cert-manager

Author	SHA1	Message	Date
jetstack-bot	843deed22f	Merge pull request #6199 from inteon/add_validation_to_pki Add validation to pki CertificateTemplate functions	2023-07-07 09:32:14 +02:00
Tim Ramlot	5ba29272c0	add validation to pki CertificateTemplate function and add support for add DontAllowInsecureCSRUsageDefinition featuregate to use old behavior in controller Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-07-05 13:04:21 +02:00
Tim Ramlot	bfa61c7804	add comments explaining what the label and annotation checks do Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-06-29 18:50:28 +02:00
Tim Ramlot	c16a34e0b1	use .Delete() Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-06-29 18:50:24 +02:00
Tim Ramlot	1649730a0d	Update internal/controller/certificates/policies/checks.go Co-authored-by: Richard Wall <wallrj@users.noreply.github.com> Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-06-29 12:54:20 +01:00
Tim Ramlot	a9339849e5	improve label and annotation checks Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-06-23 17:05:42 +02:00
Tim Ramlot	229f99c197	update testcase based on feedback Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-06-23 09:14:38 +02:00
Tim Ramlot	19377b43b1	fix feedback from @wallrj Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-06-21 15:31:20 +02:00
Tim Ramlot	d310d8597c	improve comments Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-06-20 16:48:56 +02:00
Tim Ramlot	22440e8710	add SecretPublicKeysDiffersFromCurrentCertificateRequest check Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-06-20 16:48:50 +02:00
Tim Ramlot	9c9e833c5a	add TODO comment that explains that we don't understand the reason for the current behaviour Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-06-14 14:51:07 +02:00
Tim Ramlot	3aa7b82e43	Update internal/controller/certificates/policies/checks.go Co-authored-by: EDDIE-DAV <136573637+EDDIE-DAV@users.noreply.github.com> Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-06-14 10:19:52 +01:00
Tim Ramlot	8ddf016b00	fix a bug that caused the issuer-ref and certificate-name annotations on Secrets to be correct when being updated. Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-06-13 16:54:32 +02:00
jetstack-bot	c5e6bf39d6	Merge pull request #6054 from inteon/correct_versions Use Version 3 for *x509.Certificate	2023-05-26 13:57:32 +01:00
irbekrm	8a34cbc0a0	Adds some warnings for folks to not import feature gates into shared code Really we should restructure this to remove the possibility of accidentally overwriting other component's feature gates Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-05-23 12:02:55 +01:00
Tim Ramlot	e7530880ce	use Version 3 for all Certificates and Version 0 for all CertificateRequests Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-05-11 10:21:55 +02:00
Thomas Müller	12483d3d54	Check JKS/PKCS12 truststores only if issuer provides the CA The current policy check for keystores in Secrets creates a loop because the truststore.jks or truststore.p12 will never exist when the issuer didn't provide the CA certificate. This behaviour was introduced by #5597 The JKS and PKCS12 truststores are only added to the Secret if the CA is provided by the issuer. The CertificateRequest API reference states: > The PEM encoded x509 certificate of the signer, also known > as the CA (Certificate Authority). This is set on a best-effort basis by > different issuers. If not set, the CA is assumed to be unknown/not available. This change will only check the PKCS12/JKS truststores if the CA cert from the issuer exists in the secret. Fixes #5755 Signed-off-by: Thomas Müller <thomas@chaschperli.ch>	2023-04-27 17:09:41 +02:00
irbekrm	7d592a8270	Swap upstream core informers factory with out wrapper This does not actually change how the informers work. This also adds a partial metadata client to root context Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-03-22 09:03:16 +00:00
irbekrm	53918b5d6c	Adds SecretsFilteredCaching alpha feature Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-03-22 09:03:16 +00:00
Tim Ramlot	23de5240e9	move utility functions to reduce fragmentation and rename functions for consistency Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-01-23 13:19:39 +01:00
jetstack-bot	1038ca4494	Merge pull request #4502 from ctrought/master support subject and email annotations for ingress/gateway	2023-01-20 14:35:37 +00:00
irbekrm	5e8fd7dc41	Policy check ensures that cert.sepc.secretName secret gets labelled Makes sure that when an unlabelled Secret is encountered at any point (even outside issuance) it will be labelled Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-01-06 18:31:31 +00:00
irbekrm	c7465fd921	Issuing controller ensures that cert.spec.secretName secrets are labelled Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-01-06 18:29:51 +00:00
