weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
8,918 Commits 45 Branches 0 Tags 96 MiB
4cec43bf93
Commit Graph

3489 Commits

Author SHA1 Message Date
Richard Wall
4cec43bf93 Add metrics server to the cainjector 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2024-07-23 12:35:50 +01:00
Richard Wall
e21a57a88c Enable metrics server on the webhook 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2024-07-19 17:04:52 +01:00
cert-manager-prow[bot]
5f003f25a7
Merge pull request #7177 from eplightning/fix-azure-npe 
fix: Handle case of Azure returning auth error
 2024-07-18 18:17:10 +00:00
Miguel Varela Ramos
46f3f043df
fix: add boilerplate to test file 
Signed-off-by: Miguel Varela Ramos <miguel@cohere.ai>
 2024-07-18 11:58:24 +01:00
Miguel Varela Ramos
8a8df8a3c7
fix: do not present challenge for Gateway API if feature not enabled 
Signed-off-by: Miguel Varela Ramos <miguel@cohere.ai>
 2024-07-18 11:54:58 +01:00
Miguel Varela Ramos
f357097eb6
revert: remove override for generate name 
Signed-off-by: Miguel Varela Ramos <miguel@cohere.ai>
 2024-07-17 17:57:33 +01:00
Miguel Varela Ramos
8d2aac9ac1
fix: httproute spec deep equal 
Signed-off-by: Miguel Varela Ramos <miguel@cohere.ai>
 2024-07-17 12:23:30 +01:00
Miguel Varela Ramos
8ffe2640c3
fix: add missing hyphen to generateName 
Signed-off-by: Miguel Varela Ramos <miguel@cohere.ai>
 2024-07-17 11:40:17 +01:00
Miguel Varela Ramos
767725861a
test: check for httproute clean-up 
Signed-off-by: Miguel Varela Ramos <miguel@cohere.ai>
 2024-07-17 11:39:51 +01:00
Miguel Varela Ramos
dc100b4cfc
test: add test for multiple httproute resources 
Signed-off-by: Miguel Varela Ramos <miguel@cohere.ai>
 2024-07-16 22:03:49 +01:00
Bartosz Slawianowski
30d4fce8a8 Add test case 
Signed-off-by: Bartosz Slawianowski <bartosz.slawianowski@natzka.com>
 2024-07-16 18:28:06 +02:00
Miguel Varela Ramos
35e5e12d26
test: add test for ensureGatewayHTTPRoute 
Signed-off-by: Miguel Varela Ramos <miguel@cohere.ai>
 2024-07-16 16:40:04 +01:00
Miguel Varela Ramos
937fc856b6
fix: checkAndUpdateGatewayHTTPRoute function 
Signed-off-by: Miguel Varela Ramos <miguel@cohere.ai>
 2024-07-16 16:40:04 +01:00
Miguel Varela Ramos
c989dfdf20
test: adds test for getHTTPRouteForChallenge 
Signed-off-by: Miguel Varela Ramos <miguel@cohere.ai>
 2024-07-16 16:40:03 +01:00
Bartosz Slawianowski
cb2731ef78 fix: Handle case of Azure returning auth error 
Signed-off-by: Bartosz Slawianowski <bartosz.slawianowski@natzka.com>
 2024-07-16 01:28:37 +02:00
cert-manager-prow[bot]
4e3c162734
Merge pull request #7108 from inteon/bugfix_aws 
BUGFIX: AWS route53: Set global region for sts
 2024-07-12 14:13:19 +00:00
Richard Wall
8f9ccf3b42 Reduce memory usage by only caching the metadata of Secret resources 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2024-07-10 10:07:18 +01:00
Tim Ramlot
c58b08e7b7
pki match: remove return values that are always nil 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-07-02 13:38:35 +02:00
Yuedong Wu
df37eba376 fix API fields description for venafi tpp 
Signed-off-by: Yuedong Wu <dwcn22@outlook.com>
 2024-07-01 20:55:51 +08:00
cert-manager-prow[bot]
50abeda40d
Merge pull request #6987 from cbroglie/renew-before-pct 
feat: Add renewBeforePercentage alternative to renewBefore
 2024-07-01 09:45:23 +00:00
Christopher Broglie
0f74d7536e Add renewBeforePercentage alternative to renewBefore 
Since the actual duration is unknown until a cert has been issued,
providing an absolute duration for renewBefore can result in accidental
renewal loops. The new renewBeforePercentage field computes the
effective renewBefore using the actual duration, allowing users to
better express intent while maintaining backwards compatibility.

