weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
7,404 Commits 45 Branches 0 Tags 96 MiB
65be2caaae
Commit Graph

44 Commits

Author SHA1 Message Date
Ashley Davis
0225cc9234
avoid logging confusing error messages for external issuers 
See https://github.com/cert-manager/cert-manager/issues/5601

When referring to external issuers whose kind is not "Issuer" or
"ClusterIssuer" we log an error message thanks to a new check added in
a previous PR[1] which should only trigger for SelfSigned issuers.

The error previously looked like:

```text
"error"="invalid value \"x\" for issuerRef.kind. Must
be empty, \"Issuer\" or \"ClusterIssuer\""
```

After this PR, any CR with an issuer whose group or kind doesn't
match what's expected for a built-in issuer will be skipped

https://github.com/cert-manager/cert-manager/pull/5336

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>

WIP: test other issuer kinds

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2023-01-04 12:10:34 +00:00
Tim Ramlot
b999749854
improve gen.CSR and use it everywhere 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2022-11-10 09:21:31 +01:00
joshvanl
e804431dba Fire event for informational purposes when the CertificateRequest has not yet been approved. 
Signed-off-by: joshvanl <me@joshvanl.dev>
 2022-10-23 18:04:58 +01:00
joshvanl
ccf579cf31 Adds extra informer for the CertificateRequest SelfSigned controller, 
so that CertificateRequets will be re-synced on informed Secrets which
are referenced with "cert-manager.io/private-key-secret-name"

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-08-09 08:39:50 +01:00
Ashley Davis
fb231ab641
Remove bazel 🎉 
This removes all .bazel and .bzl files, and a bunch of scripts relating
to bazel, now that it's been entirely replaced.

There are still a few places where traces could be removed, but this
removes the brunt of the bazel stuff that remains.

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-07-26 11:38:50 +01:00
Ashley Davis
3a055cc2f5
rename all uses of github.com/jetstack/cert-manager 
This was done by running the following command twice:

 ```bash
 grep -Ri "github.com/jetstack/cert-manager" . | \
 cut -d":" -f1 | \
 sort | \
 uniq | \
 xargs sed -i
 "s/github.com\/jetstack\/cert-manager/github.com\/cert-manager\/cert-manager/"
 ```

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-02-02 09:08:31 +00:00
joshvanl
bd18c0ed86 Update CertificateRequest controllers to use new controller factory 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-27 12:51:49 +00:00
joshvanl
e05adbf06b Remove expected events when Ready Denied condition set 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-04-09 18:20:07 +01:00
joshvanl
50a84eaf1d Sets the Ready condition to False when a request is Denied 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-04-09 15:34:32 +01:00
Ashley Davis
5e31fa37ff
selfsigned: warn when certs have empty issuer DNs 
as raised in#3634 - RFC 5280 states that the issuer field cannot be
empty, but this could easily happen with selfsigned certs which had
an empty subject (as the issuer matches the subject when the cert is
self signed)

this commit detects when a cert would be issued selfsigned with an
empty subject DN and emits a warning event, allowing cluster operators
to detect the warning and potentially either re-issue to generate a
compliant cert, or else accept the risk.

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2021-03-26 11:51:46 +00:00
joshvanl
32d0c5af4e Updates Approved/Denied tests for new reasons 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
a3e63b1787 Update CertificateRequest controllers to use new Denied type, and add 
tests for when a CertificateRequest is denied

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
e62e8c517b Updates CertificateRequest signer tests to check Approved behaviour 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
235adea826 Remove CertificateRequest validation in CertificateRequest controllers 
as this happens at admission time.

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-02-08 19:20:57 +00:00
Maartje Eyskens
ab0cd57dc5 Use The cert-manager Authors. 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-12-11 19:04:13 +01:00
Maartje Eyskens
1788a9d758 Update copyright to cert-manager project 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-12-08 19:04:49 +01:00
Richard Wall
81eb53f597 ./hack/update-all.sh 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-08-20 14:28:06 +01:00
Richard Wall
a70298180a Run a script to update v1alpha2 usage to v1 
Script is available at https://github.com/jetstack/cert-manager/pull/3201

Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-08-20 14:26:51 +01:00
Maartje Eyskens
827ce9c5ad Revert log levels on errors 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-08-12 10:59:42 +02:00
Maartje Eyskens
86dee5ed41 Set error log levels 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-08-12 10:59:41 +02:00
Maartje Eyskens
fecd0b3518 Set all log levels for info 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-08-12 10:59:41 +02:00
James Munnelly
1a2c676c61 Rename certificaterequest.spec.csr to 'request' 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2020-07-02 12:02:47 +01:00
James Munnelly
6caa4c451d Rename CRPrivateKeyAnnotationKey -> CertificateRequestPrivateKeyAnnotationKey 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2020-06-26 14:47:27 +01:00
James Munnelly
e8cc2ba4ac Fix selfsigned issuer unit tests 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2020-04-20 15:08:31 +01:00
srBraun
04bfddefc3 adds support for CDP to selfsigned issuer 
Signed-off-by: srBraun <dev@skra.space>
 2020-03-02 12:40:46 +01:00
JoshVanL
de7aaa84d3 Update CertificateRequest controller unit tests 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2019-11-19 22:09:01 +00:00
JoshVanL
94d077a5fb Adds status sub resource and changes updates 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2019-09-30 13:47:50 +01:00
James Munnelly
973f4aa424 Update codebase for external dependencies 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-09-26 12:52:43 +01:00
James Munnelly
f2f3aee50d Update codebase for new API group 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-09-23 12:06:13 +01:00
James Munnelly
bf9fbea23f Update codebase for new meta apigroup 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-09-20 19:25:04 +01:00
James Munnelly
58754abf37 Refactor codebase for v1alpha2 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-09-20 16:22:43 +01:00
James Munnelly
1b8a286206 Rename Setup->Init and use Start to start informers 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-08-22 13:11:33 +01:00
James Munnelly
6052e0558e Refactor base controller and allow Running additional informers 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-08-21 13:22:57 +01:00
JoshVanL
ebf38dbfbb Refactor and cleans up SelfSigned CR controller tests 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2019-08-14 22:24:14 +01:00
JoshVanL
0eb4ef385b Change CR reporter to be a long lived struct 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2019-08-13 11:36:53 +01:00
JoshVanL
0361a83c20 Fix reporter not setting correct conditions 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2019-08-13 10:02:53 +01:00
JoshVanL
233afd2f94 Remove fake in CR controller and fail hard for no annotations for 
selfsigned

Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2019-08-02 12:36:01 +01:00
JoshVanL
6bd9de1253 Have CR selfsigned to use reporter 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2019-08-01 17:01:39 +01:00
JoshVanL
46fd159f81 Register self signed CR controller 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2019-08-01 16:39:01 +01:00
JoshVanL
97f2183a16 Adds fake secrets lister to simulate network failure 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2019-08-01 16:39:01 +01:00
JoshVanL
6d3416325e Move tests to use new slimmer controller test builder 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2019-08-01 16:39:01 +01:00
JoshVanL
d98a6dc9d6 Adds events checks to SelfSigned sign unit tests 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2019-08-01 16:39:01 +01:00
JoshVanL
f26ea8dfb6 Adds selfsigned certificaterequest e2e tests 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2019-08-01 16:39:01 +01:00
JoshVanL
0ce8aab9d2 Adds SelfSigned certificaterequest controller 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2019-08-01 16:39:01 +01:00