cert-manager

Author	SHA1	Message	Date
Mangesh Hambarde	f3bfc93bba	JSON encoded secretTemplate as Ingress annotation Signed-off-by: Mangesh Hambarde <1411192+mangeshhambarde@users.noreply.github.com>	2024-03-13 14:37:28 +00:00
Mangesh Hambarde	717269e809	Add tests Signed-off-by: Mangesh Hambarde <1411192+mangeshhambarde@users.noreply.github.com>	2024-03-13 14:18:21 +00:00
Mangesh Hambarde	efe2e06288	New Ingress annotation for copying custom annotations to secret template Signed-off-by: Mangesh Hambarde <1411192+mangeshhambarde@users.noreply.github.com>	2024-03-13 14:18:21 +00:00
Tim Ramlot	9dcb422164	use errors.Is() Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-03-11 19:33:01 +01:00
Tim Ramlot	f4ae942b8e	add test that validates leaderelection behavior Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-03-11 19:22:38 +01:00
Tim Ramlot	b32382fead	improve the dynamic source implementation and add a lot of unit tests Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-03-11 15:10:39 +01:00
Tim Ramlot	23373e4323	correctly initialize loggers, create contexts and pass contexts Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-03-08 14:32:31 +01:00
Bill Waldrep	d4911ebfaa	Add optional flag to specify jks keystore alias. Previously the JKS keystore alias was hardcoded to "certificate". This change adds an optional configuration point to allow users to specify a custom keystore alias. If the flag is omitted we will default to the previous behavior. Signed-off-by: Bill Waldrep <bwaldrep@palantir.com>	2024-03-04 13:23:09 -05:00
Bill Waldrep	bf3d202c72	add new utility method to clarify cert decoding semantics Signed-off-by: Bill Waldrep <bwaldrep@palantir.com>	2024-03-04 12:47:27 -05:00
Bill Waldrep	251610d951	include full CA chain contents in encoded pkcs12/jks stores Signed-off-by: Bill Waldrep <bwaldrep@palantir.com>	2024-02-28 11:50:19 -05:00
Tim Ramlot	6c6d18d0b8	remove the github.com/pkg/errors as a direct dependency Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-02-22 19:52:00 +01:00
Tim Ramlot	48759b271c	bugfix: LiteralSubject match function was broken Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-02-22 15:51:25 +01:00
jetstack-bot	59676d2c63	Merge pull request #6785 from arcezd/fix-cert-manager-docs fix: SecretName description for DynamicServingConfig	2024-02-22 14:46:44 +00:00
jetstack-bot	b65ccfa1b5	Merge pull request #6761 from inteon/add_custom_dn_parse Stop using github.com/go-ldap/ldap/v3 ParseDN and use a custom ParseDN function instead	2024-02-22 12:40:43 +00:00
Diego Arce	83e0f95e58	fix: SecretName description for DynamicServingConfig Signed-off-by: Diego Arce <diego@arce.cr>	2024-02-21 23:12:43 -06:00
Tim Ramlot	8fd62df268	fix broken json logging Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-02-21 11:27:31 +01:00
jetstack-bot	f643eef2b2	Merge pull request #6755 from import-shiburin/master bugfix: wrong certificate chain is used if preferredChain is configured	2024-02-20 15:29:07 +00:00
Tim Ramlot	b77910d785	change signature of SetCertificateDuration and SetCertificateRenewBefore Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-02-20 08:40:38 +01:00
Tim Ramlot	ed280d28cd	update test, with new error message Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-02-20 08:34:53 +01:00
Tim Ramlot	99942446ff	add benchmark Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-02-20 08:34:53 +01:00
Tim Ramlot	0f078859de	add error case to DNParse tests Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-02-20 08:34:53 +01:00
Tim Ramlot	a2b3cc81c3	stop using github.com/go-ldap/ldap/v3 ParseDN and use a custom ParseDN function instead Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-02-20 08:34:53 +01:00
jetstack-bot	d642df3b5f	Merge pull request #6770 from inteon/dn_parse_quick_fix Fix a memory bug in ldap's ParseDN function by disabling part of the functionality	2024-02-19 15:02:30 +00:00
Tim Ramlot	4a8b8c4e09	Fix a memory bug in ldap's ParseDN function by disabling part of the functionality Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-02-19 12:55:06 +01:00
