cert-manager

Author	SHA1	Message	Date
cui fliter	4723347260	fix function name in comments Signed-off-by: cui fliter <imcusg@gmail.com>	2023-06-07 17:17:07 +08:00
Tim Ramlot	c4c5899887	Update pkg/util/cmapichecker/cmapichecker.go Co-authored-by: Siggi Skulason <siggi@skulason.com> Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-06-01 11:16:33 +01:00
Tim Ramlot	3490a005b1	prepare cmctl libraries to support logging Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-05-30 18:35:45 +02:00
jetstack-bot	c5e6bf39d6	Merge pull request #6054 from inteon/correct_versions Use Version 3 for *x509.Certificate	2023-05-26 13:57:32 +01:00
irbekrm	b1a59164e0	Don't import controller's feature gate setup into a shared library To prevent controller's feature gates from overwriting other component's feature gates Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-05-23 12:01:30 +01:00
Tim Ramlot	9606f4d5fe	make KeyUsage and BasicConstraints Critical extensions Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-05-11 10:29:02 +02:00
Tim Ramlot	e7530880ce	use Version 3 for all Certificates and Version 0 for all CertificateRequests Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-05-11 10:21:55 +02:00
Tim Ramlot	20599d1d35	remove CertificateTemplateAddKeyUsages Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-05-10 19:22:49 +02:00
Tim Ramlot	0cf0f80b40	switch to non-deprecated functions in source code Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-05-10 19:22:49 +02:00
Tim Ramlot	1c2662af82	cleanup CSR & CertificateTemplate util code Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-05-10 19:22:49 +02:00
jetstack-bot	694d3d1bd2	Merge pull request #5747 from inteon/request_matches_spec BUGFIX: if a LiteralSubject is set, the RequestMatchesSpec function does skip too many checks	2023-05-02 11:23:27 +01:00
irbekrm	7d592a8270	Swap upstream core informers factory with out wrapper This does not actually change how the informers work. This also adds a partial metadata client to root context Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-03-22 09:03:16 +00:00
Tim Ramlot	eaf8844e6d	BUGFIX: when setting a LiteralSubject, the RequestMatchesSpec function does skip too many checks Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-01-27 15:55:12 +01:00
Tim Ramlot	23de5240e9	move utility functions to reduce fragmentation and rename functions for consistency Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-01-23 13:19:39 +01:00
jetstack-bot	1038ca4494	Merge pull request #4502 from ctrought/master support subject and email annotations for ingress/gateway	2023-01-20 14:35:37 +00:00
Houssem El Fekih	8af2d64f3b	Gofmt files Signed-off-by: Houssem El Fekih <houssem.elfekih@jetstack.io>	2022-11-18 10:55:56 +00:00
Houssem El Fekih	f41cf33efe	Add support for required LDAP (rfc4514) RDNs in LiteralSubject * Add OID translation for mandatory DC component * Used extensively in LDAP certificates, also required by rfc5280 * Add support for UID, mentioned in LDAP RFC * solves https://github.com/cert-manager/cert-manager/issues/5582 Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>	2022-11-18 10:22:39 +00:00
Sathyanarayanan Saravanamuthu	860ba8465a	Addressing review comments Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>	2022-11-10 14:27:26 +05:30
Sathyanarayanan Saravanamuthu	d4de98d35b	Adding unit tests Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>	2022-11-06 09:36:26 +05:30
Sathyanarayanan Saravanamuthu	bb39c5cf79	Fixing CA flag in basic constraints extension Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>	2022-11-03 15:34:25 +05:30
ctrought	4413e837e9	escape subject util cleanup Signed-off-by: ctrought <65360454+ctrought@users.noreply.github.com>	2022-08-22 11:01:22 -04:00
ctrought	d9a8047f9c	ingress subject annotations & helper tests Signed-off-by: ctrought <65360454+ctrought@users.noreply.github.com>	2022-08-22 11:01:18 -04:00
Tim Ramlot	93caba980e	apply go fmt for go1.19 Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2022-08-04 09:51:57 +00:00
