weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
6,410 Commits 45 Branches 0 Tags 96 MiB
5019aaacfc
Commit Graph

1167 Commits

Author SHA1 Message Date
joshvanl
38084fb719 Update secret manager to include additional output formats 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:40:12 +00:00
joshvanl
b6e499a317 Fix comment and add comment about forcing apply 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
196d0011ca Remove SecretTemplate controller and move logic into issuing controller 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
64d78c6e10 Update certificates controller with new secret manager signatures and 
tests

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
c5f101525c Update certificates controller secrets manager since feature gate is 
removed

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
7a4be1edfd Copy across an existing secret type in secrets manager since that field 
is immutable.

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
a56b6a8596 Fix CA injector test to only create a Secret of type kubernetes.io/tls 
since that field is immutable, and shouldn't change from Opaque

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
95ee9ee031 Force apply secrets manager if a field has a conflict with the owner 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
5660b80888 Gix golang references to feature gate package 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
d6fb5138f2 Re-add crd-certificates.yaml 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
af360ee9b3 Fix some test func names and some comments. Replaces DeDuplicate in 
SecretTemplate controller to use sets.Strings. Removes DeDuplicate func

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
ebc4cba48c Make secretsmanager if statement blocks prettier 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
54c00afb13 Fix comments in secretsmanager 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
957bc0a081 Create InitWithRESTConfig() in controller test context builder to not 
change existing Init() consumers

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
760254848b Make RestConfig nil in acmechallenges sync_test.go 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
8b501d7d54 Also don't reconcile Certificates in SecretTemplate controller if 
Issuing=True

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
1319f2a5fb Adds the certificates SecretTemplate controller to reconcile ready 
Certificate's Secrets on SecretTemplate changes

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
de4522d883 Update certificates secret manager to Apply managed fields when the 
apply feature is enabled

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
685dd79c0c Makes some minor API naming changes, and clears up some docs around the 
Certifcate's additional output formats.

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-14 20:00:26 +00:00
Thierry Sallé
7f8641dd94 [additionalOutputFormats] Update comments and add more tests 
Signed-off-by: Thierry Sallé <seuf76@gmail.com>
 2022-01-14 11:10:32 +01:00
Thierry
81f308221b Add certifcate additionalOutputFormats parameter 
DER Format to create key.der binary format of the private key.

CombinedPEM Format to create tls-combined.pem containing tls.key + tls.crt.

Added Unit and e2e tests for secret with Additional output format.

Feature flag AdditionalCertificateOutputFormats to enable feature.

Signed-off-by: Thierry Sallé <seuf76@gmail.com>
 2022-01-14 11:10:32 +01:00
jetstack-bot
778be75841
Merge pull request #4697 from irbekrm/valid_orders_update 
Don't fail an order that has been finalized, but the status has not been synced to Order CR
 2022-01-12 08:10:03 +00:00
irbekrm
e7cc37ef71 Code review feedback 
Signed-off-by: irbekrm <irbekrm@gmail.com>

Co-authored-by: Maël Valais <mael@vls.dev>
 2022-01-11 18:09:44 +00:00
jetstack-bot
fa321b6a4b
Merge pull request #4287 from linka-cloud/acme-http-challenge-cutomer-dns 
Acme http challenge custom dns
 2022-01-11 11:24:03 +00:00
irbekrm
24866544b8 Ensures that if alternate cert chain is specified, it is retrieved 
Ensures that if the cert is retrieved in a reconcile following the one that finalized the ACME order, the alternate cert chain is still respected, if specified by user

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-01-11 10:51:14 +00:00
irbekrm
de8aa2583e Ensures that ACME orders controller does not create new order if it failed to update old order's status to valid 
Check the status of the ACME order if finalizing order failed to catch edge cases where the order is already finalized, but the updating of Order CR's status has failed

