weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
1,126 Commits 45 Branches 0 Tags 96 MiB
795b472e8d
Commit Graph

81 Commits

Author SHA1 Message Date
Max Ehrlich
795b472e8d
Flesh out acme-dns implementation, registration must occur before using cert-manager 
Signed-off-by: Max Ehrlich <max.ehr@gmail.com>
 2018-08-13 13:30:34 -04:00
Max Ehrlich
9902845c82
Add acmedns constructor to dns interface 
Signed-off-by: Max Ehrlich <max.ehr@gmail.com>
 2018-08-13 13:30:33 -04:00
Max Ehrlich
40ce2d8e86
Basic parts of implementation of acme dns, missing registration and credential retrieval 
Signed-off-by: Max Ehrlich <max.ehr@gmail.com>
 2018-08-13 13:25:43 -04:00
Max Ehrlich
110a9443e8
Stubs for acmedns and its test 
Signed-off-by: Max Ehrlich <max.ehr@gmail.com>
 2018-08-13 13:25:43 -04:00
jetstack-bot
abfbb36a48
Merge pull request #825 from ocadotechnology/820-plumb-dns-servers-more 
fix: plumb dns servers into more areas
 2018-08-13 17:48:30 +01:00
stuart.warren
4f80dca9d5 fix: plumb dns servers into more areas 
fixes: #820
Signed-off-by: stuart.warren <stuart.warren@ocado.com>
 2018-08-13 16:21:37 +01:00
James Munnelly
813996b07d Update third_party files with skip license headers 
Signed-off-by: James Munnelly <james.munnelly@jetstack.io>
 2018-08-13 16:06:07 +01:00
James Munnelly
51195e4c5f Update license header and add header to every file 
Signed-off-by: James Munnelly <james.munnelly@jetstack.io>
 2018-08-13 15:53:37 +01:00
Louis Taylor
cc9a18a872
Handle error cases 2018-08-10 11:12:15 +01:00
Louis Taylor
69f6a234c7
Catch and return dns query error in DNS01Record 2018-08-10 11:04:48 +01:00
James Munnelly
3a69dd1cbf Update unit test fixture to produce mock Contexts 2018-08-07 16:13:46 +01:00
James Munnelly
370a7a1460 Update DNS01 solver 2018-08-07 16:13:46 +01:00
James Munnelly
7346240830 Update codebase for refactored API type names 2018-08-07 14:16:53 +01:00
James Munnelly
fcf812c654 Add OWNERS files to auto-label PRs. Mark apis directory as requiring a review by @munnerz. 2018-07-26 13:01:58 +01:00
Louis Taylor
bcf135c7ae
clouddns: use fqdn for challenge cleanup 
This is the same as the problem fixed in #750, but for cleanup.
 2018-07-22 20:17:11 +01:00
jetstack-bot
398e1560a3
Merge pull request #670 from gurvindersingh/master 
add support CNAME for dns-01 challenge
 2018-07-20 19:36:06 +01:00
jetstack-bot
b15a18be98
Merge pull request #746 from euank/route53-invalid-change-batch 
issuer/route53: fix delete for 'NotExist' errors
 2018-07-20 18:36:59 +01:00
Euan Kemp
ea84532a5c issuer/route53: log ignored InvalidChangeBatch err 2018-07-20 10:10:02 -07:00
Louis Taylor
082f815773
clouddns: find hosted zone for challenge record 
Previously this would fail if you use a CNAME for the _acme-challenge
record.
 2018-07-20 16:53:12 +01:00
Euan Kemp
15d497b4ca issuer/route53: fix delete for 'NotExist' errors 
Fixes #736.

Prior to this change, it was quite possible to end up with a queue of
cleanup tasks that would never succeed.
 2018-07-19 10:20:27 -07:00
jetstack-bot
bd7f15d5f4
Merge pull request #710 from kragniz/dns-flag 
Add flag for setting nameservers for DNS01 check
 2018-07-11 14:26:33 +01:00
Gustav Westling
641b497242 route53: update managed by DNS record comment 2018-07-08 12:09:00 +02:00
Louis Taylor
cbc61ef7f9
Fix tests 2018-07-05 12:41:33 +01:00
Louis Taylor
3eaca6a318
Add flag for custom dns01 nameservers 2018-07-05 12:40:53 +01:00
Gurvinder Singh
bfde429b8e add support CNAME for dns-01 challenge 
Domain for which certificate is asked for can have a CNAME, so we should check it.
If domain has a CNAME, create the challange TXT record in the alias domain.