Sathyanarayanan Saravanamuthu	f719247d2b	Addressing review comments Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>	2022-12-06 18:54:46 +05:30
Sathyanarayanan Saravanamuthu	4a6bae60be	Update internal/controller/certificates/policies/checks.go Co-authored-by: Richard Wall <wallrj@users.noreply.github.com> Signed-off-by: Sathyanarayanan Saravanamuthu <107846526+sathyanarays@users.noreply.github.com>	2022-12-06 18:54:46 +05:30
Sathyanarayanan Saravanamuthu	42ae76ae30	Refreshing secrets when the keystore fields change Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>	2022-12-06 18:54:46 +05:30
Sathyanarayanan Saravanamuthu	860ba8465a	Addressing review comments Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>	2022-11-10 14:27:26 +05:30
Sathyanarayanan Saravanamuthu	40947b0ef4	Generate Certificate Request with predictable name Co-authored-by: Cody W Eilar <ecody@vmware.com> Signed-off-by: Cody W Eilar <ecody@vmware.com> Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>	2022-10-11 17:01:26 +05:30
ctrought	d9a95b7afa	remove empty subject annotations Signed-off-by: ctrought <65360454+ctrought@users.noreply.github.com>	2022-08-22 11:01:22 -04:00
ctrought	d9a8047f9c	ingress subject annotations & helper tests Signed-off-by: ctrought <65360454+ctrought@users.noreply.github.com>	2022-08-22 11:01:18 -04:00
Tim Ramlot	93caba980e	apply go fmt for go1.19 Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2022-08-04 09:51:57 +00:00
Ashley Davis	fb231ab641	Remove bazel 🎉 This removes all .bazel and .bzl files, and a bunch of scripts relating to bazel, now that it's been entirely replaced. There are still a few places where traces could be removed, but this removes the brunt of the bazel stuff that remains. Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2022-07-26 11:38:50 +01:00
Alessandro Vermeulen	1da01211ee	Feature gated support for using literal subjects in `Certificate`s Signed-off-by: Alessandro Vermeulen <alessandro.vermeulen@ing.com>	2022-06-08 20:50:00 +02:00
Irbe Krumina	1d917ef311	Revert "Use Apply instead of Update to modify resources in tests" Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-05-03 11:31:47 +01:00
irbekrm	58b633aa04	Code review feedback Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-04-29 12:42:41 +01:00
irbekrm	54a487f1fb	certificates.Apply returns the patched certificate Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-04-28 14:41:22 +01:00
irbekrm	e458b6c813	Sets Challenge managed fields to nil when applying a spec patch Signed-off-by: irbekrm <irbekrm@gmail.com>	2022-04-01 11:53:44 +01:00
joshvanl	aa456b9c3f	Adds roundtrip tests to challenge apply serializer Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-04-01 11:53:44 +01:00
joshvanl	8ebedac654	Fix challenge serialization, and add integration tests for apply helpers Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-04-01 11:53:44 +01:00
joshvanl	82c068f0fd	Updates ACME challenge controllers to use apply Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-04-01 11:53:44 +01:00
joshvanl	ebcad79cf9	Adds controller challenges apply helpers Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-04-01 11:53:44 +01:00
joshvanl	a8bfc2fd36	Adds certificates policy checks for owner references Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-03-29 13:54:27 +01:00
jetstack-bot	bfcc204c2b	Merge pull request #4811 from JoshVanL/controllers-server-side-apply-certificates-shim Server Side Apply: Adds support for certificate-shim controllers to use SSA with Feature Gate	2022-03-28 14:33:31 +01:00
jetstack-bot	e116d416f3	Merge pull request #4799 from JoshVanL/controllers-server-side-apply-orders Server Side Apply: Adds support for Order controllers to use SSA with Feature Gate	2022-03-28 13:11:31 +01:00
joshvanl	c1c2d2d081	Add roundtrip test to Certificate serializing. Add field manager to certificates-shim Create API call Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-03-28 12:40:29 +01:00
joshvanl	82e3b6aa43	Adds apply helper function for Certificates Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-03-28 12:39:09 +01:00
jetstack-bot	10c5d72279	Merge pull request #4792 from JoshVanL/controllers-server-side-apply-certificaterequests Server Side Apply: Adds support for CertificateRequests controller to use SSA with Feature Gate	2022-02-16 10:57:37 +00:00
joshvanl	3e81f9c5f1	Adds correct copyright year, and fix owner string match Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-02-16 10:33:48 +00:00
joshvanl	1aa5b0e5f5	Adds roundtrip test to order status serializer Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-02-16 10:33:48 +00:00
joshvanl	0802489f4e	Updates Order controller to support apply call when feature gate it enabled Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-02-16 10:33:48 +00:00

1 2

81 Commits