weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
6,395 Commits 45 Branches 0 Tags 96 MiB
5660b80888
Commit Graph

2727 Commits

Author SHA1 Message Date
joshvanl
5660b80888 Gix golang references to feature gate package 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
d6fb5138f2 Re-add crd-certificates.yaml 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
af360ee9b3 Fix some test func names and some comments. Replaces DeDuplicate in 
SecretTemplate controller to use sets.Strings. Removes DeDuplicate func

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
ebc4cba48c Make secretsmanager if statement blocks prettier 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
54c00afb13 Fix comments in secretsmanager 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
957bc0a081 Create InitWithRESTConfig() in controller test context builder to not 
change existing Init() consumers

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
760254848b Make RestConfig nil in acmechallenges sync_test.go 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
8b501d7d54 Also don't reconcile Certificates in SecretTemplate controller if 
Issuing=True

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
43c72dd490 Update Certificates SecretTemplate API comments 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
1319f2a5fb Adds the certificates SecretTemplate controller to reconcile ready 
Certificate's Secrets on SecretTemplate changes

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
de4522d883 Update certificates secret manager to Apply managed fields when the 
apply feature is enabled

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
e3141f9ad1 Adds PrefixForUserAgent and DeDuplicate util functions 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
685dd79c0c Makes some minor API naming changes, and clears up some docs around the 
Certifcate's additional output formats.

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-14 20:00:26 +00:00
Thierry Sallé
7f8641dd94 [additionalOutputFormats] Update comments and add more tests 
Signed-off-by: Thierry Sallé <seuf76@gmail.com>
 2022-01-14 11:10:32 +01:00
Thierry
81f308221b Add certifcate additionalOutputFormats parameter 
DER Format to create key.der binary format of the private key.

CombinedPEM Format to create tls-combined.pem containing tls.key + tls.crt.

Added Unit and e2e tests for secret with Additional output format.

Feature flag AdditionalCertificateOutputFormats to enable feature.

Signed-off-by: Thierry Sallé <seuf76@gmail.com>
 2022-01-14 11:10:32 +01:00
jetstack-bot
f1813d0368
Merge pull request #4730 from SgtCoDFish/movednstest 
move RFC2136 DNS01 tests to test/integration
 2022-01-13 11:10:04 +00:00
jetstack-bot
4d5058a92e
Merge pull request #4728 from SgtCoDFish/moveversionchecker 
Move versionchecker tests to test/integration
 2022-01-13 10:18:36 +00:00
Ashley Davis
92f78e8f8d
move RFC2136 DNS01 tests to test/integration 
Since this test requires setup before it can successfully run,
we define it as an integration test and move it here so that on a
fresh checkout a user can always run `go test ./pkg/...` and expect that
it would succeed.

Also:

- tweaks some comments
- adds methods for getting nameserver / tsig algorithm from DNSProvider

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-01-12 16:00:10 +00:00
Ashley Davis
93f868b3bc
move versionchecker tests to test/integration 
Since this test requires setup before it can successfully run,
we define it as an integration test and move it here so that on a
fresh checkout a user can always run `go test ./pkg/...` and expect that
it would succeed.

Also involves:

- Exporting the VersionChecker and adding NewWithConfig to enable
  testing
- Some comment changes
- A change to the type returned by New(); see
  https://github.com/golang/go/wiki/CodeReviewComments#interfaces

Ideally I'd not add `NewFromClient` but I think it's the most minimal
change and is preferable to publicly exporting `VersionChecker.client`.

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-01-12 14:21:53 +00:00
jetstack-bot
778be75841
Merge pull request #4697 from irbekrm/valid_orders_update 
Don't fail an order that has been finalized, but the status has not been synced to Order CR
 2022-01-12 08:10:03 +00:00
irbekrm
e7cc37ef71 Code review feedback 
Signed-off-by: irbekrm <irbekrm@gmail.com>

Co-authored-by: Maël Valais <mael@vls.dev>
 2022-01-11 18:09:44 +00:00
jetstack-bot
fa321b6a4b
Merge pull request #4287 from linka-cloud/acme-http-challenge-cutomer-dns 
Acme http challenge custom dns
 2022-01-11 11:24:03 +00:00
irbekrm
24866544b8 Ensures that if alternate cert chain is specified, it is retrieved 
Ensures that if the cert is retrieved in a reconcile following the one that finalized the ACME order, the alternate cert chain is still respected, if specified by user

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-01-11 10:51:14 +00:00
irbekrm
de8aa2583e Ensures that ACME orders controller does not create new order if it failed to update old order's status to valid 
Check the status of the ACME order if finalizing order failed to catch edge cases where the order is already finalized, but the updating of Order CR's status has failed

