weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
7,352 Commits 45 Branches 0 Tags 96 MiB
2eef0dad06
Commit Graph

164 Commits

Author SHA1 Message Date
Sathyanarayanan Saravanamuthu
f719247d2b Addressing review comments 
Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>
 2022-12-06 18:54:46 +05:30
Sathyanarayanan Saravanamuthu
4a6bae60be Update internal/controller/certificates/policies/checks.go 
Co-authored-by: Richard Wall <wallrj@users.noreply.github.com>
Signed-off-by: Sathyanarayanan Saravanamuthu <107846526+sathyanarays@users.noreply.github.com>
 2022-12-06 18:54:46 +05:30
Sathyanarayanan Saravanamuthu
42ae76ae30 Refreshing secrets when the keystore fields change 
Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>
 2022-12-06 18:54:46 +05:30
jetstack-bot
6ec8da3366
Merge pull request #5583 from lvyanru8200/uodateGwVerison 
feature: update gateway api to v1beta1
 2022-12-05 14:52:48 +00:00
lv
a13c76d312 feature: update gateway api to v1beta1 
Signed-off-by: lvyanru <yanru.lv@daocloud.io>

feature: update gateway api to v1beta1

Signed-off-by: lvyanru <1113706590@qq.com>
 2022-12-05 14:03:21 +00:00
jetstack-bot
43e13bfa0d
Merge pull request #5587 from SpectralHiss/SpectralHiss/add-fields-to-subject-rdn 
Add support for required LDAP (rfc4514) RDNs in LiteralSubject
 2022-11-29 15:19:25 +00:00
Richard Wall
75b2ba12dc Test that the Sign function *does* use the Vault namespace 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2022-11-23 10:40:59 +00:00
Richard Wall
e1740afedf Recreate the original behaviour of sending a Vault token to the unauthenticated sys/health endpoint. 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2022-11-23 10:40:59 +00:00
Richard Wall
6b2c3b5295 Remove unused Token method 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2022-11-22 17:41:49 +00:00
Richard Wall
23437dfbbc Remove unused Sys methods 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2022-11-22 17:41:49 +00:00
Richard Wall
51ac6fe181 Test 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2022-11-22 17:41:49 +00:00
Richard Wall
6e05f43f8e Set the Vault namespace using the official method in the vault SDK 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2022-11-22 17:29:58 +00:00
Houssem El Fekih
f41cf33efe Add support for required LDAP (rfc4514) RDNs in LiteralSubject 
* Add OID translation for mandatory DC component
* Used extensively in LDAP certificates, also required by rfc5280
* Add support for UID, mentioned in LDAP RFC
* solves https://github.com/cert-manager/cert-manager/issues/5582

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2022-11-18 10:22:39 +00:00
jetstack-bot
95dc198cd6
Merge pull request #5571 from inteon/cleanup_csr_generation 
Improve gen.CSR and use it in all tests
 2022-11-15 14:08:44 +00:00
Sathyanarayanan Saravanamuthu
860ba8465a Addressing review comments 
Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>
 2022-11-10 14:27:26 +05:30
Tim Ramlot
b999749854
improve gen.CSR and use it everywhere 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2022-11-10 09:21:31 +01:00
jetstack-bot
da3265115b
Merge pull request #5387 from Tolsto/vault-ca-bundle-secret-ref 
Add option to load Vault CA bundle from Kubernetes Secret
 2022-10-13 09:55:09 +01:00
Sathyanarayanan Saravanamuthu
40947b0ef4 Generate Certificate Request with predictable name 
Co-authored-by: Cody W Eilar <ecody@vmware.com>

Signed-off-by: Cody W Eilar <ecody@vmware.com>
Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>
 2022-10-11 17:01:26 +05:30
Nils
81e6c24293 fixup! Add option to load Vault CA bundle from Kubernetes Secret 
Co-authored-by: Josh van Leeuwen <joshua.vanleeuwen@jetstack.io>
Signed-off-by: Nils Mueller <nm@impactful.it>
 2022-08-21 07:41:15 +03:00
Nils Mueller
2f6fa9dddf fixup! Add option to load Vault CA bundle from Kubernetes Secret 
Signed-off-by: Nils Mueller <nm@impactful.it>
 2022-08-16 02:57:43 +03:00
Nils Mueller
00a20097b6 Add option to load Vault CA bundle from Kubernetes Secret 
Vault distributions like "Bank Vaults" automatically configure
and provision Vault and provide the CA bundle via a Kubernetes
Secret. Having to hard-code the bundle in the Issuer instead
of dynamically referencing it through the Secret requires
a manual second step when using a GitOps workflow.

