weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
8,195 Commits 45 Branches 0 Tags 96 MiB
7b7912022a
Commit Graph

8195 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tim Ramlot
7b7912022a Add feature gate 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-12-13 09:16:06 +00:00
Tim Ramlot
bfd9a65160 Add OtherNameSANs field to Certificates 
* Added an otherName SAN extension mechanism
* Can take any otherName OID with String (UTF-8) like value
* cf [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) p 37 for
  more info
* otherName is only a subset of GeneralName, our specific need for for
  UserPrincipalName used in Microsoft AD/ LDAP
* We treat UPN special but we might remove this in a later commit

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-13 09:12:23 +00:00
jetstack-bot
8da699a735
Merge pull request #6542 from tanujd11/fix/name-constraints-csr-structure 
fix: structure of nameconstraint in CSR
 2023-12-12 16:07:16 +00:00
jetstack-bot
4ae25789a2
Merge pull request #6537 from wallrj/golangci-lint 
Add the golangci-lint GitHub action
 2023-12-12 15:22:03 +00:00
Tim Ramlot
849b6bda9e
add tests & final cleanup 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-12-12 15:57:07 +01:00
Tim Ramlot
cfaf3f338e
cleanup code 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-12-12 13:47:55 +01:00
tanujd11
da84cf5b88 fix: imports 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-12 17:10:32 +05:30
tanujd11
652feb50cc Addressed review comments 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-12 17:05:33 +05:30
tanujd11
5f0a715863 add nameConstraints from openssl 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-12 00:40:45 +05:30
jetstack-bot
37e425c4da
Merge pull request #6545 from wallrj/bump-go 
Bump Go to 1.21.5
 2023-12-11 18:05:47 +00:00
Richard Wall
f3a91ac8aa Bump Go to 1.21.5 
- go1.21.4 (released 2023-11-07) includes security fixes to the path/filepath package, as well as bug fixes to the linker, the runtime, the compiler, and the go/types, net/http, and runtime/cgo packages.
- go1.21.5 (released 2023-12-05) includes security fixes to the go command, and the net/http and path/filepath packages, as well as bug fixes to the compiler, the go command, the runtime, and the crypto/rand, net, os, and syscall packages.

Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2023-12-11 17:27:09 +00:00
tanujd11
bc75f8488d fix: structure of nameconstraint in CSR 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-11 18:00:15 +05:30
jetstack-bot
e8d279025c
Merge pull request #6500 from tanujd11/feature/ca-cert-name-constraint 
feature: added name constraints in certs with isCA enabled
 2023-12-08 12:18:42 +00:00
tanujd11
a29a5913d0 addressed review comments 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 23:42:35 +05:30
Richard Wall
70cf0d200b Add the golangci-lint GitHub action 
Initially we enable only the gosec linter and only check G112
because that has been addressed in #6534.

Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2023-12-07 18:03:04 +00:00
tanujd11
28ca4312b3 fix: additional review comments 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 22:30:31 +05:30
tanujd11
8d362439a8 fix UTs 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 22:30:31 +05:30
tanujd11
84d7dd4aed Addressed review comments 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 22:30:31 +05:30
tanujd11
d1b3e5ca83 Move critical from NameConstraintItem to NameConstraint and remove validateNameConstraints 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 22:30:29 +05:30
tanujd11
adb9311f56 validate name constraint before signing CSR 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 22:29:45 +05:30
tanujd11
50d84c1bbc nits: added new line at EOF and comment fix 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 22:27:42 +05:30
tanujd11
589030dec1 feature: added name constraints 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 22:27:31 +05:30
jetstack-bot
e7e3e5f4de
Merge pull request #6534 from wallrj/server-timeout 
Mitigate potential Slowloris attacks by setting ReadHeaderTimeout in all http.Server instances
 2023-12-07 13:28:05 +01:00
jetstack-bot
5484a92df8
Merge pull request #6535 from inteon/cleanup_generate_csr 
Refactor GenerateCSR and deprecate the helper functions
 2023-12-07 13:15:05 +01:00
Richard Wall
8bed166858 Add ReadHeaderTimeout to all http.Server where that setting is missing 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2023-12-07 11:42:22 +00:00
Tim Ramlot
767764d598
refactor GenerateCSR and deprecated the helper functions 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-12-06 18:16:19 +01:00
jetstack-bot
4209de2371
Merge pull request #6533 from inteon/cleanup_literal_subject_validation 
BUGFIX: LiteralCertificateSubject webhook logic
 2023-12-06 16:24:44 +01:00
Tim Ramlot
c5d7f15aa1
LiteralCertificateSubject: improve webhook logic 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-12-06 16:09:06 +01:00
jetstack-bot
40951826ab
Merge pull request #6531 from inteon/rename_fields_internal_api 
Rename internal API fields to match the field names in the public API
 2023-12-06 14:46:43 +01:00
Tim Ramlot
25eec9514a
rename internal API fields to match the fieldnames in the public API 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-12-06 13:59:59 +01:00
jetstack-bot
202a80e218
Merge pull request #6519 from JoeNorth/master 
Update AWS SDK for Go to 1.48.7
 2023-11-29 15:12:49 +01:00
Tim Ramlot
63c1636a83
run 'make tidy' and 'make update-licenses' 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-11-29 13:41:46 +01:00
Joe North
4e03eb1283 Update AWS SDK for Go version 
Signed-off-by: Joe North <jbnorth@amazon.com>
 2023-11-28 19:55:23 +00:00
jetstack-bot
e47444db80
Merge pull request #6491 from inteon/pprof_non_leaders 
BUGFIX: run pprof server on non-leaderelected replicas
 2023-11-27 19:52:06 +01:00
jetstack-bot
554ceac1c8
Merge pull request #6517 from inteon/use_pkcs12_legacyrc2 
Replace deprecated pkcs12 function call with pkcs12.LegacyRC2
 2023-11-27 17:34:06 +01:00
Tim Ramlot
6f7ebbed7b
replace deprecated pkcs12 function call with pkcs12.LegacyRC2 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-11-27 12:32:19 +01:00
jetstack-bot
cc40c405d6
Merge pull request #6512 from inteon/bump_jose 
Bump the go-jose dependency
 2023-11-27 10:26:05 +01:00
Tim Ramlot
99d473bbf1
bump the go-jose dependency 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-11-24 14:32:53 +01:00
jetstack-bot
630dba760a
Merge pull request #6498 from inteon/fix_webhook_bug 
BUGFIX: Limit webhook admission input
 2023-11-22 15:00:40 +01:00
jetstack-bot
0e5f9c679d
Merge pull request #6499 from avi-08/fix-helm-controller-featuregates 
Fix controller feature gates config in helm
 2023-11-17 17:51:38 +01:00
Avi Sharma
c72fc28773 Fix controller feautregates config in helm 
Signed-off-by: Avi Sharma <avi.08.sh@gmail.com>
 2023-11-17 21:38:44 +05:30
jetstack-bot
c9e028f3db
Merge pull request #6347 from lauraseidler/fix/gateway-warning-http 
Do not process Gateway listeners that do not support TLS
 2023-11-17 16:18:19 +01:00
jetstack-bot
30205eab85
Merge pull request #6497 from SgtCoDFish/bestpractices 
Add Core Infrastructure Initiative Best Practices badge
 2023-11-17 14:27:47 +01:00
Tim Ramlot
073d90611e
limit webhook admission input 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-11-17 14:23:57 +01:00
Ashley Davis
d25471e58d
Add Core Infrastructure Initiative Best Practices badge 
I filled out the form on the CII site and they gave us a badge!

This is part of the work towards graduation - this is a required
step listed in:

https://github.com/cncf/toc/blob/main/process/graduation_criteria.md
Signed-off-by: Ashley Davis <ashley.davis@venafi.com>
 2023-11-17 13:03:36 +00:00
jetstack-bot
7dca7210e7
Merge pull request #6495 from wallrj/6482-startupapicheck-verbose-logging 
Enable verbose logging in startupapicheck by default
 2023-11-17 12:57:46 +01:00
Richard Wall
a2ca3c714f Enable verbose logging in startupapicheck by default 
So that if it fails, users can know exactly what caused the failure.

Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2023-11-17 09:09:41 +00:00
jetstack-bot
c4aa1ec50b
Merge pull request #6486 from jeremycampbell-okta/caissuers-extension 
Add x509 v3 CA Issuers Extension
 2023-11-17 09:06:46 +01:00
Jeremy Campbell
dc876fef16
Add x509 v3 CA Issuers Extension 
Signed-off-by: Jeremy Campbell <jeremy.campbell@okta.com>
 2023-11-16 12:45:16 -06:00
jetstack-bot
b0ed333413
Merge pull request #6459 from shlomitubul/master 
feat(helm) Add support for PodMonitor
 2023-11-16 14:45:00 +01:00