weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
8,918 Commits 45 Branches 0 Tags 96 MiB
4cec43bf93
Commit Graph

253 Commits

Author SHA1 Message Date
Yuedong Wu
df37eba376 fix API fields description for venafi tpp 
Signed-off-by: Yuedong Wu <dwcn22@outlook.com>
 2024-07-01 20:55:51 +08:00
cert-manager-prow[bot]
50abeda40d
Merge pull request #6987 from cbroglie/renew-before-pct 
feat: Add renewBeforePercentage alternative to renewBefore
 2024-07-01 09:45:23 +00:00
Christopher Broglie
0f74d7536e Add renewBeforePercentage alternative to renewBefore 
Since the actual duration is unknown until a cert has been issued,
providing an absolute duration for renewBefore can result in accidental
renewal loops. The new renewBeforePercentage field computes the
effective renewBefore using the actual duration, allowing users to
better express intent while maintaining backwards compatibility.

Fixes #4423, resolves #5821

Signed-off-by: Christopher Broglie <cbroglie@cloudflare.com>
 2024-06-29 21:18:15 -07:00
cert-manager-prow[bot]
837c6a1e06
Merge pull request #7036 from fidelity-contributions/feature/5514-venafi-issuer-ca-ref-support 
Feature/5514 - Add SecretRef support for venafi TPP issuer CA Bundle
 2024-06-24 14:18:20 +00:00
Tim Ramlot
363a63ac96
Add client certificate authentication for Vault issuers 
Co-authored-by: Maël Valais <mael@vls.dev>
Signed-off-by: Joshua Mühlfort <muehlfort@gonicus.de>
 2024-06-17 09:16:26 +02:00
Tim Ramlot
515559ac7c
re-generate crds 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-05-17 14:33:23 +02:00
Tim Ramlot
e51f4a46db
update CRD field comments 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-05-14 17:49:56 +02:00
pwhitehead
35571e014d refactor to use token request API 
Signed-off-by: Paul Whitehead <pwhitehead@splunk.com>
 2024-05-07 11:11:21 -06:00
Paul Whitehead
528428b31f support assumeRoleWithWebIdentity for Route53 issuer 
Signed-off-by: Paul Whitehead <pwhitehead@splunk.com>

fix test signature
 2024-05-07 11:10:17 -06:00
Tim Ramlot
a8b5178fc5
fix dupword linter 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-04-29 13:47:25 +02:00
cert-manager-prow[bot]
54feeece10
Merge pull request #6970 from erikgb/additional-formats-beta 
Promote AdditionalCertificateOutputFormats feature gate to Beta
 2024-04-29 07:42:36 +00:00
Erik Godding Boye
003c1b12e8
Promote AdditionalCertificateOutputFormats feature gate to Beta and enable by default 
Signed-off-by: Erik Godding Boye <egboye@gmail.com>
 2024-04-28 17:29:35 +02:00
Erik Godding Boye
8f99f40cbb
Upgrade K8s dependencies to v0.30.0 
Signed-off-by: Erik Godding Boye <egboye@gmail.com>
 2024-04-28 13:02:36 +02:00
Sankalp Yengaldas
adc7cd0f06 add testcases and generate deepcopy methods 
Signed-off-by: Sankalp Yengaldas <sankalp.yb@fmr.com>
 2024-04-24 10:14:31 -04:00
Bill Waldrep
d4911ebfaa
Add optional flag to specify jks keystore alias. 
Previously the JKS keystore alias was hardcoded to "certificate".
This change adds an optional configuration point to allow users
to specify a custom keystore alias. If the flag is omitted we
will default to the previous behavior.

Signed-off-by: Bill Waldrep <bwaldrep@palantir.com>
 2024-03-04 13:23:09 -05:00
Tim Ramlot
d7a23387c3
run 'make update-crds' 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-22 13:26:29 +01:00
jetstack-bot
f643eef2b2
Merge pull request #6755 from import-shiburin/master 
bugfix: wrong certificate chain is used if preferredChain is configured
 2024-02-20 15:29:07 +00:00
jetstack-bot
0b379e4b5c
Merge pull request #6760 from inteon/add_crd_keep 
Add `crds.keep` and `crds.enabled` Helm options
 2024-02-20 12:09:35 +00:00
Tim Ramlot
815dbc9e8f
remove unused and in Helm template 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-19 14:24:57 +01:00
Tim Ramlot
f44238fd80
run 'make update-crds' 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-18 20:16:09 +01:00
jetstack-bot
7f92e38988
Merge pull request #6614 from rodrigorfk/feat-vault-mtls 
feat: Add the ability to communicate with Vault via mTLS
 2024-02-16 18:11:26 +00:00
Tim Ramlot
d34e2c8589
add CRD keep annotation 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-15 15:28:09 +01:00
Jason Witkowski
72b627d12a
Move helm hook from labels to annotations 
Signed-off-by: Jason Witkowski <jwitko1@gmail.com>
 2024-02-15 10:49:35 +01:00
Jason Witkowski
a6f665353f
feat: Add option to keep CRDs when helm chart is uninstalled 
Signed-off-by: Jason Witkowski <jwitko1@gmail.com>
 2024-02-15 10:49:35 +01:00
cloudwiz
75d1449903
move audiences under the SA ref 
Signed-off-by: cloudwiz <andrey.dubnik@maersk.com>
 2024-02-08 14:07:03 +00:00
cloudwiz
624f874d69
updated spelling and generated CRDs 
Signed-off-by: cloudwiz <andrey.dubnik@maersk.com>
 2024-02-06 15:06:31 +00:00
cloudwiz
9cf9cb7ea5
Vault extra audiences (#3) 
---------