Signed-off-by: Nils Mueller <nm@impactful.it>
 2022-08-15 03:10:51 +03:00
Tim Ramlot
836793e7e3 upgrade gateway api to v0.5.0 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2022-08-08 08:52:59 +00:00
Tim Ramlot
93caba980e apply go fmt for go1.19 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2022-08-04 09:51:57 +00:00
jetstack-bot
e58b47f345
Merge pull request #5340 from SgtCoDFish/byebazel 
Remove bazel 🎉
 2022-07-27 09:13:05 +01:00
joshvanl
4138aa8986 Add code comment which states that it is valid to use neither an 
AccessKeyID or AccessKeySecretRef

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-07-26 11:56:13 +01:00
joshvanl
0c60503cc3 In PR https://github.com/cert-manager/cert-manager/pull/5194, we 
introduced a validation whereby an issuer would be rejected if it did
not contain AccessKeyID or SecretAccessKeyID when using the route53 DNS
solver. This is incorrect, since neither should need to be defined when
using AWS ambient credentials.

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-07-26 11:51:16 +01:00
Daniel Quackenbush
54e1da255c remove issue error if role is specified 
Signed-off-by: Dan Quackenbush<25692880+danquack@users.noreply.github.com>
 2022-07-26 11:49:57 +01:00
Ashley Davis
fb231ab641
Remove bazel 🎉 
This removes all .bazel and .bzl files, and a bunch of scripts relating
to bazel, now that it's been entirely replaced.

There are still a few places where traces could be removed, but this
removes the brunt of the bazel stuff that remains.

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-07-26 11:38:50 +01:00
jetstack-bot
b84ea96d73
Merge pull request #5194 from Compy/master 
Support secrets for Route53 Access Key IDs
 2022-07-05 12:33:21 +01:00
joshvanl
cc0a4bc488 Adds unit tests for route53 access key ID secret validation 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-07-04 17:06:49 +01:00
joshvanl
f1d7c43276 Updates wording for aws rout53 dns CRD field comments 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-07-04 17:06:40 +01:00
irbekrm
1d326af871 Runs ./hack/update-bazel.sh 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-06-30 10:20:40 +01:00
irbekrm
05a3133b34 Removes support for networking/v1beta1 Ingress 
As the lowest version of Kubernetes that we support now is v1.20 that serves v1 networking

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-06-30 09:24:59 +01:00
Ashley Davis
35f2206404
change name of bin dir to _bin by default and make it a variable 
This is needed because go and other tools will ignore directories
starting with "_" or "." but would treat a dir called "bin" as a regular
directory.

This in turn meant that when we vendored Go in bin, these tools would by
default scan the whole stdlib included with the bundled vendored go.

See https://pkg.go.dev/cmd/go#hdr-Package_lists_and_patterns for details

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-06-21 16:34:26 +01:00
Compy
9c47be0964 Changed SecretAccessKeyID member to pointer as it is optional and tagged omitempty. Added issuer tests for access key ID secret validation. Added issuer API validations for AccessKeyID/SecretAccessKeyID. 
Signed-off-by: Compy <hello@86pixels.com>
 2022-06-17 22:52:17 -05:00
Compy
561103934d Updating and regenerating CRDs to make SecretAccessKeyID field usage more clear 
Signed-off-by: Compy <hello@86pixels.com>
 2022-06-11 10:48:10 -05:00
Compy
153e5420cf Add support for pulling Route53/AWS access key IDs out of secrets 
Signed-off-by: Compy <hello@86pixels.com>
 2022-06-08 16:33:00 -05:00
Alessandro Vermeulen
1da01211ee Feature gated support for using literal subjects in Certificates 
Signed-off-by: Alessandro Vermeulen <alessandro.vermeulen@ing.com>
 2022-06-08 20:50:00 +02:00
Irbe Krumina
1d917ef311 Revert "Use Apply instead of Update to modify resources in tests" 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-05-03 11:31:47 +01:00
irbekrm
58b633aa04 Code review feedback 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-04-29 12:42:41 +01:00
irbekrm
54a487f1fb certificates.Apply returns the patched certificate 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-04-28 14:41:22 +01:00
irbekrm
e458b6c813 Sets Challenge managed fields to nil when applying a spec patch 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-04-01 11:53:44 +01:00
joshvanl
aa456b9c3f Adds roundtrip tests to challenge apply serializer 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-04-01 11:53:44 +01:00
joshvanl
8ebedac654 Fix challenge serialization, and add integration tests for apply helpers 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-04-01 11:53:44 +01:00
joshvanl
82c068f0fd Updates ACME challenge controllers to use apply 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-04-01 11:53:44 +01:00
joshvanl
ebcad79cf9 Adds controller challenges apply helpers 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-04-01 11:53:44 +01:00
jetstack-bot
86ad9962a3
Merge pull request #4967 from maelvls/gwapi-v1alpha2-optional-labels 
Gateway API: with v1alpha2, the labels have become optional
 2022-03-30 15:11:33 +01:00
Jake Sanders
6dfd6d5800
update bazel BUILD 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2022-03-30 12:58:41 +01:00
Jake Sanders
d8b88f056b
tidy imports 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2022-03-30 12:54:20 +01:00
Jake Sanders
b72db63761
Change label description for HTTP-01 Gateway API solver and fix tests 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2022-03-30 12:52:34 +01:00