cert-manager

Author	SHA1	Message	Date
SpectralHiss	45a8bb7edf	Modified one sans processing test case to make more useful Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>	2023-12-13 09:37:25 +00:00
Tim Ramlot	721f71ed60	Refactor the solution Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-12-13 09:37:21 +00:00
Tim Ramlot	7b7912022a	Add feature gate Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-12-13 09:16:06 +00:00
Tim Ramlot	bfd9a65160	Add OtherNameSANs field to Certificates * Added an otherName SAN extension mechanism * Can take any otherName OID with String (UTF-8) like value * cf [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) p 37 for more info * otherName is only a subset of GeneralName, our specific need for for UserPrincipalName used in Microsoft AD/ LDAP * We treat UPN special but we might remove this in a later commit Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>	2023-12-13 09:12:23 +00:00
Tim Ramlot	849b6bda9e	add tests & final cleanup Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-12-12 15:57:07 +01:00
Tim Ramlot	cfaf3f338e	cleanup code Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-12-12 13:47:55 +01:00
tanujd11	da84cf5b88	fix: imports Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-12 17:10:32 +05:30
tanujd11	652feb50cc	Addressed review comments Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-12 17:05:33 +05:30
tanujd11	5f0a715863	add nameConstraints from openssl Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-12 00:40:45 +05:30
tanujd11	bc75f8488d	fix: structure of nameconstraint in CSR Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-11 18:00:15 +05:30
tanujd11	a29a5913d0	addressed review comments Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-07 23:42:35 +05:30
tanujd11	28ca4312b3	fix: additional review comments Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-07 22:30:31 +05:30
tanujd11	8d362439a8	fix UTs Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-07 22:30:31 +05:30
tanujd11	84d7dd4aed	Addressed review comments Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-07 22:30:31 +05:30
tanujd11	d1b3e5ca83	Move critical from NameConstraintItem to NameConstraint and remove validateNameConstraints Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-07 22:30:29 +05:30
tanujd11	adb9311f56	validate name constraint before signing CSR Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-07 22:29:45 +05:30
tanujd11	50d84c1bbc	nits: added new line at EOF and comment fix Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-07 22:27:42 +05:30
tanujd11	589030dec1	feature: added name constraints Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-07 22:27:31 +05:30
jetstack-bot	e7e3e5f4de	Merge pull request #6534 from wallrj/server-timeout Mitigate potential Slowloris attacks by setting ReadHeaderTimeout in all http.Server instances	2023-12-07 13:28:05 +01:00
Richard Wall	8bed166858	Add ReadHeaderTimeout to all http.Server where that setting is missing Signed-off-by: Richard Wall <richard.wall@venafi.com>	2023-12-07 11:42:22 +00:00
Tim Ramlot	767764d598	refactor GenerateCSR and deprecated the helper functions Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-12-06 18:16:19 +01:00
Tim Ramlot	6f7ebbed7b	replace deprecated pkcs12 function call with pkcs12.LegacyRC2 Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-11-27 12:32:19 +01:00
jetstack-bot	630dba760a	Merge pull request #6498 from inteon/fix_webhook_bug BUGFIX: Limit webhook admission input	2023-11-22 15:00:40 +01:00
jetstack-bot	c9e028f3db	Merge pull request #6347 from lauraseidler/fix/gateway-warning-http Do not process Gateway listeners that do not support TLS	2023-11-17 16:18:19 +01:00
Tim Ramlot	073d90611e	limit webhook admission input Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-11-17 14:23:57 +01:00
Jeremy Campbell	dc876fef16	Add x509 v3 CA Issuers Extension Signed-off-by: Jeremy Campbell <jeremy.campbell@okta.com>	2023-11-16 12:45:16 -06:00
jetstack-bot	6fddbe538f	Merge pull request #6433 from vinny-sabatini/issue-5782 fix error message when setting up vault issuer	2023-11-14 16:30:01 +01:00
