weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
917 Commits 45 Branches 0 Tags 96 MiB
61729fb96a
Commit Graph

361 Commits

Author SHA1 Message Date
jetstack-bot
61729fb96a
Merge pull request #637 from munnerz/selfsigned 
Add self signed Issuer type
 2018-06-15 14:31:33 +01:00
jetstack-bot
cb107f3b89
Merge pull request #652 from euank/r53-owner 
issuer/dns/route53: add myself as owner
 2018-06-14 12:32:36 +01:00
jetstack-bot
12d603f511
Merge pull request #629 from groner/check-acme-issuer-challenge-type 
Check the acme issuer has the challenge type configured.
 2018-06-14 11:54:37 +01:00
Euan Kemp
27b5e49732 issuer/dns/route53: add myself as owner 2018-06-12 18:32:49 -07:00
jetstack-bot
df4b493b38
Merge pull request #582 from ThatWasBrilliant/master 
FindZoneByFqdn fixes from lego
 2018-06-12 16:25:41 +01:00
James Munnelly
00e558a9e7 Fix package naming 2018-06-08 17:49:26 +01:00
James Munnelly
0c05e15024 Run hack/update-codegen.sh 2018-06-08 15:48:30 +01:00
James Munnelly
6cfdc62f6b Add self signed Issuer type 2018-06-08 15:48:30 +01:00
James Munnelly
1fd8cdf13e Create common GenerateCSR and GenerateTemplate methods for creating Certificate/CertificateRequest 2018-06-08 15:15:27 +01:00
Kai Groner
b7a8c4c623 Check the acme issuer has the challenge type configured. 2018-06-06 10:19:22 -04:00
jetstack-bot
3cafdd9401
Merge pull request #598 from euank/log-namespaces 
issuer/acme/*: log namespaces for resources
 2018-06-06 09:52:53 +01:00
jetstack-bot
c61f392163
Merge pull request #555 from paultiplady/debug/gcloud-errors 
Improve logs for CloudDNS service account errors
 2018-06-06 01:40:39 +01:00
Euan Kemp
a09e9037de issuer/acme/http: log namespaces for resources 
It's useful to know what namespace is being operated on, so log
namespaces all over the place!
 2018-05-30 20:10:17 -07:00
Euan Kemp
09a5846412 issuer/acme/http: remove unused test code 
¯\_(ツ)_/¯
 2018-05-30 20:03:00 -07:00
Euan Kemp
36b57ba475 issuer/acme/dns: log namespace for secret errors 
If we can't find the secret, the user should probably also know what
namespace we looked in.

xref #540 for a case where this might help with debugging
 2018-05-30 20:00:21 -07:00
Euan Kemp
910a9e8859 issuer/acme/dns: remove redundant 'Error' calls 2018-05-30 19:57:44 -07:00
jetstack-bot
e51edb398e
Merge pull request #587 from vdesjardins/fix-vault-panic-on-sealed 
vault: fix panic when vault is sealed or uninitialized
 2018-05-29 12:13:15 +01:00
Vincent Desjardins
37db332b46 vault: fix panic when vault is sealed or uninitialized 2018-05-29 01:36:00 +00:00
Anders Petersson
6d5b199d74
Fixed a typo in error msg. 2018-05-27 19:52:05 +02:00
Brian Hardy
e52aefb34a FindZoneByFqdn fixes from lego 2018-05-25 14:00:29 -05:00
Paul Tiplady
1089667ceb Make CloudDNS service account errors debuggable 
Improve logging in the case where the Service Account Secret is
loaded, but the Key is not found.

Previous behaviour was to fail without giving much help as to
why.

New behaviour confirms the key name and namespace/secret-name.

