -99,7 +100,7 @@ var _ = framework.CertManagerDescribe("othername san processing", func() { }, }) Expect(err).NotTo(HaveOccurred()) - _, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(crt, time.Minute*2) + _, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, crt, time.Minute*2) Expect(err).NotTo(HaveOccurred(), "failed to wait for Certificate to become Ready") secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.TODO(), secretName, metav1.GetOptions{}) diff --git a/test/e2e/suite/certificates/secrettemplate.go b/test/e2e/suite/certificates/secrettemplate.go index 79959a491e5..eb5fb58d46c 100644 --- a/test/e2e/suite/certificates/secrettemplate.go +++ b/test/e2e/suite/certificates/secrettemplate.go @@ -48,6 +48,7 @@ var _ = framework.CertManagerDescribe("Certificate SecretTemplate", func() { ) f := framework.NewDefaultFramework("certificates-secret-template") + ctx := context.TODO() createCertificate := func(f *framework.Framework, secretTemplate *cmapi.CertificateSecretTemplate) string { crt := &cmapi.Certificate{ @@ -69,10 +70,10 @@ var _ = framework.CertManagerDescribe("Certificate SecretTemplate", func() { By("creating Certificate with SecretTemplate") - crt, err := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Create(context.Background(), crt, metav1.CreateOptions{}) + crt, err := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Create(ctx, crt, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) - crt, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(crt, time.Minute*2) + crt, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, crt, time.Minute*2) Expect(err).NotTo(HaveOccurred(), "failed to wait for Certificate to become Ready") return crt.Name @@ -83,22 +84,22 @@ var _ = framework.CertManagerDescribe("Certificate SecretTemplate", func() { issuer := gen.Issuer(issuerName, gen.SetIssuerNamespace(f.Namespace.Name), gen.SetIssuerSelfSigned(cmapi.SelfSignedIssuer{})) - Expect(f.CRClient.Create(context.Background(), issuer)).To(Succeed()) + Expect(f.CRClient.Create(ctx, issuer)).To(Succeed()) By("Waiting for Issuer to become Ready") - err := e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err := e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, cmapi.IssuerCondition{Type: cmapi.IssuerConditionReady, Status: cmmeta.ConditionTrue}) Expect(err).NotTo(HaveOccurred()) }) AfterEach(func() { - Expect(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(context.Background(), issuerName, metav1.DeleteOptions{})).NotTo(HaveOccurred()) + Expect(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(ctx, issuerName, metav1.DeleteOptions{})).NotTo(HaveOccurred()) }) It("should not remove Annotations and Labels which have been added by a third party and not present in the SecretTemplate", func() { createCertificate(f, &cmapi.CertificateSecretTemplate{Annotations: map[string]string{"foo": "bar"}, Labels: map[string]string{"abc": "123"}}) - secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.Background(), secretName, metav1.GetOptions{}) + secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, secretName, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) By("ensure Secret has correct Labels and Annotations with SecretTemplate") @@ -106,30 +107,30 @@ var _ = framework.CertManagerDescribe("Certificate SecretTemplate", func() { Expect(secret.Labels).To(HaveKeyWithValue("abc", "123")) By("add Annotation to Secret which should not be removed") - secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.Background(), secretName, metav1.GetOptions{}) + secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, secretName, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) secret.Annotations["random"] = "annotation" - secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Update(context.Background(), secret, metav1.UpdateOptions{}) + secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Update(ctx, secret, metav1.UpdateOptions{}) Expect(err).NotTo(HaveOccurred()) Consistently(func() map[string]string { - secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.Background(), secretName, metav1.GetOptions{}) + secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, secretName, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) return secret.Annotations }, "20s", "1s").Should(HaveKeyWithValue("foo", "bar")) Expect(secret.Annotations).To(HaveKeyWithValue("random", "annotation")) By("add Label to Secret which should not be removed") - secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.Background(), secretName, metav1.GetOptions{}) + secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, secretName, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) secret.Labels["random"] = "label" - secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Update(context.Background(), secret, metav1.UpdateOptions{}) + secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Update(ctx, secret, metav1.UpdateOptions{}) Expect(err).NotTo(HaveOccurred()) Consistently(func() map[string]string { - secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.Background(), secretName, metav1.GetOptions{}) + secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, secretName, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) return secret.Labels }, "20s", "1s").Should(HaveKeyWithValue("abc", "123")) @@ -142,7 +143,7 @@ var _ = framework.CertManagerDescribe("Certificate SecretTemplate", func() { }) By("ensure Secret has correct Labels and Annotations with SecretTemplate") - secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.Background(), secretName, metav1.GetOptions{}) + secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, secretName, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) Expect(secret.Annotations).To(HaveKeyWithValue("foo", "bar")) Expect(secret.Annotations).To(HaveKeyWithValue("bar", "foo")) @@ -152,7 +153,7 @@ var _ = framework.CertManagerDescribe("Certificate SecretTemplate", func() { By("adding Annotations and Labels to SecretTemplate should appear on the Secret") Expect(retry.RetryOnConflict(retry.DefaultRetry, func() error { - crt, err := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Get(context.Background(), crtName, metav1.GetOptions{}) + crt, err := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Get(ctx, crtName, metav1.GetOptions{}) if err != nil { return err } @@ -160,12 +161,12 @@ var _ = framework.CertManagerDescribe("Certificate SecretTemplate", func() { crt.Spec.SecretTemplate.Annotations["another"] = "random annotation" crt.Spec.SecretTemplate.Labels["hello"] = "world" crt.Spec.SecretTemplate.Labels["random"] = "label" - _, err = f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Update(context.Background(), crt, metav1.UpdateOptions{}) + _, err = f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Update(ctx, crt, metav1.UpdateOptions{}) return err })).NotTo(HaveOccurred()) Eventually(func() map[string]string { - secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.Background(), secretName, metav1.GetOptions{}) + secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, secretName, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) return secret.Annotations }, "20s", "1s").Should(HaveKeyWithValue("random", "annotation")) @@ -174,7 +175,7 @@ var _ = framework.CertManagerDescribe("Certificate SecretTemplate", func() { Expect(secret.Annotations).To(HaveKeyWithValue("another", "random annotation")) Eventually(func() map[string]string { - secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.Background(), secretName, metav1.GetOptions{}) + secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, secretName, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) return secret.Labels }, "20s", "1s").Should(HaveKeyWithValue("hello", "world")) @@ -184,7 +185,7 @@ var _ = framework.CertManagerDescribe("Certificate SecretTemplate", func() { By("removing Annotations and Labels in SecretTemplate should get removed on the Secret") Expect(retry.RetryOnConflict(retry.DefaultRetry, func() error { - crt, err := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Get(context.Background(), crtName, metav1.GetOptions{}) + crt, err := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Get(ctx, crtName, metav1.GetOptions{}) if err != nil { return err } @@ -192,12 +193,12 @@ var _ = framework.CertManagerDescribe("Certificate SecretTemplate", func() { delete(crt.Spec.SecretTemplate.Annotations, "random") delete(crt.Spec.SecretTemplate.Labels, "abc") delete(crt.Spec.SecretTemplate.Labels, "another") - _, err = f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Update(context.Background(), crt, metav1.UpdateOptions{}) + _, err = f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Update(ctx, crt, metav1.UpdateOptions{}) return err })).NotTo(HaveOccurred()) Eventually(func() map[string]string { - secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.Background(), secretName, metav1.GetOptions{}) + secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, secretName, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) return secret.Annotations }, "20s", "1s").ShouldNot(HaveKey("foo")) @@ -214,7 +215,7 @@ var _ = framework.CertManagerDescribe("Certificate SecretTemplate", func() { }) By("ensure Secret has correct Labels and Annotations with SecretTemplate") - secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.Background(), secretName, metav1.GetOptions{}) + secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, secretName, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) Expect(secret.Annotations).To(HaveKeyWithValue("foo", "bar")) @@ -225,7 +226,7 @@ var _ = framework.CertManagerDescribe("Certificate SecretTemplate", func() { By("changing Annotation and Label keys on the SecretTemplate should be reflected on the Secret") Expect(retry.RetryOnConflict(retry.DefaultRetry, func() error { - crt, err := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Get(context.Background(), crtName, metav1.GetOptions{}) + crt, err := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Get(ctx, crtName, metav1.GetOptions{}) if err != nil { return err } @@ -233,12 +234,12 @@ var _ = framework.CertManagerDescribe("Certificate SecretTemplate", func() { crt.Spec.SecretTemplate.Annotations["bar"] = "not foo" crt.Spec.SecretTemplate.Labels["abc"] = "098" crt.Spec.SecretTemplate.Labels["def"] = "555" - _, err = f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Update(context.Background(), crt, metav1.UpdateOptions{}) + _, err = f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Update(ctx, crt, metav1.UpdateOptions{}) return err })).NotTo(HaveOccurred()) Eventually(func() map[string]string { - secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.Background(), secretName, metav1.GetOptions{}) + secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, secretName, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) return secret.Annotations }, "20s", "1s").Should(HaveKeyWithValue("foo", "123")) @@ -253,7 +254,7 @@ var _ = framework.CertManagerDescribe("Certificate SecretTemplate", func() { crtName := createCertificate(f, nil) By("add Labels and Annotations to the Secret that are not owned by cert-manager") - secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.Background(), secretName, metav1.GetOptions{}) + secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, secretName, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) if secret.Annotations == nil { @@ -267,10 +268,10 @@ var _ = framework.CertManagerDescribe("Certificate SecretTemplate", func() { secret.Labels["abc"] = "123" secret.Labels["foo"] = "bar" - secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Update(context.Background(), secret, metav1.UpdateOptions{}) + secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Update(ctx, secret, metav1.UpdateOptions{}) Expect(err).NotTo(HaveOccurred()) - secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.Background(), secretName, metav1.GetOptions{}) + secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, secretName, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) Expect(secret.Annotations).To(HaveKeyWithValue("an-annotation", "bar")) Expect(secret.Annotations).To(HaveKeyWithValue("another-annotation", "def")) @@ -285,7 +286,7 @@ var _ = framework.CertManagerDescribe("Certificate SecretTemplate", func() { Expect(err).NotTo(HaveOccurred()) By("expect those Annotations and Labels to be present on the Secret") - secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.Background(), secretName, metav1.GetOptions{}) + secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, secretName, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) Expect(secret.Annotations).To(HaveKeyWithValue("an-annotation", "bar")) Expect(secret.Annotations).To(HaveKeyWithValue("another-annotation", "def")) @@ -294,7 +295,7 @@ var _ = framework.CertManagerDescribe("Certificate SecretTemplate", func() { By("add those Annotations and Labels to the SecretTemplate of the Certificate") Expect(retry.RetryOnConflict(retry.DefaultRetry, func() error { - crt, err := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Get(context.Background(), crtName, metav1.GetOptions{}) + crt, err := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Get(ctx, crtName, metav1.GetOptions{}) if err != nil { return err } @@ -302,13 +303,13 @@ var _ = framework.CertManagerDescribe("Certificate SecretTemplate", func() { Annotations: map[string]string{"an-annotation": "bar", "another-annotation": "def"}, Labels: map[string]string{"abc": "123", "foo": "bar"}, } - _, err = f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Update(context.Background(), crt, metav1.UpdateOptions{}) + _, err = f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Update(ctx, crt, metav1.UpdateOptions{}) return err })).NotTo(HaveOccurred()) By("waiting for those Annotation and Labels on the Secret to contain managed fields from cert-manager") Eventually(func() bool { - secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.Background(), secretName, metav1.GetOptions{}) + secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, secretName, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) var managedLabels, managedAnnotations []string @@ -382,7 +383,7 @@ var _ = framework.CertManagerDescribe("Certificate SecretTemplate", func() { metav1.ApplyOptions{FieldManager: "e2e-test-client"}) Consistently(func() map[string]string { - secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.Background(), secretName, metav1.GetOptions{}) + secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, secretName, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) return secret.Annotations }, "20s", "1s").Should(HaveKeyWithValue("an-annotation", "bar")) @@ -397,14 +398,14 @@ var _ = framework.CertManagerDescribe("Certificate SecretTemplate", func() { Labels: map[string]string{"foo": "bar"}, }) - secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.Background(), secretName, metav1.GetOptions{}) + secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, secretName, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) secret.Data["random-key"] = []byte("hello-world") - secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Update(context.Background(), secret, metav1.UpdateOptions{}) + secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Update(ctx, secret, metav1.UpdateOptions{}) Expect(err).NotTo(HaveOccurred()) Consistently(func() map[string][]byte { - secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.Background(), secretName, metav1.GetOptions{}) + secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, secretName, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) return secret.Data }, "20s", "1s").Should(HaveKeyWithValue("random-key", []byte("hello-world"))) @@ -417,24 +418,24 @@ var _ = framework.CertManagerDescribe("Certificate SecretTemplate", func() { }) Expect(retry.RetryOnConflict(retry.DefaultRetry, func() error { - crt, err := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Get(context.Background(), crtName, metav1.GetOptions{}) + crt, err := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Get(ctx, crtName, metav1.GetOptions{}) if err != nil { return err } crt.Spec.SecretTemplate.Annotations["abc"] = "456" crt.Spec.SecretTemplate.Labels["foo"] = "foo" - _, err = f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Update(context.Background(), crt, metav1.UpdateOptions{}) + _, err = f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Update(ctx, crt, metav1.UpdateOptions{}) return err })).NotTo(HaveOccurred()) Eventually(func() map[string]string { - secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.Background(), secretName, metav1.GetOptions{}) + secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, secretName, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) return secret.Annotations }, "20s", "1s").Should(HaveKeyWithValue("abc", "456")) Eventually(func() map[string]string { - secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.Background(), secretName, metav1.GetOptions{}) + secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, secretName, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) return secret.Labels }, "20s", "1s").Should(HaveKeyWithValue("foo", "foo")) @@ -451,7 +452,7 @@ var _ = framework.CertManagerDescribe("Certificate SecretTemplate", func() { err error ) Eventually(func() map[string]string { - secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.Background(), secretName, metav1.GetOptions{}) + secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, secretName, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) return secret.Annotations }, "20s", "1s").Should(HaveKeyWithValue("abc", "123")) @@ -460,17 +461,17 @@ var _ = framework.CertManagerDescribe("Certificate SecretTemplate", func() { Expect(secret.Labels).To(HaveKeyWithValue("label", "hello-world")) Expect(retry.RetryOnConflict(retry.DefaultRetry, func() error { - crt, err := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Get(context.Background(), crtName, metav1.GetOptions{}) + crt, err := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Get(ctx, crtName, metav1.GetOptions{}) if err != nil { return err } crt.Spec.SecretTemplate = nil - _, err = f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Update(context.Background(), crt, metav1.UpdateOptions{}) + _, err = f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Update(ctx, crt, metav1.UpdateOptions{}) return err })).NotTo(HaveOccurred()) Eventually(func() map[string]string { - secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.Background(), secretName, metav1.GetOptions{}) + secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, secretName, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) return secret.Annotations }, "20s", "1s").ShouldNot(HaveKey("abc")) diff --git a/test/e2e/suite/conformance/certificates/acme/acme.go b/test/e2e/suite/conformance/certificates/acme/acme.go index 927c4d9fa6d..a1d952370cc 100644 --- a/test/e2e/suite/conformance/certificates/acme/acme.go +++ b/test/e2e/suite/conformance/certificates/acme/acme.go @@ -172,14 +172,14 @@ type acmeIssuerProvisioner struct { secretNamespace string } -func (a *acmeIssuerProvisioner) delete(f *framework.Framework, ref cmmeta.ObjectReference) { +func (a *acmeIssuerProvisioner) delete(ctx context.Context, f *framework.Framework, ref cmmeta.ObjectReference) { if a.eab != nil { - err := f.KubeClientSet.CoreV1().Secrets(a.secretNamespace).Delete(context.TODO(), a.eab.Key.Name, metav1.DeleteOptions{}) + err := f.KubeClientSet.CoreV1().Secrets(a.secretNamespace).Delete(ctx, a.eab.Key.Name, metav1.DeleteOptions{}) Expect(err).NotTo(HaveOccurred()) } if ref.Kind == "ClusterIssuer" { - err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(context.TODO(), ref.Name, metav1.DeleteOptions{}) + err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(ctx, ref.Name, metav1.DeleteOptions{}) Expect(err).NotTo(HaveOccurred()) } } @@ -190,8 +190,8 @@ func (a *acmeIssuerProvisioner) delete(f *framework.Framework, ref cmmeta.Object // - pebble // - a properly configured Issuer resource -func (a *acmeIssuerProvisioner) createHTTP01IngressIssuer(f *framework.Framework) cmmeta.ObjectReference { - a.ensureEABSecret(f, "") +func (a *acmeIssuerProvisioner) createHTTP01IngressIssuer(ctx context.Context, f *framework.Framework) cmmeta.ObjectReference { + a.ensureEABSecret(ctx, f, "") By("Creating an ACME HTTP01 Ingress Issuer") issuer := &cmapi.Issuer{ @@ -201,12 +201,12 @@ func (a *acmeIssuerProvisioner) createHTTP01IngressIssuer(f *framework.Framework Spec: a.createHTTP01IngressIssuerSpec(f.Config.Addons.ACMEServer.URL), } - issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), issuer, metav1.CreateOptions{}) + issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to create acme HTTP01 issuer") // wait for issuer to be ready By("Waiting for acme HTTP01 Ingress Issuer to be Ready") - issuer, err = f.Helper().WaitIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return cmmeta.ObjectReference{ @@ -216,8 +216,8 @@ func (a *acmeIssuerProvisioner) createHTTP01IngressIssuer(f *framework.Framework } } -func (a *acmeIssuerProvisioner) createHTTP01IngressClusterIssuer(f *framework.Framework) cmmeta.ObjectReference { - a.ensureEABSecret(f, f.Config.Addons.CertManager.ClusterResourceNamespace) +func (a *acmeIssuerProvisioner) createHTTP01IngressClusterIssuer(ctx context.Context, f *framework.Framework) cmmeta.ObjectReference { + a.ensureEABSecret(ctx, f, f.Config.Addons.CertManager.ClusterResourceNamespace) By("Creating an ACME HTTP01 Ingress ClusterIssuer") issuer := &cmapi.ClusterIssuer{ @@ -227,12 +227,12 @@ func (a *acmeIssuerProvisioner) createHTTP01IngressClusterIssuer(f *framework.Fr Spec: a.createHTTP01IngressIssuerSpec(f.Config.Addons.ACMEServer.URL), } - issuer, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(context.TODO(), issuer, metav1.CreateOptions{}) + issuer, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to create acme HTTP01 cluster issuer") // wait for issuer to be ready By("Waiting for acme HTTP01 Ingress Cluster Issuer to be Ready") - issuer, err = f.Helper().WaitClusterIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitClusterIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return cmmeta.ObjectReference{ @@ -242,8 +242,8 @@ func (a *acmeIssuerProvisioner) createHTTP01IngressClusterIssuer(f *framework.Fr } } -func (a *acmeIssuerProvisioner) createHTTP01GatewayIssuer(f *framework.Framework) cmmeta.ObjectReference { - a.ensureEABSecret(f, "") +func (a *acmeIssuerProvisioner) createHTTP01GatewayIssuer(ctx context.Context, f *framework.Framework) cmmeta.ObjectReference { + a.ensureEABSecret(ctx, f, "") labelFlag := strings.Split(f.Config.Addons.Gateway.Labels, ",") labels := make(map[string]string) @@ -263,12 +263,12 @@ func (a *acmeIssuerProvisioner) createHTTP01GatewayIssuer(f *framework.Framework Spec: a.createHTTP01GatewayIssuerSpec(f.Config.Addons.ACMEServer.URL, labels), } - issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), issuer, metav1.CreateOptions{}) + issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to create acme HTTP01 issuer") // wait for issuer to be ready By("Waiting for acme HTTP01 Gateway Issuer to be Ready") - issuer, err = f.Helper().WaitIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return cmmeta.ObjectReference{ @@ -278,7 +278,7 @@ func (a *acmeIssuerProvisioner) createHTTP01GatewayIssuer(f *framework.Framework } } -func (a *acmeIssuerProvisioner) createPublicACMEServerStagingHTTP01Issuer(f *framework.Framework) cmmeta.ObjectReference { +func (a *acmeIssuerProvisioner) createPublicACMEServerStagingHTTP01Issuer(ctx context.Context, f *framework.Framework) cmmeta.ObjectReference { By("Creating a Public ACME Server Staging HTTP01 Issuer") var PublicACMEServerStagingURL string @@ -295,12 +295,12 @@ func (a *acmeIssuerProvisioner) createPublicACMEServerStagingHTTP01Issuer(f *fra Spec: a.createHTTP01IngressIssuerSpec(PublicACMEServerStagingURL), } - issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), issuer, metav1.CreateOptions{}) + issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to create Public ACME Server Staging HTTP01 issuer") // wait for issuer to be ready By("Waiting for Public ACME Server Staging HTTP01 Issuer to be Ready") - issuer, err = f.Helper().WaitIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return cmmeta.ObjectReference{ @@ -310,8 +310,8 @@ func (a *acmeIssuerProvisioner) createPublicACMEServerStagingHTTP01Issuer(f *fra } } -func (a *acmeIssuerProvisioner) createHTTP01GatewayClusterIssuer(f *framework.Framework) cmmeta.ObjectReference { - a.ensureEABSecret(f, f.Config.Addons.CertManager.ClusterResourceNamespace) +func (a *acmeIssuerProvisioner) createHTTP01GatewayClusterIssuer(ctx context.Context, f *framework.Framework) cmmeta.ObjectReference { + a.ensureEABSecret(ctx, f, f.Config.Addons.CertManager.ClusterResourceNamespace) labelFlag := strings.Split(f.Config.Addons.Gateway.Labels, ",") labels := make(map[string]string) @@ -332,11 +332,11 @@ func (a *acmeIssuerProvisioner) createHTTP01GatewayClusterIssuer(f *framework.Fr Spec: a.createHTTP01GatewayIssuerSpec(f.Config.Addons.ACMEServer.URL, labels), } - issuer, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(context.TODO(), issuer, metav1.CreateOptions{}) + issuer, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to create acme HTTP01 cluster issuer") By("Waiting for acme HTTP01 Gateway Cluster Issuer to be Ready") - issuer, err = f.Helper().WaitClusterIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitClusterIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return cmmeta.ObjectReference{ @@ -406,8 +406,8 @@ func (a *acmeIssuerProvisioner) createHTTP01GatewayIssuerSpec(serverURL string, } } -func (a *acmeIssuerProvisioner) createDNS01Issuer(f *framework.Framework) cmmeta.ObjectReference { - a.ensureEABSecret(f, f.Namespace.Name) +func (a *acmeIssuerProvisioner) createDNS01Issuer(ctx context.Context, f *framework.Framework) cmmeta.ObjectReference { + a.ensureEABSecret(ctx, f, f.Namespace.Name) By("Creating an ACME DNS01 Issuer") issuer := &cmapi.Issuer{ @@ -416,12 +416,12 @@ func (a *acmeIssuerProvisioner) createDNS01Issuer(f *framework.Framework) cmmeta }, Spec: a.createDNS01IssuerSpec(f.Config.Addons.ACMEServer.URL, f.Config.Addons.ACMEServer.DNSServer), } - issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), issuer, metav1.CreateOptions{}) + issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to create acme DNS01 Issuer") // wait for issuer to be ready By("Waiting for acme DNS01 Issuer to be Ready") - issuer, err = f.Helper().WaitIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return cmmeta.ObjectReference{ @@ -431,8 +431,8 @@ func (a *acmeIssuerProvisioner) createDNS01Issuer(f *framework.Framework) cmmeta } } -func (a *acmeIssuerProvisioner) createDNS01ClusterIssuer(f *framework.Framework) cmmeta.ObjectReference { - a.ensureEABSecret(f, f.Config.Addons.CertManager.ClusterResourceNamespace) +func (a *acmeIssuerProvisioner) createDNS01ClusterIssuer(ctx context.Context, f *framework.Framework) cmmeta.ObjectReference { + a.ensureEABSecret(ctx, f, f.Config.Addons.CertManager.ClusterResourceNamespace) By("Creating an ACME DNS01 ClusterIssuer") issuer := &cmapi.ClusterIssuer{ @@ -441,12 +441,12 @@ func (a *acmeIssuerProvisioner) createDNS01ClusterIssuer(f *framework.Framework) }, Spec: a.createDNS01IssuerSpec(f.Config.Addons.ACMEServer.URL, f.Config.Addons.ACMEServer.DNSServer), } - issuer, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(context.TODO(), issuer, metav1.CreateOptions{}) + issuer, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to create acme DNS01 ClusterIssuer") // wait for issuer to be ready By("Waiting for acme DNS01 Cluster Issuer to be Ready") - issuer, err = f.Helper().WaitClusterIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitClusterIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return cmmeta.ObjectReference{ @@ -482,7 +482,7 @@ func (a *acmeIssuerProvisioner) createDNS01IssuerSpec(serverURL, dnsServer strin } } -func (a *acmeIssuerProvisioner) ensureEABSecret(f *framework.Framework, ns string) { +func (a *acmeIssuerProvisioner) ensureEABSecret(ctx context.Context, f *framework.Framework, ns string) { if a.eab == nil { return } @@ -490,7 +490,7 @@ func (a *acmeIssuerProvisioner) ensureEABSecret(f *framework.Framework, ns strin if ns == "" { ns = f.Namespace.Name } - sec, err := f.KubeClientSet.CoreV1().Secrets(ns).Create(context.TODO(), &corev1.Secret{ + sec, err := f.KubeClientSet.CoreV1().Secrets(ns).Create(ctx, &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ GenerateName: "external-account-binding-", Namespace: ns, diff --git a/test/e2e/suite/conformance/certificates/ca/ca.go b/test/e2e/suite/conformance/certificates/ca/ca.go index 6bcd411d13f..b812c90051f 100644 --- a/test/e2e/suite/conformance/certificates/ca/ca.go +++ b/test/e2e/suite/conformance/certificates/ca/ca.go @@ -51,15 +51,15 @@ type ca struct { secretName string } -func (c *ca) createCAIssuer(f *framework.Framework) cmmeta.ObjectReference { +func (c *ca) createCAIssuer(ctx context.Context, f *framework.Framework) cmmeta.ObjectReference { By("Creating a CA Issuer") - rootCertSecret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(context.TODO(), newSigningKeypairSecret("root-ca-cert-"), metav1.CreateOptions{}) + rootCertSecret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(ctx, newSigningKeypairSecret("root-ca-cert-"), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to create root signing keypair secret") c.secretName = rootCertSecret.Name - issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), &cmapi.Issuer{ + issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, &cmapi.Issuer{ ObjectMeta: metav1.ObjectMeta{ GenerateName: "ca-issuer-", }, @@ -70,7 +70,7 @@ func (c *ca) createCAIssuer(f *framework.Framework) cmmeta.ObjectReference { // wait for issuer to be ready By("Waiting for CA Issuer to be Ready") - issuer, err = f.Helper().WaitIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return cmmeta.ObjectReference{ @@ -80,15 +80,15 @@ func (c *ca) createCAIssuer(f *framework.Framework) cmmeta.ObjectReference { } } -func (c *ca) createCAClusterIssuer(f *framework.Framework) cmmeta.ObjectReference { +func (c *ca) createCAClusterIssuer(ctx context.Context, f *framework.Framework) cmmeta.ObjectReference { By("Creating a CA ClusterIssuer") - rootCertSecret, err := f.KubeClientSet.CoreV1().Secrets(f.Config.Addons.CertManager.ClusterResourceNamespace).Create(context.TODO(), newSigningKeypairSecret("root-ca-cert-"), metav1.CreateOptions{}) + rootCertSecret, err := f.KubeClientSet.CoreV1().Secrets(f.Config.Addons.CertManager.ClusterResourceNamespace).Create(ctx, newSigningKeypairSecret("root-ca-cert-"), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to create root signing keypair secret") c.secretName = rootCertSecret.Name - issuer, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(context.TODO(), &cmapi.ClusterIssuer{ + issuer, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(ctx, &cmapi.ClusterIssuer{ ObjectMeta: metav1.ObjectMeta{ GenerateName: "ca-cluster-issuer-", }, @@ -99,7 +99,7 @@ func (c *ca) createCAClusterIssuer(f *framework.Framework) cmmeta.ObjectReferenc // wait for issuer to be ready By("Waiting for CA Cluster Issuer to be Ready") - issuer, err = f.Helper().WaitClusterIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitClusterIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return cmmeta.ObjectReference{ @@ -109,13 +109,13 @@ func (c *ca) createCAClusterIssuer(f *framework.Framework) cmmeta.ObjectReferenc } } -func (c *ca) deleteCAClusterIssuer(f *framework.Framework, issuer cmmeta.ObjectReference) { +func (c *ca) deleteCAClusterIssuer(ctx context.Context, f *framework.Framework, issuer cmmeta.ObjectReference) { By("Deleting CA ClusterIssuer") - err := f.KubeClientSet.CoreV1().Secrets(f.Config.Addons.CertManager.ClusterResourceNamespace).Delete(context.TODO(), c.secretName, metav1.DeleteOptions{}) + err := f.KubeClientSet.CoreV1().Secrets(f.Config.Addons.CertManager.ClusterResourceNamespace).Delete(ctx, c.secretName, metav1.DeleteOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to delete root signing keypair secret") - err = f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(context.TODO(), issuer.Name, metav1.DeleteOptions{}) + err = f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(ctx, issuer.Name, metav1.DeleteOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to delete ca issuer") } diff --git a/test/e2e/suite/conformance/certificates/external/external.go b/test/e2e/suite/conformance/certificates/external/external.go index 72e2c27fc02..97b1aa1588e 100644 --- a/test/e2e/suite/conformance/certificates/external/external.go +++ b/test/e2e/suite/conformance/certificates/external/external.go @@ -116,9 +116,7 @@ func (o *issuerBuilder) secretAndIssuerForTest(f *framework.Framework) (*corev1. return secret, issuer, err } -func (o *issuerBuilder) create(f *framework.Framework) cmmeta.ObjectReference { - ctx := context.TODO() - +func (o *issuerBuilder) create(ctx context.Context, f *framework.Framework) cmmeta.ObjectReference { By("Creating an Issuer") secret, issuer, err := o.secretAndIssuerForTest(f) Expect(err).NotTo(HaveOccurred(), "failed to initialise test objects") @@ -139,10 +137,8 @@ func (o *issuerBuilder) create(f *framework.Framework) cmmeta.ObjectReference { } } -func (o *issuerBuilder) delete(f *framework.Framework, _ cmmeta.ObjectReference) { +func (o *issuerBuilder) delete(ctx context.Context, f *framework.Framework, _ cmmeta.ObjectReference) { By("Deleting the issuer") - ctx := context.TODO() - crt, err := crtclient.New(f.KubeClientConfig, crtclient.Options{}) Expect(err).NotTo(HaveOccurred(), "failed to create controller-runtime client") diff --git a/test/e2e/suite/conformance/certificates/selfsigned/selfsigned.go b/test/e2e/suite/conformance/certificates/selfsigned/selfsigned.go index e09bfbe80ed..19a7d26f0c6 100644 --- a/test/e2e/suite/conformance/certificates/selfsigned/selfsigned.go +++ b/test/e2e/suite/conformance/certificates/selfsigned/selfsigned.go @@ -44,10 +44,10 @@ var _ = framework.ConformanceDescribe("Certificates", func() { }).Define() }) -func createSelfSignedIssuer(f *framework.Framework) cmmeta.ObjectReference { +func createSelfSignedIssuer(ctx context.Context, f *framework.Framework) cmmeta.ObjectReference { By("Creating a SelfSigned Issuer") - issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), &cmapi.Issuer{ + issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, &cmapi.Issuer{ ObjectMeta: metav1.ObjectMeta{ GenerateName: "selfsigned-issuer-", }, @@ -57,7 +57,7 @@ func createSelfSignedIssuer(f *framework.Framework) cmmeta.ObjectReference { // wait for issuer to be ready By("Waiting for Self Signed Issuer to be Ready") - issuer, err = f.Helper().WaitIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return cmmeta.ObjectReference{ @@ -67,15 +67,15 @@ func createSelfSignedIssuer(f *framework.Framework) cmmeta.ObjectReference { } } -func deleteSelfSignedClusterIssuer(f *framework.Framework, issuer cmmeta.ObjectReference) { - err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(context.TODO(), issuer.Name, metav1.DeleteOptions{}) +func deleteSelfSignedClusterIssuer(ctx context.Context, f *framework.Framework, issuer cmmeta.ObjectReference) { + err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(ctx, issuer.Name, metav1.DeleteOptions{}) Expect(err).NotTo(HaveOccurred()) } -func createSelfSignedClusterIssuer(f *framework.Framework) cmmeta.ObjectReference { +func createSelfSignedClusterIssuer(ctx context.Context, f *framework.Framework) cmmeta.ObjectReference { By("Creating a SelfSigned ClusterIssuer") - issuer, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(context.TODO(), &cmapi.ClusterIssuer{ + issuer, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(ctx, &cmapi.ClusterIssuer{ ObjectMeta: metav1.ObjectMeta{ GenerateName: "selfsigned-cluster-issuer-", }, @@ -85,7 +85,7 @@ func createSelfSignedClusterIssuer(f *framework.Framework) cmmeta.ObjectReferenc // wait for issuer to be ready By("Waiting for Self Signed Cluster Issuer to be Ready") - issuer, err = f.Helper().WaitClusterIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitClusterIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return cmmeta.ObjectReference{ diff --git a/test/e2e/suite/conformance/certificates/suite.go b/test/e2e/suite/conformance/certificates/suite.go index 75f94e54ee8..595814fc306 100644 --- a/test/e2e/suite/conformance/certificates/suite.go +++ b/test/e2e/suite/conformance/certificates/suite.go @@ -17,6 +17,8 @@ limitations under the License. package certificates import ( + "context" + "github.com/cert-manager/cert-manager/e2e-tests/framework" "github.com/cert-manager/cert-manager/e2e-tests/framework/helper/featureset" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" @@ -35,14 +37,14 @@ type Suite struct { // returns an ObjectReference to that Issuer that will be used as the // IssuerRef on Certificate resources that this suite creates. // This field must be provided. - CreateIssuerFunc func(*framework.Framework) cmmeta.ObjectReference + CreateIssuerFunc func(context.Context, *framework.Framework) cmmeta.ObjectReference // DeleteIssuerFunc is a function that is run after the test has completed // in order to clean up resources created for a test (e.g. the resources // created in CreateIssuerFunc). // This function will be run regardless whether the test passes or fails. // If not specified, this function will be skipped. - DeleteIssuerFunc func(*framework.Framework, cmmeta.ObjectReference) + DeleteIssuerFunc func(context.Context, *framework.Framework, cmmeta.ObjectReference) // DomainSuffix is a suffix used on all domain requests. // This is useful when the issuer being tested requires special @@ -99,13 +101,13 @@ func (s *Suite) it(f *framework.Framework, name string, fn func(cmmeta.ObjectRef if s.UnsupportedFeatures.HasAny(requiredFeatures...) { return } - It(name, func() { + It(name, func(ctx context.Context) { By("Creating an issuer resource") - issuerRef := s.CreateIssuerFunc(f) + issuerRef := s.CreateIssuerFunc(ctx, f) defer func() { if s.DeleteIssuerFunc != nil { By("Cleaning up the issuer resource") - s.DeleteIssuerFunc(f, issuerRef) + s.DeleteIssuerFunc(ctx, f, issuerRef) } }() fn(issuerRef) diff --git a/test/e2e/suite/conformance/certificates/tests.go b/test/e2e/suite/conformance/certificates/tests.go index e4c2290ba47..a0697592d9e 100644 --- a/test/e2e/suite/conformance/certificates/tests.go +++ b/test/e2e/suite/conformance/certificates/tests.go @@ -104,7 +104,7 @@ func (s *Suite) Define() { Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*8) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, testCertificate, time.Minute*8) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -130,7 +130,7 @@ func (s *Suite) Define() { Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*8) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, testCertificate, time.Minute*8) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -158,7 +158,7 @@ func (s *Suite) Define() { Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*8) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, testCertificate, time.Minute*8) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -186,7 +186,7 @@ func (s *Suite) Define() { Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*8) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, testCertificate, time.Minute*8) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -215,7 +215,7 @@ func (s *Suite) Define() { Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*8) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, testCertificate, time.Minute*8) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -256,7 +256,7 @@ func (s *Suite) Define() { By("Waiting for the Certificate to be issued...") - testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*5) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, testCertificate, time.Minute*5) Expect(err).NotTo(HaveOccurred()) valFunc := func(certificate *cmapi.Certificate, secret *corev1.Secret) error { @@ -329,7 +329,7 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq By("Waiting for the Certificate to be issued...") - testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*5) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, testCertificate, time.Minute*5) Expect(err).NotTo(HaveOccurred()) valFunc := func(certificate *cmapi.Certificate, secret *corev1.Secret) error { @@ -393,7 +393,7 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*8) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, testCertificate, time.Minute*8) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -425,7 +425,7 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*8) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, testCertificate, time.Minute*8) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -450,7 +450,7 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*8) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, testCertificate, time.Minute*8) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -476,7 +476,7 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*8) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, testCertificate, time.Minute*8) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -506,7 +506,7 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*8) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, testCertificate, time.Minute*8) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -531,7 +531,7 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*8) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, testCertificate, time.Minute*8) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -561,7 +561,7 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*8) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, testCertificate, time.Minute*8) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -590,7 +590,7 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*8) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, testCertificate, time.Minute*8) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -617,7 +617,7 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*8) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, testCertificate, time.Minute*8) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -645,7 +645,7 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*8) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, testCertificate, time.Minute*8) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -657,7 +657,7 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq // duration. // We set a 30 second buffer time here since Vault issues certificates // with an extra 30 seconds on its duration. - f.CertificateDurationValid(testCertificate, time.Hour*896, 30*time.Second) + f.CertificateDurationValid(ctx, testCertificate, time.Hour*896, 30*time.Second) }, featureset.DurationFeature, featureset.OnlySAN) s.it(f, "should issue a certificate that defines a wildcard DNS Name", func(issuerRef cmmeta.ObjectReference) { @@ -677,7 +677,7 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*8) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, testCertificate, time.Minute*8) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -704,7 +704,7 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*8) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, testCertificate, time.Minute*8) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -735,7 +735,7 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*8) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, testCertificate, time.Minute*8) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -769,7 +769,7 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*8) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, testCertificate, time.Minute*8) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -778,7 +778,7 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq By("Deleting existing certificate data in Secret") sec, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name). - Get(context.TODO(), testCertificate.Spec.SecretName, metav1.GetOptions{}) + Get(ctx, testCertificate.Spec.SecretName, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to get secret containing signed certificate key pair data") sec = sec.DeepCopy() @@ -788,11 +788,11 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq sec.Data[corev1.TLSCertKey] = []byte{} - _, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Update(context.TODO(), sec, metav1.UpdateOptions{}) + _, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Update(ctx, sec, metav1.UpdateOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to update secret by deleting the signed certificate data") By("Waiting for the Certificate to re-issue a certificate") - sec, err = f.Helper().WaitForSecretCertificateData(f.Namespace.Name, sec.Name, time.Minute*8) + sec, err = f.Helper().WaitForSecretCertificateData(ctx, f.Namespace.Name, sec.Name, time.Minute*8) Expect(err).NotTo(HaveOccurred(), "failed to wait for secret to have a valid 2nd certificate") crtPEM2 := sec.Data[corev1.TLSCertKey] @@ -823,7 +823,7 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq secretName := "testcert-ingress-tls" By("Creating an Ingress with the issuer name annotation set") - ingress, err := ingClient.Create(context.TODO(), e2eutil.NewIngress(name, secretName, map[string]string{ + ingress, err := ingClient.Create(ctx, e2eutil.NewIngress(name, secretName, map[string]string{ "cert-manager.io/issuer": issuerRef.Name, "cert-manager.io/issuer-kind": issuerRef.Kind, "cert-manager.io/issuer-group": issuerRef.Group, @@ -836,7 +836,7 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq secretName := "testcert-ingress-tls" By("Creating an Ingress with the issuer name annotation set") - ingress, err := ingClient.Create(context.TODO(), e2eutil.NewV1Beta1Ingress(name, secretName, map[string]string{ + ingress, err := ingClient.Create(ctx, e2eutil.NewV1Beta1Ingress(name, secretName, map[string]string{ "cert-manager.io/issuer": issuerRef.Name, "cert-manager.io/issuer-kind": issuerRef.Kind, "cert-manager.io/issuer-group": issuerRef.Group, @@ -848,11 +848,11 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq } By("Waiting for the Certificate to exist...") - cert, err := f.Helper().WaitForCertificateToExist(f.Namespace.Name, certName, time.Minute) + cert, err := f.Helper().WaitForCertificateToExist(ctx, f.Namespace.Name, certName, time.Minute) Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*8) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, cert, time.Minute*8) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -884,7 +884,7 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq secretName := "testcert-ingress-tls" By("Creating an Ingress with annotations for issuerRef and other Certificate fields") - ingress, err := ingClient.Create(context.TODO(), e2eutil.NewIngress(name, secretName, map[string]string{ + ingress, err := ingClient.Create(ctx, e2eutil.NewIngress(name, secretName, map[string]string{ "cert-manager.io/issuer": issuerRef.Name, "cert-manager.io/issuer-kind": issuerRef.Kind, "cert-manager.io/issuer-group": issuerRef.Group, @@ -907,7 +907,7 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq secretName := "testcert-ingress-tls" By("Creating an Ingress with annotations for issuerRef and other Certificate fields") - ingress, err := ingClient.Create(context.TODO(), e2eutil.NewV1Beta1Ingress(name, secretName, map[string]string{ + ingress, err := ingClient.Create(ctx, e2eutil.NewV1Beta1Ingress(name, secretName, map[string]string{ "cert-manager.io/issuer": issuerRef.Name, "cert-manager.io/issuer-kind": issuerRef.Kind, "cert-manager.io/issuer-group": issuerRef.Group, @@ -928,11 +928,11 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq } By("Waiting for the Certificate to exist...") - cert, err := f.Helper().WaitForCertificateToExist(f.Namespace.Name, certName, time.Minute) + cert, err := f.Helper().WaitForCertificateToExist(ctx, f.Namespace.Name, certName, time.Minute) Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*8) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, cert, time.Minute*8) Expect(err).NotTo(HaveOccurred()) // Verify that the ingres-shim has translated all the supplied @@ -981,7 +981,7 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq "cert-manager.io/renew-before": renewBefore.String(), }, domain) - gw, err := f.GWClientSet.GatewayV1().Gateways(f.Namespace.Name).Create(context.TODO(), gw, metav1.CreateOptions{}) + gw, err := f.GWClientSet.GatewayV1().Gateways(f.Namespace.Name).Create(ctx, gw, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) // XXX(Mael): the CertificateRef seems to contain the Gateway name @@ -990,11 +990,11 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq certName := string(gw.Spec.Listeners[0].TLS.CertificateRefs[0].Name) By("Waiting for the Certificate to exist...") - cert, err := f.Helper().WaitForCertificateToExist(f.Namespace.Name, certName, time.Minute) + cert, err := f.Helper().WaitForCertificateToExist(ctx, f.Namespace.Name, certName, time.Minute) Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*8) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, cert, time.Minute*8) Expect(err).NotTo(HaveOccurred()) // Verify that the gateway-shim has translated all the supplied @@ -1028,7 +1028,7 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*8) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, testCertificate, time.Minute*8) Expect(err).NotTo(HaveOccurred()) By("Sanity-check the issued Certificate") @@ -1055,7 +1055,7 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be ready") - testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*8) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, testCertificate, time.Minute*8) Expect(err).NotTo(HaveOccurred()) By("Sanity-check the issued Certificate") @@ -1081,7 +1081,7 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate Ready condition to be updated") - testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*8) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, testCertificate, time.Minute*8) Expect(err).NotTo(HaveOccurred()) By("Sanity-check the issued Certificate") @@ -1108,7 +1108,7 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq // use a longer timeout for this, as it requires performing 2 dns validations in serial By("Waiting for the Certificate to be issued...") - testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*10) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, testCertificate, time.Minute*10) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") diff --git a/test/e2e/suite/conformance/certificates/vault/vault_approle.go b/test/e2e/suite/conformance/certificates/vault/vault_approle.go index a37525d1d07..dffae75ea53 100644 --- a/test/e2e/suite/conformance/certificates/vault/vault_approle.go +++ b/test/e2e/suite/conformance/certificates/vault/vault_approle.go @@ -75,31 +75,31 @@ type vaultSecrets struct { secretNamespace string } -func (v *vaultAppRoleProvisioner) delete(f *framework.Framework, ref cmmeta.ObjectReference) { - Expect(v.setup.Clean()).NotTo(HaveOccurred(), "failed to deprovision vault initializer") +func (v *vaultAppRoleProvisioner) delete(ctx context.Context, f *framework.Framework, ref cmmeta.ObjectReference) { + Expect(v.setup.Clean(ctx)).NotTo(HaveOccurred(), "failed to deprovision vault initializer") - err := f.KubeClientSet.CoreV1().Secrets(v.secretNamespace).Delete(context.TODO(), v.secretName, metav1.DeleteOptions{}) + err := f.KubeClientSet.CoreV1().Secrets(v.secretNamespace).Delete(ctx, v.secretName, metav1.DeleteOptions{}) Expect(err).NotTo(HaveOccurred()) if ref.Kind == "ClusterIssuer" { - err = f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(context.TODO(), ref.Name, metav1.DeleteOptions{}) + err = f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(ctx, ref.Name, metav1.DeleteOptions{}) Expect(err).NotTo(HaveOccurred()) } } -func (v *vaultAppRoleProvisioner) createIssuer(f *framework.Framework) cmmeta.ObjectReference { +func (v *vaultAppRoleProvisioner) createIssuer(ctx context.Context, f *framework.Framework) cmmeta.ObjectReference { appRoleSecretGeneratorName := "vault-approle-secret-" By("Creating a VaultAppRole Issuer") - v.vaultSecrets = v.initVault() + v.vaultSecrets = v.initVault(ctx) - sec, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(context.TODO(), vault.NewVaultAppRoleSecret(appRoleSecretGeneratorName, v.secretID), metav1.CreateOptions{}) + sec, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(ctx, vault.NewVaultAppRoleSecret(appRoleSecretGeneratorName, v.secretID), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "vault to store app role secret from vault") v.secretName = sec.Name v.secretNamespace = sec.Namespace - issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), &cmapi.Issuer{ + issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, &cmapi.Issuer{ ObjectMeta: metav1.ObjectMeta{ GenerateName: "vault-issuer-", }, @@ -109,7 +109,7 @@ func (v *vaultAppRoleProvisioner) createIssuer(f *framework.Framework) cmmeta.Ob // wait for issuer to be ready By("Waiting for Vault Issuer to be Ready") - issuer, err = f.Helper().WaitIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return cmmeta.ObjectReference{ @@ -119,19 +119,19 @@ func (v *vaultAppRoleProvisioner) createIssuer(f *framework.Framework) cmmeta.Ob } } -func (v *vaultAppRoleProvisioner) createClusterIssuer(f *framework.Framework) cmmeta.ObjectReference { +func (v *vaultAppRoleProvisioner) createClusterIssuer(ctx context.Context, f *framework.Framework) cmmeta.ObjectReference { appRoleSecretGeneratorName := "vault-approle-secret-" By("Creating a VaultAppRole ClusterIssuer") - v.vaultSecrets = v.initVault() + v.vaultSecrets = v.initVault(ctx) - sec, err := f.KubeClientSet.CoreV1().Secrets(f.Config.Addons.CertManager.ClusterResourceNamespace).Create(context.TODO(), vault.NewVaultAppRoleSecret(appRoleSecretGeneratorName, v.secretID), metav1.CreateOptions{}) + sec, err := f.KubeClientSet.CoreV1().Secrets(f.Config.Addons.CertManager.ClusterResourceNamespace).Create(ctx, vault.NewVaultAppRoleSecret(appRoleSecretGeneratorName, v.secretID), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "vault to store app role secret from vault") v.secretName = sec.Name v.secretNamespace = sec.Namespace - issuer, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(context.TODO(), &cmapi.ClusterIssuer{ + issuer, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(ctx, &cmapi.ClusterIssuer{ ObjectMeta: metav1.ObjectMeta{ GenerateName: "vault-cluster-issuer-", }, @@ -141,7 +141,7 @@ func (v *vaultAppRoleProvisioner) createClusterIssuer(f *framework.Framework) cm // wait for issuer to be ready By("Waiting for Vault Cluster Issuer to be Ready") - issuer, err = f.Helper().WaitClusterIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitClusterIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return cmmeta.ObjectReference{ @@ -151,17 +151,17 @@ func (v *vaultAppRoleProvisioner) createClusterIssuer(f *framework.Framework) cm } } -func (v *vaultAppRoleProvisioner) initVault() *vaultSecrets { +func (v *vaultAppRoleProvisioner) initVault(ctx context.Context) *vaultSecrets { By("Configuring the VaultAppRole server") v.setup = vault.NewVaultInitializerAppRole( addon.Base.Details().KubeClient, *addon.Vault.Details(), false, ) - Expect(v.setup.Init()).NotTo(HaveOccurred(), "failed to init vault") - Expect(v.setup.Setup()).NotTo(HaveOccurred(), "failed to setup vault") + Expect(v.setup.Init(ctx)).NotTo(HaveOccurred(), "failed to init vault") + Expect(v.setup.Setup(ctx)).NotTo(HaveOccurred(), "failed to setup vault") - roleID, secretID, err := v.setup.CreateAppRole() + roleID, secretID, err := v.setup.CreateAppRole(ctx) Expect(err).NotTo(HaveOccurred(), "vault to create app role from vault") return &vaultSecrets{ diff --git a/test/e2e/suite/conformance/certificates/venafi/venafi.go b/test/e2e/suite/conformance/certificates/venafi/venafi.go index 51550adaa23..8b0bb2c0dc0 100644 --- a/test/e2e/suite/conformance/certificates/venafi/venafi.go +++ b/test/e2e/suite/conformance/certificates/venafi/venafi.go @@ -77,16 +77,16 @@ type venafiProvisioner struct { tpp *vaddon.VenafiTPP } -func (v *venafiProvisioner) delete(f *framework.Framework, ref cmmeta.ObjectReference) { - Expect(v.tpp.Deprovision()).NotTo(HaveOccurred(), "failed to deprovision tpp venafi") +func (v *venafiProvisioner) delete(ctx context.Context, f *framework.Framework, ref cmmeta.ObjectReference) { + Expect(v.tpp.Deprovision(ctx)).NotTo(HaveOccurred(), "failed to deprovision tpp venafi") if ref.Kind == "ClusterIssuer" { - err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(context.TODO(), ref.Name, metav1.DeleteOptions{}) + err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(ctx, ref.Name, metav1.DeleteOptions{}) Expect(err).NotTo(HaveOccurred()) } } -func (v *venafiProvisioner) createIssuer(f *framework.Framework) cmmeta.ObjectReference { +func (v *venafiProvisioner) createIssuer(ctx context.Context, f *framework.Framework) cmmeta.ObjectReference { By("Creating a Venafi Issuer") v.tpp = &vaddon.VenafiTPP{ @@ -99,15 +99,15 @@ func (v *venafiProvisioner) createIssuer(f *framework.Framework) cmmeta.ObjectRe } Expect(err).NotTo(HaveOccurred(), "failed to setup tpp venafi") - Expect(v.tpp.Provision()).NotTo(HaveOccurred(), "failed to provision tpp venafi") + Expect(v.tpp.Provision(ctx)).NotTo(HaveOccurred(), "failed to provision tpp venafi") issuer := v.tpp.Details().BuildIssuer() - issuer, err = f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), issuer, metav1.CreateOptions{}) + issuer, err = f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to create issuer for venafi") // wait for issuer to be ready By("Waiting for Venafi Issuer to be Ready") - issuer, err = f.Helper().WaitIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return cmmeta.ObjectReference{ @@ -117,7 +117,7 @@ func (v *venafiProvisioner) createIssuer(f *framework.Framework) cmmeta.ObjectRe } } -func (v *venafiProvisioner) createClusterIssuer(f *framework.Framework) cmmeta.ObjectReference { +func (v *venafiProvisioner) createClusterIssuer(ctx context.Context, f *framework.Framework) cmmeta.ObjectReference { By("Creating a Venafi ClusterIssuer") v.tpp = &vaddon.VenafiTPP{ @@ -130,15 +130,15 @@ func (v *venafiProvisioner) createClusterIssuer(f *framework.Framework) cmmeta.O } Expect(err).NotTo(HaveOccurred(), "failed to setup tpp venafi") - Expect(v.tpp.Provision()).NotTo(HaveOccurred(), "failed to provision tpp venafi") + Expect(v.tpp.Provision(ctx)).NotTo(HaveOccurred(), "failed to provision tpp venafi") issuer := v.tpp.Details().BuildClusterIssuer() - issuer, err = f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(context.TODO(), issuer, metav1.CreateOptions{}) + issuer, err = f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to create issuer for venafi") // wait for issuer to be ready By("Waiting for Venafi Cluster Issuer to be Ready") - issuer, err = f.Helper().WaitClusterIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitClusterIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return cmmeta.ObjectReference{ diff --git a/test/e2e/suite/conformance/certificates/venaficloud/cloud.go b/test/e2e/suite/conformance/certificates/venaficloud/cloud.go index d5899fa6a13..0e03528f5ae 100644 --- a/test/e2e/suite/conformance/certificates/venaficloud/cloud.go +++ b/test/e2e/suite/conformance/certificates/venaficloud/cloud.go @@ -77,16 +77,16 @@ type venafiProvisioner struct { cloud *vaddon.VenafiCloud } -func (v *venafiProvisioner) delete(f *framework.Framework, ref cmmeta.ObjectReference) { - Expect(v.cloud.Deprovision()).NotTo(HaveOccurred(), "failed to deprovision cloud venafi") +func (v *venafiProvisioner) delete(ctx context.Context, f *framework.Framework, ref cmmeta.ObjectReference) { + Expect(v.cloud.Deprovision(ctx)).NotTo(HaveOccurred(), "failed to deprovision cloud venafi") if ref.Kind == "ClusterIssuer" { - err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(context.TODO(), ref.Name, metav1.DeleteOptions{}) + err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(ctx, ref.Name, metav1.DeleteOptions{}) Expect(err).NotTo(HaveOccurred()) } } -func (v *venafiProvisioner) createIssuer(f *framework.Framework) cmmeta.ObjectReference { +func (v *venafiProvisioner) createIssuer(ctx context.Context, f *framework.Framework) cmmeta.ObjectReference { By("Creating a Venafi Cloud Issuer") v.cloud = &vaddon.VenafiCloud{ @@ -99,15 +99,15 @@ func (v *venafiProvisioner) createIssuer(f *framework.Framework) cmmeta.ObjectRe } Expect(err).NotTo(HaveOccurred(), "failed to provision venafi cloud issuer") - Expect(v.cloud.Provision()).NotTo(HaveOccurred(), "failed to provision tpp venafi") + Expect(v.cloud.Provision(ctx)).NotTo(HaveOccurred(), "failed to provision tpp venafi") issuer := v.cloud.Details().BuildIssuer() - issuer, err = f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), issuer, metav1.CreateOptions{}) + issuer, err = f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to create issuer for venafi") // wait for issuer to be ready By("Waiting for Venafi Cloud Issuer to be Ready") - issuer, err = f.Helper().WaitIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return cmmeta.ObjectReference{ @@ -117,7 +117,7 @@ func (v *venafiProvisioner) createIssuer(f *framework.Framework) cmmeta.ObjectRe } } -func (v *venafiProvisioner) createClusterIssuer(f *framework.Framework) cmmeta.ObjectReference { +func (v *venafiProvisioner) createClusterIssuer(ctx context.Context, f *framework.Framework) cmmeta.ObjectReference { By("Creating a Venafi ClusterIssuer") v.cloud = &vaddon.VenafiCloud{ @@ -130,15 +130,15 @@ func (v *venafiProvisioner) createClusterIssuer(f *framework.Framework) cmmeta.O } Expect(err).NotTo(HaveOccurred(), "failed to setup tpp venafi") - Expect(v.cloud.Provision()).NotTo(HaveOccurred(), "failed to provision tpp venafi") + Expect(v.cloud.Provision(ctx)).NotTo(HaveOccurred(), "failed to provision tpp venafi") issuer := v.cloud.Details().BuildClusterIssuer() - issuer, err = f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(context.TODO(), issuer, metav1.CreateOptions{}) + issuer, err = f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to create issuer for venafi") // wait for issuer to be ready By("Waiting for Venafi Cloud Cluster Issuer to be Ready") - issuer, err = f.Helper().WaitClusterIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitClusterIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return cmmeta.ObjectReference{ diff --git a/test/e2e/suite/conformance/certificatesigningrequests/acme/acme.go b/test/e2e/suite/conformance/certificatesigningrequests/acme/acme.go index eaf09e8c67c..e9a7e0e79f3 100644 --- a/test/e2e/suite/conformance/certificatesigningrequests/acme/acme.go +++ b/test/e2e/suite/conformance/certificatesigningrequests/acme/acme.go @@ -112,21 +112,21 @@ type acme struct { secretNamespace string } -func (a *acme) delete(f *framework.Framework, signerName string) { +func (a *acme) delete(ctx context.Context, f *framework.Framework, signerName string) { if a.eab != nil { - err := f.KubeClientSet.CoreV1().Secrets(a.secretNamespace).Delete(context.TODO(), a.eab.Key.Name, metav1.DeleteOptions{}) + err := f.KubeClientSet.CoreV1().Secrets(a.secretNamespace).Delete(ctx, a.eab.Key.Name, metav1.DeleteOptions{}) Expect(err).NotTo(HaveOccurred()) } ref, _ := util.SignerIssuerRefFromSignerName(signerName) if ref.Type == "clusterissuers" { - err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(context.TODO(), ref.Name, metav1.DeleteOptions{}) + err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(ctx, ref.Name, metav1.DeleteOptions{}) Expect(err).NotTo(HaveOccurred()) } } -func (a *acme) ensureEABSecret(f *framework.Framework, ns string) { +func (a *acme) ensureEABSecret(ctx context.Context, f *framework.Framework, ns string) { if a.eab == nil { return } @@ -134,7 +134,7 @@ func (a *acme) ensureEABSecret(f *framework.Framework, ns string) { if ns == "" { ns = f.Namespace.Name } - sec, err := f.KubeClientSet.CoreV1().Secrets(ns).Create(context.TODO(), &corev1.Secret{ + sec, err := f.KubeClientSet.CoreV1().Secrets(ns).Create(ctx, &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ GenerateName: "external-account-binding-", Namespace: ns, diff --git a/test/e2e/suite/conformance/certificatesigningrequests/acme/dns01.go b/test/e2e/suite/conformance/certificatesigningrequests/acme/dns01.go index 9eb65f94035..2412ec9ee5c 100644 --- a/test/e2e/suite/conformance/certificatesigningrequests/acme/dns01.go +++ b/test/e2e/suite/conformance/certificatesigningrequests/acme/dns01.go @@ -32,8 +32,8 @@ import ( . "github.com/onsi/gomega" ) -func (a *acme) createDNS01Issuer(f *framework.Framework) string { - a.ensureEABSecret(f, f.Namespace.Name) +func (a *acme) createDNS01Issuer(ctx context.Context, f *framework.Framework) string { + a.ensureEABSecret(ctx, f, f.Namespace.Name) By("Creating an ACME DNS01 Issuer") issuer := &cmapi.Issuer{ @@ -42,19 +42,19 @@ func (a *acme) createDNS01Issuer(f *framework.Framework) string { }, Spec: a.createDNS01IssuerSpec(f.Config.Addons.ACMEServer.URL, f.Config.Addons.ACMEServer.DNSServer), } - issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), issuer, metav1.CreateOptions{}) + issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to create acme DNS01 Issuer") // wait for issuer to be ready By("Waiting for acme DNS01 Issuer to be Ready") - issuer, err = f.Helper().WaitIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return fmt.Sprintf("issuers.cert-manager.io/%s.%s", issuer.Namespace, issuer.Name) } -func (a *acme) createDNS01ClusterIssuer(f *framework.Framework) string { - a.ensureEABSecret(f, f.Config.Addons.CertManager.ClusterResourceNamespace) +func (a *acme) createDNS01ClusterIssuer(ctx context.Context, f *framework.Framework) string { + a.ensureEABSecret(ctx, f, f.Config.Addons.CertManager.ClusterResourceNamespace) By("Creating an ACME DNS01 ClusterIssuer") issuer := &cmapi.ClusterIssuer{ @@ -63,12 +63,12 @@ func (a *acme) createDNS01ClusterIssuer(f *framework.Framework) string { }, Spec: a.createDNS01IssuerSpec(f.Config.Addons.ACMEServer.URL, f.Config.Addons.ACMEServer.DNSServer), } - issuer, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(context.TODO(), issuer, metav1.CreateOptions{}) + issuer, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to create acme DNS01 ClusterIssuer") // wait for issuer to be ready By("Waiting for acme DNS01 Cluster Issuer to be Ready") - issuer, err = f.Helper().WaitClusterIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitClusterIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return fmt.Sprintf("clusterissuers.cert-manager.io/%s", issuer.Name) diff --git a/test/e2e/suite/conformance/certificatesigningrequests/acme/http01.go b/test/e2e/suite/conformance/certificatesigningrequests/acme/http01.go index 1a2ac7e6314..695b58c1fcc 100644 --- a/test/e2e/suite/conformance/certificatesigningrequests/acme/http01.go +++ b/test/e2e/suite/conformance/certificatesigningrequests/acme/http01.go @@ -32,8 +32,8 @@ import ( . "github.com/onsi/gomega" ) -func (a *acme) createHTTP01Issuer(f *framework.Framework) string { - a.ensureEABSecret(f, "") +func (a *acme) createHTTP01Issuer(ctx context.Context, f *framework.Framework) string { + a.ensureEABSecret(ctx, f, "") By("Creating an ACME HTTP01 Issuer") issuer := &cmapi.Issuer{ @@ -43,19 +43,19 @@ func (a *acme) createHTTP01Issuer(f *framework.Framework) string { Spec: a.createHTTP01IssuerSpec(f.Config.Addons.ACMEServer.URL), } - issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), issuer, metav1.CreateOptions{}) + issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to create acme HTTP01 issuer") // wait for issuer to be ready By("Waiting for acme HTTP01 Issuer to be Ready") - issuer, err = f.Helper().WaitIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return fmt.Sprintf("issuers.cert-manager.io/%s.%s", issuer.Namespace, issuer.Name) } -func (a *acme) createHTTP01ClusterIssuer(f *framework.Framework) string { - a.ensureEABSecret(f, f.Config.Addons.CertManager.ClusterResourceNamespace) +func (a *acme) createHTTP01ClusterIssuer(ctx context.Context, f *framework.Framework) string { + a.ensureEABSecret(ctx, f, f.Config.Addons.CertManager.ClusterResourceNamespace) By("Creating an ACME HTTP01 ClusterIssuer") issuer := &cmapi.ClusterIssuer{ @@ -65,12 +65,12 @@ func (a *acme) createHTTP01ClusterIssuer(f *framework.Framework) string { Spec: a.createHTTP01IssuerSpec(f.Config.Addons.ACMEServer.URL), } - issuer, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(context.TODO(), issuer, metav1.CreateOptions{}) + issuer, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to create acme HTTP01 cluster issuer") // wait for issuer to be ready By("Waiting for acme HTTP01 Cluster Issuer to be Ready") - issuer, err = f.Helper().WaitClusterIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitClusterIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return fmt.Sprintf("clusterissuers.cert-manager.io/%s", issuer.Name) diff --git a/test/e2e/suite/conformance/certificatesigningrequests/ca/ca.go b/test/e2e/suite/conformance/certificatesigningrequests/ca/ca.go index 3586f6f7d71..01ef22f7660 100644 --- a/test/e2e/suite/conformance/certificatesigningrequests/ca/ca.go +++ b/test/e2e/suite/conformance/certificatesigningrequests/ca/ca.go @@ -56,15 +56,15 @@ type ca struct { secretName string } -func (c *ca) createIssuer(f *framework.Framework) string { +func (c *ca) createIssuer(ctx context.Context, f *framework.Framework) string { By("Creating a CA Issuer") - rootCertSecret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(context.TODO(), newSigningKeypairSecret("root-ca-cert-"), metav1.CreateOptions{}) + rootCertSecret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(ctx, newSigningKeypairSecret("root-ca-cert-"), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to create root signing keypair secret") c.secretName = rootCertSecret.Name - issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), &cmapi.Issuer{ + issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, &cmapi.Issuer{ ObjectMeta: metav1.ObjectMeta{ GenerateName: "ca-issuer-", }, @@ -80,21 +80,21 @@ func (c *ca) createIssuer(f *framework.Framework) string { // wait for issuer to be ready By("Waiting for CA Issuer to be Ready") - issuer, err = f.Helper().WaitIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return fmt.Sprintf("issuers.cert-manager.io/%s.%s", f.Namespace.Name, issuer.Name) } -func (c *ca) createClusterIssuer(f *framework.Framework) string { +func (c *ca) createClusterIssuer(ctx context.Context, f *framework.Framework) string { By("Creating a CA ClusterIssuer") - rootCertSecret, err := f.KubeClientSet.CoreV1().Secrets(f.Config.Addons.CertManager.ClusterResourceNamespace).Create(context.TODO(), newSigningKeypairSecret("root-ca-cert-"), metav1.CreateOptions{}) + rootCertSecret, err := f.KubeClientSet.CoreV1().Secrets(f.Config.Addons.CertManager.ClusterResourceNamespace).Create(ctx, newSigningKeypairSecret("root-ca-cert-"), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to create root signing keypair secret") c.secretName = rootCertSecret.Name - issuer, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(context.TODO(), &cmapi.ClusterIssuer{ + issuer, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(ctx, &cmapi.ClusterIssuer{ ObjectMeta: metav1.ObjectMeta{ GenerateName: "ca-cluster-issuer-", }, @@ -110,20 +110,20 @@ func (c *ca) createClusterIssuer(f *framework.Framework) string { // wait for issuer to be ready By("Waiting for CA Cluster Issuer to be Ready") - issuer, err = f.Helper().WaitClusterIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitClusterIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return fmt.Sprintf("clusterissuers.cert-manager.io/%s", issuer.Name) } -func (c *ca) deleteClusterIssuer(f *framework.Framework, signerName string) { +func (c *ca) deleteClusterIssuer(ctx context.Context, f *framework.Framework, signerName string) { By("Deleting CA ClusterIssuer") ref, _ := util.SignerIssuerRefFromSignerName(signerName) - err := f.KubeClientSet.CoreV1().Secrets(f.Config.Addons.CertManager.ClusterResourceNamespace).Delete(context.TODO(), c.secretName, metav1.DeleteOptions{}) + err := f.KubeClientSet.CoreV1().Secrets(f.Config.Addons.CertManager.ClusterResourceNamespace).Delete(ctx, c.secretName, metav1.DeleteOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to delete root signing keypair secret") - err = f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(context.TODO(), ref.Name, metav1.DeleteOptions{}) + err = f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(ctx, ref.Name, metav1.DeleteOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to delete ca issuer") } diff --git a/test/e2e/suite/conformance/certificatesigningrequests/selfsigned/selfsigned.go b/test/e2e/suite/conformance/certificatesigningrequests/selfsigned/selfsigned.go index d556093441b..991176dde8d 100644 --- a/test/e2e/suite/conformance/certificatesigningrequests/selfsigned/selfsigned.go +++ b/test/e2e/suite/conformance/certificatesigningrequests/selfsigned/selfsigned.go @@ -54,7 +54,7 @@ var _ = framework.ConformanceDescribe("CertificateSigningRequests", func() { }).Define() }) -func provision(f *framework.Framework, csr *certificatesv1.CertificateSigningRequest, key crypto.Signer) { +func provision(ctx context.Context, f *framework.Framework, csr *certificatesv1.CertificateSigningRequest, key crypto.Signer) { By("Creating SelfSigned requester key Secret") ref, _ := util.SignerIssuerRefFromSignerName(csr.Spec.SignerName) ns := "cert-manager" @@ -65,7 +65,7 @@ func provision(f *framework.Framework, csr *certificatesv1.CertificateSigningReq keyPEM, err := pki.EncodePKCS8PrivateKey(key) Expect(err).NotTo(HaveOccurred(), "failed to encode requester's private key") - secret, err := f.KubeClientSet.CoreV1().Secrets(ns).Create(context.TODO(), &corev1.Secret{ + secret, err := f.KubeClientSet.CoreV1().Secrets(ns).Create(ctx, &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ GenerateName: "selfsigned-requester-key-", Namespace: ns, @@ -81,7 +81,7 @@ func provision(f *framework.Framework, csr *certificatesv1.CertificateSigningReq } csr.Annotations[experimentalapi.CertificateSigningRequestPrivateKeyAnnotationKey] = secret.Name } -func deProvision(f *framework.Framework, csr *certificatesv1.CertificateSigningRequest) { +func deProvision(ctx context.Context, f *framework.Framework, csr *certificatesv1.CertificateSigningRequest) { By("Deleting SelfSigned requester key Secret") ref, _ := util.SignerIssuerRefFromSignerName(csr.Spec.SignerName) ns := f.Config.Addons.CertManager.ClusterResourceNamespace @@ -89,14 +89,14 @@ func deProvision(f *framework.Framework, csr *certificatesv1.CertificateSigningR ns = ref.Namespace } - err := f.KubeClientSet.CoreV1().Secrets(ns).Delete(context.TODO(), csr.Annotations[experimentalapi.CertificateSigningRequestPrivateKeyAnnotationKey], metav1.DeleteOptions{}) + err := f.KubeClientSet.CoreV1().Secrets(ns).Delete(ctx, csr.Annotations[experimentalapi.CertificateSigningRequestPrivateKeyAnnotationKey], metav1.DeleteOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to create requester's private key Secret") } -func createSelfSignedIssuer(f *framework.Framework) string { +func createSelfSignedIssuer(ctx context.Context, f *framework.Framework) string { By("Creating a SelfSigned Issuer") - issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), &cmapi.Issuer{ + issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, &cmapi.Issuer{ ObjectMeta: metav1.ObjectMeta{ GenerateName: "selfsigned-issuer-", }, @@ -110,16 +110,16 @@ func createSelfSignedIssuer(f *framework.Framework) string { // wait for issuer to be ready By("Waiting for Self Signed Issuer to be Ready") - issuer, err = f.Helper().WaitIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return fmt.Sprintf("issuers.cert-manager.io/%s.%s", f.Namespace.Name, issuer.Name) } -func createSelfSignedClusterIssuer(f *framework.Framework) string { +func createSelfSignedClusterIssuer(ctx context.Context, f *framework.Framework) string { By("Creating a SelfSigned ClusterIssuer") - issuer, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(context.TODO(), &cmapi.ClusterIssuer{ + issuer, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(ctx, &cmapi.ClusterIssuer{ ObjectMeta: metav1.ObjectMeta{ GenerateName: "selfsigned-cluster-issuer-", }, @@ -133,14 +133,14 @@ func createSelfSignedClusterIssuer(f *framework.Framework) string { // wait for issuer to be ready By("Waiting for Self Signed Cluster Issuer to be Ready") - issuer, err = f.Helper().WaitClusterIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitClusterIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return fmt.Sprintf("clusterissuers.cert-manager.io/%s", issuer.Name) } -func deleteSelfSignedClusterIssuer(f *framework.Framework, signerName string) { +func deleteSelfSignedClusterIssuer(ctx context.Context, f *framework.Framework, signerName string) { ref, _ := util.SignerIssuerRefFromSignerName(signerName) - err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(context.TODO(), ref.Name, metav1.DeleteOptions{}) + err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(ctx, ref.Name, metav1.DeleteOptions{}) Expect(err).NotTo(HaveOccurred()) } diff --git a/test/e2e/suite/conformance/certificatesigningrequests/suite.go b/test/e2e/suite/conformance/certificatesigningrequests/suite.go index 9d114e137f6..6dec02dfaf2 100644 --- a/test/e2e/suite/conformance/certificatesigningrequests/suite.go +++ b/test/e2e/suite/conformance/certificatesigningrequests/suite.go @@ -17,6 +17,7 @@ limitations under the License. package certificatesigningrequests import ( + "context" "crypto" certificatesv1 "k8s.io/api/certificates/v1" @@ -40,14 +41,14 @@ type Suite struct { // returns an SignerName to that Issuer that will be used as the SignerName // on CertificateSigningRequest resources that this suite creates. // This field must be provided. - CreateIssuerFunc func(*framework.Framework) string + CreateIssuerFunc func(context.Context, *framework.Framework) string // DeleteIssuerFunc is a function that is run after the test has completed // in order to clean up resources created for a test (e.g. the resources // created in CreateIssuerFunc). // This function will be run regardless whether the test passes or fails. // If not specified, this function will be skipped. - DeleteIssuerFunc func(*framework.Framework, string) + DeleteIssuerFunc func(context.Context, *framework.Framework, string) // ProvisionFunc is a function that is run every test just before the // CertificateSigningRequest is created within a test. This is used to @@ -56,12 +57,12 @@ type Suite struct { // CertificateSigningRequest, or create a resource like a Secret needed for // signing. // If not specified, this function will be skipped. - ProvisionFunc func(*framework.Framework, *certificatesv1.CertificateSigningRequest, crypto.Signer) + ProvisionFunc func(context.Context, *framework.Framework, *certificatesv1.CertificateSigningRequest, crypto.Signer) // DeProvisionFunc is run after every test. This is to be used to remove and // clean-up any resources which may have been created by ProvisionFunc. // If not specified, this function will be skipped. - DeProvisionFunc func(*framework.Framework, *certificatesv1.CertificateSigningRequest) + DeProvisionFunc func(context.Context, *framework.Framework, *certificatesv1.CertificateSigningRequest) // DomainSuffix is a suffix used on all domain requests. // This is useful when the issuer being tested requires special @@ -103,21 +104,21 @@ func (s *Suite) complete(f *framework.Framework) { } // it is called by the tests to in Define() to setup and run the test -func (s *Suite) it(f *framework.Framework, name string, fn func(string), requiredFeatures ...featureset.Feature) { +func (s *Suite) it(f *framework.Framework, name string, fn func(context.Context, string), requiredFeatures ...featureset.Feature) { if s.UnsupportedFeatures.HasAny(requiredFeatures...) { return } - It(name, func() { + It(name, func(ctx context.Context) { framework.RequireFeatureGate(f, utilfeature.DefaultFeatureGate, feature.ExperimentalCertificateSigningRequestControllers) By("Creating an issuer resource") - signerName := s.CreateIssuerFunc(f) + signerName := s.CreateIssuerFunc(ctx, f) defer func() { if s.DeleteIssuerFunc != nil { By("Cleaning up the issuer resource") - s.DeleteIssuerFunc(f, signerName) + s.DeleteIssuerFunc(ctx, f, signerName) } }() - fn(signerName) + fn(ctx, signerName) }) } diff --git a/test/e2e/suite/conformance/certificatesigningrequests/tests.go b/test/e2e/suite/conformance/certificatesigningrequests/tests.go index f5230f1c635..d7093f25c9e 100644 --- a/test/e2e/suite/conformance/certificatesigningrequests/tests.go +++ b/test/e2e/suite/conformance/certificatesigningrequests/tests.go @@ -50,7 +50,6 @@ import ( // they are not active, these tests will fail. func (s *Suite) Define() { Describe("CertificateSigningRequest with issuer type "+s.Name, func() { - ctx := context.Background() f := framework.NewDefaultFramework("certificatesigningrequests") sharedCommonName := "" @@ -362,7 +361,7 @@ func (s *Suite) Define() { } defineTest := func(test testCase) { - s.it(f, test.name, func(signerName string) { + s.it(f, test.name, func(ctx context.Context, signerName string) { // Generate request CSR csr, key, err := gen.CSR(test.keyAlgo, test.csrModifiers()...) Expect(err).NotTo(HaveOccurred()) @@ -384,17 +383,20 @@ func (s *Suite) Define() { // Provision any resources needed for the request, or modify the // request based on Issuer requirements if s.ProvisionFunc != nil { - s.ProvisionFunc(f, kubeCSR, key) + s.ProvisionFunc(ctx, f, kubeCSR, key) } // Ensure related resources are cleaned up at the end of the test if s.DeProvisionFunc != nil { - defer s.DeProvisionFunc(f, kubeCSR) + defer s.DeProvisionFunc(ctx, f, kubeCSR) } // Create the request, and delete at the end of the test By("Creating a CertificateSigningRequest") Expect(f.CRClient.Create(ctx, kubeCSR)).NotTo(HaveOccurred()) - defer f.CRClient.Delete(context.TODO(), kubeCSR) + defer func() { + // nolint: contextcheck // This is a cleanup context + f.CRClient.Delete(context.TODO(), kubeCSR) + }() // Approve the request for testing, so that cert-manager may sign the // request. @@ -405,13 +407,13 @@ func (s *Suite) Define() { Reason: "e2e.cert-manager.io", Message: "Request approved for e2e testing.", }) - kubeCSR, err = f.KubeClientSet.CertificatesV1().CertificateSigningRequests().UpdateApproval(context.TODO(), kubeCSR.Name, kubeCSR, metav1.UpdateOptions{}) + kubeCSR, err = f.KubeClientSet.CertificatesV1().CertificateSigningRequests().UpdateApproval(ctx, kubeCSR.Name, kubeCSR, metav1.UpdateOptions{}) Expect(err).NotTo(HaveOccurred()) // Wait for the status.Certificate and CA annotation to be populated in // a reasonable amount of time. By("Waiting for the CertificateSigningRequest to be issued...") - kubeCSR, err = f.Helper().WaitForCertificateSigningRequestSigned(kubeCSR.Name, time.Minute*5) + kubeCSR, err = f.Helper().WaitForCertificateSigningRequestSigned(ctx, kubeCSR.Name, time.Minute*5) Expect(err).NotTo(HaveOccurred()) // Validate that the request was signed as expected. Add extra diff --git a/test/e2e/suite/conformance/certificatesigningrequests/vault/approle.go b/test/e2e/suite/conformance/certificatesigningrequests/vault/approle.go index fce7e554df7..256c9c992a2 100644 --- a/test/e2e/suite/conformance/certificatesigningrequests/vault/approle.go +++ b/test/e2e/suite/conformance/certificatesigningrequests/vault/approle.go @@ -106,32 +106,32 @@ var _ = framework.ConformanceDescribe("CertificateSigningRequests", func() { }).Define() }) -func (a *approle) delete(f *framework.Framework, signerName string) { - Expect(a.setup.Clean()).NotTo(HaveOccurred(), "failed to deprovision vault initializer") +func (a *approle) delete(ctx context.Context, f *framework.Framework, signerName string) { + Expect(a.setup.Clean(ctx)).NotTo(HaveOccurred(), "failed to deprovision vault initializer") - err := f.KubeClientSet.CoreV1().Secrets(a.secretNamespace).Delete(context.TODO(), a.secretName, metav1.DeleteOptions{}) + err := f.KubeClientSet.CoreV1().Secrets(a.secretNamespace).Delete(ctx, a.secretName, metav1.DeleteOptions{}) Expect(err).NotTo(HaveOccurred()) ref, _ := util.SignerIssuerRefFromSignerName(signerName) if kind, _ := util.IssuerKindFromType(ref.Type); kind == cmapi.ClusterIssuerKind { - err = f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(context.TODO(), ref.Name, metav1.DeleteOptions{}) + err = f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(ctx, ref.Name, metav1.DeleteOptions{}) Expect(err).NotTo(HaveOccurred()) } } -func (a *approle) createIssuer(f *framework.Framework) string { +func (a *approle) createIssuer(ctx context.Context, f *framework.Framework) string { appRoleSecretGeneratorName := "vault-approle-secret-" By("Creating a VaultAppRole Issuer") - a.secrets = a.initVault() + a.secrets = a.initVault(ctx) - sec, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(context.TODO(), vault.NewVaultAppRoleSecret(appRoleSecretGeneratorName, a.secretID), metav1.CreateOptions{}) + sec, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(ctx, vault.NewVaultAppRoleSecret(appRoleSecretGeneratorName, a.secretID), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "vault to store app role secret from vault") a.secretName = sec.Name a.secretNamespace = sec.Namespace - issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), &cmapi.Issuer{ + issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, &cmapi.Issuer{ ObjectMeta: metav1.ObjectMeta{ GenerateName: "vault-issuer-", }, @@ -141,25 +141,25 @@ func (a *approle) createIssuer(f *framework.Framework) string { // wait for issuer to be ready By("Waiting for Vault Issuer to be Ready") - issuer, err = f.Helper().WaitIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return fmt.Sprintf("issuers.cert-manager.io/%s.