weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
8,044 Commits 45 Branches 0 Tags 96 MiB
6916dbec34
Commit Graph

268 Commits

Author SHA1 Message Date
Tim Ramlot
cf8e37291a
replace k8s.io/utils/pointer with k8s.io/utils/ptr 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-08-28 09:33:10 +02:00
Tim Ramlot
6a159bb2d7
fix changed slices.SortFunc signature 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-08-24 19:54:30 +02:00
jetstack-bot
cce304b9d6
Merge pull request #6293 from SgtCoDFish/ipv6compare 
Fix invalid handling of ip addresses in comparisons
 2023-08-24 16:36:48 +02:00
Ashley Davis
bbbc758ccd
fix invalid handling of ip addresses in comparisons 
Signed-off-by: Ashley Davis <ashley.davis@venafi.com>
 2023-08-24 15:21:42 +01:00
Tim Ramlot
1858ccf369
remove MaxPathLen CSR blob validation logic 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-08-23 14:24:36 +02:00
Tim Ramlot
ae287461d0
prepare cmctl improvements 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-08-01 10:32:35 +02:00
Cody W. Eilar
1243fe285b Add to ability to start controller with config file 
Signed-off-by: Cody W. Eilar <ecody@vmware.com>
 2023-07-27 16:44:38 -07:00
jetstack-bot
9de9809ac5
Merge pull request #6108 from inteon/ctl_logging 
Use logging library with json support in cmctl (part 1)
 2023-07-27 17:54:51 +02:00
Tim Ramlot
5ba29272c0
add validation to pki CertificateTemplate function 
and add support for add DontAllowInsecureCSRUsageDefinition featuregate
to use old behavior in controller

Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-07-05 13:04:21 +02:00
Tim Ramlot
02b008fe6d
improve documentation of ParseSingleCertificateChain 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-22 12:46:08 +02:00
Tim Ramlot
bdb685d62e
ip address is missing from error message 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-14 21:32:13 +02:00
cui fliter
4723347260 fix function name in comments 
Signed-off-by: cui fliter <imcusg@gmail.com>
 2023-06-07 17:17:07 +08:00
Tim Ramlot
c4c5899887
Update pkg/util/cmapichecker/cmapichecker.go 
Co-authored-by: Siggi Skulason <siggi@skulason.com>
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-01 11:16:33 +01:00
Tim Ramlot
3490a005b1
prepare cmctl libraries to support logging 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-05-30 18:35:45 +02:00
jetstack-bot
c5e6bf39d6
Merge pull request #6054 from inteon/correct_versions 
Use Version 3 for *x509.Certificate
 2023-05-26 13:57:32 +01:00
irbekrm
b1a59164e0 Don't import controller's feature gate setup into a shared library 
To prevent controller's feature gates from overwriting other component's feature gates

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-05-23 12:01:30 +01:00
Tim Ramlot
e7530880ce
use Version 3 for all Certificates and Version 0 for all CertificateRequests 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-05-11 10:21:55 +02:00
Tim Ramlot
20599d1d35
remove CertificateTemplateAddKeyUsages 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-05-10 19:22:49 +02:00
Tim Ramlot
0cf0f80b40
switch to non-deprecated functions in source code 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-05-10 19:22:49 +02:00
Tim Ramlot
1c2662af82
cleanup CSR & CertificateTemplate util code 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-05-10 19:22:49 +02:00
jetstack-bot
694d3d1bd2
Merge pull request #5747 from inteon/request_matches_spec 
BUGFIX: if a LiteralSubject is set, the RequestMatchesSpec function does skip too many checks
 2023-05-02 11:23:27 +01:00
irbekrm
7d592a8270 Swap upstream core informers factory with out wrapper 
This does not actually change how the informers work. This also adds a partial metadata client to root context

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-03-22 09:03:16 +00:00
Tim Ramlot
eaf8844e6d
BUGFIX: when setting a LiteralSubject, the RequestMatchesSpec function does skip too many checks 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-01-27 15:55:12 +01:00
Tim Ramlot
23de5240e9
move utility functions to reduce fragmentation and rename functions for consistency 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-01-23 13:19:39 +01:00
jetstack-bot
1038ca4494
Merge pull request #4502 from ctrought/master 
support subject and email annotations for ingress/gateway
 2023-01-20 14:35:37 +00:00
Houssem El Fekih
8af2d64f3b Gofmt files 
Signed-off-by: Houssem El Fekih <houssem.elfekih@jetstack.io>
 2022-11-18 10:55:56 +00:00
Houssem El Fekih
f41cf33efe Add support for required LDAP (rfc4514) RDNs in LiteralSubject 
* Add OID translation for mandatory DC component
* Used extensively in LDAP certificates, also required by rfc5280
* Add support for UID, mentioned in LDAP RFC
* solves https://github.com/cert-manager/cert-manager/issues/5582