FIXES: 539
 2018-05-11 08:56:09 -07:00
Krzysztof Nazarewski
dfe0a5ebd4
typo fix 2018-05-10 12:49:48 +02:00
jetstack-bot
0bb19e9453
Merge pull request #546 from munnerz/cloudflare-idempotent 
Update Cloudflare provider to be idempotent when calling Present
 2018-05-09 16:18:19 +01:00
James Munnelly
707a113870 Update Cloudflare provider to be idempotent when calling Present 2018-05-09 14:45:11 +01:00
jetstack-bot
8d1cad422e
Merge pull request #545 from munnerz/acme-v01-warning 
Set Issuer ready condition to false if ACMEv1 endpoints are used
 2018-05-09 14:40:19 +01:00
James Munnelly
3fc74f7f86 Set Issuer ready condition to false if ACMEv1 endpoints are used 2018-05-09 14:17:20 +01:00
jetstack-bot
f78feb6e68
Merge pull request #530 from vdesjardins/fix-vault-approle 
rename fields in Vault appRole credentials
 2018-05-09 14:15:19 +01:00
James Munnelly
a597c02701 Fix panic in shouldAttemptValidation 2018-05-09 12:11:41 +01:00
Vincent Desjardins
b256e02a98 rename fields in Vault appRole credentials 2018-05-03 03:30:43 +00:00
Vincent Desjardins
b35343786e Vault issuer support 
vault remove duration
 2018-05-02 00:45:55 +00:00
James Munnelly
e2a2e32e28 Fix ingress-shim tests 2018-04-26 12:44:41 +01:00
James Munnelly
fdb8f2bf40 Link ingress-shim into main controller binary 2018-04-26 12:44:40 +01:00
James Munnelly
944ed571fc Ensure challenge list gets updated after attempting authzs 2018-04-25 19:02:15 +01:00
James Munnelly
50a4bcfde2 Perform full validation flow for each challenge before checking next one 2018-04-25 19:02:15 +01:00
James Munnelly
d573e30878 Only perform one validation per identifier for a single order at a time 2018-04-25 19:02:15 +01:00
James Munnelly
4be42080eb Add ACMESolverConfigurationForAuthorization test 2018-04-25 18:17:01 +01:00
James Munnelly
c6e6b39fd2 Require asterisk denoted wildcard in acme solver config for wildcard certs 2018-04-25 17:34:21 +01:00
Tim
54067d5446
Add Key Encipherment bit to Key Usage extension 
Google Chrome rejects the certificate for SSL connections if the Key Usage extension does not include the keyEncipherment purpose.
 2018-04-17 16:25:10 -07:00
James Munnelly
5679f6257f Fix up self check failure error message 2018-04-12 19:31:29 +01:00
James Munnelly
611f1f3e0d Absorb HTTP client errors in acme http self check 2018-04-12 19:00:24 +01:00
James Munnelly
acd927dd41 Use rate limiter when queueing (Cluster)Issuers 2018-04-12 16:51:02 +01:00
James Munnelly
0a960d46b2 Fix bug in issue method preventing cert issuance 2018-04-12 16:50:03 +01:00
James Munnelly
1975c524b9 Call AddRateLimited in QueuingEventHandler 2018-04-12 15:23:27 +01:00
James Munnelly
70dde521a1 Set status conditions on validation success. Call WaitOrder instead of GetOrder in issue. 2018-04-11 23:30:54 +01:00
James Munnelly
336d01ac4a Update dns util tests 2018-04-11 19:39:36 +01:00
James Munnelly
ef51483cbc
Merge pull request #5 from redbaron/acmev2-upstream 
Fixes for ACME client http transport
 2018-04-11 14:30:28 +01:00
James Munnelly
4a79203633 Run gofmt 2018-04-11 13:22:10 +01:00
James Munnelly
967499331e
Merge pull request #6 from redbaron/errors-format-fix 
Fix error formatting
 2018-04-11 13:18:45 +01:00
Maxim Ivanov
c44a7552ea Check challenge before presenting it 
With async challenge Check, it is often happens,
that solver.Check() fails on first run after solver.Present()

Cert-manager then tries again, but starts with solver.Present(),
which not being idempotent right now fails on certain DNS providers.

This change swaps order of solver.Check() and solver.Present().
Check is not returning error if propagation not happened, it then
allows Present() to run.

In the current form, Present() will be spamming with errors,
but this doesn't stop Check from happening on every attempt,
so eventually Challenge can be verified and accepted. In the future,
Present() should be made idempotent.
 2018-04-11 11:27:23 +01:00
Maxim Ivanov
8cbb75f9ba Fix error formatting 2018-04-10 15:46:43 +01:00