%s", f.Namespace.Name, issuer.Name) } -func (a *approle) createClusterIssuer(f *framework.Framework) string { +func (a *approle) createClusterIssuer(ctx context.Context, f *framework.Framework) string { appRoleSecretGeneratorName := "vault-approle-secret-" By("Creating a VaultAppRole ClusterIssuer") - a.secrets = a.initVault() + a.secrets = a.initVault(ctx) - sec, err := f.KubeClientSet.CoreV1().Secrets(f.Config.Addons.CertManager.ClusterResourceNamespace).Create(context.TODO(), vault.NewVaultAppRoleSecret(appRoleSecretGeneratorName, a.secretID), metav1.CreateOptions{}) + sec, err := f.KubeClientSet.CoreV1().Secrets(f.Config.Addons.CertManager.ClusterResourceNamespace).Create(ctx, vault.NewVaultAppRoleSecret(appRoleSecretGeneratorName, a.secretID), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "vault to store app role secret from vault") a.secretName = sec.Name a.secretNamespace = sec.Namespace - issuer, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(context.TODO(), &cmapi.ClusterIssuer{ + issuer, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(ctx, &cmapi.ClusterIssuer{ ObjectMeta: metav1.ObjectMeta{ GenerateName: "vault-cluster-issuer-", }, @@ -169,23 +169,23 @@ func (a *approle) createClusterIssuer(f *framework.Framework) string { // wait for issuer to be ready By("Waiting for Vault Cluster Issuer to be Ready") - issuer, err = f.Helper().WaitClusterIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitClusterIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return fmt.Sprintf("clusterissuers.cert-manager.io/%s", issuer.Name) } -func (a *approle) initVault() *secrets { +func (a *approle) initVault(ctx context.Context) *secrets { By("Configuring the VaultAppRole server") a.setup = vault.NewVaultInitializerAppRole( addon.Base.Details().KubeClient, *addon.Vault.Details(), a.testWithRootCA, ) - Expect(a.setup.Init()).NotTo(HaveOccurred(), "failed to init vault") - Expect(a.setup.Setup()).NotTo(HaveOccurred(), "failed to setup vault") + Expect(a.setup.Init(ctx)).NotTo(HaveOccurred(), "failed to init vault") + Expect(a.setup.Setup(ctx)).NotTo(HaveOccurred(), "failed to setup vault") - roleID, secretID, err := a.setup.CreateAppRole() + roleID, secretID, err := a.setup.CreateAppRole(ctx) Expect(err).NotTo(HaveOccurred(), "vault to create app role from vault") return &secrets{ diff --git a/test/e2e/suite/conformance/certificatesigningrequests/vault/kubernetes.go b/test/e2e/suite/conformance/certificatesigningrequests/vault/kubernetes.go index d0dab692b1f..6fd8ed86f5e 100644 --- a/test/e2e/suite/conformance/certificatesigningrequests/vault/kubernetes.go +++ b/test/e2e/suite/conformance/certificatesigningrequests/vault/kubernetes.go @@ -73,11 +73,11 @@ type kubernetes struct { setup *vault.VaultInitializer } -func (k *kubernetes) createIssuer(f *framework.Framework) string { - k.initVault(f, f.Namespace.Name) +func (k *kubernetes) createIssuer(ctx context.Context, f *framework.Framework) string { + k.initVault(ctx, f, f.Namespace.Name) By("Creating a VaultKubernetes Issuer") - issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), &cmapi.Issuer{ + issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, &cmapi.Issuer{ ObjectMeta: metav1.ObjectMeta{ GenerateName: "vault-issuer-", Namespace: f.Namespace.Name, @@ -88,17 +88,17 @@ func (k *kubernetes) createIssuer(f *framework.Framework) string { // wait for issuer to be ready By("Waiting for VaultKubernetes Issuer to be Ready") - issuer, err = f.Helper().WaitIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return fmt.Sprintf("issuers.cert-manager.io/%s.%s", issuer.Namespace, issuer.Name) } -func (k *kubernetes) createClusterIssuer(f *framework.Framework) string { - k.initVault(f, f.Config.Addons.CertManager.ClusterResourceNamespace) +func (k *kubernetes) createClusterIssuer(ctx context.Context, f *framework.Framework) string { + k.initVault(ctx, f, f.Config.Addons.CertManager.ClusterResourceNamespace) By("Creating a VaultKubernetes ClusterIssuer") - issuer, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(context.TODO(), &cmapi.ClusterIssuer{ + issuer, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(ctx, &cmapi.ClusterIssuer{ ObjectMeta: metav1.ObjectMeta{ GenerateName: "vault-issuer-", }, @@ -108,25 +108,25 @@ func (k *kubernetes) createClusterIssuer(f *framework.Framework) string { // wait for issuer to be ready By("Waiting for VaultKubernetes Cluster Issuer to be Ready") - issuer, err = f.Helper().WaitClusterIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitClusterIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return fmt.Sprintf("clusterissuers.cert-manager.io/%s", issuer.Name) } -func (k *kubernetes) delete(f *framework.Framework, signerName string) { +func (k *kubernetes) delete(ctx context.Context, f *framework.Framework, signerName string) { ref, _ := csrutil.SignerIssuerRefFromSignerName(signerName) if kind, _ := csrutil.IssuerKindFromType(ref.Type); kind == cmapi.ClusterIssuerKind { - err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(context.TODO(), ref.Name, metav1.DeleteOptions{}) + err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(ctx, ref.Name, metav1.DeleteOptions{}) Expect(err).NotTo(HaveOccurred()) - k.setup.CleanKubernetesRole(f.KubeClientSet, f.Config.Addons.CertManager.ClusterResourceNamespace, k.setup.Role()) + k.setup.CleanKubernetesRole(ctx, f.KubeClientSet, f.Config.Addons.CertManager.ClusterResourceNamespace, k.setup.Role()) } - Expect(k.setup.Clean()).NotTo(HaveOccurred(), "failed to deprovision vault initializer") + Expect(k.setup.Clean(ctx)).NotTo(HaveOccurred(), "failed to deprovision vault initializer") } -func (k *kubernetes) initVault(f *framework.Framework, boundNS string) { +func (k *kubernetes) initVault(ctx context.Context, f *framework.Framework, boundNS string) { By("Configuring the VaultKubernetes server") k.setup = vault.NewVaultInitializerKubernetes( @@ -135,18 +135,18 @@ func (k *kubernetes) initVault(f *framework.Framework, boundNS string) { k.testWithRootCA, "https://kubernetes.default.svc.cluster.local", ) - Expect(k.setup.Init()).NotTo(HaveOccurred(), "failed to init vault") - Expect(k.setup.Setup()).NotTo(HaveOccurred(), "failed to setup vault") + Expect(k.setup.Init(ctx)).NotTo(HaveOccurred(), "failed to init vault") + Expect(k.setup.Setup(ctx)).NotTo(HaveOccurred(), "failed to setup vault") By("Creating a ServiceAccount for Vault authentication") // boundNS is name of the service account for which a Secret containing the service account token will be created boundSA := "vault-issuer-" + rand.String(5) - err := k.setup.CreateKubernetesRole(f.KubeClientSet, boundNS, boundSA) + err := k.setup.CreateKubernetesRole(ctx, f.KubeClientSet, boundNS, boundSA) Expect(err).NotTo(HaveOccurred()) k.saTokenSecretName = "vault-sa-secret-" + rand.String(5) - _, err = f.KubeClientSet.CoreV1().Secrets(boundNS).Create(context.TODO(), vault.NewVaultKubernetesSecret(k.saTokenSecretName, boundSA), metav1.CreateOptions{}) + _, err = f.KubeClientSet.CoreV1().Secrets(boundNS).Create(ctx, vault.NewVaultKubernetesSecret(k.saTokenSecretName, boundSA), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) } diff --git a/test/e2e/suite/conformance/certificatesigningrequests/venafi/cloud.go b/test/e2e/suite/conformance/certificatesigningrequests/venafi/cloud.go index c86d0c2a920..4b00167f4fa 100644 --- a/test/e2e/suite/conformance/certificatesigningrequests/venafi/cloud.go +++ b/test/e2e/suite/conformance/certificatesigningrequests/venafi/cloud.go @@ -77,17 +77,17 @@ type cloud struct { *venafi.VenafiCloud } -func (c *cloud) delete(f *framework.Framework, signerName string) { - Expect(c.Deprovision()).NotTo(HaveOccurred(), "failed to deprovision cloud venafi") +func (c *cloud) delete(ctx context.Context, f *framework.Framework, signerName string) { + Expect(c.Deprovision(ctx)).NotTo(HaveOccurred(), "failed to deprovision cloud venafi") ref, _ := util.SignerIssuerRefFromSignerName(signerName) if ref.Type == "clusterissuers" { - err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(context.TODO(), ref.Name, metav1.DeleteOptions{}) + err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(ctx, ref.Name, metav1.DeleteOptions{}) Expect(err).NotTo(HaveOccurred()) } } -func (c *cloud) createIssuer(f *framework.Framework) string { +func (c *cloud) createIssuer(ctx context.Context, f *framework.Framework) string { By("Creating a Venafi Cloud Issuer") c.VenafiCloud = &venafi.VenafiCloud{ @@ -100,15 +100,15 @@ func (c *cloud) createIssuer(f *framework.Framework) string { } Expect(err).NotTo(HaveOccurred(), "failed to provision venafi cloud issuer") - Expect(c.Provision()).NotTo(HaveOccurred(), "failed to provision tpp venafi") + Expect(c.Provision(ctx)).NotTo(HaveOccurred(), "failed to provision tpp venafi") issuer := c.Details().BuildIssuer() - issuer, err = f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), issuer, metav1.CreateOptions{}) + issuer, err = f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to create issuer for venafi") // wait for issuer to be ready By("Waiting for Venafi Cloud Issuer to be Ready") - issuer, err = f.Helper().WaitIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return fmt.Sprintf("issuers.cert-manager.io/%s.%s", issuer.Namespace, issuer.Name) @@ -117,7 +117,7 @@ func (c *cloud) createIssuer(f *framework.Framework) string { // createClusterIssuer creates and returns name of a Venafi Cloud // ClusterIssuer. The name is of the form // "clusterissuers.cert-manager.io/issuer-ab3de1". -func (c *cloud) createClusterIssuer(f *framework.Framework) string { +func (c *cloud) createClusterIssuer(ctx context.Context, f *framework.Framework) string { By("Creating a Venafi Cloud ClusterIssuer") c.VenafiCloud = &venafi.VenafiCloud{ @@ -130,15 +130,15 @@ func (c *cloud) createClusterIssuer(f *framework.Framework) string { } Expect(err).NotTo(HaveOccurred(), "failed to setup tpp venafi") - Expect(c.Provision()).NotTo(HaveOccurred(), "failed to provision tpp venafi") + Expect(c.Provision(ctx)).NotTo(HaveOccurred(), "failed to provision tpp venafi") issuer := c.Details().BuildClusterIssuer() - issuer, err = f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(context.TODO(), issuer, metav1.CreateOptions{}) + issuer, err = f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to create issuer for venafi") // wait for issuer to be ready By("Waiting for Venafi Cloud Cluster Issuer to be Ready") - issuer, err = f.Helper().WaitClusterIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitClusterIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return fmt.Sprintf("clusterissuers.cert-manager.io/%s", issuer.Name) diff --git a/test/e2e/suite/conformance/certificatesigningrequests/venafi/tpp.go b/test/e2e/suite/conformance/certificatesigningrequests/venafi/tpp.go index 87a74405a4c..f9c2ef8c1c8 100644 --- a/test/e2e/suite/conformance/certificatesigningrequests/venafi/tpp.go +++ b/test/e2e/suite/conformance/certificatesigningrequests/venafi/tpp.go @@ -79,17 +79,17 @@ type tpp struct { *venafi.VenafiTPP } -func (t *tpp) delete(f *framework.Framework, signerName string) { - Expect(t.Deprovision()).NotTo(HaveOccurred(), "failed to deprovision tpp venafi") +func (t *tpp) delete(ctx context.Context, f *framework.Framework, signerName string) { + Expect(t.Deprovision(ctx)).NotTo(HaveOccurred(), "failed to deprovision tpp venafi") ref, _ := util.SignerIssuerRefFromSignerName(signerName) if ref.Type == "clusterissuers" { - err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(context.TODO(), ref.Name, metav1.DeleteOptions{}) + err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(ctx, ref.Name, metav1.DeleteOptions{}) Expect(err).NotTo(HaveOccurred()) } } -func (t *tpp) createIssuer(f *framework.Framework) string { +func (t *tpp) createIssuer(ctx context.Context, f *framework.Framework) string { By("Creating a Venafi Issuer") t.VenafiTPP = &venafi.VenafiTPP{ @@ -102,16 +102,16 @@ func (t *tpp) createIssuer(f *framework.Framework) string { } Expect(err).NotTo(HaveOccurred(), "failed to setup tpp venafi") - Expect(t.Provision()).NotTo(HaveOccurred(), "failed to provision tpp venafi") + Expect(t.Provision(ctx)).NotTo(HaveOccurred(), "failed to provision tpp venafi") issuer := t.Details().BuildIssuer() - issuer, err = f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), issuer, metav1.CreateOptions{}) + issuer, err = f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to create issuer for venafi") return fmt.Sprintf("issuers.cert-manager.io/%s.%s", issuer.Namespace, issuer.Name) } -func (t *tpp) createClusterIssuer(f *framework.Framework) string { +func (t *tpp) createClusterIssuer(ctx context.Context, f *framework.Framework) string { By("Creating a Venafi ClusterIssuer") t.VenafiTPP = &venafi.VenafiTPP{ @@ -124,10 +124,10 @@ func (t *tpp) createClusterIssuer(f *framework.Framework) string { } Expect(err).NotTo(HaveOccurred(), "failed to setup tpp venafi") - Expect(t.Provision()).NotTo(HaveOccurred(), "failed to provision tpp venafi") + Expect(t.Provision(ctx)).NotTo(HaveOccurred(), "failed to provision tpp venafi") issuer := t.Details().BuildClusterIssuer() - issuer, err = f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(context.TODO(), issuer, metav1.CreateOptions{}) + issuer, err = f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to create issuer for venafi") return fmt.Sprintf("clusterissuers.cert-manager.io/%s", issuer.Name) diff --git a/test/e2e/suite/issuers/acme/certificate/http01.go b/test/e2e/suite/issuers/acme/certificate/http01.go index 800a0a21a8e..2dd440d9fc6 100644 --- a/test/e2e/suite/issuers/acme/certificate/http01.go +++ b/test/e2e/suite/issuers/acme/certificate/http01.go @@ -51,6 +51,7 @@ import ( var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() { f := framework.NewDefaultFramework("create-acme-certificate-http01") + ctx := context.TODO() var acmeIngressDomain string issuerName := "test-acme-issuer" @@ -96,10 +97,10 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() { gen.SetIssuerACMESkipTLSVerify(true), gen.SetIssuerACMESolvers(solvers)) By("Creating an Issuer") - _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), acmeIssuer, metav1.CreateOptions{}) + _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, acmeIssuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -107,7 +108,7 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() { }) Expect(err).NotTo(HaveOccurred()) By("Verifying the ACME account URI is set") - err = util.WaitForIssuerStatusFunc(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerStatusFunc(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, func(i *v1.Issuer) (bool, error) { if i.GetStatus().ACMEStatus().URI == "" { @@ -117,7 +118,7 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() { }) Expect(err).NotTo(HaveOccurred()) By("Verifying ACME account private key exists") - secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.TODO(), f.Config.Addons.ACMEServer.TestingACMEPrivateKey, metav1.GetOptions{}) + secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, f.Config.Addons.ACMEServer.TestingACMEPrivateKey, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) if len(secret.Data) != 1 { Fail("Expected 1 key in ACME account private key secret, but there was %d", len(secret.Data)) @@ -130,8 +131,8 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() { AfterEach(func() { By("Cleaning up") - f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(context.TODO(), issuerName, metav1.DeleteOptions{}) - f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Delete(context.TODO(), f.Config.Addons.ACMEServer.TestingACMEPrivateKey, metav1.DeleteOptions{}) + f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(ctx, issuerName, metav1.DeleteOptions{}) + f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Delete(ctx, f.Config.Addons.ACMEServer.TestingACMEPrivateKey, metav1.DeleteOptions{}) }) It("should allow updating an existing failing certificate that had a blocked dns name", func() { @@ -146,15 +147,15 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() { gen.SetCertificateIssuer(cmmeta.ObjectReference{Name: issuerName}), gen.SetCertificateDNSNames("google.com"), ) - cert, err := certClient.Create(context.TODO(), cert, metav1.CreateOptions{}) + cert, err := certClient.Create(ctx, cert, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Making sure the Order failed with a 400 since google.com is invalid") order := &cmacme.Order{} logf, done := log.LogBackoff() defer done() - err = wait.PollUntilContextTimeout(context.TODO(), 1*time.Second, 1*time.Minute, true, func(ctx context.Context) (done bool, err error) { - orders, err := listOwnedOrders(f.CertManagerClientSet, cert) + err = wait.PollUntilContextTimeout(ctx, 1*time.Second, 1*time.Minute, true, func(ctx context.Context) (done bool, err error) { + orders, err := listOwnedOrders(ctx, f.CertManagerClientSet, cert) Expect(err).NotTo(HaveOccurred()) if len(orders) == 0 || len(orders) > 1 { @@ -174,12 +175,12 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() { Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be not ready") - cert, err = f.Helper().WaitForCertificateNotReadyAndDoneIssuing(cert, 30*time.Second) + cert, err = f.Helper().WaitForCertificateNotReadyAndDoneIssuing(ctx, cert, 30*time.Second) Expect(err).NotTo(HaveOccurred()) err = retry.RetryOnConflict(retry.DefaultRetry, func() error { By("Getting the latest version of the Certificate") - cert, err = certClient.Get(context.TODO(), certificateName, metav1.GetOptions{}) + cert, err = certClient.Get(ctx, certificateName, metav1.GetOptions{}) if err != nil { return err } @@ -187,7 +188,7 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() { By("Replacing dnsNames with a valid dns name") cert = cert.DeepCopy() cert.Spec.DNSNames = []string{e2eutil.RandomSubdomain(acmeIngressDomain)} - _, err = certClient.Update(context.TODO(), cert, metav1.UpdateOptions{}) + _, err = certClient.Update(ctx, cert, metav1.UpdateOptions{}) if err != nil { return err } @@ -196,7 +197,7 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() { Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to have the Ready=True condition") - cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Sanity checking the issued Certificate") @@ -225,7 +226,7 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() { gen.SetCertificateIssuer(cmmeta.ObjectReference{Name: issuerName}), gen.SetCertificateDNSNames("google.com"), ) - cert, err := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Create(context.TODO(), cert, metav1.CreateOptions{}) + cert, err := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Create(ctx, cert, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) notReadyCondition := v1.CertificateCondition{ @@ -242,14 +243,14 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() { case util.HasIngresses(f.KubeClientSet.Discovery(), networkingv1.SchemeGroupVersion.String()): ingClient := f.KubeClientSet.NetworkingV1().Ingresses(f.Namespace.Name) By("Creating an Ingress with the issuer name annotation set") - _, err := ingClient.Create(context.TODO(), util.NewIngress(certificateSecretName, certificateSecretName, map[string]string{ + _, err := ingClient.Create(ctx, util.NewIngress(certificateSecretName, certificateSecretName, map[string]string{ "cert-manager.io/issuer": issuerName, }, acmeIngressDomain), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) case util.HasIngresses(f.KubeClientSet.Discovery(), networkingv1beta1.SchemeGroupVersion.String()): ingClient := f.KubeClientSet.NetworkingV1beta1().Ingresses(f.Namespace.Name) By("Creating an Ingress with the issuer name annotation set") - _, err := ingClient.Create(context.TODO(), util.NewV1Beta1Ingress(certificateSecretName, certificateSecretName, map[string]string{ + _, err := ingClient.Create(ctx, util.NewV1Beta1Ingress(certificateSecretName, certificateSecretName, map[string]string{ "cert-manager.io/issuer": issuerName, }, acmeIngressDomain), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) @@ -258,11 +259,11 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() { } By("Waiting for Certificate to exist") - cert, err := f.Helper().WaitForCertificateToExist(f.Namespace.Name, certificateSecretName, time.Second*60) + cert, err := f.Helper().WaitForCertificateToExist(ctx, f.Namespace.Name, certificateSecretName, time.Second*60) Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -281,10 +282,10 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() { issuer := gen.Issuer("selfsign", gen.SetIssuerNamespace(f.Namespace.Name), gen.SetIssuerSelfSigned(v1.SelfSignedIssuer{})) - _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), issuer, metav1.CreateOptions{}) + _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for (selfsign) Issuer to become Ready") - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -306,11 +307,11 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() { gen.SetCertificateOrganization("test-org"), gen.SetCertificateDNSNames(acmeIngressDomain), ) - selfcert, err = certClient.Create(context.TODO(), selfcert, metav1.CreateOptions{}) + selfcert, err = certClient.Create(ctx, selfcert, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - selfcert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(selfcert, time.Minute*5) + selfcert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, selfcert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -323,7 +324,7 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() { switch { case util.HasIngresses(f.KubeClientSet.Discovery(), networkingv1.SchemeGroupVersion.String()): ingress := f.KubeClientSet.NetworkingV1().Ingresses(f.Namespace.Name) - _, err = ingress.Create(context.TODO(), &networkingv1.Ingress{ + _, err = ingress.Create(ctx, &networkingv1.Ingress{ ObjectMeta: metav1.ObjectMeta{ Name: fixedIngressName, Annotations: map[string]string{ @@ -366,7 +367,7 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() { Expect(err).NotTo(HaveOccurred()) case util.HasIngresses(f.KubeClientSet.Discovery(), networkingv1beta1.SchemeGroupVersion.String()): ingress := f.KubeClientSet.NetworkingV1beta1().Ingresses(f.Namespace.Name) - _, err = ingress.Create(context.TODO(), &networkingv1beta1.Ingress{ + _, err = ingress.Create(ctx, &networkingv1beta1.Ingress{ ObjectMeta: metav1.ObjectMeta{ Name: fixedIngressName, Annotations: map[string]string{ @@ -418,11 +419,11 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() { gen.SetCertificateIssuer(cmmeta.ObjectReference{Name: issuerName}), gen.SetCertificateDNSNames(acmeIngressDomain), ) - cert, err = certClient.Create(context.TODO(), cert, metav1.CreateOptions{}) + cert, err = certClient.Create(ctx, cert, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -440,7 +441,7 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() { gen.SetCertificateIssuer(cmmeta.ObjectReference{Name: issuerName}), gen.SetCertificateDNSNames(acmeIngressDomain), ) - _, err := certClient.Create(context.TODO(), cert, metav1.CreateOptions{}) + _, err := certClient.Create(ctx, cert, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("killing the solver pod") @@ -448,7 +449,7 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() { var pod corev1.Pod logf, done := log.LogBackoff() defer done() - err = wait.PollUntilContextTimeout(context.TODO(), 1*time.Second, time.Minute*3, true, func(ctx context.Context) (bool, error) { + err = wait.PollUntilContextTimeout(ctx, 1*time.Second, time.Minute*3, true, func(ctx context.Context) (bool, error) { logf("Waiting for solver pod to exist") podlist, err := podClient.List(ctx, metav1.ListOptions{}) if err != nil { @@ -468,11 +469,11 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() { }) Expect(err).NotTo(HaveOccurred()) - err = podClient.Delete(context.TODO(), pod.Name, metav1.DeleteOptions{}) + err = podClient.Delete(ctx, pod.Name, metav1.DeleteOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for Certificate to exist") - cert, err = f.Helper().WaitForCertificateToExist(f.Namespace.Name, certificateName, time.Second*60) + cert, err = f.Helper().WaitForCertificateToExist(ctx, f.Namespace.Name, certificateName, time.Second*60) Expect(err).NotTo(HaveOccurred()) // The pod should get remade and the certificate should be made valid. @@ -480,7 +481,7 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() { // were to ask us for the challenge after the pod was killed, but because // we kill it so early, we should always be in the self-check phase By("Waiting for the Certificate to be issued...") - cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") diff --git a/test/e2e/suite/issuers/acme/certificate/notafter.go b/test/e2e/suite/issuers/acme/certificate/notafter.go index 1192089e9e8..454158e1ce6 100644 --- a/test/e2e/suite/issuers/acme/certificate/notafter.go +++ b/test/e2e/suite/issuers/acme/certificate/notafter.go @@ -41,6 +41,7 @@ import ( var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01 + Not After)", func() { f := framework.NewDefaultFramework("create-acme-certificate-duration") + ctx := context.TODO() var acmeIngressDomain string issuerName := "test-acme-issuer" @@ -88,10 +89,10 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01 + Not After)", f gen.SetIssuerACMEDuration(true), gen.SetIssuerACMESolvers(solvers)) By("Creating an Issuer") - _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), acmeIssuer, metav1.CreateOptions{}) + _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, acmeIssuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -99,7 +100,7 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01 + Not After)", f }) Expect(err).NotTo(HaveOccurred()) By("Verifying the ACME account URI is set") - err = util.WaitForIssuerStatusFunc(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerStatusFunc(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, func(i *v1.Issuer) (bool, error) { if i.GetStatus().ACMEStatus().URI == "" { @@ -109,7 +110,7 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01 + Not After)", f }) Expect(err).NotTo(HaveOccurred()) By("Verifying ACME account private key exists") - secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.TODO(), f.Config.Addons.ACMEServer.TestingACMEPrivateKey, metav1.GetOptions{}) + secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, f.Config.Addons.ACMEServer.TestingACMEPrivateKey, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) if len(secret.Data) != 1 { Fail("Expected 1 key in ACME account private key secret, but there was %d", len(secret.Data)) @@ -122,8 +123,8 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01 + Not After)", f AfterEach(func() { By("Cleaning up") - f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(context.TODO(), issuerName, metav1.DeleteOptions{}) - f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Delete(context.TODO(), f.Config.Addons.ACMEServer.TestingACMEPrivateKey, metav1.DeleteOptions{}) + f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(ctx, issuerName, metav1.DeleteOptions{}) + f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Delete(ctx, f.Config.Addons.ACMEServer.TestingACMEPrivateKey, metav1.DeleteOptions{}) }) It("should obtain a signed certificate with a single CN from the ACME server with 1 hour validity", func() { @@ -139,18 +140,18 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01 + Not After)", f ) cert.Namespace = f.Namespace.Name - cert, err := certClient.Create(context.TODO(), cert, metav1.CreateOptions{}) + cert, err := certClient.Create(ctx, cert, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") err = f.Helper().ValidateCertificate(cert, validations...) Expect(err).NotTo(HaveOccurred()) - sec, err := f.Helper().WaitForSecretCertificateData(f.Namespace.Name, certificateSecretName, time.Minute*5) + sec, err := f.Helper().WaitForSecretCertificateData(ctx, f.Namespace.Name, certificateSecretName, time.Minute*5) Expect(err).NotTo(HaveOccurred(), "failed to wait for secret") crtPEM := sec.Data[corev1.TLSCertKey] diff --git a/test/e2e/suite/issuers/acme/certificate/webhook.go b/test/e2e/suite/issuers/acme/certificate/webhook.go index 9ff22ed30c6..851c6970690 100644 --- a/test/e2e/suite/issuers/acme/certificate/webhook.go +++ b/test/e2e/suite/issuers/acme/certificate/webhook.go @@ -39,6 +39,7 @@ import ( var _ = framework.CertManagerDescribe("ACME webhook DNS provider", func() { f := framework.NewDefaultFramework("acme-dns01-sample-webhook") + ctx := context.TODO() Context("with the sample webhook solver deployed", func() { issuerName := "test-acme-issuer" @@ -75,10 +76,10 @@ var _ = framework.CertManagerDescribe("ACME webhook DNS provider", func() { }, })) issuer.Namespace = f.Namespace.Name - issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), issuer, metav1.CreateOptions{}) + issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -86,7 +87,7 @@ var _ = framework.CertManagerDescribe("ACME webhook DNS provider", func() { }) Expect(err).NotTo(HaveOccurred()) By("Verifying the ACME account URI is set") - err = util.WaitForIssuerStatusFunc(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerStatusFunc(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, func(i *v1.Issuer) (bool, error) { if i.GetStatus().ACMEStatus().URI == "" { @@ -96,7 +97,7 @@ var _ = framework.CertManagerDescribe("ACME webhook DNS provider", func() { }) Expect(err).NotTo(HaveOccurred()) By("Verifying ACME account private key exists") - secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.TODO(), f.Config.Addons.ACMEServer.TestingACMEPrivateKey, metav1.GetOptions{}) + secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, f.Config.Addons.ACMEServer.TestingACMEPrivateKey, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) if len(secret.Data) != 1 { Fail("Expected 1 key in ACME account private key secret, but there was %d", len(secret.Data)) @@ -105,9 +106,9 @@ var _ = framework.CertManagerDescribe("ACME webhook DNS provider", func() { AfterEach(func() { By("Cleaning up") - f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(context.TODO(), issuerName, metav1.DeleteOptions{}) - f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Delete(context.TODO(), f.Config.Addons.ACMEServer.TestingACMEPrivateKey, metav1.DeleteOptions{}) - f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Delete(context.TODO(), certificateSecretName, metav1.DeleteOptions{}) + f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(ctx, issuerName, metav1.DeleteOptions{}) + f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Delete(ctx, f.Config.Addons.ACMEServer.TestingACMEPrivateKey, metav1.DeleteOptions{}) + f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Delete(ctx, certificateSecretName, metav1.DeleteOptions{}) }) It("should call the dummy webhook provider and mark the challenges as presented=true", func() { @@ -122,14 +123,14 @@ var _ = framework.CertManagerDescribe("ACME webhook DNS provider", func() { ) cert.Namespace = f.Namespace.Name - cert, err := certClient.Create(context.TODO(), cert, metav1.CreateOptions{}) + cert, err := certClient.Create(ctx, cert, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) var order *cmacme.Order logf, done := log.LogBackoff() defer done() - pollErr := wait.PollUntilContextTimeout(context.TODO(), 2*time.Second, time.Minute*1, true, func(ctx context.Context) (bool, error) { - orders, err := listOwnedOrders(f.CertManagerClientSet, cert) + pollErr := wait.PollUntilContextTimeout(ctx, 2*time.Second, time.Minute*1, true, func(ctx context.Context) (bool, error) { + orders, err := listOwnedOrders(ctx, f.CertManagerClientSet, cert) Expect(err).NotTo(HaveOccurred()) logf("Found %d orders for certificate", len(orders)) @@ -146,8 +147,8 @@ var _ = framework.CertManagerDescribe("ACME webhook DNS provider", func() { logf, done = log.LogBackoff() defer done() - pollErr = wait.PollUntilContextTimeout(context.TODO(), 2*time.Second, time.Minute*3, true, func(ctx context.Context) (bool, error) { - l, err := listOwnedChallenges(f.CertManagerClientSet, order) + pollErr = wait.PollUntilContextTimeout(ctx, 2*time.Second, time.Minute*3, true, func(ctx context.Context) (bool, error) { + l, err := listOwnedChallenges(ctx, f.CertManagerClientSet, order) Expect(err).NotTo(HaveOccurred()) logf("Found %d challenges", len(l)) @@ -173,8 +174,8 @@ var _ = framework.CertManagerDescribe("ACME webhook DNS provider", func() { }) }) -func listOwnedChallenges(cl versioned.Interface, owner *cmacme.Order) ([]*cmacme.Challenge, error) { - l, err := cl.AcmeV1().Challenges(owner.Namespace).List(context.TODO(), metav1.ListOptions{}) +func listOwnedChallenges(ctx context.Context, cl versioned.Interface, owner *cmacme.Order) ([]*cmacme.Challenge, error) { + l, err := cl.AcmeV1().Challenges(owner.Namespace).List(ctx, metav1.ListOptions{}) if err != nil { return nil, err } @@ -191,8 +192,8 @@ func listOwnedChallenges(cl versioned.Interface, owner *cmacme.Order) ([]*cmacme return owned, nil } -func listOwnedOrders(cl versioned.Interface, owner *v1.Certificate) ([]*cmacme.Order, error) { - l, err := cl.AcmeV1().Orders(owner.Namespace).List(context.TODO(), metav1.ListOptions{}) +func listOwnedOrders(ctx context.Context, cl versioned.Interface, owner *v1.Certificate) ([]*cmacme.Order, error) { + l, err := cl.AcmeV1().Orders(owner.Namespace).List(ctx, metav1.ListOptions{}) if err != nil { return nil, err } diff --git a/test/e2e/suite/issuers/acme/certificaterequest/dns01.go b/test/e2e/suite/issuers/acme/certificaterequest/dns01.go index 509cde53379..363b7b76115 100644 --- a/test/e2e/suite/issuers/acme/certificaterequest/dns01.go +++ b/test/e2e/suite/issuers/acme/certificaterequest/dns01.go @@ -46,6 +46,7 @@ var _ = framework.CertManagerDescribe("ACME CertificateRequest (DNS01)", func() func testRFC2136DNSProvider() bool { name := "rfc2136" return Context("With "+name+" credentials configured", func() { + ctx := context.TODO() f := framework.NewDefaultFramework("create-acme-certificate-request-dns01-" + name) h := f.Helper() @@ -76,10 +77,10 @@ func testRFC2136DNSProvider() bool { }, })) issuer.Namespace = f.Namespace.Name - _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), issuer, metav1.CreateOptions{}) + _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -87,7 +88,7 @@ func testRFC2136DNSProvider() bool { }) Expect(err).NotTo(HaveOccurred()) By("Verifying the ACME account URI is set") - err = util.WaitForIssuerStatusFunc(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerStatusFunc(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, func(i *v1.Issuer) (bool, error) { if i.GetStatus().ACMEStatus().URI == "" { @@ -97,7 +98,7 @@ func testRFC2136DNSProvider() bool { }) Expect(err).NotTo(HaveOccurred()) By("Verifying ACME account private key exists") - secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.TODO(), testingACMEPrivateKey, metav1.GetOptions{}) + secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, testingACMEPrivateKey, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) if len(secret.Data) != 1 { Fail("Expected 1 key in ACME account private key secret, but there was %d", len(secret.Data)) @@ -106,8 +107,8 @@ func testRFC2136DNSProvider() bool { AfterEach(func() { By("Cleaning up") - f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(context.TODO(), issuerName, metav1.DeleteOptions{}) - f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Delete(context.TODO(), testingACMEPrivateKey, metav1.DeleteOptions{}) + f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(ctx, issuerName, metav1.DeleteOptions{}) + f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Delete(ctx, testingACMEPrivateKey, metav1.DeleteOptions{}) }) It("should obtain a signed certificate for a regular domain", func() { @@ -119,9 +120,9 @@ func testRFC2136DNSProvider() bool { []string{dnsDomain}, nil, nil, x509.RSA) Expect(err).NotTo(HaveOccurred()) - _, err = crClient.Create(context.TODO(), cr, metav1.CreateOptions{}) + _, err = crClient.Create(ctx, cr, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) - err = h.WaitCertificateRequestIssuedValid(f.Namespace.Name, certificateRequestName, time.Minute*5, key) + err = h.WaitCertificateRequestIssuedValid(ctx, f.Namespace.Name, certificateRequestName, time.Minute*5, key) Expect(err).NotTo(HaveOccurred()) }) @@ -132,9 +133,9 @@ func testRFC2136DNSProvider() bool { []string{"*." + dnsDomain}, nil, nil, x509.RSA) Expect(err).NotTo(HaveOccurred()) - _, err = f.CertManagerClientSet.CertmanagerV1().CertificateRequests(f.Namespace.Name).Create(context.TODO(), cr, metav1.CreateOptions{}) + _, err = f.CertManagerClientSet.CertmanagerV1().CertificateRequests(f.Namespace.Name).Create(ctx, cr, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) - err = h.WaitCertificateRequestIssuedValid(f.Namespace.Name, certificateRequestName, time.Minute*5, key) + err = h.WaitCertificateRequestIssuedValid(ctx, f.Namespace.Name, certificateRequestName, time.Minute*5, key) Expect(err).NotTo(HaveOccurred()) }) @@ -145,10 +146,10 @@ func testRFC2136DNSProvider() bool { []string{"*." + dnsDomain, dnsDomain}, nil, nil, x509.RSA) Expect(err).NotTo(HaveOccurred()) - _, err = f.CertManagerClientSet.CertmanagerV1().CertificateRequests(f.Namespace.Name).Create(context.TODO(), cr, metav1.CreateOptions{}) + _, err = f.CertManagerClientSet.CertmanagerV1().CertificateRequests(f.Namespace.Name).Create(ctx, cr, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) // use a longer timeout for this, as it requires performing 2 dns validations in serial - err = h.WaitCertificateRequestIssuedValid(f.Namespace.Name, certificateRequestName, time.Minute*10, key) + err = h.WaitCertificateRequestIssuedValid(ctx, f.Namespace.Name, certificateRequestName, time.Minute*10, key) Expect(err).NotTo(HaveOccurred()) }) }) diff --git a/test/e2e/suite/issuers/acme/certificaterequest/http01.go b/test/e2e/suite/issuers/acme/certificaterequest/http01.go index eee7a17b04e..e8bc7af2839 100644 --- a/test/e2e/suite/issuers/acme/certificaterequest/http01.go +++ b/test/e2e/suite/issuers/acme/certificaterequest/http01.go @@ -41,6 +41,7 @@ import ( ) var _ = framework.CertManagerDescribe("ACME CertificateRequest (HTTP01)", func() { + ctx := context.TODO() f := framework.NewDefaultFramework("create-acme-certificate-request-http01") h := f.Helper() @@ -82,10 +83,10 @@ var _ = framework.CertManagerDescribe("ACME CertificateRequest (HTTP01)", func() gen.SetIssuerACMESkipTLSVerify(true), gen.SetIssuerACMESolvers(solvers)) By("Creating an Issuer") - _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), acmeIssuer, metav1.CreateOptions{}) + _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, acmeIssuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -93,7 +94,7 @@ var _ = framework.CertManagerDescribe("ACME CertificateRequest (HTTP01)", func() }) Expect(err).NotTo(HaveOccurred()) By("Verifying the ACME account URI is set") - err = util.WaitForIssuerStatusFunc(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerStatusFunc(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, func(i *v1.Issuer) (bool, error) { if i.GetStatus().ACMEStatus().URI == "" { @@ -103,7 +104,7 @@ var _ = framework.CertManagerDescribe("ACME CertificateRequest (HTTP01)", func() }) Expect(err).NotTo(HaveOccurred()) By("Verifying ACME account private key exists") - secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.TODO(), testingACMEPrivateKey, metav1.GetOptions{}) + secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, testingACMEPrivateKey, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) if len(secret.Data) != 1 { Fail("Expected 1 key in ACME account private key secret, but there was %d", len(secret.Data)) @@ -116,8 +117,8 @@ var _ = framework.CertManagerDescribe("ACME CertificateRequest (HTTP01)", func() AfterEach(func() { By("Cleaning up") - f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(context.TODO(), issuerName, metav1.DeleteOptions{}) - f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Delete(context.TODO(), testingACMEPrivateKey, metav1.DeleteOptions{}) + f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(ctx, issuerName, metav1.DeleteOptions{}) + f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Delete(ctx, testingACMEPrivateKey, metav1.DeleteOptions{}) }) It("should obtain a signed certificate with a single CN from the ACME server", func() { @@ -128,11 +129,11 @@ var _ = framework.CertManagerDescribe("ACME CertificateRequest (HTTP01)", func() []string{acmeIngressDomain}, nil, nil, x509.RSA) Expect(err).NotTo(HaveOccurred()) - _, err = crClient.Create(context.TODO(), cr, metav1.CreateOptions{}) + _, err = crClient.Create(ctx, cr, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Verifying the Certificate is valid") - err = h.WaitCertificateRequestIssuedValid(f.Namespace.Name, certificateRequestName, time.Minute*5, key) + err = h.WaitCertificateRequestIssuedValid(ctx, f.Namespace.Name, certificateRequestName, time.Minute*5, key) Expect(err).NotTo(HaveOccurred()) }) @@ -144,10 +145,10 @@ var _ = framework.CertManagerDescribe("ACME CertificateRequest (HTTP01)", func() []string{acmeIngressDomain}, nil, nil, x509.ECDSA) Expect(err).NotTo(HaveOccurred()) - _, err = crClient.Create(context.TODO(), cr, metav1.CreateOptions{}) + _, err = crClient.Create(ctx, cr, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Verifying the Certificate is valid and of type ECDSA") - err = h.WaitCertificateRequestIssuedValid(f.Namespace.Name, certificateRequestName, time.Minute*5, key) + err = h.WaitCertificateRequestIssuedValid(ctx, f.Namespace.Name, certificateRequestName, time.Minute*5, key) Expect(err).NotTo(HaveOccurred()) }) @@ -165,9 +166,9 @@ var _ = framework.CertManagerDescribe("ACME CertificateRequest (HTTP01)", func() nil, nil, x509.RSA) Expect(err).NotTo(HaveOccurred()) - _, err = crClient.Create(context.TODO(), cr, metav1.CreateOptions{}) + _, err = crClient.Create(ctx, cr, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) - err = h.WaitCertificateRequestIssuedValid(f.Namespace.Name, certificateRequestName, time.Minute*5, key) + err = h.WaitCertificateRequestIssuedValid(ctx, f.Namespace.Name, certificateRequestName, time.Minute*5, key) Expect(err).NotTo(HaveOccurred()) }) @@ -180,10 +181,10 @@ var _ = framework.CertManagerDescribe("ACME CertificateRequest (HTTP01)", func() nil, nil, x509.RSA) Expect(err).NotTo(HaveOccurred()) - _, err = crClient.Create(context.TODO(), cr, metav1.CreateOptions{}) + _, err = crClient.Create(ctx, cr, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Verifying the CertificateRequest is valid") - err = h.WaitCertificateRequestIssuedValid(f.Namespace.Name, certificateRequestName, time.Minute*5, key) + err = h.WaitCertificateRequestIssuedValid(ctx, f.Namespace.Name, certificateRequestName, time.Minute*5, key) Expect(err).NotTo(HaveOccurred()) }) @@ -194,7 +195,7 @@ var _ = framework.CertManagerDescribe("ACME CertificateRequest (HTTP01)", func() []string{"google.com"}, nil, nil, x509.RSA) Expect(err).NotTo(HaveOccurred()) - cr, err = f.CertManagerClientSet.CertmanagerV1().CertificateRequests(f.Namespace.Name).Create(context.TODO(), cr, metav1.CreateOptions{}) + cr, err = f.CertManagerClientSet.CertmanagerV1().CertificateRequests(f.Namespace.Name).Create(ctx, cr, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) notReadyCondition := v1.CertificateRequestCondition{ @@ -213,7 +214,7 @@ var _ = framework.CertManagerDescribe("ACME CertificateRequest (HTTP01)", func() []string{acmeIngressDomain}, nil, nil, x509.RSA) Expect(err).NotTo(HaveOccurred()) - _, err = crClient.Create(context.TODO(), cr, metav1.CreateOptions{}) + _, err = crClient.Create(ctx, cr, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("killing the solver pod") @@ -221,7 +222,7 @@ var _ = framework.CertManagerDescribe("ACME CertificateRequest (HTTP01)", func() var pod corev1.Pod logf, done := log.LogBackoff() defer done() - err = wait.PollUntilContextTimeout(context.TODO(), 1*time.Second, time.Minute*3, true, func(ctx context.Context) (bool, error) { + err = wait.PollUntilContextTimeout(ctx, 1*time.Second, time.Minute*3, true, func(ctx context.Context) (bool, error) { logf("Waiting for solver pod to exist") podlist, err := podClient.List(ctx, metav1.ListOptions{}) if err != nil { @@ -240,7 +241,7 @@ var _ = framework.CertManagerDescribe("ACME CertificateRequest (HTTP01)", func() }) Expect(err).NotTo(HaveOccurred()) - err = podClient.Delete(context.TODO(), pod.Name, metav1.DeleteOptions{}) + err = podClient.Delete(ctx, pod.Name, metav1.DeleteOptions{}) Expect(err).NotTo(HaveOccurred()) // The pod should get remade and the certificate should be made valid. @@ -248,7 +249,7 @@ var _ = framework.CertManagerDescribe("ACME CertificateRequest (HTTP01)", func() // were to ask us for the challenge after the pod was killed, but because // we kill it so early, we should always be in the self-check phase By("Verifying the CertificateRequest is valid") - err = h.WaitCertificateRequestIssuedValid(f.Namespace.Name, certificateRequestName, time.Minute*5, key) + err = h.WaitCertificateRequestIssuedValid(ctx, f.Namespace.Name, certificateRequestName, time.Minute*5, key) Expect(err).NotTo(HaveOccurred()) }) }) diff --git a/test/e2e/suite/issuers/acme/dnsproviders/rfc2136.go b/test/e2e/suite/issuers/acme/dnsproviders/rfc2136.go index 0c3210272ca..ff13b5de893 100644 --- a/test/e2e/suite/issuers/acme/dnsproviders/rfc2136.go +++ b/test/e2e/suite/issuers/acme/dnsproviders/rfc2136.go @@ -17,6 +17,8 @@ limitations under the License. package dnsproviders import ( + "context" + "github.com/cert-manager/cert-manager/e2e-tests/framework/addon" "github.com/cert-manager/cert-manager/e2e-tests/framework/config" cmacme "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" @@ -35,7 +37,7 @@ func (b *RFC2136) Setup(c *config.Config, _ ...addon.AddonTransferableData) (add // Provision will create a copy of the DNS provider credentials in a secret in // the APIServer, and return a portion of an Issuer that can be used to // utilise these credentials in tests. -func (b *RFC2136) Provision() error { +func (b *RFC2136) Provision(_ context.Context) error { b.details.ProviderConfig = cmacme.ACMEChallengeSolverDNS01{ RFC2136: &cmacme.ACMEIssuerDNS01ProviderRFC2136{ Nameserver: b.nameserver, @@ -45,7 +47,7 @@ func (b *RFC2136) Provision() error { return nil } -func (b *RFC2136) Deprovision() error { +func (b *RFC2136) Deprovision(_ context.Context) error { return nil } diff --git a/test/e2e/suite/issuers/acme/issuer.go b/test/e2e/suite/issuers/acme/issuer.go index 99d3321445d..82a985ba032 100644 --- a/test/e2e/suite/issuers/acme/issuer.go +++ b/test/e2e/suite/issuers/acme/issuer.go @@ -40,6 +40,7 @@ import ( var _ = framework.CertManagerDescribe("ACME Issuer", func() { f := framework.NewDefaultFramework("create-acme-issuer") + ctx := context.TODO() issuerName := "test-acme-issuer" @@ -61,7 +62,7 @@ var _ = framework.CertManagerDescribe("ACME Issuer", func() { Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), acmeIssuer.Name, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -70,7 +71,7 @@ var _ = framework.CertManagerDescribe("ACME Issuer", func() { Expect(err).NotTo(HaveOccurred()) By("Verifying the ACME account URI is set") - err = util.WaitForIssuerStatusFunc(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerStatusFunc(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), acmeIssuer.Name, func(i *v1.Issuer) (bool, error) { if i.GetStatus().ACMEStatus().URI == "" { @@ -100,7 +101,7 @@ var _ = framework.CertManagerDescribe("ACME Issuer", func() { Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), acmeIssuer.Name, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -110,7 +111,7 @@ var _ = framework.CertManagerDescribe("ACME Issuer", func() { By("Verifying the ACME account URI is set") var finalURI string - err = util.WaitForIssuerStatusFunc(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerStatusFunc(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), acmeIssuer.Name, func(i *v1.Issuer) (bool, error) { if i.GetStatus().ACMEStatus().URI == "" { @@ -144,7 +145,7 @@ var _ = framework.CertManagerDescribe("ACME Issuer", func() { Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), acmeIssuer.Name, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -153,7 +154,7 @@ var _ = framework.CertManagerDescribe("ACME Issuer", func() { Expect(err).NotTo(HaveOccurred()) By("Verifying the ACME account URI has been recovered correctly") - err = util.WaitForIssuerStatusFunc(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerStatusFunc(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), acmeIssuer.Name, func(i *v1.Issuer) (bool, error) { uri := i.GetStatus().ACMEStatus().URI @@ -181,7 +182,7 @@ var _ = framework.CertManagerDescribe("ACME Issuer", func() { Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become non-Ready") - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), acmeIssuer.Name, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -203,7 +204,7 @@ var _ = framework.CertManagerDescribe("ACME Issuer", func() { Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), acmeIssuer.Name, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -212,7 +213,7 @@ var _ = framework.CertManagerDescribe("ACME Issuer", func() { Expect(err).NotTo(HaveOccurred()) By("Verifying the ACME account URI is set") - err = util.WaitForIssuerStatusFunc(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerStatusFunc(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), acmeIssuer.Name, func(i *v1.Issuer) (bool, error) { if i.GetStatus().ACMEStatus().URI == "" { @@ -230,7 +231,7 @@ var _ = framework.CertManagerDescribe("ACME Issuer", func() { } By("Verifying the ACME account email has been registered") - err = util.WaitForIssuerStatusFunc(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerStatusFunc(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), acmeIssuer.Name, func(i *v1.Issuer) (bool, error) { registeredEmail := i.GetStatus().ACMEStatus().LastRegisteredEmail @@ -249,7 +250,7 @@ var _ = framework.CertManagerDescribe("ACME Issuer", func() { Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), acmeIssuer.Name, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -258,7 +259,7 @@ var _ = framework.CertManagerDescribe("ACME Issuer", func() { Expect(err).NotTo(HaveOccurred()) By("Verifying the changed ACME account email has been registered") - err = util.WaitForIssuerStatusFunc(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerStatusFunc(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), acmeIssuer.Name, func(i *v1.Issuer) (bool, error) { registeredEmail := i.GetStatus().ACMEStatus().LastRegisteredEmail @@ -300,7 +301,7 @@ var _ = framework.CertManagerDescribe("ACME Issuer", func() { context.TODO(), acmeIssuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), acmeIssuer.Name, v1.IssuerCondition{ Type: v1.IssuerConditionReady, diff --git a/test/e2e/suite/issuers/ca/certificate.go b/test/e2e/suite/issuers/ca/certificate.go index ae8f455ffa0..879885cdab0 100644 --- a/test/e2e/suite/issuers/ca/certificate.go +++ b/test/e2e/suite/issuers/ca/certificate.go @@ -35,6 +35,7 @@ import ( ) var _ = framework.CertManagerDescribe("CA Certificate", func() { + ctx := context.TODO() f := framework.NewDefaultFramework("create-ca-certificate") issuerName := "test-ca-issuer" @@ -47,10 +48,10 @@ var _ = framework.CertManagerDescribe("CA Certificate", func() { issuer := gen.Issuer(issuerName, gen.SetIssuerNamespace(f.Namespace.Name), gen.SetIssuerCASecretName(issuerSecretName)) - _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), issuer, metav1.CreateOptions{}) + _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -61,14 +62,14 @@ var _ = framework.CertManagerDescribe("CA Certificate", func() { AfterEach(func() { By("Cleaning up") - f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Delete(context.TODO(), issuerSecretName, metav1.DeleteOptions{}) - f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(context.TODO(), issuerName, metav1.DeleteOptions{}) + f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Delete(ctx, issuerSecretName, metav1.DeleteOptions{}) + f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(ctx, issuerName, metav1.DeleteOptions{}) }) Context("when the CA is the root", func() { BeforeEach(func() { By("Creating a signing keypair fixture") - _, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(context.TODO(), newSigningKeypairSecret(issuerSecretName), metav1.CreateOptions{}) + _, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(ctx, newSigningKeypairSecret(issuerSecretName), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) }) @@ -86,11 +87,11 @@ var _ = framework.CertManagerDescribe("CA Certificate", func() { gen.SetCertificateCommonName("test.domain.com"), gen.SetCertificateOrganization("test-org"), ) - cert, err := certClient.Create(context.TODO(), cert, metav1.CreateOptions{}) + cert, err := certClient.Create(ctx, cert, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Verifying the Certificate is valid") By("Waiting for the Certificate to be issued...") - cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -114,11 +115,11 @@ var _ = framework.CertManagerDescribe("CA Certificate", func() { gen.SetCertificateKeyAlgorithm(v1.ECDSAKeyAlgorithm), gen.SetCertificateKeySize(521), ) - cert, err := certClient.Create(context.TODO(), cert, metav1.CreateOptions{}) + cert, err := certClient.Create(ctx, cert, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -141,11 +142,11 @@ var _ = framework.CertManagerDescribe("CA Certificate", func() { gen.SetCertificateOrganization("test-org"), gen.SetCertificateKeyAlgorithm(v1.Ed25519KeyAlgorithm), ) - cert, err := certClient.Create(context.TODO(), cert, metav1.CreateOptions{}) + cert, err := certClient.Create(ctx, cert, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -175,11 +176,11 @@ var _ = framework.CertManagerDescribe("CA Certificate", func() { v1.CertificateAdditionalOutputFormat{Type: "CombinedPEM"}, ), ) - cert, err := certClient.Create(context.TODO(), cert, metav1.CreateOptions{}) + cert, err := certClient.Create(ctx, cert, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -224,17 +225,17 @@ var _ = framework.CertManagerDescribe("CA Certificate", func() { gen.SetCertificateCommonName("test.domain.com"), gen.SetCertificateOrganization("test-org"), ) - cert, err := certClient.Create(context.TODO(), cert, metav1.CreateOptions{}) + cert, err := certClient.Create(ctx, cert, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") err = f.Helper().ValidateCertificate(cert) Expect(err).NotTo(HaveOccurred()) - f.CertificateDurationValid(cert, v.expectedDuration, 0) + f.CertificateDurationValid(ctx, cert, v.expectedDuration, 0) }) } }) @@ -242,7 +243,7 @@ var _ = framework.CertManagerDescribe("CA Certificate", func() { Context("when the CA is an issuer", func() { BeforeEach(func() { By("Creating a signing keypair fixture") - _, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(context.TODO(), newSigningIssuer1KeypairSecret(issuerSecretName), metav1.CreateOptions{}) + _, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(ctx, newSigningIssuer1KeypairSecret(issuerSecretName), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) }) @@ -260,10 +261,10 @@ var _ = framework.CertManagerDescribe("CA Certificate", func() { gen.SetCertificateCommonName("test.domain.com"), gen.SetCertificateOrganization("test-org"), ) - cert, err := certClient.Create(context.TODO(), cert, metav1.CreateOptions{}) + cert, err := certClient.Create(ctx, cert, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -275,7 +276,7 @@ var _ = framework.CertManagerDescribe("CA Certificate", func() { Context("when the CA is a second level issuer", func() { BeforeEach(func() { By("Creating a signing keypair fixture") - _, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(context.TODO(), newSigningIssuer2KeypairSecret(issuerSecretName), metav1.CreateOptions{}) + _, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(ctx, newSigningIssuer2KeypairSecret(issuerSecretName), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) }) @@ -283,10 +284,10 @@ var _ = framework.CertManagerDescribe("CA Certificate", func() { certClient := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name) By("Creating a Certificate with Usages") - cert, err := certClient.Create(context.TODO(), gen.Certificate(certificateName, gen.SetCertificateNamespace(f.Namespace.Name), gen.SetCertificateCommonName("test.domain.com"), gen.SetCertificateSecretName(certificateSecretName), gen.SetCertificateIssuer(cmmeta.ObjectReference{Name: issuerName, Kind: v1.IssuerKind}), gen.SetCertificateKeyUsages(v1.UsageServerAuth, v1.UsageClientAuth)), metav1.CreateOptions{}) + cert, err := certClient.Create(ctx, gen.Certificate(certificateName, gen.SetCertificateNamespace(f.Namespace.Name), gen.SetCertificateCommonName("test.domain.com"), gen.SetCertificateSecretName(certificateSecretName), gen.SetCertificateIssuer(cmmeta.ObjectReference{Name: issuerName, Kind: v1.IssuerKind}), gen.SetCertificateKeyUsages(v1.UsageServerAuth, v1.UsageClientAuth)), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") diff --git a/test/e2e/suite/issuers/ca/certificaterequest.go b/test/e2e/suite/issuers/ca/certificaterequest.go index 4a5056834c4..1967be860f8 100644 --- a/test/e2e/suite/issuers/ca/certificaterequest.go +++ b/test/e2e/suite/issuers/ca/certificaterequest.go @@ -43,6 +43,7 @@ func exampleURLs() (urls []*url.URL) { } var _ = framework.CertManagerDescribe("CA CertificateRequest", func() { + ctx := context.TODO() f := framework.NewDefaultFramework("create-ca-certificate") h := f.Helper() @@ -62,10 +63,10 @@ var _ = framework.CertManagerDescribe("CA CertificateRequest", func() { issuer := gen.Issuer(issuerName, gen.SetIssuerNamespace(f.Namespace.Name), gen.SetIssuerCASecretName(issuerSecretName)) - _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), issuer, metav1.CreateOptions{}) + _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -76,14 +77,14 @@ var _ = framework.CertManagerDescribe("CA CertificateRequest", func() { AfterEach(func() { By("Cleaning up") - f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Delete(context.TODO(), issuerSecretName, metav1.DeleteOptions{}) - f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(context.TODO(), issuerName, metav1.DeleteOptions{}) + f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Delete(ctx, issuerSecretName, metav1.DeleteOptions{}) + f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(ctx, issuerName, metav1.DeleteOptions{}) }) Context("when the CA is the root", func() { BeforeEach(func() { By("Creating a signing keypair fixture") - _, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(context.TODO(), newSigningKeypairSecret(issuerSecretName), metav1.CreateOptions{}) + _, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(ctx, newSigningKeypairSecret(issuerSecretName), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) }) @@ -97,10 +98,10 @@ var _ = framework.CertManagerDescribe("CA CertificateRequest", func() { }, exampleDNSNames, exampleIPAddresses, exampleURIs, x509.RSA) Expect(err).NotTo(HaveOccurred()) - _, err = certRequestClient.Create(context.TODO(), cr, metav1.CreateOptions{}) + _, err = certRequestClient.Create(ctx, cr, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Verifying the Certificate is valid") - err = h.WaitCertificateRequestIssuedValidTLS(f.Namespace.Name, certificateRequestName, time.Second*30, key, []byte(rootCert)) + err = h.WaitCertificateRequestIssuedValidTLS(ctx, f.Namespace.Name, certificateRequestName, time.Second*30, key, []byte(rootCert)) Expect(err).NotTo(HaveOccurred()) }) @@ -114,10 +115,10 @@ var _ = framework.CertManagerDescribe("CA CertificateRequest", func() { }, exampleDNSNames, exampleIPAddresses, exampleURIs, x509.ECDSA) Expect(err).NotTo(HaveOccurred()) - _, err = certRequestClient.Create(context.TODO(), cr, metav1.CreateOptions{}) + _, err = certRequestClient.Create(ctx, cr, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Verifying the Certificate is valid") - err = h.WaitCertificateRequestIssuedValidTLS(f.Namespace.Name, certificateRequestName, time.Second*30, key, []byte(rootCert)) + err = h.WaitCertificateRequestIssuedValidTLS(ctx, f.Namespace.Name, certificateRequestName, time.Second*30, key, []byte(rootCert)) Expect(err).NotTo(HaveOccurred()) }) @@ -131,10 +132,10 @@ var _ = framework.CertManagerDescribe("CA CertificateRequest", func() { }, exampleDNSNames, exampleIPAddresses, exampleURIs, x509.Ed25519) Expect(err).NotTo(HaveOccurred()) - _, err = certRequestClient.Create(context.TODO(), cr, metav1.CreateOptions{}) + _, err = certRequestClient.Create(ctx, cr, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Verifying the Certificate is valid") - err = h.WaitCertificateRequestIssuedValidTLS(f.Namespace.Name, certificateRequestName, time.Second*30, key, []byte(rootCert)) + err = h.WaitCertificateRequestIssuedValidTLS(ctx, f.Namespace.Name, certificateRequestName, time.Second*30, key, []byte(rootCert)) Expect(err).NotTo(HaveOccurred()) }) @@ -163,13 +164,13 @@ var _ = framework.CertManagerDescribe("CA CertificateRequest", func() { csr, key, err := gen.CSR(x509.RSA, gen.SetCSRDNSNames(exampleDNSNames...), gen.SetCSRIPAddresses(exampleIPAddresses...), gen.SetCSRURIs(exampleURLs()...)) Expect(err).NotTo(HaveOccurred()) cr := gen.CertificateRequest(certificateRequestName, gen.SetCertificateRequestNamespace(f.Namespace.Name), gen.SetCertificateRequestIssuer(cmmeta.ObjectReference{Kind: v1.IssuerKind, Name: issuerName}), gen.SetCertificateRequestDuration(v.inputDuration), gen.SetCertificateRequestCSR(csr)) - cr, err = crClient.Create(context.TODO(), cr, metav1.CreateOptions{}) + cr, err = crClient.Create(ctx, cr, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Verifying the CertificateRequest is valid") - err = h.WaitCertificateRequestIssuedValid(f.Namespace.Name, certificateRequestName, time.Second*30, key) + err = h.WaitCertificateRequestIssuedValid(ctx, f.Namespace.Name, certificateRequestName, time.Second*30, key) Expect(err).NotTo(HaveOccurred()) - cr, err = crClient.Get(context.TODO(), cr.Name, metav1.GetOptions{}) + cr, err = crClient.Get(ctx, cr.Name, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) f.CertificateRequestDurationValid(cr, v.expectedDuration, 0) }) diff --git a/test/e2e/suite/issuers/ca/clusterissuer.go b/test/e2e/suite/issuers/ca/clusterissuer.go index 3de6f5d6bca..926651b0fe3 100644 --- a/test/e2e/suite/issuers/ca/clusterissuer.go +++ b/test/e2e/suite/issuers/ca/clusterissuer.go @@ -34,30 +34,31 @@ import ( var _ = framework.CertManagerDescribe("CA ClusterIssuer", func() { f := framework.NewDefaultFramework("create-ca-clusterissuer") + ctx := context.TODO() issuerName := "test-ca-clusterissuer" + rand.String(5) secretName := "ca-clusterissuer-signing-keypair-" + rand.String(5) BeforeEach(func() { By("Creating a signing keypair fixture") - _, err := f.KubeClientSet.CoreV1().Secrets(f.Config.Addons.CertManager.ClusterResourceNamespace).Create(context.TODO(), newSigningKeypairSecret(secretName), metav1.CreateOptions{}) + _, err := f.KubeClientSet.CoreV1().Secrets(f.Config.Addons.CertManager.ClusterResourceNamespace).Create(ctx, newSigningKeypairSecret(secretName), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) }) AfterEach(func() { By("Cleaning up") - f.KubeClientSet.CoreV1().Secrets(f.Config.Addons.CertManager.ClusterResourceNamespace).Delete(context.TODO(), secretName, metav1.DeleteOptions{}) - f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(context.TODO(), issuerName, metav1.DeleteOptions{}) + f.KubeClientSet.CoreV1().Secrets(f.Config.Addons.CertManager.ClusterResourceNamespace).Delete(ctx, secretName, metav1.DeleteOptions{}) + f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(ctx, issuerName, metav1.DeleteOptions{}) }) It("should validate a signing keypair", func() { By("Creating an Issuer") clusterIssuer := gen.ClusterIssuer(issuerName, gen.SetIssuerCASecretName(secretName)) - _, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(context.TODO(), clusterIssuer, metav1.CreateOptions{}) + _, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(ctx, clusterIssuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = util.WaitForClusterIssuerCondition(f.CertManagerClientSet.CertmanagerV1().ClusterIssuers(), + err = util.WaitForClusterIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().ClusterIssuers(), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, diff --git a/test/e2e/suite/issuers/ca/issuer.go b/test/e2e/suite/issuers/ca/issuer.go index 642bf151ec0..51de90f5f44 100644 --- a/test/e2e/suite/issuers/ca/issuer.go +++ b/test/e2e/suite/issuers/ca/issuer.go @@ -33,19 +33,20 @@ import ( var _ = framework.CertManagerDescribe("CA Issuer", func() { f := framework.NewDefaultFramework("create-ca-issuer") + ctx := context.TODO() issuerName := "test-ca-issuer" secretName := "ca-issuer-signing-keypair" BeforeEach(func() { By("Creating a signing keypair fixture") - _, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(context.TODO(), newSigningKeypairSecret(secretName), metav1.CreateOptions{}) + _, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(ctx, newSigningKeypairSecret(secretName), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) }) AfterEach(func() { By("Cleaning up") - f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Delete(context.TODO(), secretName, metav1.DeleteOptions{}) + f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Delete(ctx, secretName, metav1.DeleteOptions{}) }) It("should generate a signing keypair", func() { @@ -53,10 +54,10 @@ var _ = framework.CertManagerDescribe("CA Issuer", func() { issuer := gen.Issuer(issuerName, gen.SetIssuerNamespace(f.Namespace.Name), gen.SetIssuerCASecretName(secretName)) - _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), issuer, metav1.CreateOptions{}) + _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, diff --git a/test/e2e/suite/issuers/selfsigned/certificate.go b/test/e2e/suite/issuers/selfsigned/certificate.go index 7707aee3102..24f97b2faa1 100644 --- a/test/e2e/suite/issuers/selfsigned/certificate.go +++ b/test/e2e/suite/issuers/selfsigned/certificate.go @@ -34,6 +34,7 @@ import ( ) var _ = framework.CertManagerDescribe("Self Signed Certificate", func() { + ctx := context.TODO() f := framework.NewDefaultFramework("create-selfsigned-certificate") issuerName := "test-selfsigned-issuer" @@ -48,10 +49,10 @@ var _ = framework.CertManagerDescribe("Self Signed Certificate", func() { issuer := gen.Issuer(issuerName, gen.SetIssuerNamespace(f.Namespace.Name), gen.SetIssuerSelfSigned(v1.SelfSignedIssuer{})) - _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), issuer, metav1.CreateOptions{}) + _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -69,10 +70,10 @@ var _ = framework.CertManagerDescribe("Self Signed Certificate", func() { gen.SetCertificateCommonName("test.domain.com"), gen.SetCertificateOrganization("test-org"), ) - cert, err = certClient.Create(context.TODO(), cert, metav1.CreateOptions{}) + cert, err = certClient.Create(ctx, cert, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -109,10 +110,10 @@ var _ = framework.CertManagerDescribe("Self Signed Certificate", func() { issuer := gen.Issuer(issuerDurationName, gen.SetIssuerNamespace(f.Namespace.Name), gen.SetIssuerSelfSigned(v1.SelfSignedIssuer{})) - _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), issuer, metav1.CreateOptions{}) + _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerDurationName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -133,17 +134,17 @@ var _ = framework.CertManagerDescribe("Self Signed Certificate", func() { gen.SetCertificateCommonName("test.domain.com"), gen.SetCertificateOrganization("test-org"), ) - cert, err = certClient.Create(context.TODO(), cert, metav1.CreateOptions{}) + cert, err = certClient.Create(ctx, cert, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") err = f.Helper().ValidateCertificate(cert) Expect(err).NotTo(HaveOccurred()) - f.CertificateDurationValid(cert, v.expectedDuration, 0) + f.CertificateDurationValid(ctx, cert, v.expectedDuration, 0) }) } @@ -155,7 +156,7 @@ var _ = framework.CertManagerDescribe("Self Signed Certificate", func() { issuer := gen.Issuer(issuerName, gen.SetIssuerNamespace(f.Namespace.Name), gen.SetIssuerSelfSigned(v1.SelfSignedIssuer{})) - _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), issuer, metav1.CreateOptions{}) + _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Creating a Certificate") @@ -170,11 +171,11 @@ var _ = framework.CertManagerDescribe("Self Signed Certificate", func() { gen.SetCertificateOrganization("test-org"), gen.SetCertificateKeyEncoding(v1.PKCS8), ) - cert, err = certClient.Create(context.TODO(), cert, metav1.CreateOptions{}) + cert, err = certClient.Create(ctx, cert, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") diff --git a/test/e2e/suite/issuers/selfsigned/certificaterequest.go b/test/e2e/suite/issuers/selfsigned/certificaterequest.go index 9841ab37fd3..8056969bff8 100644 --- a/test/e2e/suite/issuers/selfsigned/certificaterequest.go +++ b/test/e2e/suite/issuers/selfsigned/certificaterequest.go @@ -34,6 +34,7 @@ import ( ) var _ = framework.CertManagerDescribe("SelfSigned CertificateRequest", func() { + ctx := context.TODO() f := framework.NewDefaultFramework("create-selfsigned-certificaterequest") h := f.Helper() @@ -47,10 +48,10 @@ var _ = framework.CertManagerDescribe("SelfSigned CertificateRequest", func() { issuer := gen.Issuer(issuerName, gen.SetIssuerNamespace(f.Namespace.Name), gen.SetIssuerSelfSigned(v1.SelfSignedIssuer{})) - _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), issuer, metav1.CreateOptions{}) + _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -75,15 +76,15 @@ var _ = framework.CertManagerDescribe("SelfSigned CertificateRequest", func() { AfterEach(func() { By("Cleaning up") - f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Delete(context.TODO(), certificateRequestSecretName, metav1.DeleteOptions{}) - f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(context.TODO(), issuerName, metav1.DeleteOptions{}) + f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Delete(ctx, certificateRequestSecretName, metav1.DeleteOptions{}) + f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(ctx, issuerName, metav1.DeleteOptions{}) }) Context("Self Signed and private key", func() { BeforeEach(func() { By("Creating a signing keypair fixture") - _, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(context.TODO(), newPrivateKeySecret( + _, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(ctx, newPrivateKeySecret( certificateRequestSecretName, f.Namespace.Name, rootRSAKey), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) }) @@ -95,19 +96,19 @@ var _ = framework.CertManagerDescribe("SelfSigned CertificateRequest", func() { csr, err := generateRSACSR() Expect(err).NotTo(HaveOccurred()) - _, err = crClient.Create(context.TODO(), gen.CertificateRequestFrom(basicCR, + _, err = crClient.Create(ctx, gen.CertificateRequestFrom(basicCR, gen.SetCertificateRequestCSR(csr), ), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Verifying the Certificate is valid") - err = h.WaitCertificateRequestIssuedValid(f.Namespace.Name, certificateRequestName, time.Second*30, rootRSAKeySigner) + err = h.WaitCertificateRequestIssuedValid(ctx, f.Namespace.Name, certificateRequestName, time.Second*30, rootRSAKeySigner) Expect(err).NotTo(HaveOccurred()) }) It("should be able to obtain an ECDSA Certificate backed by a ECSDA key", func() { // Replace RSA key secret with ECDSA one - _, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Update(context.TODO(), newPrivateKeySecret( + _, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Update(ctx, newPrivateKeySecret( certificateRequestSecretName, f.Namespace.Name, rootECKey), metav1.UpdateOptions{}) Expect(err).NotTo(HaveOccurred()) @@ -116,19 +117,19 @@ var _ = framework.CertManagerDescribe("SelfSigned CertificateRequest", func() { csr, err := generateECCSR() Expect(err).NotTo(HaveOccurred()) - _, err = crClient.Create(context.TODO(), gen.CertificateRequestFrom(basicCR, + _, err = crClient.Create(ctx, gen.CertificateRequestFrom(basicCR, gen.SetCertificateRequestCSR(csr), ), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Verifying the Certificate is valid") - err = h.WaitCertificateRequestIssuedValid(f.Namespace.Name, certificateRequestName, time.Second*30, rootECKeySigner) + err = h.WaitCertificateRequestIssuedValid(ctx, f.Namespace.Name, certificateRequestName, time.Second*30, rootECKeySigner) Expect(err).NotTo(HaveOccurred()) }) It("should be able to obtain an Ed25519 Certificate backed by a Ed25519 key", func() { // Replace previous key secret with Ed25519 one - _, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Update(context.TODO(), newPrivateKeySecret( + _, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Update(ctx, newPrivateKeySecret( certificateRequestSecretName, f.Namespace.Name, rootEd25519Key), metav1.UpdateOptions{}) Expect(err).NotTo(HaveOccurred()) @@ -137,13 +138,13 @@ var _ = framework.CertManagerDescribe("SelfSigned CertificateRequest", func() { csr, err := generateEd25519CSR() Expect(err).NotTo(HaveOccurred()) - _, err = crClient.Create(context.TODO(), gen.CertificateRequestFrom(basicCR, + _, err = crClient.Create(ctx, gen.CertificateRequestFrom(basicCR, gen.SetCertificateRequestCSR(csr), ), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Verifying the Certificate is valid") - err = h.WaitCertificateRequestIssuedValid(f.Namespace.Name, certificateRequestName, time.Second*30, rootEd25519Signer) + err = h.WaitCertificateRequestIssuedValid(ctx, f.Namespace.Name, certificateRequestName, time.Second*30, rootEd25519Signer) Expect(err).NotTo(HaveOccurred()) }) @@ -172,16 +173,16 @@ var _ = framework.CertManagerDescribe("SelfSigned CertificateRequest", func() { csr, err := generateRSACSR() Expect(err).NotTo(HaveOccurred()) - _, err = crClient.Create(context.TODO(), gen.CertificateRequestFrom(basicCR, + _, err = crClient.Create(ctx, gen.CertificateRequestFrom(basicCR, gen.SetCertificateRequestCSR(csr), gen.SetCertificateRequestDuration(v.inputDuration), ), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Verifying the CertificateRequest is valid") - err = h.WaitCertificateRequestIssuedValid(f.Namespace.Name, certificateRequestName, time.Second*30, rootRSAKeySigner) + err = h.WaitCertificateRequestIssuedValid(ctx, f.Namespace.Name, certificateRequestName, time.Second*30, rootRSAKeySigner) Expect(err).NotTo(HaveOccurred()) - cr, err := crClient.Get(context.TODO(), certificateRequestName, metav1.GetOptions{}) + cr, err := crClient.Get(ctx, certificateRequestName, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) f.CertificateRequestDurationValid(cr, v.expectedDuration, 0) }) diff --git a/test/e2e/suite/issuers/vault/certificate/approle.go b/test/e2e/suite/issuers/vault/certificate/approle.go index 0528e0f6711..f5c9916a3e3 100644 --- a/test/e2e/suite/issuers/vault/certificate/approle.go +++ b/test/e2e/suite/issuers/vault/certificate/approle.go @@ -55,6 +55,7 @@ var _ = framework.CertManagerDescribe("Vault ClusterIssuer Certificate (AppRole, }) func runVaultAppRoleTests(issuerKind string, testWithRoot bool, unsupportedFeatures featureset.FeatureSet) { + ctx := context.TODO() f := framework.NewDefaultFramework("create-vault-certificate") certificateName := "test-vault-certificate" @@ -80,29 +81,29 @@ func runVaultAppRoleTests(issuerKind string, testWithRoot bool, unsupportedFeatu *addon.Vault.Details(), testWithRoot, ) - Expect(setup.Init()).NotTo(HaveOccurred(), "failed to init vault") - Expect(setup.Setup()).NotTo(HaveOccurred(), "failed to setup vault") + Expect(setup.Init(ctx)).NotTo(HaveOccurred(), "failed to init vault") + Expect(setup.Setup(ctx)).NotTo(HaveOccurred(), "failed to setup vault") var err error - roleId, secretId, err = setup.CreateAppRole() + roleId, secretId, err = setup.CreateAppRole(ctx) Expect(err).NotTo(HaveOccurred()) - sec, err := f.KubeClientSet.CoreV1().Secrets(vaultSecretNamespace).Create(context.TODO(), vaultaddon.NewVaultAppRoleSecret(appRoleSecretGeneratorName, secretId), metav1.CreateOptions{}) + sec, err := f.KubeClientSet.CoreV1().Secrets(vaultSecretNamespace).Create(ctx, vaultaddon.NewVaultAppRoleSecret(appRoleSecretGeneratorName, secretId), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) vaultSecretName = sec.Name }) JustAfterEach(func() { By("Cleaning up") - Expect(setup.Clean()).NotTo(HaveOccurred()) + Expect(setup.Clean(ctx)).NotTo(HaveOccurred()) if issuerKind == cmapi.IssuerKind { - f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(context.TODO(), vaultIssuerName, metav1.DeleteOptions{}) + f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(ctx, vaultIssuerName, metav1.DeleteOptions{}) } else { - f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(context.TODO(), vaultIssuerName, metav1.DeleteOptions{}) + f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(ctx, vaultIssuerName, metav1.DeleteOptions{}) } - f.KubeClientSet.CoreV1().Secrets(vaultSecretNamespace).Delete(context.TODO(), vaultSecretName, metav1.DeleteOptions{}) + f.KubeClientSet.CoreV1().Secrets(vaultSecretNamespace).Delete(ctx, vaultSecretName, metav1.DeleteOptions{}) }) It("should generate a new valid certificate", func() { @@ -119,7 +120,7 @@ func runVaultAppRoleTests(issuerKind string, testWithRoot bool, unsupportedFeatu gen.SetIssuerVaultPath(setup.IntermediateSignPath()), gen.SetIssuerVaultCABundle(addon.Vault.Details().VaultCA), gen.SetIssuerVaultAppRoleAuth("secretkey", vaultSecretName, roleId, setup.AppRoleAuthPath())) - iss, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), vaultIssuer, metav1.CreateOptions{}) + iss, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, vaultIssuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) vaultIssuerName = iss.Name @@ -129,7 +130,7 @@ func runVaultAppRoleTests(issuerKind string, testWithRoot bool, unsupportedFeatu gen.SetIssuerVaultPath(setup.IntermediateSignPath()), gen.SetIssuerVaultCABundle(addon.Vault.Details().VaultCA), gen.SetIssuerVaultAppRoleAuth("secretkey", vaultSecretName, roleId, setup.AppRoleAuthPath())) - iss, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(context.TODO(), vaultIssuer, metav1.CreateOptions{}) + iss, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(ctx, vaultIssuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) vaultIssuerName = iss.Name @@ -138,14 +139,14 @@ func runVaultAppRoleTests(issuerKind string, testWithRoot bool, unsupportedFeatu By("Waiting for Issuer to become Ready") if issuerKind == cmapi.IssuerKind { - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), vaultIssuerName, cmapi.IssuerCondition{ Type: cmapi.IssuerConditionReady, Status: cmmeta.ConditionTrue, }) } else { - err = util.WaitForClusterIssuerCondition(f.CertManagerClientSet.CertmanagerV1().ClusterIssuers(), + err = util.WaitForClusterIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().ClusterIssuers(), vaultIssuerName, cmapi.IssuerCondition{ Type: cmapi.IssuerConditionReady, @@ -156,11 +157,11 @@ func runVaultAppRoleTests(issuerKind string, testWithRoot bool, unsupportedFeatu Expect(err).NotTo(HaveOccurred()) By("Creating a Certificate") - cert, err := certClient.Create(context.TODO(), util.NewCertManagerVaultCertificate(certificateName, certificateSecretName, vaultIssuerName, issuerKind, nil, nil), metav1.CreateOptions{}) + cert, err := certClient.Create(ctx, util.NewCertManagerVaultCertificate(certificateName, certificateSecretName, vaultIssuerName, issuerKind, nil, nil), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -215,7 +216,7 @@ func runVaultAppRoleTests(issuerKind string, testWithRoot bool, unsupportedFeatu gen.SetIssuerVaultPath(setup.IntermediateSignPath()), gen.SetIssuerVaultCABundle(addon.Vault.Details().VaultCA), gen.SetIssuerVaultAppRoleAuth("secretkey", vaultSecretName, roleId, setup.AppRoleAuthPath())) - iss, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), vaultIssuer, metav1.CreateOptions{}) + iss, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, vaultIssuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) vaultIssuerName = iss.Name @@ -225,7 +226,7 @@ func runVaultAppRoleTests(issuerKind string, testWithRoot bool, unsupportedFeatu gen.SetIssuerVaultPath(setup.IntermediateSignPath()), gen.SetIssuerVaultCABundle(addon.Vault.Details().VaultCA), gen.SetIssuerVaultAppRoleAuth("secretkey", vaultSecretName, roleId, setup.AppRoleAuthPath())) - iss, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(context.TODO(), vaultIssuer, metav1.CreateOptions{}) + iss, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(ctx, vaultIssuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) vaultIssuerName = iss.Name @@ -234,14 +235,14 @@ func runVaultAppRoleTests(issuerKind string, testWithRoot bool, unsupportedFeatu By("Waiting for Issuer to become Ready") if issuerKind == cmapi.IssuerKind { - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), vaultIssuerName, cmapi.IssuerCondition{ Type: cmapi.IssuerConditionReady, Status: cmmeta.ConditionTrue, }) } else { - err = util.WaitForClusterIssuerCondition(f.CertManagerClientSet.CertmanagerV1().ClusterIssuers(), + err = util.WaitForClusterIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().ClusterIssuers(), vaultIssuerName, cmapi.IssuerCondition{ Type: cmapi.IssuerConditionReady, @@ -251,11 +252,11 @@ func runVaultAppRoleTests(issuerKind string, testWithRoot bool, unsupportedFeatu Expect(err).NotTo(HaveOccurred()) By("Creating a Certificate") - cert, err := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Create(context.TODO(), util.NewCertManagerVaultCertificate(certificateName, certificateSecretName, vaultIssuerName, issuerKind, v.inputDuration, v.inputRenewBefore), metav1.CreateOptions{}) + cert, err := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Create(ctx, util.NewCertManagerVaultCertificate(certificateName, certificateSecretName, vaultIssuerName, issuerKind, v.inputDuration, v.inputRenewBefore), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -263,7 +264,7 @@ func runVaultAppRoleTests(issuerKind string, testWithRoot bool, unsupportedFeatu Expect(err).NotTo(HaveOccurred()) // Vault subtract 30 seconds to the NotBefore date. - f.CertificateDurationValid(cert, v.expectedDuration, time.Second*30) + f.CertificateDurationValid(ctx, cert, v.expectedDuration, time.Second*30) }) } } diff --git a/test/e2e/suite/issuers/vault/certificaterequest/approle.go b/test/e2e/suite/issuers/vault/certificaterequest/approle.go index 4308a9b7b12..f9e41590705 100644 --- a/test/e2e/suite/issuers/vault/certificaterequest/approle.go +++ b/test/e2e/suite/issuers/vault/certificaterequest/approle.go @@ -45,6 +45,7 @@ var _ = framework.CertManagerDescribe("Vault ClusterIssuer CertificateRequest (A }) func runVaultAppRoleTests(issuerKind string) { + ctx := context.TODO() f := framework.NewDefaultFramework("create-vault-certificaterequest") h := f.Helper() @@ -78,29 +79,29 @@ func runVaultAppRoleTests(issuerKind string) { *addon.Vault.Details(), false, ) - Expect(setup.Init()).NotTo(HaveOccurred(), "failed to init vault") - Expect(setup.Setup()).NotTo(HaveOccurred(), "failed to setup vault") + Expect(setup.Init(ctx)).NotTo(HaveOccurred(), "failed to init vault") + Expect(setup.Setup(ctx)).NotTo(HaveOccurred(), "failed to setup vault") var err error - roleId, secretId, err = setup.CreateAppRole() + roleId, secretId, err = setup.CreateAppRole(ctx) Expect(err).NotTo(HaveOccurred()) - sec, err := f.KubeClientSet.CoreV1().Secrets(vaultSecretNamespace).Create(context.TODO(), vaultaddon.NewVaultAppRoleSecret(appRoleSecretGeneratorName, secretId), metav1.CreateOptions{}) + sec, err := f.KubeClientSet.CoreV1().Secrets(vaultSecretNamespace).Create(ctx, vaultaddon.NewVaultAppRoleSecret(appRoleSecretGeneratorName, secretId), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) vaultSecretName = sec.Name }) JustAfterEach(func() { By("Cleaning up") - Expect(setup.Clean()).NotTo(HaveOccurred()) + Expect(setup.Clean(ctx)).NotTo(HaveOccurred()) if issuerKind == cmapi.IssuerKind { - f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(context.TODO(), vaultIssuerName, metav1.DeleteOptions{}) + f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(ctx, vaultIssuerName, metav1.DeleteOptions{}) } else { - f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(context.TODO(), vaultIssuerName, metav1.DeleteOptions{}) + f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(ctx, vaultIssuerName, metav1.DeleteOptions{}) } - f.KubeClientSet.CoreV1().Secrets(vaultSecretNamespace).Delete(context.TODO(), vaultSecretName, metav1.DeleteOptions{}) + f.KubeClientSet.CoreV1().Secrets(vaultSecretNamespace).Delete(ctx, vaultSecretName, metav1.DeleteOptions{}) }) It("should generate a new valid certificate", func() { @@ -117,7 +118,7 @@ func runVaultAppRoleTests(issuerKind string) { gen.SetIssuerVaultPath(setup.IntermediateSignPath()), gen.SetIssuerVaultCABundle(addon.Vault.Details().VaultCA), gen.SetIssuerVaultAppRoleAuth("secretkey", vaultSecretName, roleId, setup.AppRoleAuthPath())) - iss, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), vaultIssuer, metav1.CreateOptions{}) + iss, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, vaultIssuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) vaultIssuerName = iss.Name @@ -127,7 +128,7 @@ func runVaultAppRoleTests(issuerKind string) { gen.SetIssuerVaultPath(setup.IntermediateSignPath()), gen.SetIssuerVaultCABundle(addon.Vault.Details().VaultCA), gen.SetIssuerVaultAppRoleAuth("secretkey", vaultSecretName, roleId, setup.AppRoleAuthPath())) - iss, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(context.TODO(), vaultIssuer, metav1.CreateOptions{}) + iss, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(ctx, vaultIssuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) vaultIssuerName = iss.Name @@ -135,14 +136,14 @@ func runVaultAppRoleTests(issuerKind string) { By("Waiting for Issuer to become Ready") if issuerKind == cmapi.IssuerKind { - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), vaultIssuerName, cmapi.IssuerCondition{ Type: cmapi.IssuerConditionReady, Status: cmmeta.ConditionTrue, }) } else { - err = util.WaitForClusterIssuerCondition(f.CertManagerClientSet.CertmanagerV1().ClusterIssuers(), + err = util.WaitForClusterIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().ClusterIssuers(), vaultIssuerName, cmapi.IssuerCondition{ Type: cmapi.IssuerConditionReady, @@ -158,11 +159,11 @@ func runVaultAppRoleTests(issuerKind string) { }, crDNSNames, crIPAddresses, nil, x509.RSA) Expect(err).NotTo(HaveOccurred()) - _, err = crClient.Create(context.TODO(), cr, metav1.CreateOptions{}) + _, err = crClient.Create(ctx, cr, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Verifying the Certificate is valid") - err = h.WaitCertificateRequestIssuedValid(f.Namespace.Name, certificateRequestName, time.Minute*5, key) + err = h.WaitCertificateRequestIssuedValid(ctx, f.Namespace.Name, certificateRequestName, time.Minute*5, key) Expect(err).NotTo(HaveOccurred()) }) @@ -207,7 +208,7 @@ func runVaultAppRoleTests(issuerKind string) { gen.SetIssuerVaultPath(setup.IntermediateSignPath()), gen.SetIssuerVaultCABundle(addon.Vault.Details().VaultCA), gen.SetIssuerVaultAppRoleAuth("secretkey", vaultSecretName, roleId, setup.AppRoleAuthPath())) - iss, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), vaultIssuer, metav1.CreateOptions{}) + iss, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, vaultIssuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) vaultIssuerName = iss.Name @@ -217,7 +218,7 @@ func runVaultAppRoleTests(issuerKind string) { gen.SetIssuerVaultPath(setup.IntermediateSignPath()), gen.SetIssuerVaultCABundle(addon.Vault.Details().VaultCA), gen.SetIssuerVaultAppRoleAuth("secretkey", vaultSecretName, roleId, setup.AppRoleAuthPath())) - iss, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(context.TODO(), vaultIssuer, metav1.CreateOptions{}) + iss, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(ctx, vaultIssuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) vaultIssuerName = iss.Name @@ -225,14 +226,14 @@ func runVaultAppRoleTests(issuerKind string) { By("Waiting for Issuer to become Ready") if issuerKind == cmapi.IssuerKind { - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), vaultIssuerName, cmapi.IssuerCondition{ Type: cmapi.IssuerConditionReady, Status: cmmeta.ConditionTrue, }) } else { - err = util.WaitForClusterIssuerCondition(f.CertManagerClientSet.CertmanagerV1().ClusterIssuers(), + err = util.WaitForClusterIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().ClusterIssuers(), vaultIssuerName, cmapi.IssuerCondition{ Type: cmapi.IssuerConditionReady, @@ -247,14 +248,14 @@ func runVaultAppRoleTests(issuerKind string) { cr, key, err := util.NewCertManagerBasicCertificateRequest(certificateRequestName, vaultIssuerName, issuerKind, v.inputDuration, crDNSNames, crIPAddresses, nil, x509.RSA) Expect(err).NotTo(HaveOccurred()) - _, err = crClient.Create(context.TODO(), cr, metav1.CreateOptions{}) + _, err = crClient.Create(ctx, cr, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) - err = h.WaitCertificateRequestIssuedValid(f.Namespace.Name, certificateRequestName, time.Minute*5, key) + err = h.WaitCertificateRequestIssuedValid(ctx, f.Namespace.Name, certificateRequestName, time.Minute*5, key) Expect(err).NotTo(HaveOccurred()) By("Verifying the Certificate is valid") - cr, err = crClient.Get(context.TODO(), cr.Name, metav1.GetOptions{}) + cr, err = crClient.Get(ctx, cr.Name, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) // Vault can issue certificates with slightly skewed duration. f.CertificateRequestDurationValid(cr, v.expectedDuration, 30*time.Second) diff --git a/test/e2e/suite/issuers/vault/issuer.go b/test/e2e/suite/issuers/vault/issuer.go index 5fd80368d58..a6a342b99cf 100644 --- a/test/e2e/suite/issuers/vault/issuer.go +++ b/test/e2e/suite/issuers/vault/issuer.go @@ -37,6 +37,7 @@ import ( var _ = framework.CertManagerDescribe("Vault Issuer", func() { f := framework.NewDefaultFramework("create-vault-issuer") + ctx := context.TODO() issuerName := "test-vault-issuer" vaultSecretServiceAccount := "vault-serviceaccount" @@ -54,15 +55,15 @@ var _ = framework.CertManagerDescribe("Vault Issuer", func() { false, "https://kubernetes.default.svc.cluster.local", ) - Expect(setup.Init()).NotTo(HaveOccurred(), "failed to init vault") - Expect(setup.Setup()).NotTo(HaveOccurred(), "failed to setup vault") + Expect(setup.Init(ctx)).NotTo(HaveOccurred(), "failed to init vault") + Expect(setup.Setup(ctx)).NotTo(HaveOccurred(), "failed to setup vault") var err error - roleId, secretId, err = setup.CreateAppRole() + roleId, secretId, err = setup.CreateAppRole(ctx) Expect(err).NotTo(HaveOccurred()) By("creating a service account for Vault authentication") - err = setup.CreateKubernetesRole(f.KubeClientSet, f.Namespace.Name, vaultSecretServiceAccount) + err = setup.CreateKubernetesRole(ctx, f.KubeClientSet, f.Namespace.Name, vaultSecretServiceAccount) Expect(err).NotTo(HaveOccurred()) }) @@ -70,13 +71,13 @@ var _ = framework.CertManagerDescribe("Vault Issuer", func() { By("Cleaning up AppRole") f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(context.TODO(), issuerName, metav1.DeleteOptions{}) f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Delete(context.TODO(), vaultSecretName, metav1.DeleteOptions{}) - setup.CleanAppRole() + setup.CleanAppRole(ctx) By("Cleaning up Kubernetes") - setup.CleanKubernetesRole(f.KubeClientSet, f.Namespace.Name, vaultSecretServiceAccount) + setup.CleanKubernetesRole(ctx, f.KubeClientSet, f.Namespace.Name, vaultSecretServiceAccount) By("Cleaning up Vault") - Expect(setup.Clean()).NotTo(HaveOccurred()) + Expect(setup.Clean(ctx)).NotTo(HaveOccurred()) }) It("should be ready with a valid AppRole", func() { @@ -95,7 +96,7 @@ var _ = framework.CertManagerDescribe("Vault Issuer", func() { Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), iss.Name, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -116,7 +117,7 @@ var _ = framework.CertManagerDescribe("Vault Issuer", func() { Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), iss.Name, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -137,7 +138,7 @@ var _ = framework.CertManagerDescribe("Vault Issuer", func() { Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -161,7 +162,7 @@ var _ = framework.CertManagerDescribe("Vault Issuer", func() { Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -184,7 +185,7 @@ var _ = framework.CertManagerDescribe("Vault Issuer", func() { _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), vaultIssuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -235,7 +236,7 @@ var _ = framework.CertManagerDescribe("Vault Issuer", func() { Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -259,7 +260,7 @@ var _ = framework.CertManagerDescribe("Vault Issuer", func() { Expect(err).NotTo(HaveOccurred()) By("Validate that the Issuer is not ready yet") - err = e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -279,7 +280,7 @@ var _ = framework.CertManagerDescribe("Vault Issuer", func() { Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -314,7 +315,7 @@ var _ = framework.CertManagerDescribe("Vault Issuer", func() { Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -336,7 +337,7 @@ var _ = framework.CertManagerDescribe("Vault Issuer", func() { Expect(err).NotTo(HaveOccurred()) By("Validate that the issuer isn't ready anymore due to Vault still using the old certificate") - err = e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -348,8 +349,8 @@ var _ = framework.CertManagerDescribe("Vault Issuer", func() { // Note that we reuse the same service account as for the Kubernetes // auth based on secretRef. There should be no problem doing so. By("Creating the Role and RoleBinding to let cert-manager use TokenRequest for the ServiceAccount") - vaultaddon.CreateKubernetesRoleForServiceAccountRefAuth(f.KubeClientSet, setup.Role(), f.Namespace.Name, vaultSecretServiceAccount) - defer vaultaddon.CleanKubernetesRoleForServiceAccountRefAuth(f.KubeClientSet, setup.Role(), f.Namespace.Name, vaultSecretServiceAccount) + vaultaddon.CreateKubernetesRoleForServiceAccountRefAuth(ctx, f.KubeClientSet, setup.Role(), f.Namespace.Name, vaultSecretServiceAccount) + defer vaultaddon.CleanKubernetesRoleForServiceAccountRefAuth(ctx, f.KubeClientSet, setup.Role(), f.Namespace.Name, vaultSecretServiceAccount) By("Creating an Issuer") vaultIssuer := gen.Issuer(issuerName, @@ -362,7 +363,7 @@ var _ = framework.CertManagerDescribe("Vault Issuer", func() { Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, diff --git a/test/e2e/suite/issuers/vault/mtls.go b/test/e2e/suite/issuers/vault/mtls.go index b69467e9132..584fbd28c52 100644 --- a/test/e2e/suite/issuers/vault/mtls.go +++ b/test/e2e/suite/issuers/vault/mtls.go @@ -37,6 +37,7 @@ import ( var _ = framework.CertManagerDescribe("Vault Issuer [mtls]", func() { f := framework.NewDefaultFramework("create-vault-issuer") + ctx := context.TODO() issuerName := "test-vault-issuer" vaultSecretServiceAccount := "vault-serviceaccount" @@ -57,38 +58,38 @@ var _ = framework.CertManagerDescribe("Vault Issuer [mtls]", func() { false, "https://kubernetes.default.svc.cluster.local", ) - Expect(setup.Init()).NotTo(HaveOccurred(), "failed to init vault") - Expect(setup.Setup()).NotTo(HaveOccurred(), "failed to setup vault") + Expect(setup.Init(ctx)).NotTo(HaveOccurred(), "failed to init vault") + Expect(setup.Setup(ctx)).NotTo(HaveOccurred(), "failed to setup vault") var err error - roleId, secretId, err = setup.CreateAppRole() + roleId, secretId, err = setup.CreateAppRole(ctx) Expect(err).NotTo(HaveOccurred()) By("creating a service account for Vault authentication") - err = setup.CreateKubernetesRole(f.KubeClientSet, f.Namespace.Name, vaultSecretServiceAccount) + err = setup.CreateKubernetesRole(ctx, f.KubeClientSet, f.Namespace.Name, vaultSecretServiceAccount) Expect(err).NotTo(HaveOccurred()) By("creating a client certificate for Vault mTLS") secret := vaultaddon.NewVaultClientCertificateSecret(vaultClientCertificateSecretName, details.VaultClientCertificate, details.VaultClientPrivateKey) - _, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(context.TODO(), secret, metav1.CreateOptions{}) + _, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(ctx, secret, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) }) JustAfterEach(func() { By("Cleaning up AppRole") - f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(context.TODO(), issuerName, metav1.DeleteOptions{}) - f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Delete(context.TODO(), vaultSecretName, metav1.DeleteOptions{}) - setup.CleanAppRole() + f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(ctx, issuerName, metav1.DeleteOptions{}) + f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Delete(ctx, vaultSecretName, metav1.DeleteOptions{}) + setup.CleanAppRole(ctx) By("Cleaning up Kubernetes") - setup.CleanKubernetesRole(f.KubeClientSet, f.Namespace.Name, vaultSecretServiceAccount) + setup.CleanKubernetesRole(ctx, f.KubeClientSet, f.Namespace.Name, vaultSecretServiceAccount) By("Cleaning up Vault") - Expect(setup.Clean()).NotTo(HaveOccurred()) + Expect(setup.Clean(ctx)).NotTo(HaveOccurred()) }) It("should be ready with a valid AppRole", func() { - sec, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(context.TODO(), vaultaddon.NewVaultAppRoleSecret(appRoleSecretGeneratorName, secretId), metav1.CreateOptions{}) + sec, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(ctx, vaultaddon.NewVaultAppRoleSecret(appRoleSecretGeneratorName, secretId), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) vaultSecretName = sec.Name @@ -101,11 +102,11 @@ var _ = framework.CertManagerDescribe("Vault Issuer [mtls]", func() { gen.SetIssuerVaultClientCertSecretRef(vaultClientCertificateSecretName, corev1.TLSCertKey), gen.SetIssuerVaultClientKeySecretRef(vaultClientCertificateSecretName, corev1.TLSPrivateKeyKey), gen.SetIssuerVaultAppRoleAuth("secretkey", vaultSecretName, roleId, setup.AppRoleAuthPath())) - iss, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), vaultIssuer, metav1.CreateOptions{}) + iss, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, vaultIssuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), iss.Name, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -115,7 +116,7 @@ var _ = framework.CertManagerDescribe("Vault Issuer [mtls]", func() { }) It("should fail to init with missing client certificates", func() { - sec, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(context.TODO(), vaultaddon.NewVaultAppRoleSecret(appRoleSecretGeneratorName, secretId), metav1.CreateOptions{}) + sec, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(ctx, vaultaddon.NewVaultAppRoleSecret(appRoleSecretGeneratorName, secretId), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) vaultSecretName = sec.Name @@ -127,11 +128,11 @@ var _ = framework.CertManagerDescribe("Vault Issuer [mtls]", func() { gen.SetIssuerVaultPath(setup.IntermediateSignPath()), gen.SetIssuerVaultCABundle(details.VaultCA), gen.SetIssuerVaultAppRoleAuth("secretkey", vaultSecretName, roleId, setup.AppRoleAuthPath())) - iss, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), vaultIssuer, metav1.CreateOptions{}) + iss, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, vaultIssuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), iss.Name, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -150,11 +151,11 @@ var _ = framework.CertManagerDescribe("Vault Issuer [mtls]", func() { gen.SetIssuerVaultClientCertSecretRef(vaultClientCertificateSecretName, corev1.TLSCertKey), gen.SetIssuerVaultClientKeySecretRef(vaultClientCertificateSecretName, corev1.TLSPrivateKeyKey), gen.SetIssuerVaultAppRoleAuth("secretkey", roleId, setup.Role(), setup.AppRoleAuthPath())) - iss, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), vaultIssuer, metav1.CreateOptions{}) + iss, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, vaultIssuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), iss.Name, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -173,11 +174,11 @@ var _ = framework.CertManagerDescribe("Vault Issuer [mtls]", func() { gen.SetIssuerVaultClientCertSecretRef(vaultClientCertificateSecretName, corev1.TLSCertKey), gen.SetIssuerVaultClientKeySecretRef(vaultClientCertificateSecretName, corev1.TLSPrivateKeyKey), gen.SetIssuerVaultTokenAuth("secretkey", "vault-token")) - _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), vaultIssuer, metav1.CreateOptions{}) + _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, vaultIssuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -188,7 +189,7 @@ var _ = framework.CertManagerDescribe("Vault Issuer [mtls]", func() { It("should be ready with a valid Kubernetes Role and ServiceAccount Secret", func() { saTokenSecretName := "vault-sa-secret-" + rand.String(5) - _, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(context.TODO(), vaultaddon.NewVaultKubernetesSecret(saTokenSecretName, vaultSecretServiceAccount), metav1.CreateOptions{}) + _, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(ctx, vaultaddon.NewVaultKubernetesSecret(saTokenSecretName, vaultSecretServiceAccount), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) vaultIssuer := gen.Issuer(issuerName, @@ -199,11 +200,11 @@ var _ = framework.CertManagerDescribe("Vault Issuer [mtls]", func() { gen.SetIssuerVaultClientCertSecretRef(vaultClientCertificateSecretName, corev1.TLSCertKey), gen.SetIssuerVaultClientKeySecretRef(vaultClientCertificateSecretName, corev1.TLSPrivateKeyKey), gen.SetIssuerVaultKubernetesAuthSecret("token", saTokenSecretName, setup.Role(), setup.KubernetesAuthPath())) - _, err = f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), vaultIssuer, metav1.CreateOptions{}) + _, err = f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, vaultIssuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -225,10 +226,10 @@ var _ = framework.CertManagerDescribe("Vault Issuer [mtls]", func() { gen.SetIssuerVaultClientCertSecretRef(vaultClientCertificateSecretName, corev1.TLSCertKey), gen.SetIssuerVaultClientKeySecretRef(vaultClientCertificateSecretName, corev1.TLSPrivateKeyKey), gen.SetIssuerVaultKubernetesAuthSecret("token", saTokenSecretName, setup.Role(), setup.KubernetesAuthPath())) - _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), vaultIssuer, metav1.CreateOptions{}) + _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, vaultIssuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -247,7 +248,7 @@ var _ = framework.CertManagerDescribe("Vault Issuer [mtls]", func() { gen.SetIssuerVaultClientCertSecretRef(vaultClientCertificateSecretName, corev1.TLSCertKey), gen.SetIssuerVaultClientKeySecretRef(vaultClientCertificateSecretName, corev1.TLSPrivateKeyKey), gen.SetIssuerVaultCABundleSecretRef("ca-bundle", f.Namespace.Name, "ca.crt")) - _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), vaultIssuer, metav1.CreateOptions{}) + _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, vaultIssuer, metav1.CreateOptions{}) Expect(err).To(HaveOccurred()) Expect(err.Error()).To(ContainSubstring( "spec.vault.caBundle: Invalid value: \"\": specified caBundle and caBundleSecretRef cannot be used together", @@ -257,10 +258,10 @@ var _ = framework.CertManagerDescribe("Vault Issuer [mtls]", func() { It("should be ready with a caBundle from a Kubernetes Secret", func() { saTokenSecretName := "vault-sa-secret-" + rand.String(5) - _, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(context.TODO(), vaultaddon.NewVaultKubernetesSecret(saTokenSecretName, vaultSecretServiceAccount), metav1.CreateOptions{}) + _, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(ctx, vaultaddon.NewVaultKubernetesSecret(saTokenSecretName, vaultSecretServiceAccount), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) - _, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(context.TODO(), &corev1.Secret{ + _, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(ctx, &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ Name: "ca-bundle", }, @@ -279,11 +280,11 @@ var _ = framework.CertManagerDescribe("Vault Issuer [mtls]", func() { gen.SetIssuerVaultClientCertSecretRef(vaultClientCertificateSecretName, corev1.TLSCertKey), gen.SetIssuerVaultClientKeySecretRef(vaultClientCertificateSecretName, corev1.TLSPrivateKeyKey), gen.SetIssuerVaultKubernetesAuthSecret("token", saTokenSecretName, setup.Role(), setup.KubernetesAuthPath())) - _, err = f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), vaultIssuer, metav1.CreateOptions{}) + _, err = f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, vaultIssuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -294,7 +295,7 @@ var _ = framework.CertManagerDescribe("Vault Issuer [mtls]", func() { It("should be eventually ready when the CA bundle secret gets created after the Issuer", func() { saTokenSecretName := "vault-sa-secret-" + rand.String(5) - _, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(context.TODO(), vaultaddon.NewVaultKubernetesSecret(saTokenSecretName, vaultSecretServiceAccount), metav1.CreateOptions{}) + _, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(ctx, vaultaddon.NewVaultKubernetesSecret(saTokenSecretName, vaultSecretServiceAccount), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) vaultIssuer := gen.Issuer(issuerName, @@ -305,11 +306,11 @@ var _ = framework.CertManagerDescribe("Vault Issuer [mtls]", func() { gen.SetIssuerVaultClientCertSecretRef(vaultClientCertificateSecretName, corev1.TLSCertKey), gen.SetIssuerVaultClientKeySecretRef(vaultClientCertificateSecretName, corev1.TLSPrivateKeyKey), gen.SetIssuerVaultKubernetesAuthSecret("token", saTokenSecretName, setup.Role(), setup.KubernetesAuthPath())) - _, err = f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), vaultIssuer, metav1.CreateOptions{}) + _, err = f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, vaultIssuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Validate that the Issuer is not ready yet") - err = e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -317,7 +318,7 @@ var _ = framework.CertManagerDescribe("Vault Issuer [mtls]", func() { }) Expect(err).NotTo(HaveOccurred()) - _, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(context.TODO(), &corev1.Secret{ + _, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(ctx, &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ Name: "ca-bundle", }, @@ -329,7 +330,7 @@ var _ = framework.CertManagerDescribe("Vault Issuer [mtls]", func() { Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -339,7 +340,7 @@ var _ = framework.CertManagerDescribe("Vault Issuer [mtls]", func() { }) It("should be eventually ready when the Vault client certificate secret gets created after the Issuer", func() { - sec, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(context.TODO(), vaultaddon.NewVaultAppRoleSecret(appRoleSecretGeneratorName, secretId), metav1.CreateOptions{}) + sec, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(ctx, vaultaddon.NewVaultAppRoleSecret(appRoleSecretGeneratorName, secretId), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) vaultSecretName = sec.Name @@ -353,11 +354,11 @@ var _ = framework.CertManagerDescribe("Vault Issuer [mtls]", func() { gen.SetIssuerVaultClientCertSecretRef(customVaultClientCertificateSecretName, corev1.TLSCertKey), gen.SetIssuerVaultClientKeySecretRef(customVaultClientCertificateSecretName, corev1.TLSPrivateKeyKey), gen.SetIssuerVaultAppRoleAuth("secretkey", vaultSecretName, roleId, setup.AppRoleAuthPath())) - iss, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), vaultIssuer, metav1.CreateOptions{}) + iss, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, vaultIssuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Validate that the Issuer is not ready yet") - err = e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -367,11 +368,11 @@ var _ = framework.CertManagerDescribe("Vault Issuer [mtls]", func() { By("creating a client certificate for Vault mTLS") secret := vaultaddon.NewVaultClientCertificateSecret(customVaultClientCertificateSecretName, details.VaultClientCertificate, details.VaultClientPrivateKey) - _, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(context.TODO(), secret, metav1.CreateOptions{}) + _, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(ctx, secret, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), iss.Name, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -382,10 +383,10 @@ var _ = framework.CertManagerDescribe("Vault Issuer [mtls]", func() { It("it should become not ready when the CA certificate in the secret changes and doesn't match Vault's CA anymore", func() { saTokenSecretName := "vault-sa-secret-" + rand.String(5) - _, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(context.TODO(), vaultaddon.NewVaultKubernetesSecret(saTokenSecretName, vaultSecretServiceAccount), metav1.CreateOptions{}) + _, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(ctx, vaultaddon.NewVaultKubernetesSecret(saTokenSecretName, vaultSecretServiceAccount), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) - _, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(context.TODO(), &corev1.Secret{ + _, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(ctx, &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ Name: "ca-bundle", }, @@ -404,11 +405,11 @@ var _ = framework.CertManagerDescribe("Vault Issuer [mtls]", func() { gen.SetIssuerVaultClientCertSecretRef(vaultClientCertificateSecretName, corev1.TLSCertKey), gen.SetIssuerVaultClientKeySecretRef(vaultClientCertificateSecretName, corev1.TLSPrivateKeyKey), gen.SetIssuerVaultKubernetesAuthSecret("token", saTokenSecretName, setup.Role(), setup.KubernetesAuthPath())) - _, err = f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), vaultIssuer, metav1.CreateOptions{}) + _, err = f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, vaultIssuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -419,7 +420,7 @@ var _ = framework.CertManagerDescribe("Vault Issuer [mtls]", func() { By("Updating CA bundle") public, _, err := vaultaddon.GenerateCA() Expect(err).NotTo(HaveOccurred()) - _, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Update(context.TODO(), &corev1.Secret{ + _, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Update(ctx, &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ Name: "ca-bundle", }, @@ -430,7 +431,7 @@ var _ = framework.CertManagerDescribe("Vault Issuer [mtls]", func() { Expect(err).NotTo(HaveOccurred()) By("Validate that the issuer isn't ready anymore due to Vault still using the old certificate") - err = e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -442,8 +443,8 @@ var _ = framework.CertManagerDescribe("Vault Issuer [mtls]", func() { // Note that we reuse the same service account as for the Kubernetes // auth based on secretRef. There should be no problem doing so. By("Creating the Role and RoleBinding to let cert-manager use TokenRequest for the ServiceAccount") - vaultaddon.CreateKubernetesRoleForServiceAccountRefAuth(f.KubeClientSet, setup.Role(), f.Namespace.Name, vaultSecretServiceAccount) - defer vaultaddon.CleanKubernetesRoleForServiceAccountRefAuth(f.KubeClientSet, setup.Role(), f.Namespace.Name, vaultSecretServiceAccount) + vaultaddon.CreateKubernetesRoleForServiceAccountRefAuth(ctx, f.KubeClientSet, setup.Role(), f.Namespace.Name, vaultSecretServiceAccount) + defer vaultaddon.CleanKubernetesRoleForServiceAccountRefAuth(ctx, f.KubeClientSet, setup.Role(), f.Namespace.Name, vaultSecretServiceAccount) By("Creating an Issuer") vaultIssuer := gen.Issuer(issuerName, @@ -454,11 +455,11 @@ var _ = framework.CertManagerDescribe("Vault Issuer [mtls]", func() { gen.SetIssuerVaultClientCertSecretRef(vaultClientCertificateSecretName, corev1.TLSCertKey), gen.SetIssuerVaultClientKeySecretRef(vaultClientCertificateSecretName, corev1.TLSPrivateKeyKey), gen.SetIssuerVaultKubernetesAuthServiceAccount(vaultSecretServiceAccount, setup.Role(), setup.KubernetesAuthPath())) - _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), vaultIssuer, metav1.CreateOptions{}) + _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, vaultIssuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, diff --git a/test/e2e/suite/issuers/venafi/cloud/setup.go b/test/e2e/suite/issuers/venafi/cloud/setup.go index c8dd111e6f5..f790e59828f 100644 --- a/test/e2e/suite/issuers/venafi/cloud/setup.go +++ b/test/e2e/suite/issuers/venafi/cloud/setup.go @@ -37,6 +37,7 @@ func CloudDescribe(name string, body func()) bool { var _ = CloudDescribe("properly configured Venafi Cloud Issuer", func() { f := framework.NewDefaultFramework("venafi-cloud-setup") + ctx := context.TODO() var ( issuer *cmapi.Issuer @@ -62,7 +63,7 @@ var _ = CloudDescribe("properly configured Venafi Cloud Issuer", func() { Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuer.Name, cmapi.IssuerCondition{ Type: cmapi.IssuerConditionReady, @@ -77,7 +78,7 @@ var _ = CloudDescribe("properly configured Venafi Cloud Issuer", func() { issuer = cloudAddon.Details().BuildIssuer() issuer, err = f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuer.Name, cmapi.IssuerCondition{ Type: cmapi.IssuerConditionReady, @@ -86,9 +87,9 @@ var _ = CloudDescribe("properly configured Venafi Cloud Issuer", func() { Expect(err).NotTo(HaveOccurred()) By("Changing the API key to something bad") - err = cloudAddon.SetAPIKey("this_is_a_bad_key") + err = cloudAddon.SetAPIKey(ctx, "this_is_a_bad_key") Expect(err).NotTo(HaveOccurred()) - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuer.Name, cmapi.IssuerCondition{ Type: cmapi.IssuerConditionReady, diff --git a/test/e2e/suite/issuers/venafi/tpp/certificate.go b/test/e2e/suite/issuers/venafi/tpp/certificate.go index 61df32ee00b..d84403c53e1 100644 --- a/test/e2e/suite/issuers/venafi/tpp/certificate.go +++ b/test/e2e/suite/issuers/venafi/tpp/certificate.go @@ -36,6 +36,7 @@ import ( var _ = TPPDescribe("Certificate with a properly configured Issuer", func() { f := framework.NewDefaultFramework("venafi-tpp-certificate") + ctx := context.TODO() var ( issuer *cmapi.Issuer @@ -60,7 +61,7 @@ var _ = TPPDescribe("Certificate with a properly configured Issuer", func() { Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuer.Name, cmapi.IssuerCondition{ Type: cmapi.IssuerConditionReady, @@ -94,7 +95,7 @@ var _ = TPPDescribe("Certificate with a properly configured Issuer", func() { Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") diff --git a/test/e2e/suite/issuers/venafi/tpp/certificaterequest.go b/test/e2e/suite/issuers/venafi/tpp/certificaterequest.go index 1d0e2a8f99c..ecde72da404 100644 --- a/test/e2e/suite/issuers/venafi/tpp/certificaterequest.go +++ b/test/e2e/suite/issuers/venafi/tpp/certificaterequest.go @@ -35,6 +35,7 @@ import ( ) var _ = TPPDescribe("CertificateRequest with a properly configured Issuer", func() { + ctx := context.TODO() f := framework.NewDefaultFramework("venafi-tpp-certificaterequest") h := f.Helper() @@ -56,11 +57,11 @@ var _ = TPPDescribe("CertificateRequest with a properly configured Issuer", func By("Creating a Venafi Issuer resource") issuer = tppAddon.Details().BuildIssuer() - issuer, err = f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), issuer, metav1.CreateOptions{}) + issuer, err = f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuer.Name, cmapi.IssuerCondition{ Type: cmapi.IssuerConditionReady, @@ -72,7 +73,7 @@ var _ = TPPDescribe("CertificateRequest with a properly configured Issuer", func AfterEach(func() { By("Cleaning up") if issuer != nil { - err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(context.TODO(), issuer.Name, metav1.DeleteOptions{}) + err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(ctx, issuer.Name, metav1.DeleteOptions{}) Expect(err).NotTo(HaveOccurred()) } }) @@ -86,11 +87,11 @@ var _ = TPPDescribe("CertificateRequest with a properly configured Issuer", func Expect(err).NotTo(HaveOccurred()) By("Creating a CertificateRequest") - _, err = crClient.Create(context.TODO(), cr, metav1.CreateOptions{}) + _, err = crClient.Create(ctx, cr, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Verifying the CertificateRequest is valid") - err = h.WaitCertificateRequestIssuedValid(f.Namespace.Name, certificateRequestName, time.Second*30, key) + err = h.WaitCertificateRequestIssuedValid(ctx, f.Namespace.Name, certificateRequestName, time.Second*30, key) Expect(err).NotTo(HaveOccurred()) }) }) diff --git a/test/e2e/suite/issuers/venafi/tpp/setup.go b/test/e2e/suite/issuers/venafi/tpp/setup.go index 4fe8cd5b137..46f1a03668f 100644 --- a/test/e2e/suite/issuers/venafi/tpp/setup.go +++ b/test/e2e/suite/issuers/venafi/tpp/setup.go @@ -33,6 +33,7 @@ import ( var _ = TPPDescribe("properly configured Venafi TPP Issuer", func() { f := framework.NewDefaultFramework("venafi-tpp-setup") + ctx := context.TODO() var ( issuer *cmapi.Issuer @@ -48,7 +49,7 @@ var _ = TPPDescribe("properly configured Venafi TPP Issuer", func() { AfterEach(func() { By("Cleaning up") if issuer != nil { - f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(context.TODO(), issuer.Name, metav1.DeleteOptions{}) + f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(ctx, issuer.Name, metav1.DeleteOptions{}) } }) @@ -56,11 +57,11 @@ var _ = TPPDescribe("properly configured Venafi TPP Issuer", func() { var err error By("Creating a Venafi Issuer resource") issuer = tppAddon.Details().BuildIssuer() - issuer, err = f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), issuer, metav1.CreateOptions{}) + issuer, err = f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuer.Name, cmapi.IssuerCondition{ Type: cmapi.IssuerConditionReady, @@ -73,9 +74,9 @@ var _ = TPPDescribe("properly configured Venafi TPP Issuer", func() { var err error By("Creating a Venafi Issuer resource") issuer = tppAddon.Details().BuildIssuer() - issuer, err = f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), issuer, metav1.CreateOptions{}) + issuer, err = f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuer.Name, cmapi.IssuerCondition{ Type: cmapi.IssuerConditionReady, @@ -84,9 +85,9 @@ var _ = TPPDescribe("properly configured Venafi TPP Issuer", func() { Expect(err).NotTo(HaveOccurred()) By("Changing the Access Token to something bad") - err = tppAddon.SetAccessToken("this_is_a_bad_token") + err = tppAddon.SetAccessToken(ctx, "this_is_a_bad_token") Expect(err).NotTo(HaveOccurred()) - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuer.Name, cmapi.IssuerCondition{ Type: cmapi.IssuerConditionReady, diff --git a/test/e2e/suite/serving/cainjector.go b/test/e2e/suite/serving/cainjector.go index e0868df044c..ca358a54a3a 100644 --- a/test/e2e/suite/serving/cainjector.go +++ b/test/e2e/suite/serving/cainjector.go @@ -50,6 +50,7 @@ type injectableTest struct { var _ = framework.CertManagerDescribe("CA Injector", func() { f := framework.NewDefaultFramework("cainjector") + ctx := context.TODO() issuerName := "inject-cert-issuer" secretName := "serving-certs-data" @@ -66,7 +67,7 @@ var _ = framework.CertManagerDescribe("CA Injector", func() { Expect(f.CRClient.Create(context.Background(), issuer)).To(Succeed()) By("Waiting for Issuer to become Ready") - err := util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err := util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, certmanager.IssuerCondition{ Type: certmanager.IssuerConditionReady, @@ -100,7 +101,7 @@ var _ = framework.CertManagerDescribe("CA Injector", func() { ) Expect(f.CRClient.Create(context.Background(), cert)).To(Succeed()) - cert, err := f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*2) + cert, err := f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, cert, time.Minute*2) Expect(err).NotTo(HaveOccurred(), "failed to wait for Certificate to become Ready") By("grabbing the corresponding secret") @@ -176,7 +177,7 @@ var _ = framework.CertManagerDescribe("CA Injector", func() { return nil }) - cert, err := f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*2) + cert, err := f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, cert, time.Minute*2) Expect(err).NotTo(HaveOccurred(), "failed to wait for Certificate to become updated") By("grabbing the new secret") diff --git a/test/e2e/util/util.go b/test/e2e/util/util.go index e3a7c127dc8..f745b659af0 100644 --- a/test/e2e/util/util.go +++ b/test/e2e/util/util.go @@ -56,8 +56,8 @@ func CertificateOnlyValidForDomains(cert *x509.Certificate, commonName string, d return true } -func WaitForIssuerStatusFunc(client clientset.IssuerInterface, name string, fn func(*v1.Issuer) (bool, error)) error { - return wait.PollUntilContextTimeout(context.TODO(), 500*time.Millisecond, time.Minute, true, func(ctx context.Context) (bool, error) { +func WaitForIssuerStatusFunc(ctx context.Context, client clientset.IssuerInterface, name string, fn func(*v1.Issuer) (bool, error)) error { + return wait.PollUntilContextTimeout(ctx, 500*time.Millisecond, time.Minute, true, func(ctx context.Context) (bool, error) { issuer, err := client.Get(ctx, name, metav1.GetOptions{}) if err != nil { return false, fmt.Errorf("error getting Issuer %q: %v", name, err) @@ -68,10 +68,10 @@ func WaitForIssuerStatusFunc(client clientset.IssuerInterface, name string, fn f // WaitForIssuerCondition waits for the status of the named issuer to contain // a condition whose type and status matches the supplied one. -func WaitForIssuerCondition(client clientset.IssuerInterface, name string, condition v1.IssuerCondition) error { +func WaitForIssuerCondition(ctx context.Context, client clientset.IssuerInterface, name string, condition v1.IssuerCondition) error { logf, done := log.LogBackoff() defer done() - pollErr := wait.PollUntilContextTimeout(context.TODO(), 500*time.Millisecond, time.Minute, true, func(ctx context.Context) (bool, error) { + pollErr := wait.PollUntilContextTimeout(ctx, 500*time.Millisecond, time.Minute, true, func(ctx context.Context) (bool, error) { logf("Waiting for issuer %v condition %#v", name, condition) issuer, err := client.Get(ctx, name, metav1.GetOptions{}) if nil != err { @@ -80,16 +80,16 @@ func WaitForIssuerCondition(client clientset.IssuerInterface, name string, condi return apiutil.IssuerHasCondition(issuer, condition), nil }) - return wrapErrorWithIssuerStatusCondition(client, pollErr, name, condition.Type) + return wrapErrorWithIssuerStatusCondition(ctx, client, pollErr, name, condition.Type) } // try to retrieve last condition to help diagnose tests. -func wrapErrorWithIssuerStatusCondition(client clientset.IssuerInterface, pollErr error, name string, conditionType v1.IssuerConditionType) error { +func wrapErrorWithIssuerStatusCondition(ctx context.Context, client clientset.IssuerInterface, pollErr error, name string, conditionType v1.IssuerConditionType) error { if pollErr == nil { return nil } - issuer, err := client.Get(context.TODO(), name, metav1.GetOptions{}) + issuer, err := client.Get(ctx, name, metav1.GetOptions{}) if err != nil { return pollErr } @@ -106,10 +106,10 @@ func wrapErrorWithIssuerStatusCondition(client clientset.IssuerInterface, pollEr // WaitForClusterIssuerCondition waits for the status of the named issuer to contain // a condition whose type and status matches the supplied one. -func WaitForClusterIssuerCondition(client clientset.ClusterIssuerInterface, name string, condition v1.IssuerCondition) error { +func WaitForClusterIssuerCondition(ctx context.Context, client clientset.ClusterIssuerInterface, name string, condition v1.IssuerCondition) error { logf, done := log.LogBackoff() defer done() - pollErr := wait.PollUntilContextTimeout(context.TODO(), 500*time.Millisecond, time.Minute, true, func(ctx context.Context) (bool, error) { + pollErr := wait.PollUntilContextTimeout(ctx, 500*time.Millisecond, time.Minute, true, func(ctx context.Context) (bool, error) { logf("Waiting for clusterissuer %v condition %#v", name, condition) issuer, err := client.Get(ctx, name, metav1.GetOptions{}) if nil != err { @@ -118,16 +118,16 @@ func WaitForClusterIssuerCondition(client clientset.ClusterIssuerInterface, name return apiutil.IssuerHasCondition(issuer, condition), nil }) - return wrapErrorWithClusterIssuerStatusCondition(client, pollErr, name, condition.Type) + return wrapErrorWithClusterIssuerStatusCondition(ctx, client, pollErr, name, condition.Type) } // try to retrieve last condition to help diagnose tests. -func wrapErrorWithClusterIssuerStatusCondition(client clientset.ClusterIssuerInterface, pollErr error, name string, conditionType v1.IssuerConditionType) error { +func wrapErrorWithClusterIssuerStatusCondition(ctx context.Context, client clientset.ClusterIssuerInterface, pollErr error, name string, conditionType v1.IssuerConditionType) error { if pollErr == nil { return nil } - issuer, err := client.Get(context.TODO(), name, metav1.GetOptions{}) + issuer, err := client.Get(ctx, name, metav1.GetOptions{}) if err != nil { return pollErr } @@ -144,10 +144,10 @@ func wrapErrorWithClusterIssuerStatusCondition(client clientset.ClusterIssuerInt // WaitForCRDToNotExist waits for the CRD with the given name to no // longer exist. -func WaitForCRDToNotExist(client apiextensionsv1.CustomResourceDefinitionInterface, name string) error { +func WaitForCRDToNotExist(ctx context.Context, client apiextensionsv1.CustomResourceDefinitionInterface, name string) error { logf, done := log.LogBackoff() defer done() - return wait.PollUntilContextTimeout(context.TODO(), 500*time.Millisecond, time.Minute, true, func(ctx context.Context) (bool, error) { + return wait.PollUntilContextTimeout(ctx, 500*time.Millisecond, time.Minute, true, func(ctx context.Context) (bool, error) { logf("Waiting for CRD %v to not exist", name) _, err := client.Get(ctx, name, metav1.GetOptions{}) if nil == err { diff --git a/test/integration/acme/orders_controller_test.go b/test/integration/acme/orders_controller_test.go index 9d1f6528efc..d1deca46864 100644 --- a/test/integration/acme/orders_controller_test.go +++ b/test/integration/acme/orders_controller_test.go @@ -142,7 +142,6 @@ func TestAcmeOrdersController(t *testing.T) { false, ) c := controllerpkg.NewController( - ctx, "orders_test", metrics.New(logf.Log, clock.RealClock{}), ctrl.ProcessItem, diff --git a/test/integration/certificates/generates_new_private_key_per_request_test.go b/test/integration/certificates/generates_new_private_key_per_request_test.go index 97058529b27..88ad3708729 100644 --- a/test/integration/certificates/generates_new_private_key_per_request_test.go +++ b/test/integration/certificates/generates_new_private_key_per_request_test.go @@ -54,7 +54,7 @@ func TestGeneratesNewPrivateKeyIfMarkedInvalidRequest(t *testing.T) { defer stopFn() // Build, instantiate and run all required controllers - stopControllers := runAllControllers(t, ctx, config) + stopControllers := runAllControllers(t, config) defer stopControllers() _, _, cmCl, _, _ := framework.NewClients(t, config) @@ -191,7 +191,7 @@ func TestGeneratesNewPrivateKeyPerRequest(t *testing.T) { defer stopFn() // Build, instantiate and run all required controllers - stopControllers := runAllControllers(t, ctx, config) + stopControllers := runAllControllers(t, config) defer stopControllers() _, _, cmCl, _, _ := framework.NewClients(t, config) @@ -320,7 +320,7 @@ type comparablePublicKey interface { Equal(crypto.PublicKey) bool } -func runAllControllers(t *testing.T, ctx context.Context, config *rest.Config) framework.StopFunc { +func runAllControllers(t *testing.T, config *rest.Config) framework.StopFunc { kubeClient, factory, cmCl, cmFactory, scheme := framework.NewClients(t, config) log := logf.Log clock := clock.RealClock{} @@ -341,22 +341,22 @@ func runAllControllers(t *testing.T, ctx context.Context, config *rest.Config) f // TODO: set field mananager before calling each of those- is that what we do in actual code? revCtrl, revQueue, revMustSync := revisionmanager.NewController(log, &controllerContext) - revisionManager := controllerpkg.NewController(ctx, "revisionmanager_controller", metrics, revCtrl.ProcessItem, revMustSync, nil, revQueue) + revisionManager := controllerpkg.NewController("revisionmanager_controller", metrics, revCtrl.ProcessItem, revMustSync, nil, revQueue) readyCtrl, readyQueue, readyMustSync := readiness.NewController(log, &controllerContext, policies.NewReadinessPolicyChain(clock), pki.RenewalTime, readiness.BuildReadyConditionFromChain) - readinessManager := controllerpkg.NewController(ctx, "readiness_controller", metrics, readyCtrl.ProcessItem, readyMustSync, nil, readyQueue) + readinessManager := controllerpkg.NewController("readiness_controller", metrics, readyCtrl.ProcessItem, readyMustSync, nil, readyQueue) issueCtrl, issueQueue, issueMustSync := issuing.NewController(log, &controllerContext) - issueManager := controllerpkg.NewController(ctx, "issuing_controller", metrics, issueCtrl.ProcessItem, issueMustSync, nil, issueQueue) + issueManager := controllerpkg.NewController("issuing_controller", metrics, issueCtrl.ProcessItem, issueMustSync, nil, issueQueue) reqCtrl, reqQueue, reqMustSync := requestmanager.NewController(log, &controllerContext) - requestManager := controllerpkg.NewController(ctx, "requestmanager_controller", metrics, reqCtrl.ProcessItem, reqMustSync, nil, reqQueue) + requestManager := controllerpkg.NewController("requestmanager_controller", metrics, reqCtrl.ProcessItem, reqMustSync, nil, reqQueue) keyCtrl, keyQueue, keyMustSync := keymanager.NewController(log, &controllerContext) - keyManager := controllerpkg.NewController(ctx, "keymanager_controller", metrics, keyCtrl.ProcessItem, keyMustSync, nil, keyQueue) + keyManager := controllerpkg.NewController("keymanager_controller", metrics, keyCtrl.ProcessItem, keyMustSync, nil, keyQueue) triggerCtrl, triggerQueue, triggerMustSync := trigger.NewController(log, &controllerContext, policies.NewTriggerPolicyChain(clock).Evaluate) - triggerManager := controllerpkg.NewController(ctx, "trigger_controller", metrics, triggerCtrl.ProcessItem, triggerMustSync, nil, triggerQueue) + triggerManager := controllerpkg.NewController("trigger_controller", metrics, triggerCtrl.ProcessItem, triggerMustSync, nil, triggerQueue) return framework.StartInformersAndControllers(t, factory, cmFactory, revisionManager, requestManager, keyManager, triggerManager, readinessManager, issueManager) } diff --git a/test/integration/certificates/issuing_controller_test.go b/test/integration/certificates/issuing_controller_test.go index 52a75a5d4ca..9a1b7b8ff2d 100644 --- a/test/integration/certificates/issuing_controller_test.go +++ b/test/integration/certificates/issuing_controller_test.go @@ -82,7 +82,6 @@ func TestIssuingController(t *testing.T) { ctrl, queue, mustSync := issuing.NewController(logf.Log, &controllerContext) c := controllerpkg.NewController( - ctx, "issuing_test", metrics.New(logf.Log, clock.RealClock{}), ctrl.ProcessItem, @@ -299,7 +298,6 @@ func TestIssuingController_PKCS8_PrivateKey(t *testing.T) { ctrl, queue, mustSync := issuing.NewController(logf.Log, &controllerContext) c := controllerpkg.NewController( - ctx, "issuing_test", metrics.New(logf.Log, clock.RealClock{}), ctrl.ProcessItem, @@ -525,7 +523,6 @@ func Test_IssuingController_SecretTemplate(t *testing.T) { ctrl, queue, mustSync := issuing.NewController(logf.Log, &controllerContext) c := controllerpkg.NewController( - ctx, "issuing_test", metrics.New(logf.Log, clock.RealClock{}), ctrl.ProcessItem, @@ -773,7 +770,6 @@ func Test_IssuingController_AdditionalOutputFormats(t *testing.T) { ctrl, queue, mustSync := issuing.NewController(logf.Log, &controllerContext) c := controllerpkg.NewController( - ctx, "issuing_test", metrics.New(logf.Log, clock.RealClock{}), ctrl.ProcessItem, @@ -1011,7 +1007,7 @@ func Test_IssuingController_OwnerRefernece(t *testing.T) { FieldManager: fieldManager, } ctrl, queue, mustSync := issuing.NewController(logf.Log, &controllerContext) - c := controllerpkg.NewController(ctx, fieldManager, metrics.New(logf.Log, clock.RealClock{}), ctrl.ProcessItem, mustSync, nil, queue) + c := controllerpkg.NewController(fieldManager, metrics.New(logf.Log, clock.RealClock{}), ctrl.ProcessItem, mustSync, nil, queue) stopControllerNoOwnerRef := framework.StartInformersAndController(t, factory, cmFactory, c) defer func() { if stopControllerNoOwnerRef != nil { @@ -1108,7 +1104,7 @@ func Test_IssuingController_OwnerRefernece(t *testing.T) { FieldManager: fieldManager, } ctrl, queue, mustSync = issuing.NewController(logf.Log, &controllerContext) - c = controllerpkg.NewController(ctx, fieldManager, metrics.New(logf.Log, clock.RealClock{}), ctrl.ProcessItem, mustSync, nil, queue) + c = controllerpkg.NewController(fieldManager, metrics.New(logf.Log, clock.RealClock{}), ctrl.ProcessItem, mustSync, nil, queue) stopControllerOwnerRef := framework.StartInformersAndController(t, factory, cmFactory, c) defer stopControllerOwnerRef() diff --git a/test/integration/certificates/metrics_controller_test.go b/test/integration/certificates/metrics_controller_test.go index 7a8da1623c5..381a8407691 100644 --- a/test/integration/certificates/metrics_controller_test.go +++ b/test/integration/certificates/metrics_controller_test.go @@ -104,7 +104,6 @@ func TestMetricsController(t *testing.T) { } ctrl, queue, mustSync := controllermetrics.NewController(&controllerContext) c := controllerpkg.NewController( - ctx, "metrics_test", metricsHandler, ctrl.ProcessItem, diff --git a/test/integration/certificates/revisionmanager_controller_test.go b/test/integration/certificates/revisionmanager_controller_test.go index feeca1a8b5f..a561f598689 100644 --- a/test/integration/certificates/revisionmanager_controller_test.go +++ b/test/integration/certificates/revisionmanager_controller_test.go @@ -62,7 +62,6 @@ func TestRevisionManagerController(t *testing.T) { ctrl, queue, mustSync := revisionmanager.NewController(logf.Log, &controllerContext) c := controllerpkg.NewController( - ctx, "revisionmanager_controller_test", metrics.New(logf.Log, clock.RealClock{}), ctrl.ProcessItem, diff --git a/test/integration/certificates/trigger_controller_test.go b/test/integration/certificates/trigger_controller_test.go index c7a80866fc2..14f80344b26 100644 --- a/test/integration/certificates/trigger_controller_test.go +++ b/test/integration/certificates/trigger_controller_test.go @@ -83,7 +83,6 @@ func TestTriggerController(t *testing.T) { } ctrl, queue, mustSync := trigger.NewController(logf.Log, controllerContext, shouldReissue) c := controllerpkg.NewController( - ctx, "trigger_test", metrics.New(logf.Log, clock.RealClock{}), ctrl.ProcessItem, @@ -190,7 +189,6 @@ func TestTriggerController_RenewNearExpiry(t *testing.T) { // Start the trigger controller ctrl, queue, mustSync := trigger.NewController(logf.Log, controllerContext, shoudReissue) c := controllerpkg.NewController( - logf.NewContext(ctx, logf.Log, "trigger_controller_RenewNearExpiry"), "trigger_test", metrics.New(logf.Log, clock.RealClock{}), ctrl.ProcessItem, @@ -287,7 +285,6 @@ func TestTriggerController_ExpBackoff(t *testing.T) { // Start the trigger controller ctrl, queue, mustSync := trigger.NewController(logf.Log, controllerContext, shoudReissue) c := controllerpkg.NewController( - logf.NewContext(ctx, logf.Log, "trigger_controller_RenewNearExpiry"), "trigger_test", metrics.New(logf.Log, clock.RealClock{}), ctrl.ProcessItem, diff --git a/test/integration/framework/helpers.go b/test/integration/framework/helpers.go index 31a01baf2be..dfca528f548 100644 --- a/test/integration/framework/helpers.go +++ b/test/integration/framework/helpers.go @@ -82,25 +82,25 @@ func StartInformersAndController(t *testing.T, factory internalinformers.KubeInf } func StartInformersAndControllers(t *testing.T, factory internalinformers.KubeInformerFactory, cmFactory cminformers.SharedInformerFactory, cs ...controllerpkg.Interface) StopFunc { - stopCh := make(chan struct{}) + rootCtx, cancel := context.WithCancel(context.Background()) errCh := make(chan error) - factory.Start(stopCh) - cmFactory.Start(stopCh) + factory.Start(rootCtx.Done()) + cmFactory.Start(rootCtx.Done()) group, _ := errgroup.WithContext(context.Background()) go func() { defer close(errCh) for _, c := range cs { func(c controllerpkg.Interface) { group.Go(func() error { - return c.Run(1, stopCh) + return c.Run(1, rootCtx) }) }(c) } errCh <- group.Wait() }() return func() { - close(stopCh) + cancel() err := <-errCh if err != nil { t.Fatal(err) From de54201f6931dc063729b2137f5b23e16875c71c Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Tue, 30 Apr 2024 11:25:46 +0200 Subject: [PATCH 2/3] fix noctx linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .golangci.yaml | 1 - pkg/healthz/healthz_test.go | 4 +++- test/integration/certificates/metrics_controller_test.go | 6 +++++- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.golangci.yaml b/.golangci.yaml index 4a3c8779219..1bf9beac513 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -8,7 +8,6 @@ issues: - exhaustive - nilerr - interfacebloat - - noctx - nilnil - nakedret - musttag diff --git a/pkg/healthz/healthz_test.go b/pkg/healthz/healthz_test.go index 710feb70ab2..c583a049fd4 100644 --- a/pkg/healthz/healthz_test.go +++ b/pkg/healthz/healthz_test.go @@ -277,7 +277,9 @@ func TestHealthzLivezLeaderElection(t *testing.T) { lastResponseBody string ) assert.Eventually(t, func() bool { - resp, err := http.Get(livezURL) + req, err := http.NewRequestWithContext(ctx, http.MethodGet, livezURL, nil) + require.NoError(t, err) + resp, err := http.DefaultClient.Do(req) require.NoError(t, err) defer func() { require.NoError(t, resp.Body.Close()) diff --git a/test/integration/certificates/metrics_controller_test.go b/test/integration/certificates/metrics_controller_test.go index 381a8407691..b351bd80d00 100644 --- a/test/integration/certificates/metrics_controller_test.go +++ b/test/integration/certificates/metrics_controller_test.go @@ -130,7 +130,11 @@ func TestMetricsController(t *testing.T) { } testMetrics := func(expectedOutput string) error { - resp, err := http.DefaultClient.Get(metricsEndpoint) + req, err := http.NewRequestWithContext(ctx, http.MethodGet, metricsEndpoint, nil) + if err != nil { + return err + } + resp, err := http.DefaultClient.Do(req) if err != nil { return err } From 1248be8bba2a8da55421a17323aa33efd49aec37 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Tue, 7 May 2024 12:37:04 +0200 Subject: [PATCH 3/3] add contextcheck linter exceptions Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- cmd/acmesolver/app/app.go | 1 + cmd/cainjector/app/cainjector.go | 1 + cmd/controller/app/start.go | 1 + cmd/startupapicheck/pkg/check/api/api.go | 1 + cmd/webhook/app/webhook.go | 1 + pkg/acme/webhook/cmd/server/start.go | 1 + test/e2e/suite/conformance/certificates/tests.go | 4 ++-- .../suite/conformance/certificatesigningrequests/tests.go | 6 ++++-- 8 files changed, 12 insertions(+), 4 deletions(-) diff --git a/cmd/acmesolver/app/app.go b/cmd/acmesolver/app/app.go index cd638b10230..d2cc96cb6da 100644 --- a/cmd/acmesolver/app/app.go +++ b/cmd/acmesolver/app/app.go @@ -46,6 +46,7 @@ func NewACMESolverCommand(_ context.Context) *cobra.Command { return nil }, + // nolint:contextcheck // False positive RunE: func(cmd *cobra.Command, args []string) error { runCtx := cmd.Context() log := logf.FromContext(runCtx) diff --git a/cmd/cainjector/app/cainjector.go b/cmd/cainjector/app/cainjector.go index ced1eb088d0..41dc2252918 100644 --- a/cmd/cainjector/app/cainjector.go +++ b/cmd/cainjector/app/cainjector.go @@ -100,6 +100,7 @@ servers and webhook servers.`, return nil }, + // nolint:contextcheck // False positive RunE: func(cmd *cobra.Command, args []string) error { return run(cmd.Context(), cainjectorConfig) }, diff --git a/cmd/controller/app/start.go b/cmd/controller/app/start.go index ed5fc18e0a1..e3b4a934371 100644 --- a/cmd/controller/app/start.go +++ b/cmd/controller/app/start.go @@ -110,6 +110,7 @@ to renew certificates at an appropriate time before expiry.`, return nil }, + // nolint:contextcheck // False positive RunE: func(cmd *cobra.Command, args []string) error { return run(cmd.Context(), controllerConfig) }, diff --git a/cmd/startupapicheck/pkg/check/api/api.go b/cmd/startupapicheck/pkg/check/api/api.go index 4c7350a58a7..4ca6cef5374 100644 --- a/cmd/startupapicheck/pkg/check/api/api.go +++ b/cmd/startupapicheck/pkg/check/api/api.go @@ -79,6 +79,7 @@ required webhooks are reachable by the K8S API server.`, PreRunE: func(cmd *cobra.Command, args []string) error { return o.Complete() }, + // nolint:contextcheck // False positive RunE: func(cmd *cobra.Command, args []string) error { return o.Run(cmd.Context(), cmd.OutOrStdout()) }, diff --git a/cmd/webhook/app/webhook.go b/cmd/webhook/app/webhook.go index 5d5565256ea..0009c59e7dc 100644 --- a/cmd/webhook/app/webhook.go +++ b/cmd/webhook/app/webhook.go @@ -107,6 +107,7 @@ functionality for cert-manager.`, return nil }, + // nolint:contextcheck // False positive RunE: func(cmd *cobra.Command, args []string) error { return run(cmd.Context(), webhookConfig) }, diff --git a/pkg/acme/webhook/cmd/server/start.go b/pkg/acme/webhook/cmd/server/start.go index fd953308f65..fce320a1af2 100644 --- a/pkg/acme/webhook/cmd/server/start.go +++ b/pkg/acme/webhook/cmd/server/start.go @@ -66,6 +66,7 @@ func NewCommandStartWebhookServer(_ context.Context, groupName string, solvers . cmd := &cobra.Command{ Short: "Launch an ACME solver API server", Long: "Launch an ACME solver API server", + // nolint:contextcheck // False positive RunE: func(c *cobra.Command, args []string) error { runCtx := c.Context() diff --git a/test/e2e/suite/conformance/certificates/tests.go b/test/e2e/suite/conformance/certificates/tests.go index a0697592d9e..fa60af3215f 100644 --- a/test/e2e/suite/conformance/certificates/tests.go +++ b/test/e2e/suite/conformance/certificates/tests.go @@ -1065,13 +1065,13 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq By("Updating the Certificate after having added an additional dnsName") newDNSName := e2eutil.RandomSubdomain(s.DomainSuffix) retry.RetryOnConflict(retry.DefaultRetry, func() error { - err = f.CRClient.Get(context.Background(), types.NamespacedName{Name: testCertificate.Name, Namespace: testCertificate.Namespace}, testCertificate) + err = f.CRClient.Get(ctx, types.NamespacedName{Name: testCertificate.Name, Namespace: testCertificate.Namespace}, testCertificate) if err != nil { return err } testCertificate.Spec.DNSNames = append(testCertificate.Spec.DNSNames, newDNSName) - err = f.CRClient.Update(context.Background(), testCertificate) + err = f.CRClient.Update(ctx, testCertificate) if err != nil { return err } diff --git a/test/e2e/suite/conformance/certificatesigningrequests/tests.go b/test/e2e/suite/conformance/certificatesigningrequests/tests.go index d7093f25c9e..f837d0ef63f 100644 --- a/test/e2e/suite/conformance/certificatesigningrequests/tests.go +++ b/test/e2e/suite/conformance/certificatesigningrequests/tests.go @@ -393,9 +393,11 @@ func (s *Suite) Define() { // Create the request, and delete at the end of the test By("Creating a CertificateSigningRequest") Expect(f.CRClient.Create(ctx, kubeCSR)).NotTo(HaveOccurred()) + // nolint: contextcheck // This is a cleanup context defer func() { - // nolint: contextcheck // This is a cleanup context - f.CRClient.Delete(context.TODO(), kubeCSR) + cleanupCtx := context.Background() + + f.CRClient.Delete(cleanupCtx, kubeCSR) }() // Approve the request for testing, so that cert-manager may sign the