weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
5,200 Commits 45 Branches 0 Tags 96 MiB
05c1fb9fc2
Commit Graph

925 Commits

Author SHA1 Message Date
Maël Valais
05c1fb9fc2 trigger-controller: reissue on mismatch using NextRevisionRequest 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 18:09:28 +02:00
Maël Valais
eb6d1399fc DataForCertificate: the func now fetches NextRevisionRequest 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 18:09:27 +02:00
Maël Valais
9305766ff2 trigger-controller: add two unit tests to showcase #3250 
Note that I had initially made createCryptoBundle public since I found
it inconvenient to have to pass a testing.T when we know that we should
never be  failing inside this func (I mean, the failure  zould not be due
to a wrong test case).

After a comment from Maartje, I realize that I could just use an anonymous
function for that purpose.

Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 18:09:27 +02:00
Maël Valais
747aba056c createCryptoBundle: cert-manager.io/certificate-revision was wrong 
It was set to a pointer value instead of the actual int value.

Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 18:09:27 +02:00
Salman
800d6019bf Replace reflect.DeepEqual with semantic equality check and remove status marshal 
Signed-off-by: salmanahmed404 <salmanahmed404@gmail.com>
 2021-03-27 12:49:14 +05:30
Salman
572bfb9111 Replace reflect.DeepEqual with semantic equality check 
Signed-off-by: salmanahmed404 <salmanahmed404@gmail.com>
 2021-03-27 12:49:14 +05:30
jetstack-bot
19ae739ab7
Merge pull request #3760 from SgtCoDFish/selfsigned-validity-3634 
selfsigned: warn when certs are issued with empty issuer DNs
 2021-03-26 12:30:58 +00:00
Ashley Davis
5e31fa37ff
selfsigned: warn when certs have empty issuer DNs 
as raised in#3634 - RFC 5280 states that the issuer field cannot be
empty, but this could easily happen with selfsigned certs which had
an empty subject (as the issuer matches the subject when the cert is
self signed)

this commit detects when a cert would be issued selfsigned with an
empty subject DN and emits a warning event, allowing cluster operators
to detect the warning and potentially either re-issue to generate a
compliant cert, or else accept the risk.

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2021-03-26 11:51:46 +00:00
jetstack-bot
a8c75fab1a
Merge pull request #3773 from JoshVanL/certificate-revision-history-limit 
Certificate revision history limit
 2021-03-26 11:13:58 +00:00
jetstack-bot
7946df1da7
Merge pull request #3788 from maelvls/refactor-trigger-unit-tests 
Refactor trigger-controller unit tests
 2021-03-25 11:41:36 +00:00
Maël Valais
7e21f730cc PR comment: typo: "the following are" instead of "is" 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Jake Sanders <i@am.so-aweso.me>
 2021-03-25 09:07:45 +01:00
Maël Valais
fe3617a41c PR comment: a sentence starts with a capital letter and ends with a dot 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-03-24 19:19:34 +01:00
joshvanl
fd78593b59 Fixes Certificates revision manager controller name 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-24 17:32:45 +00:00
Omair Khan
68271f105b Certificate Readiness controller will only try to update the 
certificate status if there is a change.

Signed-off-by: OmairK <omairkhan064@gmail.com>
 2021-03-24 20:45:19 +05:30
jetstack-bot
3a367927dc
Merge pull request #3793 from JoshVanL/dont-log-cr-deleted 
Don't log from multiple controllers when a CertificateRequest is deleted
 2021-03-24 13:27:46 +00:00
joshvanl
14d6f0720a Don't log from multiple controllers when a CertificateRequest is deleted 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-23 17:49:52 +00:00
joshvanl
dd0b2bf510 Standardise the name of controllers so there is consistency across the 
project

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-23 16:08:59 +00:00
joshvanl
5983290317 Change the prune and delete list function to certificateRequestsToDelete 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-23 15:57:32 +00:00
Maël Valais
71e707387a trigger-controller: refactor test, inject gatherer and policychain 
Injecting the whole Gatherer struct was not necessary for testing
since DataForCertificate is now fully unit-tested. With that, we
can mock the Gatherer.Evaluate function. Since there is no reason
to inject a full Gatherer object into the trigger controller, I chose
to inject a simple policies.Func. I named the function "shouldReissue"
since this is exactly what this function does.

