weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
7,145 Commits 45 Branches 0 Tags 96 MiB
0b2cdf5a40
Commit Graph

7145 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
joshvanl
0b2cdf5a40 Adds e2e tests for CertificateRequest self signing controller; focussing 
on requests being re-synced when the target Secret is up

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-08-09 08:40:05 +01:00
joshvanl
ccf579cf31 Adds extra informer for the CertificateRequest SelfSigned controller, 
so that CertificateRequets will be re-synced on informed Secrets which
are referenced with "cert-manager.io/private-key-secret-name"

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-08-09 08:39:50 +01:00
jetstack-bot
58b226e06c
Merge pull request #5163 from james-callahan/webhook-dynamic-serving-dns-names 
Webhook dynamic serving dns names
 2022-08-08 13:57:50 +01:00
jetstack-bot
07677c57bc
Merge pull request #5366 from munnerz/privatekey-regen-test 
Ensures CertificateRequests marked as 'InvalidRequest' are properly handled as failures & retried
 2022-08-05 16:23:30 +01:00
James Munnelly
ddc19a1c57 Fix comment 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-08-05 15:52:52 +01:00
jetstack-bot
88bda66693
Merge pull request #5345 from inteon/ginkgo_v2 
Upgrade to Ginkgo v2
 2022-08-04 21:06:15 +01:00
jetstack-bot
f058c815a3
Merge pull request #5364 from inteon/go1.19_fmt 
Apply go fmt for go1.19
 2022-08-04 14:42:14 +01:00
James Munnelly
2de5135e18 Fix test flake 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-08-04 14:15:49 +01:00
jetstack-bot
b52d116fa4
Merge pull request #5363 from inteon/gotestsum_junit 
Output junit xml using gotestsum
 2022-08-04 12:46:14 +01:00
James Munnelly
7b4d04cdef bugfix: fix issue where CertificateRequests marked InvalidRequest were not properly marked as Failed 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-08-04 12:21:41 +01:00
James Munnelly
e62bfaf367 Add test to check InvalidRequest handling for certificates 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-08-04 12:21:41 +01:00
James Munnelly
51014e5752 Add integration test for regenerating private key for each CR upon failure 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-08-04 12:21:41 +01:00
James Munnelly
099a52ffe3 integration framework: add StartInformersAndControllers 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-08-04 12:21:41 +01:00
James Munnelly
11ada1d3d3 rename policyEvaluator->BuildReadyConditionFromChain 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-08-04 12:21:41 +01:00
Tim Ramlot
ba9a6bd5b3 add pruning logic for gotestsum junit xml output 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2022-08-04 11:15:18 +00:00
jetstack-bot
b7c47298a0
Merge pull request #5362 from inteon/simplify_manifest 
Simplify static manifest generation
 2022-08-04 11:25:14 +01:00
Tim Ramlot
a8743628a4 only print Helm install output on error 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2022-08-04 10:21:27 +00:00
Tim Ramlot
501277bb62 bugfix ginkgo: make tests deterministic, don't use maps to define testCases 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2022-08-04 10:16:29 +00:00
Tim Ramlot
9897f2355c upgrade ginkgo to v2 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2022-08-04 10:16:29 +00:00
Tim Ramlot
93caba980e apply go fmt for go1.19 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2022-08-04 09:51:57 +00:00
jetstack-bot
fda92d7c80
Merge pull request #5358 from SgtCoDFish/checkvulns 
Add Trivy scanning make targets
 2022-08-04 10:27:14 +01:00
Tim Ramlot
aabe2fc5d1 simplify static manifest generation 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2022-08-04 06:54:11 +00:00
Tim Ramlot
f6a381d247 replace 'github.com/onsi/ginkgo' with 'github.com/onsi/ginkgo/v2' 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2022-08-03 15:28:23 +00:00
jetstack-bot
12342d88e5
Merge pull request #5361 from SgtCoDFish/fixcves 
Fix containerd / go-restful CVEs
 2022-08-03 16:17:16 +01:00
Ashley Davis
ea9a46a16a
add trivy scan targets 
These enable scanning of each of our container images on linux/amd64
to check for vulnerabilities. These targets can then be used in CI as
an indicator that we might need to take a look at upgrading dependencies
or base images.

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-08-03 15:57:28 +01:00
Ashley Davis
2636a638bf
replace go-restful version with patched version 
for details, see the comment on the `replace` directive

see also this slack thread:

https://kubernetes.slack.com/archives/CDEQJ0Q8M/p1659536441504649?thread_ts=1659532155.184479&cid=CDEQJ0Q8M

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-08-03 15:33:54 +01:00
Ashley Davis
6985cd5e5a
update containerd dependency to fix CVE 
CVE-2022-31030 and GHSA-5ffw-gxpp-mxpf

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-08-03 15:25:05 +01:00
jetstack-bot
0c15857645
Merge pull request #5360 from SgtCoDFish/fixxnet 
Fix `/x/net` and `/x/sys`
 2022-08-03 15:17:16 +01:00
Ashley Davis
01d8994f38
remove replacement for /x/net and update /x/net + /x/sys 
the replaced version had several CVEs as reported by Trivy:

CVE-2021-44716 - golang.org/x/net:
golang: net/http: limit growth of header canonicalization cache

CVE-2021-31525 - golang.org/x/net:
golang: net/http: panic in ReadRequest and ReadResponse when reading a
very large header

CVE-2022-29526 - golang.org/x/sys:
golang: syscall: faccessat checks wrong group

this commit fixes those reported CVEs

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-08-03 14:44:06 +01:00
Ashley Davis
e4dca7a930
add go.mod and go.sum as sources 
this will trigger binaries to be rebuilt when go.mod and go.sum change

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-08-03 14:24:36 +01:00
jetstack-bot
aeae4b35fc
Merge pull request #5354 from cert-manager/add-inteon-as-maintainer 
add inteon to OWNERS
 2022-08-01 15:28:23 +01:00
Joakim Ahrlin
1f6e3aed92
add inteon to ONWERS 
Signed-off-by: Joakim Ahrlin <joakim.ahrlin@gmail.com>
 2022-08-01 14:12:31 +02:00
jetstack-bot
bdaa653a8a
Merge pull request #5352 from SgtCoDFish/straggler 
Remove straggling BUILD.bazel file
 2022-08-01 10:18:22 +01:00
Ashley Davis
d53689c181
remove straggling BUILD.bazel file 
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-08-01 09:40:58 +01:00
jetstack-bot
e58b47f345
Merge pull request #5340 from SgtCoDFish/byebazel 
Remove bazel 🎉
 2022-07-27 09:13:05 +01:00
jetstack-bot
7084236430
Merge pull request #5339 from JoshVanL/5334-route-53-dont-reject-missing-secret 
Remove incorrect Route53 validation on AccessKeyID and SecretAccessKeyID
 2022-07-26 12:28:12 +01:00
joshvanl
4138aa8986 Add code comment which states that it is valid to use neither an 
AccessKeyID or AccessKeySecretRef

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-07-26 11:56:13 +01:00
joshvanl
0c60503cc3 In PR https://github.com/cert-manager/cert-manager/pull/5194, we 
introduced a validation whereby an issuer would be rejected if it did
not contain AccessKeyID or SecretAccessKeyID when using the route53 DNS
solver. This is incorrect, since neither should need to be defined when
using AWS ambient credentials.

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-07-26 11:51:16 +01:00
Daniel Quackenbush
54e1da255c remove issue error if role is specified 
Signed-off-by: Dan Quackenbush<25692880+danquack@users.noreply.github.com>
 2022-07-26 11:49:57 +01:00
Ashley Davis
fb231ab641
Remove bazel 🎉 
This removes all .bazel and .bzl files, and a bunch of scripts relating
to bazel, now that it's been entirely replaced.

There are still a few places where traces could be removed, but this
removes the brunt of the bazel stuff that remains.

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-07-26 11:38:50 +01:00
jetstack-bot
ca9e48c7e3
Merge pull request #5323 from JoshVanL/controllers-certificatesigningrequests-selfsigned-no-fail-missing-secret 
[SelfSigned] CertificateSigningRequest: don't mark failed when referenced Secret doesn't exist
 2022-07-21 15:58:56 +01:00
jetstack-bot
a9c1e6aea7
Merge pull request #5329 from JoshVanL/test-flake-controllers-certificates-issuing-internal-manypasswordslengths 
Test Flake: TestManyPasswordLengths: pre-create password test cases outside of concurrent tests
 2022-07-21 10:21:39 +01:00
jetstack-bot
fca26af20c
Merge pull request #5325 from JoshVanL/test-e2e-flake-certificate-request-approval 
E2E test flakes: CertificateRequest Approval
 2022-07-21 09:36:40 +01:00
joshvanl
91e0a5ceca TestManyPasswordLengths: pre-create password test cases outside of 
concurrent tests

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-07-21 09:30:28 +01:00
jetstack-bot
1053adf904
Merge pull request #5321 from SgtCoDFish/corecmroadmap 
Add "shrinking core" to roadmap
 2022-07-20 16:45:14 +01:00
joshvanl
1f2ba6d7f7 Update the approval e2e tests so that transient client request errors 
are retried, and correctly check the error returned is expected when
appropriate.

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-07-20 16:31:11 +01:00
Jake Sanders
bdd626f481
Add suggestion from code review 
Co-authored-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-07-20 16:08:57 +01:00
joshvanl
bbc6823163 When a CertificateSigningRequest using the SelfSigned issuer references 
a Secret which does not exist, return error, rather than marking the
request as failed.

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-07-20 13:39:11 +01:00
jetstack-bot
519d4dd803
Merge pull request #5318 from JoshVanL/test-e2e-flake-secret-template 
E2E test flakes: SecretTemplate
 2022-07-20 13:37:13 +01:00
Ashley Davis
284b4716b1
add shrinking core to roadmap 
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-07-20 12:55:52 +01:00