Yuedong Wu	baa73aa8ee	fix webhook validation error msg and use commonName variable value Signed-off-by: Yuedong Wu <dwcn22@outlook.com>	2024-02-19 10:16:38 +08:00
Tim Ramlot	0ed660873e	fix incorrect comments and error messages Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-02-16 19:49:28 +01:00
jetstack-bot	7f92e38988	Merge pull request #6614 from rodrigorfk/feat-vault-mtls feat: Add the ability to communicate with Vault via mTLS	2024-02-16 18:11:26 +00:00
Tim Ramlot	205067b834	update tests to match the current Let's encrypt setup Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-02-16 15:23:45 +01:00
Tim Ramlot	672aad41bf	don't call ListCertAlternates if default chain matches the preferred chain Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-02-16 15:23:22 +01:00
Sam Lee	ff5c4103a0	remove URL verification from alternateCertChain tests Signed-off-by: Sam Lee <me@shibuya-rin.moe>	2024-02-13 22:42:00 +09:00
Sam Lee	94509d0490	changed term 'alt' to 'preferred' Signed-off-by: Sam Lee <me@shibuya-rin.moe>	2024-02-13 22:12:53 +09:00
Sam Lee	b9ac41726c	make getAltCertChain checks only topmost certificate Signed-off-by: Sam Lee <me@shibuya-rin.moe>	2024-02-13 19:10:16 +09:00
Sam Lee	811cc7908e	fix getAltCertChain not considering primary chain as candidate Signed-off-by: Sam Lee <me@shibuya-rin.moe>	2024-02-13 19:10:16 +09:00
Tim Ramlot	23ab96de91	use unstructured.Unstructured in Mutation webhook Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-02-12 11:11:33 +01:00
Tim Ramlot	b9a216cdfc	Simplify webhook and switch Webhook to controller-runtime. Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-02-12 10:55:32 +01:00
Tim Ramlot	ffb47e52fa	remove dead & deprecated code from cert-manager codebase Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-02-10 17:22:23 +01:00
jetstack-bot	c4c0fd3268	Merge pull request #6744 from andrey-dubnik/master Move token audiences under the SA ref for the Vault kubernetes auth	2024-02-09 11:58:18 +00:00
Tim Ramlot	c3b8cbd608	improve comment that explains what removeReqID does and when it fails Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-02-08 17:20:36 +01:00
Tim Ramlot	06b3cd3372	add testcase for nested errors Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-02-08 17:15:28 +01:00
Tim Ramlot	deab9548c0	use errors.Is instead of errors.As Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-02-08 17:15:28 +01:00
Tim Ramlot	893d30d938	migrate to github.com/aws/aws-sdk-go-v2 Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-02-08 17:15:28 +01:00
cloudwiz	75d1449903	move audiences under the SA ref Signed-off-by: cloudwiz <andrey.dubnik@maersk.com>	2024-02-08 14:07:03 +00:00
Tim Ramlot	04220447bc	remove deprecated files and functions Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-02-08 10:45:06 +01:00
jetstack-bot	968ad2f9ed	Merge pull request #6724 from inteon/fix_sans_critical Fix changed behavior: set critical flag of SANs extension based on subject	2024-02-07 13:55:30 +00:00
Adam Talbot	a8bb63f0fc	fix: move server package out of internal Currently the TLS code here is imported by the approver-policy project. Long term we should break this code out to a new package, for now we can just move it out internal to unblock our ability to update the approver-policy imports. Signed-off-by: Adam Talbot <adam.talbot@venafi.com>	2024-02-07 11:31:17 +00:00
Tim Ramlot	0acde5b1a4	fix changed behavior: set critical flag of SANs extension based on subject Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-02-07 11:01:34 +01:00
Tim Ramlot	ed80c5be90	add new testcase that generates a non-critical SAN extension to the GenerateCSR tests Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-02-07 09:39:36 +01:00
cloudwiz	624f874d69	updated spelling and generated CRDs Signed-off-by: cloudwiz <andrey.dubnik@maersk.com>	2024-02-06 15:06:31 +00:00
cloudwiz	9cf9cb7ea5	Vault extra audiences (#3 ) --------- Signed-off-by: cloudwiz <andrey.dubnik@maersk.com>	2024-02-06 10:06:17 +00:00
