weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
7,404 Commits 45 Branches 0 Tags 96 MiB
65be2caaae
Commit Graph

127 Commits

Author SHA1 Message Date
Tim Ramlot
26d04f3d8a
add WithLegacy function to our fake discovery client 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
Signed-off-by: Luca Comellini <luca.com@gmail.com>
 2022-12-14 21:53:42 -08:00
Tim Ramlot
c0dc705c24
fail in case of invalid IP address 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2022-11-14 09:11:23 +01:00
Tim Ramlot
b999749854
improve gen.CSR and use it everywhere 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2022-11-10 09:21:31 +01:00
jetstack-bot
da3265115b
Merge pull request #5387 from Tolsto/vault-ca-bundle-secret-ref 
Add option to load Vault CA bundle from Kubernetes Secret
 2022-10-13 09:55:09 +01:00
Sathyanarayanan Saravanamuthu
40947b0ef4 Generate Certificate Request with predictable name 
Co-authored-by: Cody W Eilar <ecody@vmware.com>

Signed-off-by: Cody W Eilar <ecody@vmware.com>
Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>
 2022-10-11 17:01:26 +05:30
Nils Mueller
2f6fa9dddf fixup! Add option to load Vault CA bundle from Kubernetes Secret 
Signed-off-by: Nils Mueller <nm@impactful.it>
 2022-08-16 02:57:43 +03:00
Nils Mueller
00a20097b6 Add option to load Vault CA bundle from Kubernetes Secret 
Vault distributions like "Bank Vaults" automatically configure
and provision Vault and provide the CA bundle via a Kubernetes
Secret. Having to hard-code the bundle in the Issuer instead
of dynamically referencing it through the Secret requires
a manual second step when using a GitOps workflow.

Signed-off-by: Nils Mueller <nm@impactful.it>
 2022-08-15 03:10:51 +03:00
joshvanl
52787eabd2 Adds e2e tests for the new SelfSigned CertificateSigningRequest Secret 
informer

Signed-off-by: joshvanl <me@joshvanl.dev>
 2022-08-09 11:17:44 +01:00
Tim Ramlot
93caba980e apply go fmt for go1.19 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2022-08-04 09:51:57 +00:00
Ashley Davis
fb231ab641
Remove bazel 🎉 
This removes all .bazel and .bzl files, and a bunch of scripts relating
to bazel, now that it's been entirely replaced.

There are still a few places where traces could be removed, but this
removes the brunt of the bazel stuff that remains.

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-07-26 11:38:50 +01:00
Luca Comellini
aaa513de00
Bump k8s.io dependencies 
Signed-off-by: Luca Comellini <luca.com@gmail.com>
 2022-06-30 15:16:14 -07:00
Richard Wall
557d14a0cd Refactor the update and updateStatus to a single deferred function 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2022-05-12 16:51:30 +01:00
Richard Wall
6a4fffbedc Test that the cleanup is performed 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2022-04-29 17:51:34 +01:00
lonelyCZ
53d8a07397 Add a unit test for challenges reScheduler 
Signed-off-by: lonelyCZ <531187475@qq.com>
 2022-04-08 14:35:41 +08:00
joshvanl
c54451092e Adds integration tests for owner reference post issuance checks 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-03-29 13:54:27 +01:00
jetstack-bot
ca32961253
Merge pull request #4772 from irbekrm/exp_backoff 
Exponential backoff for retrying failed certificate issuances
 2022-03-21 20:31:23 +00:00
Monis Khan
2a33c7a5c2
Use Kubernetes CSR spec.expirationSeconds to express cert duration 
This change adds the ability to express certificate duration using
the Kubernetes CSR spec.expirationSeconds field alongside the existing
approach of using the experimental.cert-manager.io/request-duration
annotation.  Both approaches are supported as the expirationSeconds
field requires Kubernetes v1.22+.

Signed-off-by: Monis Khan <mok@vmware.com>
 2022-03-21 09:40:32 -04:00
irbekrm
dbad3d98f3 Rename issuanceAttempts -> failedIssuanceAttempts 
In an attempt to convey the meaning of the field better

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-03-21 07:33:51 +00:00
irbekrm
9824ab0949 certificates-issuing controller sets status.issuanceAttempts when certificate issuance has failed 
This field tracks the number of continuous failures and is used to implement exponential backoff

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2022-03-21 07:33:51 +00:00
Jake Sanders
03748831a9
Remove hardcoded cert from cmctl inspect secret unit tests 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2022-03-01 13:11:31 +00:00
Ashley Davis
3a055cc2f5
rename all uses of github.com/jetstack/cert-manager 
This was done by running the following command twice:

 ```bash
 grep -Ri "github.com/jetstack/cert-manager" . | \
 cut -d":" -f1 | \
 sort | \
 uniq | \
 xargs sed -i
 "s/github.com\/jetstack\/cert-manager/github.com\/cert-manager\/cert-manager/"
 ```

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-02-02 09:08:31 +00:00
joshvanl
f1cafae95f Refactor trigger policies to be more generic and be used by multiple 
controllers

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-19 14:30:00 +00:00
joshvanl
b13e4d4531 Update unit test package for secret manager unit tests, adds user agent 
to integration tests

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
685dd79c0c Makes some minor API naming changes, and clears up some docs around the 
Certifcate's additional output formats.