Ashley Davis	fb231ab641	Remove bazel 🎉 This removes all .bazel and .bzl files, and a bunch of scripts relating to bazel, now that it's been entirely replaced. There are still a few places where traces could be removed, but this removes the brunt of the bazel stuff that remains. Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2022-07-26 11:38:50 +01:00
Alessandro Vermeulen	1da01211ee	Feature gated support for using literal subjects in `Certificate`s Signed-off-by: Alessandro Vermeulen <alessandro.vermeulen@ing.com>	2022-06-08 20:50:00 +02:00
Ashley Davis	76cdab0c82	remove pkg/util/coverage Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2022-04-08 16:56:24 +01:00
Monis Khan	2a33c7a5c2	Use Kubernetes CSR spec.expirationSeconds to express cert duration This change adds the ability to express certificate duration using the Kubernetes CSR spec.expirationSeconds field alongside the existing approach of using the experimental.cert-manager.io/request-duration annotation. Both approaches are supported as the expirationSeconds field requires Kubernetes v1.22+. Signed-off-by: Monis Khan <mok@vmware.com>	2022-03-21 09:40:32 -04:00
Ashley Davis	3a055cc2f5	rename all uses of github.com/jetstack/cert-manager This was done by running the following command twice: ```bash grep -Ri "github.com/jetstack/cert-manager" . \| \ cut -d":" -f1 \| \ sort \| \ uniq \| \ xargs sed -i "s/github.com\/jetstack\/cert-manager/github.com\/cert-manager\/cert-manager/" ``` Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2022-02-02 09:08:31 +00:00
joshvanl	8f0c79396f	Adds rest config builder to include new user agent Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-27 12:51:49 +00:00
jetstack-bot	051a763ee5	Merge pull request #4638 from JoshVanL/controllers-certificates-secret-template SecretTemplate reconciliation. SecretManager Apply	2022-01-18 13:28:57 +00:00
jetstack-bot	e2aede44c7	Merge pull request #4731 from DiptoChakrabarty/lint add go linters fixes within codebase	2022-01-18 12:52:57 +00:00
joshvanl	7a4be1edfd	Copy across an existing secret type in secrets manager since that field is immutable. Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-17 11:24:45 +00:00
joshvanl	af360ee9b3	Fix some test func names and some comments. Replaces DeDuplicate in SecretTemplate controller to use sets.Strings. Removes DeDuplicate func Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-17 11:24:45 +00:00
joshvanl	e3141f9ad1	Adds PrefixForUserAgent and DeDuplicate util functions Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2022-01-17 11:24:45 +00:00
DiptoChakrabarty	e7c75832af	few more fixes Signed-off-by: DiptoChakrabarty <diptochuck123@gmail.com>	2022-01-13 19:47:11 +05:30
Ashley Davis	93f868b3bc	move versionchecker tests to test/integration Since this test requires setup before it can successfully run, we define it as an integration test and move it here so that on a fresh checkout a user can always run `go test ./pkg/...` and expect that it would succeed. Also involves: - Exporting the VersionChecker and adding NewWithConfig to enable testing - Some comment changes - A change to the type returned by New(); see https://github.com/golang/go/wiki/CodeReviewComments#interfaces Ideally I'd not add `NewFromClient` but I think it's the most minimal change and is preferable to publicly exporting `VersionChecker.client`. Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2022-01-12 14:21:53 +00:00
John Chadwick	d094e20611	Only consider running pods when checking version Some clusters may have failed pods that are not garbage collected. These pods should not be considered when determining version numbers. Signed-off-by: John Chadwick <86682572+johnwchadwick@users.noreply.github.com>	2021-11-23 11:32:10 -05:00
Richard Wall	41ef0e3f2b	A note about testing the handling of errors relating to the ValidatingWebhook Signed-off-by: Richard Wall <richard.wall@jetstack.io>	2021-09-29 13:05:53 +01:00
Richard Wall	b71eb11fd1	A note about the relevance of conversion webhook unit-tests Signed-off-by: Richard Wall <richard.wall@jetstack.io>	2021-09-29 13:02:44 +01:00
Richard Wall	969ca6d91a	Use the v1 API rather than v1alpha2 in the API checker Signed-off-by: Richard Wall <richard.wall@jetstack.io>	2021-09-29 12:54:42 +01:00