Tim Ramlot	899d55ae57	remove webhook conversion logic Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-02-02 11:19:08 +01:00
Tim Ramlot	5b8c1213b6	redact the body of failed authentication requests Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-01-31 10:05:00 +01:00
jetstack-bot	0b33337f1d	Merge pull request #6679 from wallrj/remove-DisableInstanceDiscovery-field Remove unnecessary Azure workload identity setting: DisableInstanceDiscovery: true	2024-01-30 19:45:27 +00:00
Richard Wall	67e06fce78	A hack to DisableInstanceDiscovery during tests Signed-off-by: Richard Wall <richard.wall@venafi.com>	2024-01-30 18:03:05 +00:00
Tim Ramlot	b9dd4903ad	improve error message logging Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-01-30 16:55:37 +01:00
Richard Wall	420d3114df	Remove unnecessary Azure workload identity setting: DisableInstanceDiscovery: true Signed-off-by: Richard Wall <richard.wall@venafi.com>	2024-01-30 15:50:05 +00:00
Tim Ramlot	90cbbc9d87	replace the azcore.ResponseError error message to make it stable across retries Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-01-30 16:20:52 +01:00
Tim Ramlot	5ac022ad70	remove versionchecker, because it was moved to cert-manager/cmctl Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-01-29 11:50:09 +01:00
Richard Wall	ee5cba487a	Stop using the deprecated SingleInflight field of miekg/dns Signed-off-by: Richard Wall <richard.wall@venafi.com>	2024-01-26 17:53:50 +00:00
Rodrigo Fior Kuntzer	199c98689f	feat: supporting Vault server mTLS Signed-off-by: Rodrigo Fior Kuntzer <rodrigo@miro.com>	2024-01-15 09:25:30 -03:00
Tim Ramlot	67f8a03cae	update AzureDNS auth API comments Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-01-12 12:07:02 +01:00
Tim Ramlot	9a049532d0	Update Azure SDK and remove deprecated autorest dependency Co-authored-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> Signed-off-by: Philip Laine <philip.laine@gmail.com>	2024-01-12 12:06:34 +01:00
jetstack-bot	a1c134e78c	Merge pull request #6574 from ThatsMrTalbot/tls-metrics-endpoint feat: add tls to metrics endpoint	2024-01-10 14:48:17 +00:00
SpectralHiss	892e6eef01	Fix OtherName Value UniversalValue .Type() detection Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>	2024-01-10 10:35:43 +00:00
SpectralHiss	0b83f78fff	Remove redundant otherName match tests * We do not need to include otherName in fuzzy certificate detection checks Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>	2024-01-09 17:02:24 +00:00
Tim Ramlot	3dad3f320b	don't check OtherNames when fuzzy matching Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-01-09 16:41:13 +01:00
Tim Ramlot	736896d264	introduce UniversalValue 'Type()' Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-01-09 16:40:32 +01:00
SpectralHiss	38c2b33a71	Add otherName detection to TestSecretDataAltNamesMatchSpec Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>	2024-01-09 14:01:09 +00:00
SpectralHiss	b6fdcede90	Add test for different order OtherName value * Simplify sorting implementation for OtherName slice equality Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>	2024-01-09 11:39:17 +00:00
SpectralHiss	7b13c72fed	Detect otherName changes to CR trigger reissuance Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>	2024-01-09 09:58:43 +00:00
jetstack-bot	c3304feec5	Merge pull request #6618 from SpectralHiss/hef/missed-otherName-changes Hef/missed other name changes	2024-01-09 09:44:29 +00:00
jetstack-bot	4edb4b0ad0	Merge pull request #6619 from ThatsMrTalbot/feat/http-max-body-size feat: limit the size of the body read back from http requests	2024-01-08 20:41:08 +00:00
Adam Talbot	d0ec66237c	feat: limit the size of the body read back from http requests Signed-off-by: Adam Talbot <adam.talbot@venafi.com>	2024-01-08 20:28:01 +00:00
SpectralHiss	d186b61414	Add attribution to pkg/util/pki/asn1_util.go Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>	2024-01-08 13:34:09 +00:00