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-01-11 10:51:14 +00:00
jetstack-bot
2e465fbf34
Merge pull request #4628 from irbekrm/sync_cleanup 
Order sync cleanup
 2022-01-10 20:27:04 +00:00
James Munnelly
9c04a04c7c Move feature package into internal/controller 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-01-07 12:17:36 +00:00
Adphi
3375fa0609
http01: add custom nameservers support (#4286) 
Signed-off-by: Adphi <philippe.adrien.nousse@gmail.com>
 2022-01-06 21:02:46 +01:00
jetstack-bot
019d64edcf
Merge pull request #4688 from irbekrm/renew_failed 
Fixes a bug where a previous failed CertificateRequest was picked up during next issuance
 2022-01-04 15:08:31 +00:00
irbekrm
0a4617e582 Fix staticcheck error 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-01-04 10:11:04 +00:00
irbekrm
fac6622f5e Delete CertificateRequest that failed during previous issuance if we are re-issuing for the same revision 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-12-22 14:54:55 +00:00
irbekrm
ff67b2a9a0 Ignore failed CRs for previous issuance in certificates-issuing controller 
Issuing controller should only look at 'current' CertificateRequests

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-12-22 14:51:25 +00:00
James Munnelly
81f22fd49c Upgrade k8s.io dependencies to v0.23.1 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-12-17 16:27:47 +00:00
joshvanl
d5503c2ed2 Change certificates controller to no longer error for a Certificate that 
no longer exists

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-11-30 15:13:14 +00:00
irbekrm
e48846132b Add a couple new test cases for order finalization 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-11-26 16:32:02 +00:00
irbekrm
4aee0a4acd Reduce a few calls to ACME server 
Ensure that when updating cert-manager Order CR's status from an existing ACME Order only one call will be made to retrieve the ACME Order

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-11-26 16:31:27 +00:00
irbekrm
e66c6a04d4 Fixes a typo in finalizeOrders 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-11-26 16:30:25 +00:00
irbekrm
7739497f22 Don't process Order CRs that have failed 
Ensure that cert-manager does not attempt to create new ACME Orders for cert-manager Order CRs that are in failed (errored, invalid or expired) state. If the CertificateRequest was created from a Certificate, the issuance will be retried after 1 hour

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-11-23 15:34:35 +00:00
Krzysztof Ostrowski
e35cb361c8
add comments to satisfy linter 
Signed-off-by: Krzysztof Ostrowski <kostrows@redhat.com>
Co-authored-by: Irbe Krumina <irbekrm@gmail.com>
 2021-11-04 18:15:46 +01:00
Igor Zibarev
f9ceb8a73e Fix some lint issues regarding comments 
References issue #4457

Signed-off-by: Igor Zibarev <zibarev.i@gmail.com>
 2021-11-02 13:57:20 +03:00
Jake Sanders
486fc49545
Add fuzzing unit tests for JKS passwords 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-10-29 15:12:51 +01:00
James Munnelly
e7dea9f2a2 Replace all references to pkg/internal with internal 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-10-21 12:27:04 +01:00
irbekrm
598ed35e4a Uses go/crypto ListCertAlternates function to fetch alternative certificate chains 
This allows us to use upstream go/crypto again instead of our own fork

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-10-07 15:21:26 +01:00
Richard Wall
5d91f0a3c4 Fix flaky test by using EqualUnsorted to compare Events 
Supplants https://github.com/jetstack/cert-manager/pull/4297

Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-10-01 12:41:15 +01:00
irbekrm
7e9753c92e Fix CertificateRequest test 
In Go 1.17 x509.CreateCertificate fails if public key doesn't match private key https://golang.org/doc/go1.17

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-09-30 10:08:40 +01:00
joshvanl
f21a947523 Adds comment as to why the GetAuthorization is called instead of 
GetChallenge

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-09-16 14:44:38 +01:00
joshvanl
f83f02cc8b Replace GetChallenge call in acmechallenge controller to 
GetAuthorization

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-09-15 16:05:37 +01:00
George Moldoveanu
b94b678f6d
reinstated keystore.go comment 
Signed-off-by: George Moldoveanu <mol.george@gmail.com>
 2021-09-10 13:33:46 +01:00
George Moldoveanu
563aeb1789
fixed keystore.go and keystore_test.go modules imports 
Signed-off-by: George Moldoveanu <mol.george@gmail.com>
 2021-09-10 13:28:45 +01:00