Ashley Davis	68f5ceb3b4	Fix manually specified Certificate and CertificateRequest versions Basically all modern X.509 certs are version 3, but confusingly to specify "version 3" in an encoded cert, the version number is actually 2. For PKCS#10 CSRs, the only valid version is 1, which again confusingly has the value "0" when encoded. This was incorrect in many places, including one place in which the version number on a CSR was used as a certificate's version number, when the two are entirely unrelated. Go ignores these values, so there's no functional changes here; still, it's better to be accurate. Go ignoring CSR version and specifying 0: https://cs.opensource.google/go/go/+/refs/tags/go1.17:src/crypto/x509/x509.go;l=1958 Go ignoring Certificate version and specifying 2: https://cs.opensource.google/go/go/+/refs/tags/go1.17:src/crypto/x509/x509.go;l=1534 PKCS#10 CSR specification in RFC 2986 section 4.1: https://datatracker.ietf.org/doc/html/rfc2986#section-4 X.509 Cert specification in RFC 5280 section 4.1.2.1: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.1 Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2021-08-19 14:48:12 +01:00
Inteon	e439749e92	rerun git tags command when //:version changes Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>	2021-08-13 22:59:38 +02:00
jetstack-bot	d0f4c82baf	Merge pull request #4226 from inteon/simple_kubectl_check_version add 'kubectl cert-manager version'	2021-08-03 12:36:19 +01:00
Inteon	85710579dd	Apply suggestions from code review Co-authored-by: Richard Wall <wallrj@users.noreply.github.com> Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>	2021-07-30 17:00:27 +02:00
Inteon	644db10b92	don't early-stop, instead return all versions Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>	2021-07-29 15:06:31 +02:00
Ashley Davis	2ee4abeb24	handle individual certs in ParseSingleCertificateChain roots are handled differently because they're their own CAs also adds test cases for each of: - a lone leaf - a lone intermediate - a lone root Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2021-07-28 14:06:57 +01:00
Wilson Júnior	18235e3624	Improve ParseSingleCertificateChain when no root is present Fixes when the certificate chain does not have a root CA, in which case the chain should contain all available intermediates and ca.crt should contain the rootmost certificate. Co-authored-by: Josh Van Leeuwen <joshua.vanleeuwen@jetstack.io> Signed-off-by: Wilson Júnior <wilsonpjunior@gmail.com> Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2021-07-28 14:05:19 +01:00
Inteon	fa36a5bc87	add version check for current version Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>	2021-07-27 18:11:24 +02:00
Inteon	6545064fcf	align flags and behaviour to 'kubectl version' Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>	2021-07-27 18:02:21 +02:00
jetstack-bot	9ad9e220f3	Merge pull request #4230 from inteon/fix_exit_codes set correct exit codes	2021-07-23 13:06:09 +01:00
Inteon	d6cd6f457d	set correct exit codes when exiting Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>	2021-07-22 12:57:08 +02:00
Ashley Davis	17ec9ea8e7	fix check for self-signed certs in EncodeX509Chain see also https://github.com/jetstack/cert-manager/issues/4142 EncodeX509Chain checked for self-signed certs by comparing the subject and issuer of the cert in question, which is invalid since it's perfectly fine for those to match. the correct behavior is to use cert.CheckSignatureFrom(cert). this bug was exposed in 1.4 when ParseSingleCertificateChain started using EncodeX509Chain in the critical path of several issuers; when end-users had leaf certificates with subjects matching their issuer's subject, the bug was triggered. includes newly written tests for EncodeX509Chain and a test for ParseSingleCertificateChain Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2021-07-21 16:45:48 +01:00
Inteon	21bc98979e	improved ux Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>	2021-07-16 13:11:40 +02:00
Inteon	ac7775bdb4	made errors human readable, added unit tests, added check api to e2e, fixed os.Exit(1) Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>	2021-07-15 16:50:31 +02:00