SpectralHiss	d07dd3de5f	Fix OtherName feature flag validation logic * Improve test comments for UniversalValue Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>	2024-01-08 13:34:09 +00:00
jetstack-bot	e0189a6a30	Merge pull request #6607 from inteon/deprecate_util_function Deprecate URLsFromStrings which is only used in other deprecated functions	2024-01-05 15:23:16 +00:00
Tim Ramlot	c584ee6dfb	use generics for mustAllSync variants Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-01-05 11:58:14 +01:00
Tim Ramlot	a49bc65b03	deprecate URLsFromStrings which is only used in other deprecated functions Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-01-05 11:50:13 +01:00
Adam Talbot	d27fcc2762	refactor: refactored metrics server code into internal package Signed-off-by: Adam Talbot <adam.talbot@venafi.com>	2024-01-04 15:49:25 +00:00
Richard Wall	7bda41c282	Use io instead of deprecated ioutil Signed-off-by: Richard Wall <richard.wall@venafi.com>	2024-01-04 15:05:24 +00:00
Tim Ramlot	8ca617a8ea	replace custom util function with k8s.io/apimachinery/util/sets Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-01-04 14:38:30 +01:00
jetstack-bot	24d0fddec5	Merge pull request #6593 from inteon/use_slices Use slices go library	2024-01-04 13:36:02 +00:00
jetstack-bot	d2f3f12f47	Merge pull request #6592 from inteon/add_long_cert_chain_test Add tests for the improvements made in #6561	2024-01-04 13:18:02 +00:00
Tim Ramlot	e157729991	fix typo in name and add comment explaining genericEqualUnsorted Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-01-04 14:02:36 +01:00
Tim Ramlot	950948e465	start using the new 'slices' library and deprecate old util functions Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-01-04 09:32:17 +01:00
Tim Ramlot	90dc8ccde0	disable APIPriorityAndFairness using config instead of feature flag Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-01-03 17:40:46 +01:00
Tim Ramlot	9547fbdf94	add tests for the improvements made in #6561 Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-01-03 17:25:15 +01:00
Tim Ramlot	a0f2849425	run 'make update-codegen' Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-01-03 16:18:35 +01:00
Tim Ramlot	6458aaf518	stop using deprecated klog functions Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-01-03 16:18:35 +01:00
jetstack-bot	e9a4793ba4	Merge pull request #6589 from inteon/rename_feature_gates Rename UseCertificateRequestNameConstraints to NameConstraints	2024-01-03 15:04:22 +00:00
Tim Ramlot	41404a7fd7	rename UseCertificateRequestNameConstraints to NameConstraints Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-01-03 15:49:18 +01:00
jetstack-bot	9d5ed5752f	Merge pull request #6120 from inteon/cleanup_test_context_builder add comments explaining the Sync function & small test bugfix	2024-01-03 14:33:22 +00:00
jetstack-bot	cc8925ae9f	Merge pull request #6404 from SpectralHiss/hef/otherNameSANs Other name sans support in Certificates	2024-01-03 14:16:23 +00:00
Houssem El Fekih	ddc1dffe87	Update pkg/util/pki/asn1_util.go Co-authored-by: Ashley Davis <SgtCoDFish@users.noreply.github.com> Signed-off-by: Houssem El Fekih <hassoum92@hotmail.com>	2024-01-03 13:30:42 +00:00
jetstack-bot	4af78fe98a	Merge pull request #6548 from snorwin/modern-pkcs12 New option to specify encryption and MAC algorithms for PKCS#12 keystores.	2024-01-03 12:54:22 +00:00
Tim Ramlot	8223df9e91	rename Algorithms to Profile Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-01-03 13:45:02 +01:00
Tim Ramlot	914c2dd169	add comments explaining the Sync function & small bugfixes Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-01-03 11:15:27 +01:00
Richard Wall	036e3a8e74	Replace all uses of sets.String with the generic sets.Set Signed-off-by: Richard Wall <richard.wall@venafi.com>	2024-01-02 17:24:38 +00:00
Richard Wall	19ade4b79e	Replace all calls to RandStringBytes and RandStringRunes With k8s.io/apimachinery/pkg/util/rand#String instead Signed-off-by: Richard Wall <richard.wall@venafi.com>	2024-01-02 15:41:07 +00:00