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-01-11 10:51:14 +00:00
jetstack-bot
2e465fbf34
Merge pull request #4628 from irbekrm/sync_cleanup 
Order sync cleanup
 2022-01-10 20:27:04 +00:00
jetstack-bot
c68e78c510
Merge pull request #4702 from devholic/fix-multiple-dns-provider 
Install APIGroup once for multiple DNS providers
 2022-01-10 11:25:04 +00:00
Sunghoon Kang
47d07e85de
Add test for creating ChallengeServer with solvers 
Signed-off-by: Sunghoon Kang <hoon@linecorp.com>
 2022-01-08 22:55:21 +09:00
Adphi
a131eda198
acme-http: add reachability tests 
Signed-off-by: Adphi <philippe.adrien.nousse@gmail.com>
 2022-01-08 12:37:41 +01:00
James Munnelly
ea2d04e2c0 Add webhook-specific 'feature' package and wire it up through config 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-01-07 12:17:38 +00:00
James Munnelly
9c04a04c7c Move feature package into internal/controller 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-01-07 12:17:36 +00:00
Adphi
0f9b47b4f0
acme-http: use Go built-in resolver 
Signed-off-by: Adphi <philippe.adrien.nousse@gmail.com>
 2022-01-06 22:34:05 +01:00
Adphi
c9bc776b49
acme-http: fix tests 
Signed-off-by: Adphi <philippe.adrien.nousse@gmail.com>
 2022-01-06 21:37:04 +01:00
Adphi
498c496053
acme-http: fix bazel 
Signed-off-by: Adphi <philippe.adrien.nousse@gmail.com>
 2022-01-06 21:02:51 +01:00
Adphi
3375fa0609
http01: add custom nameservers support (#4286) 
Signed-off-by: Adphi <philippe.adrien.nousse@gmail.com>
 2022-01-06 21:02:46 +01:00
James Munnelly
8ff84e8b70 Re-organise and extend path loading logic to make it easier to run integration tests using Delve/GoLand 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-01-06 15:22:39 +00:00
jetstack-bot
97c4b7b8d3
Merge pull request #4705 from SgtCoDFish/goimports 
Three small goimports fixes against current HEAD
 2022-01-04 17:40:31 +00:00
Ashley Davis
727e29a747
three small goimports fixes against current HEAD 
rather than using the default suggested `v1` names for some imports, we
use more descriptive names

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-01-04 16:05:42 +00:00
jetstack-bot
019d64edcf
Merge pull request #4688 from irbekrm/renew_failed 
Fixes a bug where a previous failed CertificateRequest was picked up during next issuance
 2022-01-04 15:08:31 +00:00
irbekrm
0a4617e582 Fix staticcheck error 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-01-04 10:11:04 +00:00
Sunghoon Kang
bfe3210ccc
Install APIGroup once for multiple DNS providers 
If we register multiple DNS providers while running the webhook server,
it will cause an unexpected exit with 'WebService with duplicate root
path detected' error. This issue happens because the root path of each
DNS provider is equal since they share the group name.

This commit installs APIGroup once for multiple DNS providers by
extracting apiGroupInfo variable and InstallAPIGroup call from solver
(DNS provider) loop in ChallengeServer constructor.

Signed-off-by: Sunghoon Kang <hoon@linecorp.com>
 2022-01-04 00:50:23 +09:00
irbekrm
fac6622f5e Delete CertificateRequest that failed during previous issuance if we are re-issuing for the same revision 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-12-22 14:54:55 +00:00
irbekrm
ff67b2a9a0 Ignore failed CRs for previous issuance in certificates-issuing controller 
Issuing controller should only look at 'current' CertificateRequests

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-12-22 14:51:25 +00:00
James Munnelly
5d7df17a24 pkg/webhook/authority: extract logger from context 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-12-17 18:52:26 +00:00
James Munnelly
bdb06ae55b Fix failing unit test 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-12-17 18:32:27 +00:00
James Munnelly
29c797cfb4 Run update-codegen.sh 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-12-17 18:13:44 +00:00
James Munnelly
81f22fd49c Upgrade k8s.io dependencies to v0.23.1 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-12-17 16:27:47 +00:00
Richard Wall
36c4de9881 Update import paths 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-12-16 11:11:04 +00:00
Richard Wall
17a2ec5198 update-bazel.sh 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-12-16 11:11:04 +00:00
Richard Wall
1fc14676f6 Move deprecated type definitions to the internal package 
find pkg/apis/{acme,certmanager} -mindepth 1 -maxdepth 1 -not -name v1  -type d | while read d; do v=$(basename $d); g=$(basename $(dirname $d)); git mv -k $d/*.go internal/apis/$g/$v/; done

find pkg/apis/{acme,certmanager} -mindepth 1 -maxdepth 1 -not -name v1  -type d | while read d; do v=$(basename $d); g=$(basename $(dirname $d)); git rm -rf $d/; done

Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-12-16 11:11:04 +00:00
Richard Wall
2c16d49c8c ./hack/update-bazel.sh 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-12-15 16:41:15 +00:00