weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
8,918 Commits 45 Branches 0 Tags 96 MiB
4cec43bf93
Commit Graph

358 Commits

Author SHA1 Message Date
Tim Ramlot
c58b08e7b7
pki match: remove return values that are always nil 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-07-02 13:38:35 +02:00
cert-manager-prow[bot]
50abeda40d
Merge pull request #6987 from cbroglie/renew-before-pct 
feat: Add renewBeforePercentage alternative to renewBefore
 2024-07-01 09:45:23 +00:00
Christopher Broglie
0f74d7536e Add renewBeforePercentage alternative to renewBefore 
Since the actual duration is unknown until a cert has been issued,
providing an absolute duration for renewBefore can result in accidental
renewal loops. The new renewBeforePercentage field computes the
effective renewBefore using the actual duration, allowing users to
better express intent while maintaining backwards compatibility.

Fixes #4423, resolves #5821

Signed-off-by: Christopher Broglie <cbroglie@cloudflare.com>
 2024-06-29 21:18:15 -07:00
Tim Ramlot
e0cdfd37bf
introduce gen.CSRForCertificate and gen.CSRWithSignerForCertificate and use it to deduplicate test code 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-14 15:53:18 +02:00
Tim Ramlot
18b701b73e
overhaul of startupapicheck: add checks that mutation and validation work and add extensive testing 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-05-30 15:54:08 +02:00
Tim Ramlot
0a45298971
improve tests based on review 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-05-10 20:44:07 +02:00
Tim Ramlot
9d1c959a1e
LiteralSubject: add support for literal oid type values 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-05-10 20:44:07 +02:00
Tim Ramlot
81232c2fe3
revert in-tree ParseDN function now that upstream ParseDN function has been fixed 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-05-09 21:41:09 +02:00
Tim Ramlot
d0e635fc36
remove deprecated ParseSubjectStringToRawDERBytes function & refactor and move tests 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-05-08 18:05:25 +02:00
Tim Ramlot
dd4f5f4e39
fix unparam linter 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-04-30 10:47:21 +02:00
Tim Ramlot
8ea7cbc362
fix forbidigo linter 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-04-30 10:01:34 +02:00
Tim Ramlot
ae98ba806b
fix gocritic linter 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-04-29 15:50:47 +02:00
Tim Ramlot
8bec192b90
fix unconvert linter 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-04-29 15:30:30 +02:00
Tim Ramlot
042f59d283
fix unused linter 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-04-29 15:29:00 +02:00
Tim Ramlot
a8b5178fc5
fix dupword linter 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-04-29 13:47:25 +02:00
Tim Ramlot
9db044b232
fix gci linter 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-04-29 13:47:25 +02:00
Tim Ramlot
38cd0accdb
graduate 'DisallowInsecureCSRUsageDefinition' to GA 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-04-26 16:14:31 +02:00
jetstack-bot
b61de55abd
Merge pull request #6865 from wallrj/5803-cert-manager-user-agent-venafi-issuer 
Add user-agent header in requests to Venafi API
 2024-03-27 15:33:00 +01:00
jetstack-bot
99fc8fb5f8
Merge pull request #6723 from inteon/add_generate_csr_test 
Add new testcase that generates a non-critical SAN extension to the GenerateCSR tests
 2024-03-22 21:51:34 +01:00
Richard Wall
112c7b2e9e An http.RoundTripper which adds the HTTP User-Agent header to all requests 
This code existed in cert-manager once before and I'm reviving it.
Here's the history:

 * Added:
 https://github.com/cert-manager/cert-manager/pull/422
 * Moved: https://github.com/cert-manager/cert-manager/pull/432
 * Obsoleted: https://github.com/cert-manager/cert-manager/pull/797
 * Deleted: https://github.com/cert-manager/cert-manager/pull/966

Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2024-03-20 10:24:47 +00:00
jetstack-bot
f56fc1ed1a
Merge pull request #6792 from inteon/bugfix_literalsubject 
bugfix: LiteralSubject match function reports incorrect mismatch
 2024-03-15 10:54:01 +01:00
Bill Waldrep
bf3d202c72
add new utility method to clarify cert decoding semantics 
Signed-off-by: Bill Waldrep <bwaldrep@palantir.com>
 2024-03-04 12:47:27 -05:00
Tim Ramlot
48759b271c
bugfix: LiteralSubject match function was broken 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-22 15:51:25 +01:00
Tim Ramlot
ed280d28cd
update test, with new error message 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-20 08:34:53 +01:00
Tim Ramlot
99942446ff
add benchmark 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-20 08:34:53 +01:00
Tim Ramlot
0f078859de
add error case to DNParse tests 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-20 08:34:53 +01:00
Tim Ramlot
a2b3cc81c3
stop using github.com/go-ldap/ldap/v3 ParseDN and use a custom ParseDN function instead 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-20 08:34:53 +01:00
jetstack-bot
d642df3b5f
Merge pull request #6770 from inteon/dn_parse_quick_fix 
Fix a memory bug in ldap's ParseDN function by disabling part of the functionality
 2024-02-19 15:02:30 +00:00
Tim Ramlot
4a8b8c4e09
Fix a memory bug in ldap's ParseDN function by disabling part of the functionality 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-19 12:55:06 +01:00
Yuedong Wu
baa73aa8ee fix webhook validation error msg 
and use commonName variable value

Signed-off-by: Yuedong Wu <dwcn22@outlook.com>
 2024-02-19 10:16:38 +08:00
Tim Ramlot
ffb47e52fa
remove dead & deprecated code from cert-manager codebase 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-10 17:22:23 +01:00
Tim Ramlot
04220447bc
remove deprecated files and functions 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-08 10:45:06 +01:00
Tim Ramlot
0acde5b1a4
fix changed behavior: set critical flag of SANs extension based on subject 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-07 11:01:34 +01:00
Tim Ramlot
ed80c5be90
add new testcase that generates a non-critical SAN extension to the GenerateCSR tests 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-07 09:39:36 +01:00
Tim Ramlot
5ac022ad70
remove versionchecker, because it was moved to cert-manager/cmctl 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-29 11:50:09 +01:00
SpectralHiss
892e6eef01 Fix OtherName Value UniversalValue .Type() detection 
Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2024-01-10 10:35:43 +00:00
SpectralHiss
0b83f78fff Remove redundant otherName match tests 
* We do not need to include otherName in fuzzy certificate detection
  checks

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2024-01-09 17:02:24 +00:00
Tim Ramlot
3dad3f320b
don't check OtherNames when fuzzy matching 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-09 16:41:13 +01:00
Tim Ramlot
736896d264
introduce UniversalValue 'Type()' 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-09 16:40:32 +01:00
SpectralHiss
38c2b33a71 Add otherName detection to TestSecretDataAltNamesMatchSpec 
Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2024-01-09 14:01:09 +00:00
SpectralHiss
b6fdcede90 Add test for different order OtherName value 
* Simplify sorting implementation for OtherName slice equality

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2024-01-09 11:39:17 +00:00
SpectralHiss
7b13c72fed Detect otherName changes to CR trigger reissuance 
Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2024-01-09 09:58:43 +00:00
SpectralHiss
d186b61414 Add attribution to pkg/util/pki/asn1_util.go 
Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2024-01-08 13:34:09 +00:00
SpectralHiss
d07dd3de5f Fix OtherName feature flag validation logic 
* Improve test comments for UniversalValue

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2024-01-08 13:34:09 +00:00
Tim Ramlot
a49bc65b03
deprecate URLsFromStrings which is only used in other deprecated functions 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-05 11:50:13 +01:00
Tim Ramlot
8ca617a8ea
replace custom util function with k8s.io/apimachinery/util/sets 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-04 14:38:30 +01:00
jetstack-bot
24d0fddec5
Merge pull request #6593 from inteon/use_slices 
Use slices go library
 2024-01-04 13:36:02 +00:00
Tim Ramlot
e157729991
fix typo in name and add comment explaining genericEqualUnsorted 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-04 14:02:36 +01:00
Tim Ramlot
950948e465
start using the new 'slices' library and deprecate old util functions 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-04 09:32:17 +01:00
Tim Ramlot
9547fbdf94
add tests for the improvements made in #6561 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-03 17:25:15 +01:00