weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
5,097 Commits 45 Branches 0 Tags 96 MiB
71e707387a
Commit Graph

2167 Commits

Author SHA1 Message Date
Maël Valais
71e707387a trigger-controller: refactor test, inject gatherer and policychain 
Injecting the whole Gatherer struct was not necessary for testing
since DataForCertificate is now fully unit-tested. With that, we
can mock the Gatherer.Evaluate function. Since there is no reason
to inject a full Gatherer object into the trigger controller, I chose
to inject a simple policies.Func. I named the function "shouldReissue"
since this is exactly what this function does.

I also refactored the test cases to use the same gen.Certificate
that we use in the rest of the codebase.

Signed-off-by: Maël Valais <mael@vls.dev>
 2021-03-23 13:55:11 +01:00
Maël Valais
cdb6c16c6d trigger-controller: log a msg when cert must be reissued 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-03-21 16:45:58 +01:00
joshvanl
65acf10858 Don't log error output in approver when CertificateRequest is deleted 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
b9646a832e Updates certificate request validation to use new signature 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
32d0c5af4e Updates Approved/Denied tests for new reasons 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
c94ad99731 Updates approver controller to use custom Approved Reason 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
98a33791e4 Remove CertificateRequest Approve/Deny Reasons 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
a3e63b1787 Update CertificateRequest controllers to use new Denied type, and add 
tests for when a CertificateRequest is denied

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
09f91a2a99 Update approver controller to use new Denied condition type 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
4e042011e6 Adds CertificateRequest approval condition validation to ensure: 
- Only a single Approve _or_ Deny condition may exist
- They cannot be modified once set
- They must always have a status of `True`

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
5df29e41e7 Updates api/util CertificateRequest approved helpers to use new 
condition type

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
417b947733 Updates CertificateRequest conditions to include a distinct 'Denied' 
condition type

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
e62e8c517b Updates CertificateRequest signer tests to check Approved behaviour 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
1d758a5ccf Updates the base CertificateRequest controller to first check for the 
approval condition to be present and set to true, before processing
further

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
2db7582586 Adds CertificateRequest approver controller. This controller will 
currently _always_ set the Approved condition to true on
CertificateRequests

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
0ef25daeb3 Adds helper CertificateRequest api/util funcs for checking approval 
condition

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
d61ccb1730 Adds CertificateRequest Approved condition type, with Approved and 
Denied Reasons

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
e6ece1f36b Updates Issuer CRDs with new ObservedGeneration field 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-15 15:06:22 +00:00
joshvanl
160b16e68b Updates issuer condition update consumers to use new observedGeneration 
signature

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-15 15:06:21 +00:00
joshvanl
99138733ad Adds observedGeneration to issuer condition update function 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-15 15:04:00 +00:00
joshvanl
ba50140aa2 Updates generated clients 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-15 15:04:00 +00:00
joshvanl
f905f6a2aa Adds ObservedGeneration to issuer condition status 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-15 15:04:00 +00:00
jetstack-bot
70c66e02a0
Merge pull request #3641 from JoshVanL/certificate-request-identity 
CertificateRequest UserInfo fields
 2021-03-15 14:26:15 +00:00
irbekrm
0047174891 Update PR after rebase 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-03-15 09:00:07 +00:00
irbekrm
a89133b637 Better wording and wrap long comment lines. 
Co-authored-by: Maël Valais <mael@vls.dev>
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-03-15 08:48:23 +00:00
irbekrm
245d0f5c27 Pass DefaultRenewBefore into trigger controller 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-03-15 08:48:02 +00:00
irbekrm
8d5059b13e Updates Trigger controller integration tests 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-03-15 08:47:42 +00:00
irbekrm
9e7cd99ea8 CurrentCertificateNearingExpiry looks at x509 cert to determine renewal time 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-03-15 08:44:14 +00:00
joshvanl
4dd6d19011 Adds review comment suggestions/cleanup 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-11 19:12:02 +00:00
joshvanl
1b82802159 Changes Vault error messages with auth has been misconfigured for each 
method

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-11 11:19:00 +00:00
jetstack-bot
9f343ec581
Merge pull request #3475 from maelvls/unit-test-dataforcertificate 
DataForCertificate: add unit tests
 2021-03-09 18:13:51 +00:00
Ashley Davis
ef2006d7b6
skip clouddns test when gcloud isn't initialized 
If gcloud hasn't been installed, or if it has but the default application credential file
at .config/gcloud/application_default_credentials.json hasn't been configured, this test
would segfault since the assertion at the start fails but doesn't stop the test

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2021-03-09 14:54:12 +00:00
jetstack-bot
c2634d3538
Merge pull request #3613 from JoshVanL/certificate-condition-observed-generation 
Certificate condition observed generation
 2021-03-08 09:47:45 +00:00
Maël Valais
f6cb6b8787 ocspServers test: give a link to the TODO issue 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-03-05 16:57:38 +01:00
Maël Valais
97893e1c69 PR comment: fix misspelling 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-03-05 16:42:48 +01:00
jetstack-bot
75a46ff90b
Merge pull request #3731 from jsoref/spelling 
Spelling
 2021-03-05 13:58:40 +00:00
Josh Soref
e9fe56594c spelling: wrapped 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-03-04 13:04:38 -05:00
Josh Soref
3b957488c3 spelling: will 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-03-04 13:04:38 -05:00
Josh Soref
edda3b39e3 spelling: violations 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-03-04 13:04:38 -05:00
Josh Soref
cb22798289 spelling: validate 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-03-04 13:04:38 -05:00
Josh Soref
1cd3ab0db8 spelling: tenant 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-03-04 13:04:38 -05:00
Josh Soref
ae06c26202 spelling: secret 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-03-04 13:04:38 -05:00
Josh Soref
d848dfe105 spelling: prometheus 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-03-04 13:04:38 -05:00
Josh Soref
4d84a7fbb1 spelling: preferred 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-03-04 13:04:38 -05:00
Josh Soref
a11c7873f1 spelling: object 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-03-04 13:04:38 -05:00
Josh Soref
d5eca4e4e3 spelling: normalize 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-03-04 13:04:38 -05:00
Josh Soref
895cb51ed9 spelling: nonexistent 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-03-04 13:04:38 -05:00
Josh Soref
6b3cf75fdf spelling: instrumented 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-03-04 13:04:38 -05:00
joshvanl
39a50a1903 Updates unit certificate controller tests to include ObservedGeneration 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-04 17:04:09 +00:00
joshvanl
ca60357df3 Adds ObservedGeneration to SetCertificateCondition func 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-04 17:03:26 +00:00