cert-manager

Author	SHA1	Message	Date
Tim Ramlot	dd4f5f4e39	fix unparam linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-04-30 10:47:21 +02:00
Tim Ramlot	ae98ba806b	fix gocritic linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-04-29 15:50:47 +02:00
Tim Ramlot	9db044b232	fix gci linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-04-29 13:47:25 +02:00
Erik Godding Boye	003c1b12e8	Promote AdditionalCertificateOutputFormats feature gate to Beta and enable by default Signed-off-by: Erik Godding Boye <egboye@gmail.com>	2024-04-28 17:29:35 +02:00
cert-manager-prow[bot]	410b7a6ffb	Merge pull request #6963 from inteon/graduate_DisallowInsecureCSRUsageDefinition Graduate 'DisallowInsecureCSRUsageDefinition' to GA (part 2)	2024-04-26 17:22:35 +00:00
cert-manager-prow[bot]	4fe21418f1	Merge pull request #6961 from ThatsMrTalbot/feat/graduate-gateway-api-to-beta feat: graduate gateway-api to beta and enable by default	2024-04-26 14:27:34 +00:00
Tim Ramlot	38cd0accdb	graduate 'DisallowInsecureCSRUsageDefinition' to GA Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-04-26 16:14:31 +02:00
findnature	f9f2e1cd8f	chore: remove repetitive words Signed-off-by: findnature <cricis@aliyun.com>	2024-04-26 10:00:43 +08:00
Adam Talbot	a7f089b64c	feat: graduate gateway-api to beta and enable by default Signed-off-by: Adam Talbot <adam.talbot@venafi.com>	2024-04-25 17:05:58 +01:00
Youngjun	237dfd9f0d	refectoring: remove unnecessary code Signed-off-by: Youngjun <yj.yoo@okestro.com>	2024-04-22 14:24:59 +09:00
Tim Ramlot	968cefe02f	improve CertificateOwnsSecret and add tests Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-01-05 16:24:59 +01:00
Tim Ramlot	78a5032d2c	fix bug in CertificateOwnsSecret and add unit test Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-01-05 12:59:39 +01:00
Tim Ramlot	41404a7fd7	rename UseCertificateRequestNameConstraints to NameConstraints Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-01-03 15:49:18 +01:00
SpectralHiss	4bdee5f010	Rename otherNameSANs to otherNames * Improve the CRD godoc comments Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>	2023-12-13 16:21:56 +00:00
Tim Ramlot	7b7912022a	Add feature gate Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-12-13 09:16:06 +00:00
tanujd11	adb9311f56	validate name constraint before signing CSR Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-07 22:29:45 +05:30
tanujd11	589030dec1	feature: added name constraints Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-07 22:27:31 +05:30
Tim Ramlot	4c94f3ef10	create ad-hoc schemes instead of sharing global ones Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-11-06 21:58:24 +01:00
Tim Ramlot	c51b23497d	update the Condition Message for IncorrectCertificate Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-10-17 17:43:26 +02:00
Tim Ramlot	b6ba4ded86	add test for SecretCertificateNameAnnotationsMismatch Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-10-17 17:31:38 +02:00
Tim Ramlot	15bc387da6	make changes based on feedback Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-10-13 19:42:13 +02:00
Tim Ramlot	61bdecf68a	only sort the duplicates Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-10-11 14:05:50 +02:00
Tim Ramlot	d40dae9d67	Fix DuplicateSecretName issue Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-10-11 13:47:44 +02:00
jetstack-bot	3216d18f84	Merge pull request #6298 from inteon/feature_gates Feature gates: promote StableCertificateRequestName and SecretsFilteredCaching to Beta	2023-08-30 19:25:45 +02:00
Tim Ramlot	b5dc93c6e3	make myself the owner of StableCertificateRequestName, meaning I will continue developing this feature to GA Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-08-30 18:36:42 +02:00
Tim Ramlot	cf8e37291a	replace k8s.io/utils/pointer with k8s.io/utils/ptr Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-08-28 09:33:10 +02:00
Tim Ramlot	882b771f55	promote StableCertificateRequestName and SecretsFilteredCaching to Beta Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-08-25 21:32:08 +02:00
Tim Ramlot	c70d9aba08	Rename DontAllowInsecureCSRUsageDefinition feature flag to DisallowInsecureCSRUsageDefinition and make it a Beta flag. Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-08-25 15:18:14 +02:00
Tim Ramlot	1795c1985f	more clearly indicate that the example is a template Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-08-25 14:38:24 +02:00