I also refactored the test cases to use the same gen.Certificate
that we use in the rest of the codebase.

Signed-off-by: Maël Valais <mael@vls.dev>
 2021-03-23 13:55:11 +01:00
Maël Valais
cdb6c16c6d trigger-controller: log a msg when cert must be reissued 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-03-21 16:45:58 +01:00
Ashley Davis
2404aceef4
remove unused function 
this behaviour seems to be handled by translateIngressAnnotations

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2021-03-19 13:59:33 +00:00
joshvanl
65acf10858 Don't log error output in approver when CertificateRequest is deleted 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
32d0c5af4e Updates Approved/Denied tests for new reasons 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
c94ad99731 Updates approver controller to use custom Approved Reason 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
a3e63b1787 Update CertificateRequest controllers to use new Denied type, and add 
tests for when a CertificateRequest is denied

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
09f91a2a99 Update approver controller to use new Denied condition type 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
e62e8c517b Updates CertificateRequest signer tests to check Approved behaviour 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
1d758a5ccf Updates the base CertificateRequest controller to first check for the 
approval condition to be present and set to true, before processing
further

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
2db7582586 Adds CertificateRequest approver controller. This controller will 
currently _always_ set the Approved condition to true on
CertificateRequests

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
2a3509dd9e Adds revisionmanager certificates controller 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-15 14:53:55 +00:00
jetstack-bot
70c66e02a0
Merge pull request #3641 from JoshVanL/certificate-request-identity 
CertificateRequest UserInfo fields
 2021-03-15 14:26:15 +00:00
irbekrm
0047174891 Update PR after rebase 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-03-15 09:00:07 +00:00
irbekrm
a89133b637 Better wording and wrap long comment lines. 
Co-authored-by: Maël Valais <mael@vls.dev>
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-03-15 08:48:23 +00:00
irbekrm
245d0f5c27 Pass DefaultRenewBefore into trigger controller 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-03-15 08:48:02 +00:00
irbekrm
8d5059b13e Updates Trigger controller integration tests 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-03-15 08:47:42 +00:00
irbekrm
9e7cd99ea8 CurrentCertificateNearingExpiry looks at x509 cert to determine renewal time 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-03-15 08:44:14 +00:00
jetstack-bot
9f343ec581
Merge pull request #3475 from maelvls/unit-test-dataforcertificate 
DataForCertificate: add unit tests
 2021-03-09 18:13:51 +00:00
jetstack-bot
c2634d3538
Merge pull request #3613 from JoshVanL/certificate-condition-observed-generation 
Certificate condition observed generation
 2021-03-08 09:47:45 +00:00
Maël Valais
f6cb6b8787 ocspServers test: give a link to the TODO issue 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-03-05 16:57:38 +01:00
Maël Valais
97893e1c69 PR comment: fix misspelling 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-03-05 16:42:48 +01:00
jetstack-bot
75a46ff90b
Merge pull request #3731 from jsoref/spelling 
Spelling
 2021-03-05 13:58:40 +00:00
Josh Soref
edda3b39e3 spelling: violations 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-03-04 13:04:38 -05:00
Josh Soref
ae06c26202 spelling: secret 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-03-04 13:04:38 -05:00
Josh Soref
4d84a7fbb1 spelling: preferred 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-03-04 13:04:38 -05:00
Josh Soref
a11c7873f1 spelling: object 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-03-04 13:04:38 -05:00
Josh Soref
d5eca4e4e3 spelling: normalize 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-03-04 13:04:38 -05:00
joshvanl
39a50a1903 Updates unit certificate controller tests to include ObservedGeneration 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-04 17:04:09 +00:00
Maël Valais
0facd3bdd4 ocspServers field: fix flaky unit test 
Truncating the time to the second did not seem to be enough. Some CI
builds would fail due to the truncation yielding different times.

Instead of truncating, I propose to use a delta of 1 second.

Signed-off-by: Maël Valais <mael@vls.dev>
 2021-03-04 17:20:51 +01:00
Maël Valais
34c07a71ce DataForCertificate: force core/v1 informer to create the indexer 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-03-04 17:20:50 +01:00
Maël Valais
ac325bf4e0 PR comment: spelling 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-03-04 17:20:50 +01:00