Signed-off-by: cloudwiz <andrey.dubnik@maersk.com>
 2024-02-06 10:06:17 +00:00
Rodrigo Fior Kuntzer
199c98689f
feat: supporting Vault server mTLS 
Signed-off-by: Rodrigo Fior Kuntzer <rodrigo@miro.com>
 2024-01-15 09:25:30 -03:00
Tim Ramlot
67f8a03cae
update AzureDNS auth API comments 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-12 12:07:02 +01:00
Tim Ramlot
9e2c6ae08a
run 'make update-crds' 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-03 16:18:35 +01:00
Tim Ramlot
41404a7fd7
rename UseCertificateRequestNameConstraints to NameConstraints 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-03 15:49:18 +01:00
jetstack-bot
cc8925ae9f
Merge pull request #6404 from SpectralHiss/hef/otherNameSANs 
Other name sans support in Certificates
 2024-01-03 14:16:23 +00:00
jetstack-bot
4af78fe98a
Merge pull request #6548 from snorwin/modern-pkcs12 
New option to specify encryption and MAC algorithms for PKCS#12 keystores.
 2024-01-03 12:54:22 +00:00
Tim Ramlot
8223df9e91
rename Algorithms to Profile 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-03 13:45:02 +01:00
Tim Ramlot
24794feac0
update API comments 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-12-20 11:26:52 +01:00
SpectralHiss
e7f29f8bb3 UTF8Value -> utf8Value in CRD JSON schema 
* Still following Go standard with UTF8Value for struct field name

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-20 08:30:54 +00:00
SpectralHiss
c87a2f6691 Add early feedback validation for otherName syntax and tests 
* Fixed warning

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-19 20:02:02 +00:00
Adam Talbot
247a034116 feat: update gateway api to v1 
Signed-off-by: Adam Talbot <adam.talbot@venafi.com>
 2023-12-18 21:00:42 +00:00
Norwin Schnyder
ebf58b9967 apply PR feedback 
Signed-off-by: Norwin Schnyder <norwin.schnyder+github@gmail.com>
 2023-12-15 10:52:57 +01:00
SpectralHiss
4bdee5f010 Rename otherNameSANs to otherNames 
* Improve the CRD godoc comments

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-13 16:21:56 +00:00
Norwin Schnyder
b8ad8a3704 apply PR feedback 
Signed-off-by: Norwin Schnyder <norwin.schnyder+github@gmail.com>
 2023-12-13 12:00:39 +00:00
Tim Ramlot
721f71ed60 Refactor the solution 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-12-13 09:37:21 +00:00
Tim Ramlot
bfd9a65160 Add OtherNameSANs field to Certificates 
* Added an otherName SAN extension mechanism
* Can take any otherName OID with String (UTF-8) like value
* cf [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) p 37 for
  more info
* otherName is only a subset of GeneralName, our specific need for for
  UserPrincipalName used in Microsoft AD/ LDAP
* We treat UPN special but we might remove this in a later commit

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-13 09:12:23 +00:00
Norwin Schnyder
b79e73f484 fix controller-gen errors 
Signed-off-by: Norwin Schnyder <norwin.schnyder+github@gmail.com>
 2023-12-12 18:25:15 +01:00
Norwin Schnyder
c583278ce8 generate manifests 
Signed-off-by: Norwin Schnyder <norwin.schnyder+github@gmail.com>
 2023-12-12 14:27:41 +00:00
tanujd11
28ca4312b3 fix: additional review comments 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 22:30:31 +05:30
tanujd11
84d7dd4aed Addressed review comments 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 22:30:31 +05:30
tanujd11
d1b3e5ca83 Move critical from NameConstraintItem to NameConstraint and remove validateNameConstraints 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 22:30:29 +05:30
tanujd11
50d84c1bbc nits: added new line at EOF and comment fix 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 22:27:42 +05:30
tanujd11
589030dec1 feature: added name constraints 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 22:27:31 +05:30