This is useful in the scenario where a company like us is using some DNS provider
which is not supported dynamically. We can then create a CNAME for records like

_acme-challenge.example.com -> example.aws.hosted.com

So this will allow us getting cert for *.example.com with creating txt record in route53 for above exxample.
 2018-06-21 21:48:16 +02:00
Euan Kemp
27b5e49732 issuer/dns/route53: add myself as owner 2018-06-12 18:32:49 -07:00
jetstack-bot
df4b493b38
Merge pull request #582 from ThatWasBrilliant/master 
FindZoneByFqdn fixes from lego
 2018-06-12 16:25:41 +01:00
jetstack-bot
3cafdd9401
Merge pull request #598 from euank/log-namespaces 
issuer/acme/*: log namespaces for resources
 2018-06-06 09:52:53 +01:00
Euan Kemp
36b57ba475 issuer/acme/dns: log namespace for secret errors 
If we can't find the secret, the user should probably also know what
namespace we looked in.

xref #540 for a case where this might help with debugging
 2018-05-30 20:00:21 -07:00
Euan Kemp
910a9e8859 issuer/acme/dns: remove redundant 'Error' calls 2018-05-30 19:57:44 -07:00
Brian Hardy
e52aefb34a FindZoneByFqdn fixes from lego 2018-05-25 14:00:29 -05:00
Paul Tiplady
1089667ceb Make CloudDNS service account errors debuggable 
Improve logging in the case where the Service Account Secret is
loaded, but the Key is not found.

Previous behaviour was to fail without giving much help as to
why.

New behaviour confirms the key name and namespace/secret-name.

FIXES: 539
 2018-05-11 08:56:09 -07:00
James Munnelly
707a113870 Update Cloudflare provider to be idempotent when calling Present 2018-05-09 14:45:11 +01:00
James Munnelly
336d01ac4a Update dns util tests 2018-04-11 19:39:36 +01:00
Maxim Ivanov
c44a7552ea Check challenge before presenting it 
With async challenge Check, it is often happens,
that solver.Check() fails on first run after solver.Present()

Cert-manager then tries again, but starts with solver.Present(),
which not being idempotent right now fails on certain DNS providers.

This change swaps order of solver.Check() and solver.Present().
Check is not returning error if propagation not happened, it then
allows Present() to run.

In the current form, Present() will be spamming with errors,
but this doesn't stop Check from happening on every attempt,
so eventually Challenge can be verified and accepted. In the future,
Present() should be made idempotent.
 2018-04-11 11:27:23 +01:00
James Munnelly
9aa3bb52a3 Fix invalid json tags 2018-04-09 19:44:16 +01:00
James Munnelly
99d7a7b99a Fix ACME DNS provider unit tests 2018-04-09 17:57:33 +01:00
James Munnelly
b934852775 Merge branch 'master' into acmev2 2018-04-09 16:52:34 +01:00
James Munnelly
3bde815cf2 Update DNS and HTTP provider to use challenge structs 2018-04-09 15:38:43 +01:00
Euan Kemp
4e5a2d1646 issuer/dns/route53: append our user-agent 2018-04-06 18:09:17 -07:00
Euan Kemp
4d9b0e836e issuer/dns/akamai: set user-agent 2018-04-06 18:09:17 -07:00
Euan Kemp
34391f0726 issuer/dns/cloudflare: set user-agent 2018-04-06 18:09:17 -07:00
jetstack-bot
acfc2f78d1
Merge pull request #322 from yieldlab/akamai-support 
Add ACME DNS-01 provider for Akamai FastDNS
 2018-04-04 18:26:22 +01:00
James Munnelly
da0d45e3f4 Use DialContext in ACMEClient round tripper 2018-04-04 12:30:33 +01:00
James Munnelly
01efbca114 Merge branch 'master' into acmev2 2018-04-04 11:27:37 +01:00
Euan Kemp
faac0701ab issuer/route53: respect 'ambient' flag for region 
This notably results in the region being a required field if the
'ambient' option is not set for a given issuer.
 2018-03-24 14:16:33 -07:00
Euan Kemp
dd48f4aa05 issuer/acme/dns: add ambient=false unit test 2018-03-23 14:30:43 -07:00
Euan Kemp
971ef4f198 issuer/route53: remove unused integ test 
I'm convinced this test was never run and also did not provide any
significant value in this project.
 2018-03-23 14:30:43 -07:00
Euan Kemp
0d39da5174 issuer/route53: improve logging hosted zone errs 2018-03-23 14:30:43 -07:00
Euan Kemp
0fb787eae7 controller: add ambient issuer flags and feature 
This implements ambient credential support for AWS, gated behind flags
for issuers and cluster issuers.

This adds the pair of flags discussed in
https://github.com/jetstack/cert-manager/issues/308.

It provides an implementation for those flag's effects for the route53
solver.
 2018-03-23 14:30:43 -07:00