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-14 20:00:26 +00:00
Thierry Sallé
7f8641dd94 [additionalOutputFormats] Update comments and add more tests 
Signed-off-by: Thierry Sallé <seuf76@gmail.com>
 2022-01-14 11:10:32 +01:00
Thierry
81f308221b Add certifcate additionalOutputFormats parameter 
DER Format to create key.der binary format of the private key.

CombinedPEM Format to create tls-combined.pem containing tls.key + tls.crt.

Added Unit and e2e tests for secret with Additional output format.

Feature flag AdditionalCertificateOutputFormats to enable feature.

Signed-off-by: Thierry Sallé <seuf76@gmail.com>
 2022-01-14 11:10:32 +01:00
James Munnelly
642cfb1b46 Fix misconfigured test/unit/discovery visibility rule 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-10-21 12:31:28 +01:00
Aidan Jensen
15d1ba96fe
Fix spelling error. Fix tests 
Signed-off-by: Aidan Jensen <aidan@artificial.com>
 2021-09-01 10:47:46 -07:00
Jonathan Prates
c5e81b13f6 fix: labels cannot be shown if no labels were changed 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
 2021-08-03 01:19:11 +01:00
Jonathan Prates
ababc24670 fix: add SetCertificateSecretTemplate function comment 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
 2021-08-03 01:19:11 +01:00
Jonathan Prates
936ad33539 fix: ensure secret annotations and labels will be copied if updated in the cert 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
 2021-08-03 01:19:11 +01:00
Jonathan Prates
47bc03e7c4 feat: add support to secretTemplates 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
 2021-08-03 01:19:11 +01:00
Jake Sanders
67c6586161
Addressing code review comments in #4225 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-07-26 18:29:54 +01:00
joshvanl
c9f5cbd0bc Adds more modifier funcs to Order in unit gen 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-07-23 16:00:09 +01:00
joshvanl
7e8bf731b2 Remove the experimental.cert-manager.io/ca annotation from the 
CertificateSigningRequest

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-06-25 16:02:37 +01:00
joshvanl
849403723b Updates test unit gen modifiers for e2e 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-06-15 17:58:34 +01:00
Anner J. Bonilla
9546a357a5
Add support for certificates with ed25519 private keys 
Note that using ed25519 on the public internet is not currently
recommended, since it's not widely supported. You'd likely not be able
to use an Ed25519 cert with an ACME issuer today.

Ed25519 certs might be useful for internal PKI, though - an ed25519 CA
issuer, say - or for testing ed25519 certs before they become more
widely available on the public internet. They're not currently
supported by Vault, Venafi or ACME (Letsencrypt) issuers.

Signed-off-by: Anner J. Bonilla <abonilla@hoyosintegrity.com>
Signed-off-by: Anner J. Bonilla <annerjb@gmail.com>
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2021-06-14 11:17:35 +01:00
joshvanl
9e1b0342d0 Updates with review comments 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-05-27 18:48:50 +01:00
joshvanl
c5c206cace Adds base CertificateSigningRequest cert-manager controller 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-05-27 00:23:50 +01:00
Tamal Saha
6bfe640533 Update fakeSecretClient 
Signed-off-by: Tamal Saha <tamal@appscode.com>
 2021-05-17 08:52:59 -07:00
irbekrm
284de092e9 Adds a few ACME-specific functions to issuer gen 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-05-10 09:53:39 +01:00
irbekrm
0c751f51e4 Adds functionality to generate issuer conditions to gen 
So they can be generated in tests with less lines of code

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-05-10 09:53:20 +01:00
irbekrm
6318de527c Adds a fake Secrets client 
A simpler implementation than https://github.com/kubernetes/client-go/blob/master/kubernetes/typed/core/v1/fake/fake_secret.go and more suited for unit tests that don't spin up a controller

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-05-10 09:52:58 +01:00
irbekrm
333f600661 Remove legacy e2e util functions for Issuer creation 
Use test/util/gen instead

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-04-08 18:30:45 +01:00
Maël Valais
85128f26ce trigger-controller: PR comment: rephrase log about skipping issuance 
The log message:

    multiple CertificateRequests found for the 'next' revision 2,
    skipping issuance until no more duplicate.

can be better phrased as:

    multiple CertificateRequests are found for the 'next' revision 2,
    issuance is skipped until there are no more duplicates.

Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 18:09:28 +02:00
Maël Valais
89c3dc1afa gen: document why we do not pass an entire Certificate 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 18:09:27 +02:00
jetstack-bot
a8c75fab1a
Merge pull request #3773 from JoshVanL/certificate-revision-history-limit 
Certificate revision history limit
 2021-03-26 11:13:58 +00:00
joshvanl
1235ff3bef Adds tests to ensure Approve is present, and Denied is not 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
2a08d8a8df Adds integration tests for revision manager 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-15 14:54:34 +00:00
jetstack-bot
70c66e02a0
Merge pull request #3641 from JoshVanL/certificate-request-identity 
CertificateRequest UserInfo fields
 2021-03-15 14:26:15 +00:00