cert-manager

Author	SHA1	Message	Date
Richard Wall	0ea258327d	Fix gosec G505 Signed-off-by: Richard Wall <richard.wall@venafi.com>	2024-01-02 10:10:11 +00:00
jetstack-bot	5615de61ee	Merge pull request #6563 from inteon/hide_deprecated_flags Hide deprecated CLI flags	2023-12-27 09:59:59 +00:00
jetstack-bot	5e09dd3059	Merge pull request #6561 from inteon/parse_certificate_chain Certificate chain parsing	2023-12-27 09:59:53 +00:00
jetstack-bot	c7714e65f0	Merge pull request #6551 from wallrj/gosec-601 Fix gosec G601: Implicit memory aliasing of items from a range statement	2023-12-20 18:21:37 +00:00
Richard Wall	4de9e956e5	Fix gosec G601: Implicit memory aliasing of items from a range statement Signed-off-by: Richard Wall <richard.wall@venafi.com>	2023-12-20 17:25:41 +00:00
Tim Ramlot	f60a61bde1	hide deprecated flags Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-12-20 10:25:35 +01:00
Tim Ramlot	f2af5672ee	add additional validation checks Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-12-20 10:13:11 +01:00
Tim Ramlot	cd58042746	improve the algorithm and add prevent DOS Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-12-20 10:13:11 +01:00
Tim Ramlot	c81609cdef	move certificate chain parsing to seperate file Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-12-20 10:13:07 +01:00
Adam Talbot	247a034116	feat: update gateway api to v1 Signed-off-by: Adam Talbot <adam.talbot@venafi.com>	2023-12-18 21:00:42 +00:00
Allen Mun	9b09aa87a7	Add flag and field to customize leaf duration on dynamic certificates Signed-off-by: Allen Mun <allen.mun@capitalone.com>	2023-12-13 15:45:52 -05:00
Tim Ramlot	849b6bda9e	add tests & final cleanup Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-12-12 15:57:07 +01:00
Tim Ramlot	cfaf3f338e	cleanup code Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-12-12 13:47:55 +01:00
tanujd11	da84cf5b88	fix: imports Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-12 17:10:32 +05:30
tanujd11	652feb50cc	Addressed review comments Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-12 17:05:33 +05:30
tanujd11	5f0a715863	add nameConstraints from openssl Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-12 00:40:45 +05:30
tanujd11	bc75f8488d	fix: structure of nameconstraint in CSR Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-11 18:00:15 +05:30
tanujd11	a29a5913d0	addressed review comments Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-07 23:42:35 +05:30
tanujd11	28ca4312b3	fix: additional review comments Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-07 22:30:31 +05:30
tanujd11	8d362439a8	fix UTs Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-07 22:30:31 +05:30
tanujd11	84d7dd4aed	Addressed review comments Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-07 22:30:31 +05:30
tanujd11	d1b3e5ca83	Move critical from NameConstraintItem to NameConstraint and remove validateNameConstraints Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-07 22:30:29 +05:30
tanujd11	adb9311f56	validate name constraint before signing CSR Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-07 22:29:45 +05:30
tanujd11	50d84c1bbc	nits: added new line at EOF and comment fix Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-07 22:27:42 +05:30
tanujd11	589030dec1	feature: added name constraints Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-07 22:27:31 +05:30
jetstack-bot	e7e3e5f4de	Merge pull request #6534 from wallrj/server-timeout Mitigate potential Slowloris attacks by setting ReadHeaderTimeout in all http.Server instances	2023-12-07 13:28:05 +01:00
Richard Wall	8bed166858	Add ReadHeaderTimeout to all http.Server where that setting is missing Signed-off-by: Richard Wall <richard.wall@venafi.com>	2023-12-07 11:42:22 +00:00
Tim Ramlot	767764d598	refactor GenerateCSR and deprecated the helper functions Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-12-06 18:16:19 +01:00