Tim Ramlot	f158e1dfac	cleanup featuregate comments Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-08-25 09:36:47 +02:00
Tim Ramlot	36ddf19e2e	improve Trigger, Readiness and PostIssuance Policy chains Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-07-24 09:42:19 +02:00
jetstack-bot	843deed22f	Merge pull request #6199 from inteon/add_validation_to_pki Add validation to pki CertificateTemplate functions	2023-07-07 09:32:14 +02:00
Tim Ramlot	5ba29272c0	add validation to pki CertificateTemplate function and add support for add DontAllowInsecureCSRUsageDefinition featuregate to use old behavior in controller Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-07-05 13:04:21 +02:00
Tim Ramlot	bfa61c7804	add comments explaining what the label and annotation checks do Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-06-29 18:50:28 +02:00
Tim Ramlot	c16a34e0b1	use .Delete() Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-06-29 18:50:24 +02:00
Tim Ramlot	1649730a0d	Update internal/controller/certificates/policies/checks.go Co-authored-by: Richard Wall <wallrj@users.noreply.github.com> Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-06-29 12:54:20 +01:00
Tim Ramlot	a9339849e5	improve label and annotation checks Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-06-23 17:05:42 +02:00
Tim Ramlot	229f99c197	update testcase based on feedback Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-06-23 09:14:38 +02:00
Tim Ramlot	19377b43b1	fix feedback from @wallrj Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-06-21 15:31:20 +02:00
Tim Ramlot	d310d8597c	improve comments Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-06-20 16:48:56 +02:00
Tim Ramlot	22440e8710	add SecretPublicKeysDiffersFromCurrentCertificateRequest check Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-06-20 16:48:50 +02:00
Tim Ramlot	9c9e833c5a	add TODO comment that explains that we don't understand the reason for the current behaviour Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-06-14 14:51:07 +02:00
Tim Ramlot	3aa7b82e43	Update internal/controller/certificates/policies/checks.go Co-authored-by: EDDIE-DAV <136573637+EDDIE-DAV@users.noreply.github.com> Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-06-14 10:19:52 +01:00
Tim Ramlot	8ddf016b00	fix a bug that caused the issuer-ref and certificate-name annotations on Secrets to be correct when being updated. Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-06-13 16:54:32 +02:00
jetstack-bot	c5e6bf39d6	Merge pull request #6054 from inteon/correct_versions Use Version 3 for *x509.Certificate	2023-05-26 13:57:32 +01:00
irbekrm	8a34cbc0a0	Adds some warnings for folks to not import feature gates into shared code Really we should restructure this to remove the possibility of accidentally overwriting other component's feature gates Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-05-23 12:02:55 +01:00
Tim Ramlot	e7530880ce	use Version 3 for all Certificates and Version 0 for all CertificateRequests Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-05-11 10:21:55 +02:00
Thomas Müller	12483d3d54	Check JKS/PKCS12 truststores only if issuer provides the CA The current policy check for keystores in Secrets creates a loop because the truststore.jks or truststore.p12 will never exist when the issuer didn't provide the CA certificate. This behaviour was introduced by #5597 The JKS and PKCS12 truststores are only added to the Secret if the CA is provided by the issuer. The CertificateRequest API reference states: > The PEM encoded x509 certificate of the signer, also known > as the CA (Certificate Authority). This is set on a best-effort basis by > different issuers. If not set, the CA is assumed to be unknown/not available. This change will only check the PKCS12/JKS truststores if the CA cert from the issuer exists in the secret. Fixes #5755 Signed-off-by: Thomas Müller <thomas@chaschperli.ch>	2023-04-27 17:09:41 +02:00
irbekrm	7d592a8270	Swap upstream core informers factory with out wrapper This does not actually change how the informers work. This also adds a partial metadata client to root context Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-03-22 09:03:16 +00:00
irbekrm	53918b5d6c	Adds SecretsFilteredCaching alpha feature Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-03-22 09:03:16 +00:00

1 2 3

112 Commits