weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
7,404 Commits 45 Branches 0 Tags 96 MiB
65be2caaae
Commit Graph

168 Commits

Author SHA1 Message Date
joshvanl
19b68c9ba2 Update SecretTemplate comments on policy checks 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-07 15:02:51 +00:00
joshvanl
fdf7743f21 Adds PostIssuanceChecks for Certificate's AdditionalOutputFormats 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-07 14:40:51 +00:00
joshvanl
0bba16e0f9 Adds empty feature set for cainjector. Parses feature gates in devel 
script, and passes them on to each component

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-07 14:39:46 +00:00
Ashley Davis
3a055cc2f5
rename all uses of github.com/jetstack/cert-manager 
This was done by running the following command twice:

 ```bash
 grep -Ri "github.com/jetstack/cert-manager" . | \
 cut -d":" -f1 | \
 sort | \
 uniq | \
 xargs sed -i
 "s/github.com\/jetstack\/cert-manager/github.com\/cert-manager\/cert-manager/"
 ```

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-02-02 09:08:31 +00:00
joshvanl
35fba365bf Update AdditionalOutputFormats comment to reflect addition of feature to 
webhook set.

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-01 17:04:55 +00:00
joshvanl
8b219a45b2 Fix AdditationOutputFormat validation, and adds unit tests. Use correct 
feature set

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-01 17:03:37 +00:00
joshvanl
1cf06889bf Add AdditionalCertificateOutputFormats feature to webhook set. Make 
@joshvanl owner of feature in controller.

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-02-01 17:02:48 +00:00
jetstack-bot
b12d78d364
Merge pull request #4746 from JoshVanL/controller-readiness-certificates-spec-match 
Certificates controller policies refactor
 2022-01-27 12:45:40 +00:00
joshvanl
5d56566575 Adds more test cases to secrets.go and fix imports for checks.go 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-27 12:01:51 +00:00
jetstack-bot
39e388eaa5
Merge pull request #4762 from jakexks/use-only-ingress-annotation 
Always use the kubernetes.io/ingress.class annotation (#4537)
 2022-01-21 13:45:07 +00:00
Jake Sanders
65902d57a3
Always use the kubernetes.io/ingress.class annotation (#4537) 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2022-01-21 10:35:25 +00:00
James Munnelly
5407376768 Add comment clarifying why we absorb authorizer errors 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-01-20 10:56:51 +00:00
James Munnelly
bf98c92a44 Remove ServerOption type now that webhook initialization has moved to internal package 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-01-20 10:56:51 +00:00
James Munnelly
07a0171e98 Use regular discovery client instead of cache 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-01-20 10:56:50 +00:00
James Munnelly
5d6be6a639 Add tests for resourcevalidation plugin 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-01-20 10:56:50 +00:00
James Munnelly
31244942d1 Call ServerGroups when initializing discovery 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-01-20 10:56:50 +00:00
James Munnelly
e13c879681 Remove old handlers & admission plugins 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-01-20 10:56:50 +00:00
James Munnelly
708de3c580 webhook: use new admission-plugin backed validation and mutation handlers 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-01-20 10:56:46 +00:00
James Munnelly
9583050538 Add admission plugins for APIDeprecation, CertificateRequestApproval&Identity, ResourceValidation 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-01-20 10:55:44 +00:00
James Munnelly
dd560bca6a Add internal webhook package that uses new admission chain 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-01-20 10:55:43 +00:00
joshvanl
38b7b930c8 Add tests from rebase and more policies under 
/internal/controller/certificates

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-19 14:31:05 +00:00
joshvanl
3b148347ad Move temporary certificate policy init into policy package 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-19 14:30:00 +00:00
joshvanl
a53987214f Move certificates controller policies under /internal/controller 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-19 14:30:00 +00:00
joshvanl
f1cafae95f Refactor trigger policies to be more generic and be used by multiple 
controllers

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-19 14:30:00 +00:00
joshvanl
c18571a78d Remove json tags from internal API types. 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-18 14:04:53 +00:00
jetstack-bot
051a763ee5
Merge pull request #4638 from JoshVanL/controllers-certificates-secret-template 
SecretTemplate reconciliation. SecretManager Apply
 2022-01-18 13:28:57 +00:00
jetstack-bot
37411c8c3d
Merge pull request #4736 from SgtCoDFish/movefuzz 
Move integration tests to test/integration
 2022-01-18 12:53:04 +00:00
joshvanl
5019aaacfc Update SecretTemplate API comments to highlight that annotations are 
appended to base annotations

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:40:13 +00:00
joshvanl
86ae0545d2 Update SecretTemplate API comments with new behaviour. 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
43c72dd490 Update Certificates SecretTemplate API comments 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
685dd79c0c Makes some minor API naming changes, and clears up some docs around the 
Certifcate's additional output formats.

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-14 20:00:26 +00:00
Ashley Davis
1605f9794f
move fuzzing tests to test/integration/fuzz/% 
These tests have external dependencies (rendered CRDs) which mean they
can't pass on a clean checkout without further setup. We define such
tests as integration tests, and so these are moved to test/integration.

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-01-14 15:36:00 +00:00
Thierry Sallé
7f8641dd94 [additionalOutputFormats] Update comments and add more tests 
Signed-off-by: Thierry Sallé <seuf76@gmail.com>
 2022-01-14 11:10:32 +01:00
Thierry
81f308221b Add certifcate additionalOutputFormats parameter 
DER Format to create key.der binary format of the private key.

CombinedPEM Format to create tls-combined.pem containing tls.key + tls.crt.

Added Unit and e2e tests for secret with Additional output format.