Richard Wall	4aa373b733	Deprecate RandStringBytes and RandStringRunes Signed-off-by: Richard Wall <richard.wall@venafi.com>	2024-01-02 15:02:14 +00:00
Richard Wall	d468830b23	Fix gosec G404 Signed-off-by: Richard Wall <richard.wall@venafi.com>	2024-01-02 12:33:46 +00:00
Richard Wall	865063594d	Fix gosec 501 Signed-off-by: Richard Wall <richard.wall@venafi.com>	2024-01-02 11:20:16 +00:00
Richard Wall	0ea258327d	Fix gosec G505 Signed-off-by: Richard Wall <richard.wall@venafi.com>	2024-01-02 10:10:11 +00:00
Adam Talbot	ae143c15f6	feat: add tls to metrics endpoint Signed-off-by: Adam Talbot <adam.talbot@venafi.com>	2023-12-27 17:15:00 +00:00
jetstack-bot	5615de61ee	Merge pull request #6563 from inteon/hide_deprecated_flags Hide deprecated CLI flags	2023-12-27 09:59:59 +00:00
jetstack-bot	5e09dd3059	Merge pull request #6561 from inteon/parse_certificate_chain Certificate chain parsing	2023-12-27 09:59:53 +00:00
SpectralHiss	1b48cb664b	Fix csr_test.go critical SAN on tests without Subjects * Also fixed the conformance e2e test by including a Subject and matching the values Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>	2023-12-21 18:44:49 +00:00
SpectralHiss	c59037a19b	Simplify e2e test fixture for otherName * Fix Bug in critical on empty subject logic Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>	2023-12-21 17:48:50 +00:00
SpectralHiss	ae4249b9e2	Go style variable rename Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>	2023-12-21 14:54:08 +00:00
SpectralHiss	2f6dbc85d3	Change openssl SAN order to simplify test assetion * Ordering does not matter for the GeneralNames as it is a tagged context Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>	2023-12-21 13:07:34 +00:00
SpectralHiss	8e2365dd54	Add UTF8 marshalling unit tests * Add test names to pkg/util/pki/sans_test.go tests Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>	2023-12-21 11:58:26 +00:00
SpectralHiss	f4bbe66737	Fix IA5String test assertion Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>	2023-12-21 10:02:53 +00:00
jetstack-bot	c7714e65f0	Merge pull request #6551 from wallrj/gosec-601 Fix gosec G601: Implicit memory aliasing of items from a range statement	2023-12-20 18:21:37 +00:00
Richard Wall	4de9e956e5	Fix gosec G601: Implicit memory aliasing of items from a range statement Signed-off-by: Richard Wall <richard.wall@venafi.com>	2023-12-20 17:25:41 +00:00
Tim Ramlot	24794feac0	update API comments Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-12-20 11:26:52 +01:00
Tim Ramlot	f60a61bde1	hide deprecated flags Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-12-20 10:25:35 +01:00
Tim Ramlot	f2af5672ee	add additional validation checks Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-12-20 10:13:11 +01:00
Tim Ramlot	cd58042746	improve the algorithm and add prevent DOS Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-12-20 10:13:11 +01:00
Tim Ramlot	c81609cdef	move certificate chain parsing to seperate file Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-12-20 10:13:07 +01:00
SpectralHiss	e7f29f8bb3	UTF8Value -> utf8Value in CRD JSON schema * Still following Go standard with UTF8Value for struct field name Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>	2023-12-20 08:30:54 +00:00
SpectralHiss	c87a2f6691	Add early feedback validation for otherName syntax and tests * Fixed warning Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>	2023-12-19 20:02:02 +00:00
Adam Talbot	247a034116	feat: update gateway api to v1 Signed-off-by: Adam Talbot <adam.talbot@venafi.com>	2023-12-18 21:00:42 +00:00
Norwin Schnyder	ebf58b9967	apply PR feedback Signed-off-by: Norwin Schnyder <norwin.schnyder+github@gmail.com>	2023-12-15 10:52:57 +01:00
Allen Mun	9b09aa87a7	Add flag and field to customize leaf duration on dynamic certificates Signed-off-by: Allen Mun <allen.mun@capitalone.com>	2023-12-13 15:45:52 -05:00
SpectralHiss	95b9345a5d	Make UTF8Value godoc comment more clear Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>	2023-12-13 17:05:12 +00:00