jetstack-bot	d2f6bbe579	Merge pull request #6028 from inteon/fix_scheme_errors Stop using global runtime.Scheme variables	2023-11-06 22:57:09 +01:00
Tim Ramlot	4c94f3ef10	create ad-hoc schemes instead of sharing global ones Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-11-06 21:58:24 +01:00
Richard Wall	9b5dd86084	Configure HTTP01 solver Pod with readOnlyRootFilesystem Signed-off-by: Richard Wall <richard.wall@venafi.com>	2023-10-31 14:47:24 +00:00
Vinny Sabatini	d15e55a16c	Update pkg/issuer/vault/setup.go Co-authored-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> Signed-off-by: Vinny Sabatini <vincent.sabatini@gmail.com>	2023-10-24 09:52:52 -05:00
Vinny Sabatini	ef6ef1f0db	additional improvements to vault issuer error messages When initializing a Vault issuer: * Create different error messages depending on if Vault is sealed or not initialized * Do not explicitly parse the Vault server URL (this is covered when trying to access health endpoint) Signed-off-by: Vinny Sabatini <vincent.sabatini@kohls.com>	2023-10-20 16:36:11 -05:00
Vincent Sabatini	298ceb3b2a	fix error message when setting up vault issuer * Ensure Vault URL can be parsed * Separate generic http errors from vault specific errors when checking health endpoint Signed-off-by: Vincent Sabatini <vincent.sabatini@gmail.com>	2023-10-19 08:23:04 -05:00
Max Brauer	432430b311	Rename webhookConfig to controllerConfig Signed-off-by: Max Brauer <mbrauer@vmware.com>	2023-10-18 15:28:14 +02:00
Tim Ramlot	15bc387da6	make changes based on feedback Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-10-13 19:42:13 +02:00
Tim Ramlot	e63d061269	add tests Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-10-11 13:48:01 +02:00
Tim Ramlot	d40dae9d67	Fix DuplicateSecretName issue Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-10-11 13:47:44 +02:00
Laura Seidler	6ac88fd6b9	Do not process Gateway listeners that do not support TLS Otherwise, these will raise warnings in the next steps (e.g. about empty TLS blocks, which are not supported for HTTP listeners). Signed-off-by: Laura Seidler <hello@laura-seidler.de>	2023-10-11 12:48:55 +02:00
Laura Seidler	6240ecbea3	Add test case to explicitly support TLS listeners Signed-off-by: Laura Seidler <hello@laura-seidler.de>	2023-10-11 12:48:45 +02:00
Laura Seidler	9165f186cb	Use constants instead of strings for gateway protocol types These were already used in some places, this makes the usage more consistent and easier to grep where different protocols are being used. Signed-off-by: Laura Seidler <hello@laura-seidler.de>	2023-10-11 12:48:39 +02:00
Maël Valais	d1d92b6398	venafi: ResetCertificate wasn't working Signed-off-by: Maël Valais <mael@vls.dev>	2023-10-06 16:24:15 +02:00
jetstack-bot	df4d15ce4a	Merge pull request #6053 from inteon/critical_change Make KeyUsage and BasicConstraints Critical extensions in the CSR blob	2023-10-05 17:13:56 +02:00
Tim Ramlot	e5f50002e1	introduce configfile for cainjector options Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-09-28 12:56:11 +02:00
Tim Ramlot	ef3bd7d3b2	upgrade all dependencies Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-09-28 12:07:27 +02:00
jetstack-bot	8aafddb974	Merge pull request #6328 from inteon/add_clock_health Add health probe that detects skew between system clock and monotonic go process clock	2023-09-27 11:37:11 +02:00
Tim Ramlot	5049cd4d35	increase maxClockSkew to 5 minutes, just to be safe Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-09-27 11:20:48 +02:00
Tim Ramlot	2dc22bc8e7	add extra comment Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-09-25 15:58:51 +02:00
Tim Ramlot	eac230f93e	add more test cases and fix typo Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-09-22 12:44:52 +02:00
Tim Ramlot	860df2294b	fix feedback: make hash secure Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-09-21 13:24:07 +02:00
Tim Ramlot	6006182435	add uniqueness check for names util Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-09-20 20:28:00 +02:00

1 2 3 4 5 ...

3250 Commits