Tim Ramlot	6f7ebbed7b	replace deprecated pkcs12 function call with pkcs12.LegacyRC2 Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-11-27 12:32:19 +01:00
jetstack-bot	630dba760a	Merge pull request #6498 from inteon/fix_webhook_bug BUGFIX: Limit webhook admission input	2023-11-22 15:00:40 +01:00
jetstack-bot	c9e028f3db	Merge pull request #6347 from lauraseidler/fix/gateway-warning-http Do not process Gateway listeners that do not support TLS	2023-11-17 16:18:19 +01:00
Tim Ramlot	073d90611e	limit webhook admission input Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-11-17 14:23:57 +01:00
Jeremy Campbell	dc876fef16	Add x509 v3 CA Issuers Extension Signed-off-by: Jeremy Campbell <jeremy.campbell@okta.com>	2023-11-16 12:45:16 -06:00
jetstack-bot	6fddbe538f	Merge pull request #6433 from vinny-sabatini/issue-5782 fix error message when setting up vault issuer	2023-11-14 16:30:01 +01:00
jetstack-bot	d2f6bbe579	Merge pull request #6028 from inteon/fix_scheme_errors Stop using global runtime.Scheme variables	2023-11-06 22:57:09 +01:00
Tim Ramlot	4c94f3ef10	create ad-hoc schemes instead of sharing global ones Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-11-06 21:58:24 +01:00
Richard Wall	9b5dd86084	Configure HTTP01 solver Pod with readOnlyRootFilesystem Signed-off-by: Richard Wall <richard.wall@venafi.com>	2023-10-31 14:47:24 +00:00
Vinny Sabatini	d15e55a16c	Update pkg/issuer/vault/setup.go Co-authored-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> Signed-off-by: Vinny Sabatini <vincent.sabatini@gmail.com>	2023-10-24 09:52:52 -05:00
Vinny Sabatini	ef6ef1f0db	additional improvements to vault issuer error messages When initializing a Vault issuer: * Create different error messages depending on if Vault is sealed or not initialized * Do not explicitly parse the Vault server URL (this is covered when trying to access health endpoint) Signed-off-by: Vinny Sabatini <vincent.sabatini@kohls.com>	2023-10-20 16:36:11 -05:00
Vincent Sabatini	298ceb3b2a	fix error message when setting up vault issuer * Ensure Vault URL can be parsed * Separate generic http errors from vault specific errors when checking health endpoint Signed-off-by: Vincent Sabatini <vincent.sabatini@gmail.com>	2023-10-19 08:23:04 -05:00
Max Brauer	432430b311	Rename webhookConfig to controllerConfig Signed-off-by: Max Brauer <mbrauer@vmware.com>	2023-10-18 15:28:14 +02:00
Tim Ramlot	15bc387da6	make changes based on feedback Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-10-13 19:42:13 +02:00
Tim Ramlot	e63d061269	add tests Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-10-11 13:48:01 +02:00
Tim Ramlot	d40dae9d67	Fix DuplicateSecretName issue Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-10-11 13:47:44 +02:00
Laura Seidler	6ac88fd6b9	Do not process Gateway listeners that do not support TLS Otherwise, these will raise warnings in the next steps (e.g. about empty TLS blocks, which are not supported for HTTP listeners). Signed-off-by: Laura Seidler <hello@laura-seidler.de>	2023-10-11 12:48:55 +02:00
Laura Seidler	6240ecbea3	Add test case to explicitly support TLS listeners Signed-off-by: Laura Seidler <hello@laura-seidler.de>	2023-10-11 12:48:45 +02:00
Laura Seidler	9165f186cb	Use constants instead of strings for gateway protocol types These were already used in some places, this makes the usage more consistent and easier to grep where different protocols are being used. Signed-off-by: Laura Seidler <hello@laura-seidler.de>	2023-10-11 12:48:39 +02:00
Maël Valais	d1d92b6398	venafi: ResetCertificate wasn't working Signed-off-by: Maël Valais <mael@vls.dev>	2023-10-06 16:24:15 +02:00
jetstack-bot	df4d15ce4a	Merge pull request #6053 from inteon/critical_change Make KeyUsage and BasicConstraints Critical extensions in the CSR blob	2023-10-05 17:13:56 +02:00
Tim Ramlot	e5f50002e1	introduce configfile for cainjector options Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-09-28 12:56:11 +02:00

1 2 3 4 5 ...

3257 Commits