SpectralHiss	4bdee5f010	Rename otherNameSANs to otherNames * Improve the CRD godoc comments Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>	2023-12-13 16:21:56 +00:00
Norwin Schnyder	b8ad8a3704	apply PR feedback Signed-off-by: Norwin Schnyder <norwin.schnyder+github@gmail.com>	2023-12-13 12:00:39 +00:00
SpectralHiss	45a8bb7edf	Modified one sans processing test case to make more useful Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>	2023-12-13 09:37:25 +00:00
Tim Ramlot	721f71ed60	Refactor the solution Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-12-13 09:37:21 +00:00
Tim Ramlot	7b7912022a	Add feature gate Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-12-13 09:16:06 +00:00
Tim Ramlot	bfd9a65160	Add OtherNameSANs field to Certificates * Added an otherName SAN extension mechanism * Can take any otherName OID with String (UTF-8) like value * cf [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) p 37 for more info * otherName is only a subset of GeneralName, our specific need for for UserPrincipalName used in Microsoft AD/ LDAP * We treat UPN special but we might remove this in a later commit Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>	2023-12-13 09:12:23 +00:00
Norwin Schnyder	b79e73f484	fix controller-gen errors Signed-off-by: Norwin Schnyder <norwin.schnyder+github@gmail.com>	2023-12-12 18:25:15 +01:00
Norwin Schnyder	56dcb3e1dd	enhance unit tests Signed-off-by: Norwin Schnyder <norwin.schnyder+github@gmail.com>	2023-12-12 15:06:57 +00:00
Tim Ramlot	849b6bda9e	add tests & final cleanup Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-12-12 15:57:07 +01:00
Norwin Schnyder	b8f4f3b518	pkcs12 encoding with different algorithms Signed-off-by: Norwin Schnyder <norwin.schnyder+github@gmail.com>	2023-12-12 14:27:00 +00:00
Tim Ramlot	cfaf3f338e	cleanup code Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-12-12 13:47:55 +01:00
tanujd11	da84cf5b88	fix: imports Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-12 17:10:32 +05:30
tanujd11	652feb50cc	Addressed review comments Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-12 17:05:33 +05:30
tanujd11	5f0a715863	add nameConstraints from openssl Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-12 00:40:45 +05:30
tanujd11	bc75f8488d	fix: structure of nameconstraint in CSR Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-11 18:00:15 +05:30
tanujd11	a29a5913d0	addressed review comments Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-07 23:42:35 +05:30
tanujd11	28ca4312b3	fix: additional review comments Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-07 22:30:31 +05:30
tanujd11	8d362439a8	fix UTs Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-07 22:30:31 +05:30
tanujd11	84d7dd4aed	Addressed review comments Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-07 22:30:31 +05:30
tanujd11	d1b3e5ca83	Move critical from NameConstraintItem to NameConstraint and remove validateNameConstraints Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-07 22:30:29 +05:30
tanujd11	adb9311f56	validate name constraint before signing CSR Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-07 22:29:45 +05:30
tanujd11	50d84c1bbc	nits: added new line at EOF and comment fix Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-07 22:27:42 +05:30
tanujd11	589030dec1	feature: added name constraints Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>	2023-12-07 22:27:31 +05:30
jetstack-bot	e7e3e5f4de	Merge pull request #6534 from wallrj/server-timeout Mitigate potential Slowloris attacks by setting ReadHeaderTimeout in all http.Server instances	2023-12-07 13:28:05 +01:00
Richard Wall	8bed166858	Add ReadHeaderTimeout to all http.Server where that setting is missing Signed-off-by: Richard Wall <richard.wall@venafi.com>	2023-12-07 11:42:22 +00:00
Tim Ramlot	767764d598	refactor GenerateCSR and deprecated the helper functions Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-12-06 18:16:19 +01:00

1 2 3 4 5 ...

3479 Commits