weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
8,918 Commits 45 Branches 0 Tags 96 MiB
4cec43bf93
Commit Graph

156 Commits

Author SHA1 Message Date
Yuedong Wu
df37eba376 fix API fields description for venafi tpp 
Signed-off-by: Yuedong Wu <dwcn22@outlook.com>
 2024-07-01 20:55:51 +08:00
cert-manager-prow[bot]
50abeda40d
Merge pull request #6987 from cbroglie/renew-before-pct 
feat: Add renewBeforePercentage alternative to renewBefore
 2024-07-01 09:45:23 +00:00
Christopher Broglie
0f74d7536e Add renewBeforePercentage alternative to renewBefore 
Since the actual duration is unknown until a cert has been issued,
providing an absolute duration for renewBefore can result in accidental
renewal loops. The new renewBeforePercentage field computes the
effective renewBefore using the actual duration, allowing users to
better express intent while maintaining backwards compatibility.

Fixes #4423, resolves #5821

Signed-off-by: Christopher Broglie <cbroglie@cloudflare.com>
 2024-06-29 21:18:15 -07:00
cert-manager-prow[bot]
837c6a1e06
Merge pull request #7036 from fidelity-contributions/feature/5514-venafi-issuer-ca-ref-support 
Feature/5514 - Add SecretRef support for venafi TPP issuer CA Bundle
 2024-06-24 14:18:20 +00:00
cert-manager-prow[bot]
9f8707d0f8
Merge pull request #4330 from joshmue/vault_client_cert_auth 
Add client certificate auth method for Vault issuer
 2024-06-18 12:19:57 +00:00
Tim Ramlot
363a63ac96
Add client certificate authentication for Vault issuers 
Co-authored-by: Maël Valais <mael@vls.dev>
Signed-off-by: Joshua Mühlfort <muehlfort@gonicus.de>
 2024-06-17 09:16:26 +02:00
Tim Ramlot
e0cdfd37bf
introduce gen.CSRForCertificate and gen.CSRWithSignerForCertificate and use it to deduplicate test code 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-14 15:53:18 +02:00
cert-manager-prow[bot]
d04fecf112
Merge pull request #7014 from inteon/improve_config_validation 
Improve config validation
 2024-05-17 09:43:53 +00:00
Tim Ramlot
e51f4a46db
update CRD field comments 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-05-14 17:49:56 +02:00
Tim Ramlot
b4dc162156
Complete validation logic for config API and obtain 100% coverage for its tests. 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-05-14 17:31:37 +02:00
Tim Ramlot
ae98ba806b
fix gocritic linter 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-04-29 15:50:47 +02:00
Tim Ramlot
042f59d283
fix unused linter 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-04-29 15:29:00 +02:00
Erik Godding Boye
003c1b12e8
Promote AdditionalCertificateOutputFormats feature gate to Beta and enable by default 
Signed-off-by: Erik Godding Boye <egboye@gmail.com>
 2024-04-28 17:29:35 +02:00
Tim Ramlot
38cd0accdb
graduate 'DisallowInsecureCSRUsageDefinition' to GA 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-04-26 16:14:31 +02:00
Sankalp Yengaldas
adc7cd0f06 add testcases and generate deepcopy methods 
Signed-off-by: Sankalp Yengaldas <sankalp.yb@fmr.com>
 2024-04-24 10:14:31 -04:00
Sankalp Yengaldas
660be1d278 add caBundleSecretRef field support to internal APIs 
Signed-off-by: Sankalp Yengaldas <sankalp.yb@fmr.com>
 2024-04-24 02:31:09 -04:00
Ashley Davis
828b8f6ce9
improve error message for common error when configuring external issuers 
Signed-off-by: Ashley Davis <ashley.davis@venafi.com>
 2024-04-19 15:08:40 +01:00
Ashley Davis
61710e3c55
add explicit test of external issuers 
Signed-off-by: Ashley Davis <ashley.davis@venafi.com>
 2024-04-18 13:14:21 +01:00
Ashley Davis
b8e40825ce
add comments explaining issuerRef validation logic 
Signed-off-by: Ashley Davis <ashley.davis@venafi.com>
 2024-04-18 13:04:46 +01:00
Ashley Davis
0f5689e120
replace custom pointer functions with k8s ptr.To 
Signed-off-by: Ashley Davis <ashley.davis@venafi.com>
 2024-04-18 12:52:01 +01:00
Ashley Davis
288fd1cc2e
organize imports 
Signed-off-by: Ashley Davis <ashley.davis@venafi.com>
 2024-04-18 12:51:46 +01:00
Ashley Davis
8e70778f4f
use existing object in more tests 
Signed-off-by: Ashley Davis <ashley.davis@venafi.com>
 2024-04-18 12:43:08 +01:00
Ashley Davis
01cf2d4155
rename some certificate validation tests and test explicit default group 
Signed-off-by: Ashley Davis <ashley.davis@venafi.com>
 2024-04-18 12:42:29 +01:00
deterclosed
e50052aded chore: remove repetitive words 
Signed-off-by: deterclosed <fliter@outlook.com>
 2024-03-23 13:37:59 +08:00
Bill Waldrep
d4911ebfaa
Add optional flag to specify jks keystore alias. 
Previously the JKS keystore alias was hardcoded to "certificate".
This change adds an optional configuration point to allow users
to specify a custom keystore alias. If the flag is omitted we
will default to the previous behavior.

