From eff76bcb151276ad0766f067b9d610b7419bea03 Mon Sep 17 00:00:00 2001
From: Claudio Netto <nettinhorama@gmail.com>
Date: Fri, 22 Oct 2021 16:03:39 -0300
Subject: [PATCH] fix(api/types): generate DNS name default before creating
 Certificate

---
 api/v1alpha1/rpaasinstance.go                 | 35 ++++++++++++++-----
 api/v1alpha1/rpaasinstance_test.go            | 28 ++++++++++-----
 .../controllers/certificates/cert_manager.go  | 14 +-------
 3 files changed, 47 insertions(+), 30 deletions(-)

diff --git a/api/v1alpha1/rpaasinstance.go b/api/v1alpha1/rpaasinstance.go
index 1692ebab9..4bd1e0fdf 100644
--- a/api/v1alpha1/rpaasinstance.go
+++ b/api/v1alpha1/rpaasinstance.go
@@ -4,7 +4,10 @@
 
 package v1alpha1
 
-import "sort"
+import (
+	"fmt"
+	"sort"
+)
 
 const (
 	teamOwnerLabel   = "rpaas.extensions.tsuru.io/team-owner"
@@ -16,25 +19,26 @@ func (i *RpaasInstance) CertManagerRequests() (reqs []CertManager) {
 		return
 	}
 
-	uniqueCerts := make(map[string]CertManager)
+	uniqueCerts := make(map[string]*CertManager)
 	if req := i.Spec.DynamicCertificates.CertManager; req != nil {
-		uniqueCerts[req.Issuer] = *req
+		r := req.DeepCopy()
+		r.DNSNames = r.dnsNames(i)
+		uniqueCerts[r.Issuer] = r
 	}
 
 	for _, req := range i.Spec.DynamicCertificates.CertManagerRequests {
 		r, found := uniqueCerts[req.Issuer]
-		if found {
-			r.DNSNames = append(r.DNSNames, req.DNSNames...)
-			r.IPAddresses = append(r.IPAddresses, req.IPAddresses...)
-			uniqueCerts[req.Issuer] = r
+		if !found {
+			uniqueCerts[req.Issuer] = req.DeepCopy()
 			continue
 		}
 
-		uniqueCerts[req.Issuer] = req
+		r.DNSNames = append(r.DNSNames, req.dnsNames(i)...)
+		r.IPAddresses = append(r.IPAddresses, req.IPAddresses...)
 	}
 
 	for _, v := range uniqueCerts {
-		reqs = append(reqs, v)
+		reqs = append(reqs, *v)
 	}
 
 	sort.Slice(reqs, func(i, j int) bool { return reqs[i].Issuer < reqs[j].Issuer })
@@ -42,6 +46,19 @@ func (i *RpaasInstance) CertManagerRequests() (reqs []CertManager) {
 	return
 }
 
+func (c *CertManager) dnsNames(i *RpaasInstance) (names []string) {
+	if c == nil {
+		return
+	}
+
+	names = append(names, c.DNSNames...)
+	if c.DNSNamesDefault && i.Spec.DNS != nil && i.Spec.DNS.Zone != "" {
+		names = append(names, fmt.Sprintf("%s.%s", i.Name, i.Spec.DNS.Zone))
+	}
+
+	return
+}
+
 func (i *RpaasInstance) SetTeamOwner(team string) {
 	newLabels := map[string]string{teamOwnerLabel: team}
 	i.appendNewLabels(newLabels)
diff --git a/api/v1alpha1/rpaasinstance_test.go b/api/v1alpha1/rpaasinstance_test.go
index c189efe3e..ded329f47 100644
--- a/api/v1alpha1/rpaasinstance_test.go
+++ b/api/v1alpha1/rpaasinstance_test.go
@@ -68,16 +68,23 @@ func TestCertManagerRequests(t *testing.T) {
 					IPAddresses: []string{
 						"10.1.1.1",
 					},
+					DNSNamesDefault: true,
 				},
 				CertManagerRequests: []CertManager{
 					{
-						Issuer: "my-issuer",
-						DNSNames: []string{
-							"custom-domain.my-company.io",
-						},
-						IPAddresses: []string{
-							"10.1.1.2",
-						},
+						Issuer:      "my-issuer",
+						DNSNames:    []string{"custom-domain.my-company.io"},
+						IPAddresses: []string{"10.1.1.2"},
+					},
+					{
+						Issuer:      "another-issuer",
+						DNSNames:    []string{"www.example.com"},
+						IPAddresses: []string{"169.254.254.101"},
+					},
+					{
+						Issuer:      "another-issuer",
+						DNSNames:    []string{"web.example.com"},
+						IPAddresses: []string{"169.254.254.102"},
 					},
 				},
 			},
@@ -85,11 +92,16 @@ func TestCertManagerRequests(t *testing.T) {
 	}
 
 	assert.Equal(t, []CertManager{
+		{
+			Issuer:      "another-issuer",
+			DNSNames:    []string{"www.example.com", "web.example.com"},
+			IPAddresses: []string{"169.254.254.101", "169.254.254.102"},
+		},
 		{
 			Issuer:          "my-issuer",
 			DNSNames:        []string{"default-domain.my-company.io", "custom-domain.my-company.io"},
 			IPAddresses:     []string{"10.1.1.1", "10.1.1.2"},
-			DNSNamesDefault: false,
+			DNSNamesDefault: true,
 		},
 	}, instance.CertManagerRequests())
 
diff --git a/internal/controllers/certificates/cert_manager.go b/internal/controllers/certificates/cert_manager.go
index bebce31ef..8f739fc9e 100644
--- a/internal/controllers/certificates/cert_manager.go
+++ b/internal/controllers/certificates/cert_manager.go
@@ -6,7 +6,6 @@ package certificates
 
 import (
 	"context"
-	"errors"
 	"fmt"
 	"reflect"
 	"strings"
@@ -145,17 +144,6 @@ func getCertificates(ctx context.Context, c client.Client, i *v1alpha1.RpaasInst
 }
 
 func newCertificate(instance *v1alpha1.RpaasInstance, issuer *cmmeta.ObjectReference, req v1alpha1.CertManager) (*cmv1.Certificate, error) {
-	dnsNames := req.DNSNames
-	if len(dnsNames) == 0 && req.DNSNamesDefault {
-		if instance.Spec.DNS == nil || instance.Spec.DNS.Zone == "" {
-			return nil, errors.New("DNS zone not provided")
-		}
-
-		dnsNames = []string{
-			fmt.Sprintf("%s.%s", instance.Name, instance.Spec.DNS.Zone),
-		}
-	}
-
 	return &cmv1.Certificate{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      fmt.Sprintf("%s-%s", instance.Name, cmCertificateName(req)),
@@ -174,7 +162,7 @@ func newCertificate(instance *v1alpha1.RpaasInstance, issuer *cmmeta.ObjectRefer
 		},
 		Spec: cmv1.CertificateSpec{
 			IssuerRef:   *issuer,
-			DNSNames:    dnsNames,
+			DNSNames:    req.DNSNames,
 			IPAddresses: req.IPAddresses,
 			SecretName:  fmt.Sprintf("%s-%s", instance.Name, cmCertificateName(req)),
 		},