The stale certificate bug, tech interview

# The stale certificate bug <https://github.com/jetstack/cert-manager/issues/3250> --- <pre class="stretch" style="font-size: 0.33em;" data-trim data-line-numbers="1-5|8-10|13-15"> user creates | with wrong dns | name | v +-----------------------------+ |kind: Certificate | 1) trigger controller |spec: | sets Issuing = True | dnsNames: | | - google.com | 2) keymanager controller | issuerRef: | creates private key | name: le-prod | |status: | 3) requestmanager controller +-------------------------+ | lastFailureTime: 2020-11-10| creates CertificateRequest |kind: CertificateRequest | +-----------------------------+ -------------------------------->|spec: | | | request: base64(csr) | user fixes | +-------------------------+ the dns name | by updating | v +-----------------------------+ |kind: Certificate | +-------------------------+ |spec: | no update! |kind: CertificateRequest | | dnsNames: |--------------------------------> |spec: | | - rightdomain.org | | request: base64(csr) | | issuerRef: | +-------------------------+ | name: le-prod | |status: | ⚠️ stale certificate request | lastFailureTime: 2020-11-10| +-----------------------------+ </pre>  --- ## Step 1: investigation - Clone project, fight against Bazel 😅 - Figure out how to reproduce the bug manually - Bug reproduced with some `yaml`, let's continue investigating! ![](https://i.imgur.com/d86HpjI.png) --- ## Step 2: reproduce it with a test - Write an e2e test - Debugged CM with `dlv` + `telepresence` ![](https://i.imgur.com/lxcCFVk.png) --- ## Step 3: let's try again - James chimes in, it's due the 1-hour retry delay! - Had to dig much deeper into the codebase ![](https://i.imgur.com/Dhc5w66.png) --- ## Step 4: unit tests! - I dropped the e2e test idea - Easily reproducible through unit tests | | |---| | Must re-issue _iff_ certificate fails + is updated | | Must re-issue even when revision not set yet | | | ![](https://i.imgur.com/LK1mGzI.png) --- ## Step 5: smash that bug - Now works as expected! 🎉 - Something off with the semantics of `revision` 🤔 - No tests around `RequestMatchesSpec` and `DataForCertificate` 😞 - Bazel slow due to protobuf being recompiled every single time 😞