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2022-11-18 10:22:39 +00:00
Sathyanarayanan Saravanamuthu
860ba8465a Addressing review comments 
Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>
 2022-11-10 14:27:26 +05:30
Sathyanarayanan Saravanamuthu
d4de98d35b Adding unit tests 
Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>
 2022-11-06 09:36:26 +05:30
Sathyanarayanan Saravanamuthu
bb39c5cf79 Fixing CA flag in basic constraints extension 
Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>
 2022-11-03 15:34:25 +05:30
ctrought
4413e837e9 escape subject util cleanup 
Signed-off-by: ctrought <65360454+ctrought@users.noreply.github.com>
 2022-08-22 11:01:22 -04:00
ctrought
d9a8047f9c ingress subject annotations & helper tests 
Signed-off-by: ctrought <65360454+ctrought@users.noreply.github.com>
 2022-08-22 11:01:18 -04:00
Tim Ramlot
93caba980e apply go fmt for go1.19 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2022-08-04 09:51:57 +00:00
Ashley Davis
fb231ab641
Remove bazel 🎉 
This removes all .bazel and .bzl files, and a bunch of scripts relating
to bazel, now that it's been entirely replaced.

There are still a few places where traces could be removed, but this
removes the brunt of the bazel stuff that remains.

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-07-26 11:38:50 +01:00
Alessandro Vermeulen
1da01211ee Feature gated support for using literal subjects in Certificates 
Signed-off-by: Alessandro Vermeulen <alessandro.vermeulen@ing.com>
 2022-06-08 20:50:00 +02:00
Ashley Davis
76cdab0c82
remove pkg/util/coverage 
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-04-08 16:56:24 +01:00
Monis Khan
2a33c7a5c2
Use Kubernetes CSR spec.expirationSeconds to express cert duration 
This change adds the ability to express certificate duration using
the Kubernetes CSR spec.expirationSeconds field alongside the existing
approach of using the experimental.cert-manager.io/request-duration
annotation.  Both approaches are supported as the expirationSeconds
field requires Kubernetes v1.22+.

Signed-off-by: Monis Khan <mok@vmware.com>
 2022-03-21 09:40:32 -04:00
Ashley Davis
3a055cc2f5
rename all uses of github.com/jetstack/cert-manager 
This was done by running the following command twice:

 ```bash
 grep -Ri "github.com/jetstack/cert-manager" . | \
 cut -d":" -f1 | \
 sort | \
 uniq | \
 xargs sed -i
 "s/github.com\/jetstack\/cert-manager/github.com\/cert-manager\/cert-manager/"
 ```

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-02-02 09:08:31 +00:00
joshvanl
8f0c79396f Adds rest config builder to include new user agent 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-27 12:51:49 +00:00
jetstack-bot
051a763ee5
Merge pull request #4638 from JoshVanL/controllers-certificates-secret-template 
SecretTemplate reconciliation. SecretManager Apply
 2022-01-18 13:28:57 +00:00
jetstack-bot
e2aede44c7
Merge pull request #4731 from DiptoChakrabarty/lint 
add go linters fixes within codebase
 2022-01-18 12:52:57 +00:00
joshvanl
7a4be1edfd Copy across an existing secret type in secrets manager since that field 
is immutable.

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
af360ee9b3 Fix some test func names and some comments. Replaces DeDuplicate in 
SecretTemplate controller to use sets.Strings. Removes DeDuplicate func

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
joshvanl
e3141f9ad1 Adds PrefixForUserAgent and DeDuplicate util functions 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-17 11:24:45 +00:00
DiptoChakrabarty
e7c75832af few more fixes 
Signed-off-by: DiptoChakrabarty <diptochuck123@gmail.com>
 2022-01-13 19:47:11 +05:30
Ashley Davis
93f868b3bc
move versionchecker tests to test/integration 
Since this test requires setup before it can successfully run,
we define it as an integration test and move it here so that on a
fresh checkout a user can always run `go test ./pkg/...` and expect that
it would succeed.

Also involves:

- Exporting the VersionChecker and adding NewWithConfig to enable
  testing
- Some comment changes
- A change to the type returned by New(); see
  https://github.com/golang/go/wiki/CodeReviewComments#interfaces

Ideally I'd not add `NewFromClient` but I think it's the most minimal
change and is preferable to publicly exporting `VersionChecker.client`.

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-01-12 14:21:53 +00:00
John Chadwick
d094e20611 Only consider running pods when checking version 
Some clusters may have failed pods that are not garbage collected. These
pods should not be considered when determining version numbers.

Signed-off-by: John Chadwick <86682572+johnwchadwick@users.noreply.github.com>
 2021-11-23 11:32:10 -05:00
Richard Wall
41ef0e3f2b A note about testing the handling of errors relating to the ValidatingWebhook 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-09-29 13:05:53 +01:00
Richard Wall
b71eb11fd1 A note about the relevance of conversion webhook unit-tests 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-09-29 13:02:44 +01:00
Richard Wall
969ca6d91a Use the v1 API rather than v1alpha2 in the API checker 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-09-29 12:54:42 +01:00