Inteon	5458173739	Add kubectl 'cert-manager check api' command Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>	2021-07-15 16:50:31 +02:00
Maël Valais	42e65c3694	linter party: duplicate import of k8s.io/api/core/v1 (ST1019) Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-06 12:51:01 +02:00
joshvanl	943f9abdb1	Minor comment and error message changes Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-06-30 18:09:32 +01:00
joshvanl	b237b5c222	Changes comment for duration annotation parsing Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-06-29 14:34:30 +01:00
joshvanl	f5b609e446	Adds Vault CertificateSigningRequest Issuer controller Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-06-29 09:11:43 +01:00
joshvanl	78a6df1ebd	Fix util/pki test which relied on hardcoded CSR common name Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-06-15 17:58:34 +01:00
Anner J. Bonilla	9546a357a5	Add support for certificates with ed25519 private keys Note that using ed25519 on the public internet is not currently recommended, since it's not widely supported. You'd likely not be able to use an Ed25519 cert with an ACME issuer today. Ed25519 certs might be useful for internal PKI, though - an ed25519 CA issuer, say - or for testing ed25519 certs before they become more widely available on the public internet. They're not currently supported by Vault, Venafi or ACME (Letsencrypt) issuers. Signed-off-by: Anner J. Bonilla <abonilla@hoyosintegrity.com> Signed-off-by: Anner J. Bonilla <annerjb@gmail.com> Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2021-06-14 11:17:35 +01:00
joshvanl	acc5431f1b	Fix signernames to allow clusterissuers with dots in name Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-05-28 10:13:00 +01:00
joshvanl	9e1b0342d0	Updates with review comments Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-05-27 18:48:50 +01:00
joshvanl	c5c206cace	Adds base CertificateSigningRequest cert-manager controller Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-05-27 00:23:50 +01:00
joshvanl	b38519fe66	Adds kube certificates v1 API utils Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-05-27 00:18:29 +01:00
jetstack-bot	96ea5e51d4	Merge pull request #3985 from JoshVanL/parse-certificate-chain-ca Parse certificate chain CA Issuer	2021-05-13 13:23:14 +01:00
jetstack-bot	595d753339	Merge pull request #3982 from JoshVanL/parse-certificate-chain Change Vault Issuer to construct the certificate chain to populate the CertificateRequest CA with the root most cert.	2021-05-12 17:34:13 +01:00
joshvanl	58a25314f7	Changes CR CA controller to use ECDSA keys Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-05-12 15:07:25 +01:00
joshvanl	d327d40297	Updates SignCSRTemplate to use ParseCertificateChain Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-05-12 14:22:59 +01:00
joshvanl	9622b664bf	Adds SecretTLSKeyPairAndCA to parse a certificate chain and CA from a target Secret Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-05-12 14:22:59 +01:00
joshvanl	68aeb330b7	Change ParseCertificateChain to ParseSingleCertificateChain to show intention better Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-05-12 14:12:06 +01:00
Jake Sanders	423e82b65b	Revert "Merge pull request #3939 from JoshVanL/istio-api-to-internal-apis" This reverts commit `f2a74ade5e`, reversing changes made to `7ff54e61e9`. Signed-off-by: Jake Sanders <i@am.so-aweso.me>	2021-05-11 14:50:23 +01:00
joshvanl	88693435b8	Change ParseCertificateChain test func to use ECDSA keys to speed up runtime Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-05-10 19:13:31 +01:00
joshvanl	744906ebaf	Adds ParseCertificateChain to parse and test a pem bundle to ensure its a valid flat chain. Returns a chain and optional CA Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-05-10 19:06:21 +01:00
Jake Sanders	bb519a59b9	Log a message when test framework fails to parse cover profile flag Signed-off-by: Jake Sanders <i@am.so-aweso.me>	2021-05-05 16:40:16 +01:00
Jake Sanders	2390264fd4	staticcheck: package "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1" is being imported more than once (ST1019) Signed-off-by: Jake Sanders <i@am.so-aweso.me>	2021-05-04 15:05:32 +01:00