Feature flag AdditionalCertificateOutputFormats to enable feature.

Signed-off-by: Thierry Sallé <seuf76@gmail.com>
 2022-01-14 11:10:32 +01:00
Ashley Davis
92f78e8f8d
move RFC2136 DNS01 tests to test/integration 
Since this test requires setup before it can successfully run,
we define it as an integration test and move it here so that on a
fresh checkout a user can always run `go test ./pkg/...` and expect that
it would succeed.

Also:

- tweaks some comments
- adds methods for getting nameserver / tsig algorithm from DNSProvider

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-01-12 16:00:10 +00:00
James Munnelly
9a0a395c05 Re-order imports 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-01-07 12:49:51 +00:00
James Munnelly
df250307c2 Fix test failures 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-01-07 12:20:31 +00:00
James Munnelly
ea2d04e2c0 Add webhook-specific 'feature' package and wire it up through config 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-01-07 12:17:38 +00:00
James Munnelly
9c04a04c7c Move feature package into internal/controller 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-01-07 12:17:36 +00:00
James Munnelly
29f793aca8 Prefer RUNFILES_DIR if it is set 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-01-06 16:50:44 +00:00
James Munnelly
8ff84e8b70 Re-organise and extend path loading logic to make it easier to run integration tests using Delve/GoLand 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-01-06 15:22:39 +00:00
Ashley Davis
727e29a747
three small goimports fixes against current HEAD 
rather than using the default suggested `v1` names for some imports, we
use more descriptive names

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-01-04 16:05:42 +00:00
James Munnelly
8f1fb874ed Run update-codegen in module mode 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-12-17 18:13:44 +00:00
Richard Wall
57ba9bd71c Register the deprecated API kinds 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-12-16 16:04:01 +00:00
Richard Wall
43cdb6233f Fix cmacme import path 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-12-16 14:52:30 +00:00
Richard Wall
9aaffe6b0a Re-instate the SchemeBuilder variable 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-12-16 14:19:25 +00:00
Richard Wall
36c4de9881 Update import paths 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-12-16 11:11:04 +00:00
Richard Wall
17a2ec5198 update-bazel.sh 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-12-16 11:11:04 +00:00
Richard Wall
1fc14676f6 Move deprecated type definitions to the internal package 
find pkg/apis/{acme,certmanager} -mindepth 1 -maxdepth 1 -not -name v1  -type d | while read d; do v=$(basename $d); g=$(basename $(dirname $d)); git mv -k $d/*.go internal/apis/$g/$v/; done

find pkg/apis/{acme,certmanager} -mindepth 1 -maxdepth 1 -not -name v1  -type d | while read d; do v=$(basename $d); g=$(basename $(dirname $d)); git rm -rf $d/; done

Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-12-16 11:11:04 +00:00
Richard Wall
4eedf4fcfd Test conversion code using sample CRDs and remove conversion configuration from cert-manager CRDs 
* Generate CRDs for the sample API types
* Allow alternative CRDs to be loaded into the envtest API server
* Override the conversion configuration of the CRDs
* Show webhook server logs in tests
* Simplify the loading of the test API CRDs
* Allow the ConversionHandler to be overridden in tests

Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-12-14 17:33:22 +00:00
James Munnelly
ce3f3fc1f2 Regenerate files 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-12-01 12:57:08 +00:00
James Munnelly
1a96d9f32d config.cert-manager.io -> webhook.config.cert-manager.io 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-12-01 12:57:08 +00:00
James Munnelly
9fce2ba5b0 Move files to create config.webhook.cert-manager.io 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-11-26 15:15:44 +00:00
James Munnelly
d5133a1668 Run update-codegen.sh 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-11-26 14:12:54 +00:00
James Munnelly
48a5efea5d Fix copyright headers 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-11-26 14:12:54 +00:00
James Munnelly
415ca56933 config API: fix up fuzz tests 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-11-26 14:12:54 +00:00
James Munnelly
0e1d603c93 Add support for reading config from WebhookConfiguration object 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-11-26 14:12:54 +00:00
James Munnelly
97863d245f Regenerate files 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-11-26 14:12:54 +00:00
James Munnelly
afa8e5a304 Refactoring webhook initialisation to support early config handling 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-11-26 14:12:54 +00:00
James Munnelly
fb81666e56 Add config.cert-manager.io API group 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-11-26 14:12:54 +00:00
Krzysztof Ostrowski
e35cb361c8
add comments to satisfy linter 
Signed-off-by: Krzysztof Ostrowski <kostrows@redhat.com>
Co-authored-by: Irbe Krumina <irbekrm@gmail.com>
 2021-11-04 18:15:46 +01:00
Igor Zibarev
f9ceb8a73e Fix some lint issues regarding comments 
References issue #4457

Signed-off-by: Igor Zibarev <zibarev.i@gmail.com>
 2021-11-02 13:57:20 +03:00
James Munnelly
4e6c56c9a8 Regenerate files 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-10-21 15:43:50 +01:00
James Munnelly
f3b22eae99 Add explicit conversion functions for types referenced across packages 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-10-21 15:43:50 +01:00
James Munnelly
d5ed59a8b8 Fix defaulter-gen input paths 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-10-21 12:52:22 +01:00
James Munnelly
8ee719c135 Update bazel visibility rules 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-10-21 12:30:21 +01:00
James Munnelly
e7dea9f2a2 Replace all references to pkg/internal with internal 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-10-21 12:27:04 +01:00
James Munnelly
f81703d9ab Move pkg/internal/ to internal/ 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-10-21 12:24:28 +01:00