Fixes #4423, resolves #5821

Signed-off-by: Christopher Broglie <cbroglie@cloudflare.com>
 2024-06-29 21:18:15 -07:00
Tim Ramlot
e906cb8db0
BUGFIX: Venafi issuer and clusterissuer checks were failing due to nilpointer exception 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-28 10:03:43 +02:00
cert-manager-prow[bot]
837c6a1e06
Merge pull request #7036 from fidelity-contributions/feature/5514-venafi-issuer-ca-ref-support 
Feature/5514 - Add SecretRef support for venafi TPP issuer CA Bundle
 2024-06-24 14:18:20 +00:00
Gabi Davar
52be4c0945
reduced go metrics to default minimum. 
Signed-off-by: Gabi Davar <grizzly.nyo@gmail.com>
 2024-06-21 15:07:57 +03:00
Gabi Davar
531b1f1d59
Expose Prometheus process and go runtime metrics. 
Signed-off-by: Gabi Davar <grizzly.nyo@gmail.com>
 2024-06-21 10:31:35 +03:00
Tim Ramlot
7572d3075f
add testcase 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-20 13:35:06 +02:00
Tim Ramlot
9e649cc8f1
only retry when encountering a Vault non-InvalidData error 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-20 13:35:02 +02:00
Tim Ramlot
cad5470a56
improve aws GetSession comments that explain when and why regions have to be set 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-19 17:15:07 +02:00
Tim Ramlot
537e71ee63
verify that the "aws-global" is used for sts in test 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-19 15:00:37 +02:00
Tim Ramlot
8cec055234
set global region when calling sts 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-19 14:51:01 +02:00
Tim Ramlot
03e1db1b77
BUGFIX: retry signing when encountering transient error 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-19 06:06:11 +02:00
cert-manager-prow[bot]
9f8707d0f8
Merge pull request #4330 from joshmue/vault_client_cert_auth 
Add client certificate auth method for Vault issuer
 2024-06-18 12:19:57 +00:00
cert-manager-prow[bot]
d44f654185
Merge pull request #7094 from inteon/upgrade_deps 
Upgrade dependencies
 2024-06-17 12:24:56 +00:00
Tim Ramlot
363a63ac96
Add client certificate authentication for Vault issuers 
Co-authored-by: Maël Valais <mael@vls.dev>
Signed-off-by: Joshua Mühlfort <muehlfort@gonicus.de>
 2024-06-17 09:16:26 +02:00
Tim Ramlot
e0cdfd37bf
introduce gen.CSRForCertificate and gen.CSRWithSignerForCertificate and use it to deduplicate test code 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-14 15:53:18 +02:00
Sankalp Yengaldas
85094e17be add error check for venafiTPP CA 
Signed-off-by: Sankalp Yengaldas <sankalp.yb@fmr.com>
 2024-06-14 05:07:44 -04:00
Tim Ramlot
8c6168b40a
replace deprecated function call 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-13 21:03:05 +02:00
Adam Talbot
934d4196ab feat: normalize azure errors 
Signed-off-by: Adam Talbot <adam.talbot@venafi.com>
 2024-06-13 14:52:28 +01:00
Tim Ramlot
18b701b73e
overhaul of startupapicheck: add checks that mutation and validation work and add extensive testing 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-05-30 15:54:08 +02:00
cert-manager-prow[bot]
a26a0a856f
Merge pull request #6821 from inteon/bump_deps 
Bump all dependencies
 2024-05-21 09:06:59 +00:00
Tim Ramlot
c1fe43efe7
bump code generators 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-05-17 19:14:03 +02:00
cert-manager-prow[bot]
055f08d67e
Merge pull request #7015 from inteon/support_duration_string 
Support duration strings in config API
 2024-05-17 13:19:52 +00:00
Tim Ramlot
085c63dd9a
apply PR feedback: add kubebuilder annotations 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-05-17 14:20:28 +02:00
cert-manager-prow[bot]
d04fecf112
Merge pull request #7014 from inteon/improve_config_validation 
Improve config validation
 2024-05-17 09:43:53 +00:00
cert-manager-prow[bot]
a9b28df5bc
Merge pull request #7030 from inteon/promote_literalsubject_to_beta 
Promote the LiteralCertificateSubject feature to Beta
 2024-05-14 17:01:51 +00:00
Tim Ramlot
e51f4a46db
update CRD field comments 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-05-14 17:49:56 +02:00
cert-manager-prow[bot]
7db560c595
Merge pull request #6351 from eplightning/azure-concurrency 
Handle multiple concurrent Azure DNS01 challenges for the same FQDN
 2024-05-14 15:43:50 +00:00
Tim Ramlot
b4dc162156
Complete validation logic for config API and obtain 100% coverage for its tests. 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-05-14 17:31:37 +02:00
Tim Ramlot
60324bcb5e
Add support for duration values in "Go time.ParseDuration" format. 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-05-14 17:31:23 +02:00
cert-manager-prow[bot]
ac287e1f26
Merge pull request #7013 from inteon/deduplicate_shared_config 
Deduplicate shared config API structs
 2024-05-14 14:28:50 +00:00