Jake Sanders	741df8cbe7	errcheck: flag.CommandLine.Parse is not checked Signed-off-by: Jake Sanders <i@am.so-aweso.me>	2021-05-04 14:30:47 +01:00
joshvanl	c5e2184a4a	Moves /pkg/internal/apis/istio to /pkg/internal/istio Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-04-29 12:31:57 +01:00
joshvanl	01716e2907	Fixes stutter: istio.IsIstioInstalled -> istio.IsInstalled Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-04-29 11:42:21 +01:00
joshvanl	00ceff3421	Update bazel Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-04-29 11:36:49 +01:00
joshvanl	3af22cf6c6	Move istio util duncs to pkg/util/istio Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-04-29 11:35:41 +01:00
Erik Godding Boye	249ec4fe8b	Add unit tests for pki.SignCSRTemplate Signed-off-by: Erik Godding Boye <egboye@gmail.com> Co-authored-by: Maël Valais <mael@vls.dev>	2021-04-23 15:14:33 +02:00
Erik Godding Boye	b514a74d0a	fix #3619 : Handle CA issuer working as intermediate correctly Signed-off-by: Erik Godding Boye <egboye@gmail.com>	2021-04-22 18:43:33 +02:00
Ashley Davis	3df1173a22	fix incorrect comparison function for public keys also adds/improves doc comments on related functions, and adds tests of comparisons RSA keys and ECDSA keys. these tests failed as expected before the function was changed, e.g.: ```text Executing tests from //pkg/util/pki:go_default_test --------------------------------------------------- --- FAIL: TestPublicKeysEqualECDSA (0.00s) generate_test.go:492: got an incorrect match from different curves: pub1 type: "P-256" pub2 type: "P-521" --- FAIL: TestPublicKeysEqualRSA (0.00s) generate_test.go:560: got an incorrect match from different RSA keys: pub1: &rsa.PublicKey{N:2293...<snip>...8869, E:65537} pub2: &rsa.PublicKey{N:2293...<snip>...8869, E:3} ``` Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2021-04-22 16:07:18 +01:00
Maël Valais	f56db9f93d	Revert "Handle CA issuer working as intermediate" (#3847 ) As discussed in #3847, I went too fast and /lgtm from my bed. That led to having a piece of code that could potentially break people's cert-manager deployments. Our plan is to have the same PR re-opened so that we can have it released for v1.4 (due on Friday 11 June 2021 as per our timeline). Signed-off-by: Maël Valais <mael@vls.dev>	2021-04-07 10:25:31 +02:00
Erik Godding Boye	bbafeeef67	fix #3619 : Handle CA issuer working as intermediate correctly Signed-off-by: Erik Godding Boye <egboye@gmail.com>	2021-04-06 19:45:48 +02:00
Ashley Davis	ef5aa91f35	improve comment to match the function definition Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2021-03-19 13:59:33 +00:00
Ashley Davis	b246c92a45	clarify exact curve types of current ECDSA keys it's conceivable that in the future we could have Ed25519 certs, which would also have a key size of 256 but would be a new named entry here Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2021-03-19 13:59:30 +00:00
Josh Soref	895cb51ed9	spelling: nonexistent Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>	2021-03-04 13:04:38 -05:00
Mitsuo Heijo	ffa79f6b8d	Fix build on go1.16 Signed-off-by: Mitsuo Heijo <mitsuo.heijo@gmail.com>	2021-02-26 22:47:56 +09:00
Maartje Eyskens	7078a5c7b8	Rename the User Agent fields Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-12-15 17:25:18 +01:00
Maartje Eyskens	ab0cd57dc5	Use The cert-manager Authors. Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-12-11 19:04:13 +01:00
Maartje Eyskens	1788a9d758	Update copyright to cert-manager project Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-12-08 19:04:49 +01:00
Mateusz Gozdek	27fa2f1ec4	Fix various typos found by codespell Found by running this command: codespell -S .git,*.png,go.sum -L keypair,iam,ans,unknwon,tage,ths,creater Signed-off-by: Mateusz Gozdek <mgozdekof@gmail.com>	2020-11-07 14:55:13 +01:00
Raphaël Pinson	b2d719d6c3	Add encode_usages_in_request to Certificate spec (fix #3301 ) Signed-off-by: Raphaël Pinson <raphael.pinson@camptocamp.com>	2020-10-16 15:40:32 +02:00
