diff --git a/pkg/controller/certmanager/deployment_overrides_validation.go b/pkg/controller/certmanager/deployment_overrides_validation.go index 34d4c342a..ede587896 100644 --- a/pkg/controller/certmanager/deployment_overrides_validation.go +++ b/pkg/controller/certmanager/deployment_overrides_validation.go @@ -3,6 +3,7 @@ package certmanager import ( "fmt" "strconv" + "strings" "unsafe" appsv1 "k8s.io/api/apps/v1" @@ -94,7 +95,7 @@ func withContainerArgsValidateHook(certmanagerinformer certmanagerinformer.CertM validateArgs := func(argMap map[string]string, supportedArgs []string) error { for k, v := range argMap { if !slices.Contains(supportedArgs, k) { - return fmt.Errorf("validation failed due to unsupported arg %q=%q", k, v) + return fmt.Errorf("validation failed due to unsupported arg %q=%q; supported args are: %s", k, v, strings.Join(supportedArgs, ", ")) } } return nil @@ -189,7 +190,7 @@ func withContainerEnvValidateHook(certmanagerinformer certmanagerinformer.CertMa validateEnv := func(argMap map[string]corev1.EnvVar, supportedEnv []string) error { for k, v := range argMap { if !slices.Contains(supportedEnv, k) { - return fmt.Errorf("validation failed due to unsupported arg %q=%q", k, v) + return fmt.Errorf("validation failed due to unsupported env var %q=%q; supported env vars are: %s", k, v, strings.Join(supportedEnv, ", ")) } } return nil @@ -238,7 +239,7 @@ func withPodLabelsValidateHook(certmanagerinformer certmanagerinformer.CertManag validateLabels := func(labels map[string]string, supportedLabelKeys []string) error { for k, v := range labels { if !slices.Contains(supportedLabelKeys, k) { - return fmt.Errorf("validation failed due to unsupported label %q=%q", k, v) + return fmt.Errorf("validation failed due to unsupported label %q=%q; supported labels are: %s", k, v, strings.Join(supportedLabelKeys, ", ")) } } return nil @@ -316,12 +317,12 @@ func validateResources(resources v1alpha1.CertManagerResourceRequirements, suppo errs := []error{} for k, v := range resources.Limits { if !slices.Contains(supportedResourceNames, string(k)) { - errs = append(errs, fmt.Errorf("validation failed due to unsupported resource limits %q=%s", k, v.String())) + errs = append(errs, fmt.Errorf("validation failed due to unsupported resource limits %q=%s; supported resources are: %s", k, v.String(), strings.Join(supportedResourceNames, ", "))) } } for k, v := range resources.Requests { if !slices.Contains(supportedResourceNames, string(k)) { - errs = append(errs, fmt.Errorf("validation failed due to unsupported resource requests %q=%s", k, v.String())) + errs = append(errs, fmt.Errorf("validation failed due to unsupported resource requests %q=%s; supported resources are: %s", k, v.String(), strings.Join(supportedResourceNames, ", "))) } } return utilerrors.NewAggregate(errs) diff --git a/pkg/controller/certmanager/deployment_overrides_validation_test.go b/pkg/controller/certmanager/deployment_overrides_validation_test.go index ec7ffd310..8a6ea0ef5 100644 --- a/pkg/controller/certmanager/deployment_overrides_validation_test.go +++ b/pkg/controller/certmanager/deployment_overrides_validation_test.go @@ -309,7 +309,7 @@ func TestWithContainerArgsValidateHook(t *testing.T) { }, }, deploymentName: certmanagerControllerDeployment, - wantErrMsg: `validation failed due to unsupported arg "--totally-unknown-flag"="value"`, + wantErrMsg: `validation failed due to unsupported arg "--totally-unknown-flag"="value"; supported args are: --acme-http01-solver-nameservers, --acme-http01-solver-resource-limits-cpu, --acme-http01-solver-resource-limits-memory, --acme-http01-solver-resource-request-cpu, --acme-http01-solver-resource-request-memory, --dns01-recursive-nameservers, --dns01-recursive-nameservers-only, --v, -V, --metrics-listen-address, --issuer-ambient-credentials, --enable-certificate-owner-ref, --certificate-request-minimum-backoff-duration`, }, { name: "controller accepts performance tuning flags", @@ -546,7 +546,7 @@ func TestWithContainerArgsValidateHook(t *testing.T) { }, }, deploymentName: certmanagerWebhookDeployment, - wantErrMsg: `validation failed due to unsupported arg "--metrics-listen-address"="0.0.0.0:9402"`, + wantErrMsg: `validation failed due to unsupported arg "--metrics-listen-address"="0.0.0.0:9402"; supported args are: --v, -V`, }, { name: "webhook rejects certificate-request-minimum-backoff-duration", @@ -559,7 +559,7 @@ func TestWithContainerArgsValidateHook(t *testing.T) { }, }, deploymentName: certmanagerWebhookDeployment, - wantErrMsg: `validation failed due to unsupported arg "--certificate-request-minimum-backoff-duration"="1m"`, + wantErrMsg: `validation failed due to unsupported arg "--certificate-request-minimum-backoff-duration"="1m"; supported args are: --v, -V`, }, { name: "nil webhook config skips validation", @@ -607,7 +607,7 @@ func TestWithContainerArgsValidateHook(t *testing.T) { }, }, deploymentName: certmanagerCAinjectorDeployment, - wantErrMsg: `validation failed due to unsupported arg "--dns01-recursive-nameservers"="8.8.8.8:53"`, + wantErrMsg: `validation failed due to unsupported arg "--dns01-recursive-nameservers"="8.8.8.8:53"; supported args are: --v, -V`, }, { name: "nil cainjector config skips validation",