Feature Request: Add volumeAttributes to the generated CertificateRequest

[Cisien]

I have a custom external issuer that requires the collection of non-standard data as part of the certificate request. I have implemented this in the issuer as annotations on the Certificate CRD, which get passed on to the CertificateRequest and subsequently on to my external issuer.

When using the CSI driver, there is no way to influence the attributes passed on to the CertificateRequest, therefore this issue is asking for this scenario to be supported.

        - name: my-cert-via-csi-driver
          csi:
            readOnly: true
            driver: csi.cert-manager.io
            volumeAttributes:
              csi.cert-manager.io/issuer-name: external-custom-issuer
              csi.cert-manager.io/issuer-kind: ExternalCustomIssuer
              csi.cert-manager.io/issuer-group: external.custom.issuer.com
              csi.cert-manager.io/common-name: not-used
              csi.cert-manager.io/duration: 8760h
              csi.cert-manager.io/renew-before: 8759h
              external.custom.issuer.com/serviceId: 12d780c0-4c9d-4fbc-a54b-ad88f120e4c7
              external.custom.issuer.com/teamName: TestTeam1
              external.custom.issuer.com/serviceName: TestService1
              external.custom.issuer.com/environment: DEV

In the above example, I would expect the non-cert-manager annotations to be forwarded on to the certificate requests. instead the annotations list is set to nil. (see https://github.com/cert-manager/csi-driver/blob/main/pkg/requestgen/generator.go#L94)

I may be missing something obvious, or a better way to supplying this custom data. If not I would be happy to contribute a PR if this suggestion is appropriate.

Edit to add an example of what i'd like to see. I have validated this locally.

diff --git a/pkg/requestgen/generator.go b/pkg/requestgen/generator.go
index 8ae241a..6bc069a 100644
--- a/pkg/requestgen/generator.go
+++ b/pkg/requestgen/generator.go
@@ -72,6 +72,15 @@ func RequestForMetadata(meta metadata.Metadata) (*manager.CertificateRequestBund
        if err != nil {
                return nil, fmt.Errorf("%q: %w", csiapi.IPSANsKey, err)
        }
+       passthroughAnnotations := make(map[string]string)
+
+       for key, val := range attrs {
+               group := strings.Split(key, "/")[0]
+
+               if group != "csi.cert-manager.io" {
+                       passthroughAnnotations[key] = val
+               }
+       }

        return &manager.CertificateRequestBundle{
                Request: &x509.CertificateRequest{
@@ -91,7 +100,7 @@ func RequestForMetadata(meta metadata.Metadata) (*manager.CertificateRequestBund
                        Kind:  attrs[csiapi.IssuerKindKey],
                        Group: attrs[csiapi.IssuerGroupKey],
                },
-               Annotations: nil,
+               Annotations: passthroughAnnotations,
        }, nil
 }

Again, i'm happy to PR this change, and welcome feedback. There is probably no reason to omit the csi.cert-manager.io namespaced attributes.

Edit: PR link: #212

[Cisien]

Closed by #212 merged