Maartje Eyskens	52bda8a33f	Fix validation in CSR Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-10-08 15:24:56 +02:00
jetstack-bot	4a13dd72f3	Merge pull request #3279 from meyskens/fix-double-signing-validation Fix double "signing" KU validation	2020-09-22 10:27:51 +01:00
Maartje Eyskens	e01bf377de	Split out logic Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-09-17 14:46:23 +02:00
Maartje Eyskens	ce8ca4ca20	Fixes validation when teh 2 signing keys are set Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-09-14 11:05:44 +02:00
Maartje Eyskens	e989384c96	Update tests Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-09-07 09:30:11 +02:00
Maartje Eyskens	8d15ec6bc8	Only encode EKUs if there are EKUs to be encoded Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-09-07 09:00:53 +02:00
Lars Lehtonen	ae8afe2257	pkg/util/pki: fix dropped errors Signed-off-by: Lars Lehtonen <lars.lehtonen@gmail.com>	2020-09-03 19:32:24 -07:00
Maartje Eyskens	3154be722c	Implement feedback Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-08-25 14:44:43 +02:00
Maartje Eyskens	abb56fb0b5	Add CSR validation Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-08-25 10:39:24 +02:00
Maartje Eyskens	f6610fb744	Support key usages Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-08-24 20:10:01 +02:00
Maartje Eyskens	0e17b9d237	Add boilerplate Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-08-24 11:21:41 +02:00
Maartje Eyskens	d15054e4ea	Add extended key usages into CSR Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-08-24 10:22:58 +02:00
Richard Wall	01b5d0fa88	Fix tests in ./pkg/controller/certificates/... Signed-off-by: Richard Wall <richard.wall@jetstack.io>	2020-08-20 14:28:06 +01:00
Richard Wall	81eb53f597	./hack/update-all.sh Signed-off-by: Richard Wall <richard.wall@jetstack.io>	2020-08-20 14:28:06 +01:00
Richard Wall	a70298180a	Run a script to update v1alpha2 usage to v1 Script is available at https://github.com/jetstack/cert-manager/pull/3201 Signed-off-by: Richard Wall <richard.wall@jetstack.io>	2020-08-20 14:26:51 +01:00
Maartje Eyskens	9dd00905e9	Update klog Signed-off-by: Maartje Eyskens <maartje@eyskens.me> klog v2 Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-08-12 10:59:41 +02:00
JoshVanL	49ee468161	Adds integration test for issuer controller secret annotations, and fixes GenerateTempalate func Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>	2020-08-06 11:08:13 +01:00
Haoxiang Zhou	4f26537ff7	Set visibility to public Signed-off-by: Haoxiang Zhou <haoxiang.zhou@jetstack.io>	2020-07-02 16:12:47 +01:00
Haoxiang Zhou	fe80b7d760	Moved predicate package to pkg/util Signed-off-by: Haoxiang Zhou <haoxiang.zhou@jetstack.io>	2020-07-02 12:23:15 +01:00
James Munnelly	1adfe16690	Bulk fix of non-test staticcheck failures Signed-off-by: James Munnelly <james@munnelly.eu>	2020-06-26 12:25:08 +01:00
Haoxiang Zhou	5bcea49921	Issuing controller encodes private keys to PKCS1/PKCS8 as requested by user Signed-off-by: Haoxiang Zhou <haoxiang.zhou@jetstack.io>	2020-06-18 15:26:14 +01:00
James Munnelly	9cb68d1d91	Remove serverAuth default usage & remove unused DefaultKeyUsage functions Signed-off-by: James Munnelly <james@munnelly.eu>	2020-04-30 15:57:12 +01:00
James Munnelly	212ef42a66	util/pki: allow certificates only specifying IP, URI or Email SANs to be signed Signed-off-by: James Munnelly <james@munnelly.eu>	2020-04-21 09:49:32 +01:00
JoshVanL	a6a8ee29e3	Moves issuing controller secret handler into secretsManager struct Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>	2020-04-15 16:16:08 +01:00
James Munnelly	75c8fcef8c	pkg/util: add EqualKeyUsagesUnsorted function Signed-off-by: James Munnelly <james@munnelly.eu>	2020-04-15 12:26:21 +01:00
James Munnelly	8b3b9dc5eb	Remove defaulting of Organization name Signed-off-by: James Munnelly <james@munnelly.eu>	2020-04-15 12:25:29 +01:00
jetstack-bot	fba7b09ac8	Merge pull request #2725 from JoshVanL/ctl-version cert-manager-ctl CLI with version	2020-04-08 12:45:15 +01:00
JoshVanL	49d3bde7eb	Move cmd signal handler into shared util Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>	2020-04-02 11:02:33 +01:00
