weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
5,086 Commits 45 Branches 0 Tags 96 MiB
09f91a2a99
Commit Graph

2159 Commits

Author SHA1 Message Date
joshvanl
09f91a2a99 Update approver controller to use new Denied condition type 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
4e042011e6 Adds CertificateRequest approval condition validation to ensure: 
- Only a single Approve _or_ Deny condition may exist
- They cannot be modified once set
- They must always have a status of `True`

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
5df29e41e7 Updates api/util CertificateRequest approved helpers to use new 
condition type

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
417b947733 Updates CertificateRequest conditions to include a distinct 'Denied' 
condition type

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
e62e8c517b Updates CertificateRequest signer tests to check Approved behaviour 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
1d758a5ccf Updates the base CertificateRequest controller to first check for the 
approval condition to be present and set to true, before processing
further

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
2db7582586 Adds CertificateRequest approver controller. This controller will 
currently _always_ set the Approved condition to true on
CertificateRequests

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
0ef25daeb3 Adds helper CertificateRequest api/util funcs for checking approval 
condition

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
d61ccb1730 Adds CertificateRequest Approved condition type, with Approved and 
Denied Reasons

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
e6ece1f36b Updates Issuer CRDs with new ObservedGeneration field 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-15 15:06:22 +00:00
joshvanl
160b16e68b Updates issuer condition update consumers to use new observedGeneration 
signature

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-15 15:06:21 +00:00
joshvanl
99138733ad Adds observedGeneration to issuer condition update function 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-15 15:04:00 +00:00
joshvanl
ba50140aa2 Updates generated clients 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-15 15:04:00 +00:00
joshvanl
f905f6a2aa Adds ObservedGeneration to issuer condition status 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-15 15:04:00 +00:00
jetstack-bot
70c66e02a0
Merge pull request #3641 from JoshVanL/certificate-request-identity 
CertificateRequest UserInfo fields
 2021-03-15 14:26:15 +00:00
irbekrm
0047174891 Update PR after rebase 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-03-15 09:00:07 +00:00
irbekrm
a89133b637 Better wording and wrap long comment lines. 
Co-authored-by: Maël Valais <mael@vls.dev>
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-03-15 08:48:23 +00:00
irbekrm
245d0f5c27 Pass DefaultRenewBefore into trigger controller 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-03-15 08:48:02 +00:00
irbekrm
8d5059b13e Updates Trigger controller integration tests 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-03-15 08:47:42 +00:00
irbekrm
9e7cd99ea8 CurrentCertificateNearingExpiry looks at x509 cert to determine renewal time 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-03-15 08:44:14 +00:00
joshvanl
4dd6d19011 Adds review comment suggestions/cleanup 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-11 19:12:02 +00:00
joshvanl
1b82802159 Changes Vault error messages with auth has been misconfigured for each 
method

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-11 11:19:00 +00:00
jetstack-bot
9f343ec581
Merge pull request #3475 from maelvls/unit-test-dataforcertificate 
DataForCertificate: add unit tests
 2021-03-09 18:13:51 +00:00
Ashley Davis
ef2006d7b6
skip clouddns test when gcloud isn't initialized 
If gcloud hasn't been installed, or if it has but the default application credential file
at .config/gcloud/application_default_credentials.json hasn't been configured, this test
would segfault since the assertion at the start fails but doesn't stop the test

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2021-03-09 14:54:12 +00:00
jetstack-bot
c2634d3538
Merge pull request #3613 from JoshVanL/certificate-condition-observed-generation 
Certificate condition observed generation
 2021-03-08 09:47:45 +00:00
Maël Valais
f6cb6b8787 ocspServers test: give a link to the TODO issue 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-03-05 16:57:38 +01:00
Maël Valais
97893e1c69 PR comment: fix misspelling 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-03-05 16:42:48 +01:00
jetstack-bot
75a46ff90b
Merge pull request #3731 from jsoref/spelling 
Spelling
 2021-03-05 13:58:40 +00:00
Josh Soref
e9fe56594c spelling: wrapped 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-03-04 13:04:38 -05:00
Josh Soref
3b957488c3 spelling: will 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-03-04 13:04:38 -05:00
Josh Soref
edda3b39e3 spelling: violations 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-03-04 13:04:38 -05:00
Josh Soref
cb22798289 spelling: validate 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-03-04 13:04:38 -05:00
Josh Soref
1cd3ab0db8 spelling: tenant 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-03-04 13:04:38 -05:00
Josh Soref
ae06c26202 spelling: secret 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-03-04 13:04:38 -05:00
Josh Soref
d848dfe105 spelling: prometheus 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-03-04 13:04:38 -05:00
Josh Soref
4d84a7fbb1 spelling: preferred 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-03-04 13:04:38 -05:00
Josh Soref
a11c7873f1 spelling: object 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-03-04 13:04:38 -05:00
Josh Soref
d5eca4e4e3 spelling: normalize 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-03-04 13:04:38 -05:00
Josh Soref
895cb51ed9 spelling: nonexistent 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-03-04 13:04:38 -05:00
Josh Soref
6b3cf75fdf spelling: instrumented 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-03-04 13:04:38 -05:00
joshvanl
39a50a1903 Updates unit certificate controller tests to include ObservedGeneration 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-04 17:04:09 +00:00
joshvanl
ca60357df3 Adds ObservedGeneration to SetCertificateCondition func 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-04 17:03:26 +00:00
joshvanl
6b551b2add Updates generated conversion for OverservedGeneration 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-04 17:03:26 +00:00
joshvanl
efdb73b446 Adds ObservedGeneration int64 field to Certificate Conditions 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-04 17:03:26 +00:00
Maël Valais
0facd3bdd4 ocspServers field: fix flaky unit test 
Truncating the time to the second did not seem to be enough. Some CI
builds would fail due to the truncation yielding different times.

Instead of truncating, I propose to use a delta of 1 second.

Signed-off-by: Maël Valais <mael@vls.dev>
 2021-03-04 17:20:51 +01:00
Maël Valais
34c07a71ce DataForCertificate: force core/v1 informer to create the indexer 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-03-04 17:20:50 +01:00
Maël Valais
ac325bf4e0 PR comment: spelling 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-03-04 17:20:50 +01:00
Maël Valais
680c7b75f6 DataForCertificate: use fake clientset instead of fake lister 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-03-04 17:20:45 +01:00
Maël Valais
46e9cb6c5b DataForCertificates: remove unused "name" field 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-03-04 17:19:02 +01:00
Maël Valais
3af2cb6650 DataForCertificate: expand comments around expectCalled 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-03-04 17:19:02 +01:00