Signed-off-by: Bill Waldrep <bwaldrep@palantir.com>
 2024-03-04 13:23:09 -05:00
Jan-Otto Kröpke
818df603f5
Allow cert-manager.io/allow-direct-injection in annotations 
Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>
 2024-02-27 12:26:33 +01:00
Yuedong Wu
baa73aa8ee fix webhook validation error msg 
and use commonName variable value

Signed-off-by: Yuedong Wu <dwcn22@outlook.com>
 2024-02-19 10:16:38 +08:00
jetstack-bot
7f92e38988
Merge pull request #6614 from rodrigorfk/feat-vault-mtls 
feat: Add the ability to communicate with Vault via mTLS
 2024-02-16 18:11:26 +00:00
Tim Ramlot
ffb47e52fa
remove dead & deprecated code from cert-manager codebase 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-10 17:22:23 +01:00
cloudwiz
75d1449903
move audiences under the SA ref 
Signed-off-by: cloudwiz <andrey.dubnik@maersk.com>
 2024-02-08 14:07:03 +00:00
cloudwiz
624f874d69
updated spelling and generated CRDs 
Signed-off-by: cloudwiz <andrey.dubnik@maersk.com>
 2024-02-06 15:06:31 +00:00
cloudwiz
9cf9cb7ea5
Vault extra audiences (#3) 
---------

Signed-off-by: cloudwiz <andrey.dubnik@maersk.com>
 2024-02-06 10:06:17 +00:00
Rodrigo Fior Kuntzer
199c98689f
feat: supporting Vault server mTLS 
Signed-off-by: Rodrigo Fior Kuntzer <rodrigo@miro.com>
 2024-01-15 09:25:30 -03:00
SpectralHiss
d07dd3de5f Fix OtherName feature flag validation logic 
* Improve test comments for UniversalValue

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2024-01-08 13:34:09 +00:00
Richard Wall
76fe8e2bbd Ignore eab.KeyAlgorithm deprecation warning 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2024-01-04 15:36:59 +00:00
Tim Ramlot
41404a7fd7
rename UseCertificateRequestNameConstraints to NameConstraints 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-03 15:49:18 +01:00
jetstack-bot
cc8925ae9f
Merge pull request #6404 from SpectralHiss/hef/otherNameSANs 
Other name sans support in Certificates
 2024-01-03 14:16:23 +00:00
Houssem El Fekih
c90fd33fb8 Update internal/apis/certmanager/types_certificate.go 
Co-authored-by: Ashley Davis <SgtCoDFish@users.noreply.github.com>
Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2024-01-03 13:29:03 +00:00
jetstack-bot
4af78fe98a
Merge pull request #6548 from snorwin/modern-pkcs12 
New option to specify encryption and MAC algorithms for PKCS#12 keystores.
 2024-01-03 12:54:22 +00:00
Tim Ramlot
8223df9e91
rename Algorithms to Profile 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-03 13:45:02 +01:00
Houssem El Fekih
5cc5c8169f Update internal/apis/certmanager/types_certificate.go 
Co-authored-by: Ashley Davis <SgtCoDFish@users.noreply.github.com>
Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2024-01-03 11:57:39 +00:00
pevidex
5ce1cfec9c test: add missing test for ed25519 key algorithm 
Signed-off-by: pevidex <ricardojosexavier@hotmail.com>
 2023-12-25 01:26:40 +00:00
pevidex
8a516503de fix: mention ed25519 on validation webhook error when key is not valid 
Signed-off-by: pevidex <ricardojosexavier@hotmail.com>
 2023-12-25 01:24:59 +00:00
jetstack-bot
c7714e65f0
Merge pull request #6551 from wallrj/gosec-601 
Fix gosec G601: Implicit memory aliasing of items from a range statement
 2023-12-20 18:21:37 +00:00
Richard Wall
4de9e956e5 Fix gosec G601: Implicit memory aliasing of items from a range statement 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2023-12-20 17:25:41 +00:00
Tim Ramlot
24794feac0
update API comments 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-12-20 11:26:52 +01:00
SpectralHiss
e7f29f8bb3 UTF8Value -> utf8Value in CRD JSON schema 
* Still following Go standard with UTF8Value for struct field name

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-20 08:30:54 +00:00
SpectralHiss
c87a2f6691 Add early feedback validation for otherName syntax and tests 
* Fixed warning

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-19 20:02:02 +00:00
Adam Talbot
247a034116 feat: update gateway api to v1 
Signed-off-by: Adam Talbot <adam.talbot@venafi.com>
 2023-12-18 21:00:42 +00:00
Norwin Schnyder
ebf58b9967 apply PR feedback 
Signed-off-by: Norwin Schnyder <norwin.schnyder+github@gmail.com>
 2023-12-15 10:52:57 +01:00