James Munnelly	e36c1acf1c	Add '-ubi' suffix to AppVersion in UBI artifacts Signed-off-by: James Munnelly <james@munnelly.eu>	2020-04-01 19:34:34 +01:00
JoshVanL	19bc4734b6	Adds cert-manager-ctl with version command Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>	2020-04-01 18:54:19 +01:00
James Munnelly	acff2b12bb	Fix JKS keystore functionality and add additional tests Signed-off-by: James Munnelly <james@munnelly.eu>	2020-03-23 10:02:42 +00:00
jetstack-bot	00b101de76	Merge pull request #2597 from meyskens/emailsans Add Email SANs	2020-03-03 16:31:56 +00:00
Maartje Eyskens	1c27fcb8d9	Fix CSR validation for Email SANs Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-03-03 15:02:51 +01:00
Josh Soref	126edc1095	spelling: convenient Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>	2020-02-24 16:32:23 -05:00
Maartje Eyskens	d3a623314c	Add EmailSANs field Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-02-21 08:49:00 +01:00
James Munnelly	22f4f1e1f2	Add release-tars targets to construct cert-manager release artifacts Signed-off-by: James Munnelly <james@munnelly.eu>	2020-01-30 21:02:58 +00:00
Joshua Mathianas	39cc63a205	resolve failing unit tests Signed-off-by: Joshua Mathianas <mathianasj@gmail.com>	2020-01-16 11:34:44 -05:00
Joshua Mathianas	b096e0f0af	Made requested changes from review Signed-off-by: Joshua Mathianas <mathianasj@gmail.com>	2020-01-16 09:41:16 -05:00
Joshua Mathianas	e33e28c4fd	add backwards compatability for using existing common name or organization if x509name ones are not set add ability to specify more subject attributes for csr Signed-off-by: Joshua Mathianas <mathianasj@gmail.com>	2020-01-16 07:50:26 -05:00
James Munnelly	361fdfac3f	Don't log misleading error messages Signed-off-by: James Munnelly <james@munnelly.eu>	2019-12-16 16:31:18 +00:00
James Munnelly	f3a58ed991	webhook: register pprof http handlers Signed-off-by: James Munnelly <james@munnelly.eu>	2019-12-10 16:54:15 +00:00
jetstack-bot	1793e7b573	Merge pull request #2236 from munnerz/covered-images Add Bazel image targets with coverage enabled	2019-11-14 10:54:09 +00:00
JoshVanL	d38abbe23a	Update csr_test.go to include server auth key usage Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>	2019-11-11 13:19:25 +00:00
JoshVanL	a03560b93a	Updates tests to ensure that key usages are correctly checked Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>	2019-11-05 14:22:25 +00:00
chenjun.cj	fe6e446f43	enable cert-manager using --kubeconfig to connect API Server with kubeconfig file Signed-off-by: chenjun.cj <chenjun.cj@alibaba-inc.com>	2019-10-17 12:14:28 +08:00
James Munnelly	5057da1b89	Add Bazel image targets with coverage enabled Signed-off-by: James Munnelly <james@munnelly.eu>	2019-10-16 08:59:24 +01:00
JoshVanL	7965be9b41	Adds from comments Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>	2019-10-02 17:48:37 +01:00
JoshVanL	13b0584838	Change behaviour to be more relaxed around common names Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>	2019-10-02 17:48:37 +01:00
JoshVanL	88cadca433	Adds proper checking for common name in e2e tests Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>	2019-10-02 17:48:37 +01:00
JoshVanL	dd7213866f	Adds validation for URIs to certificate validation Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>	2019-10-02 17:48:37 +01:00
JoshVanL	832e20ae29	Adds URISANs field to Certificate Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>	2019-10-02 17:48:37 +01:00
JoshVanL	4eb6335c76	Support out of tree issuers in ingress-shim Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>	2019-09-27 13:54:39 +01:00
James Munnelly	973f4aa424	Update codebase for external dependencies Signed-off-by: James Munnelly <james@munnelly.eu>	2019-09-26 12:52:43 +01:00
James Munnelly	58754abf37	Refactor codebase for v1alpha2 Signed-off-by: James Munnelly <james@munnelly.eu>	2019-09-20 16:22:43 +01:00
stuart.warren	7eb1e34e48	feat: enable certificate keyusages Enable users to request x509 key usages and extended key usages when defining a certificate or certificate signing request fixes: #301 Signed-off-by: stuart.warren <stuart.warren@ocado.com>	2019-08-31 01:00:00 +01:00

1 2 3 4 5 ...

358 Commits