weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
5,885 Commits 45 Branches 0 Tags 96 MiB
811069cac7
Commit Graph

385 Commits

Author SHA1 Message Date
Jonathan Prates
9f36f8984b feat: copy SecretTemplate api to v1alpha2 v1alpha3 and v1beta1 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
 2021-08-03 01:19:11 +01:00
Jonathan Prates
1f87c098a1 fix: update autogenerated code 
Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
 2021-08-03 01:19:11 +01:00
jetstack-bot
b04e42c437
Merge pull request #4253 from JoshVanL/apiextensions-v1beta1-v1 
Conversion: Apiextensions v1beta1 -> v1
 2021-07-30 15:49:49 +01:00
Wilson Júnior
18235e3624
Improve ParseSingleCertificateChain when no root is present 
Fixes when the certificate chain does not have a root CA,
in which case the chain should contain all available intermediates
and ca.crt should contain the rootmost certificate.

Co-authored-by: Josh Van Leeuwen <joshua.vanleeuwen@jetstack.io>
Signed-off-by: Wilson Júnior <wilsonpjunior@gmail.com>
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2021-07-28 14:05:19 +01:00
Jake Sanders
d69a48c1dc
Add comment to exported ConvertedGVKAnnotation constant. 
Co-authored-by: Maël Valais <mael@vls.dev>
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-07-27 17:01:50 +01:00
Jake Sanders
90f006c907
nit: imports 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-07-27 16:58:59 +01:00
Jake Sanders
fc428d763e
Fix e2e tests on Kube 1.16 by removing last references to NetworkingV1 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-07-26 22:30:41 +01:00
Jake Sanders
63d7cb551e
./hack/update-all 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-07-26 19:15:08 +01:00
Jake Sanders
756917cc24
Ensure functionality works against v1beta1 API server 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-07-26 18:30:01 +01:00
Jake Sanders
6fa758b616
Remove unused argument 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-07-26 18:29:58 +01:00
Jake Sanders
67c6586161
Addressing code review comments in #4225 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-07-26 18:29:54 +01:00
Jake Sanders
496488027e
Ingress Backend should not specify Name and Port 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-07-26 18:29:51 +01:00
Jake Sanders
0d93b93fc5
Feature: Support both v1 and v1beta1 ingresses. 
Kubernetes is removing support for the v1beta1 Ingress type in 1.22: https://kubernetes.io/blog/2021/07/14/upcoming-changes-in-kubernetes-1-22/#api-changes
However, we still wish to support k8s v1.16 until mid 2022 when Openshift 3 becomes out of support.

cert-manager will now use v1 Ingress if available by using the discovery API.

Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-07-26 18:29:42 +01:00
joshvanl
f180f0a0e6 Change internal ACME API to use apiextensions v1beta1 -> v1 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-07-26 17:00:08 +01:00
Maël Valais
b62e51dc2c validation: leftmost align and guard statements instead of 'switch' 
The switch statement was making it a bit harder to read. I also renamed
variables to make more sense in the context of this function.

Signed-off-by: Maël Valais <mael@vls.dev>
 2021-07-06 12:51:01 +02:00
Maël Valais
d6d9aee9c7 linter party: ineffective 'break', commented "do nothing" instead 
Signed-off-by: Maël Valais <mael@vls.dev>

Signed-off-by: Maël Valais <mael@vls.dev>
 2021-07-06 12:51:01 +02:00
ulrich giraud
b9c9231305 vault issuer: specify that the caBundle must be base64-encoded 
Signed-off-by: Ulrich GIRAUD <ulrich.giraud@pole-emploi.fr>
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-07-02 20:54:03 +02:00
joshvanl
67ba2b15da Updates comment for internal vault client New func, that errors should 
be considered for retrying

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-06-29 14:34:49 +01:00
jetstack-bot
02d90248de
Merge pull request #4079 from annerajb/support-ed25519 
support-ed25519
 2021-06-15 16:17:53 +01:00
Anner J. Bonilla
9546a357a5
Add support for certificates with ed25519 private keys 
Note that using ed25519 on the public internet is not currently
recommended, since it's not widely supported. You'd likely not be able
to use an Ed25519 cert with an ACME issuer today.

Ed25519 certs might be useful for internal PKI, though - an ed25519 CA
issuer, say - or for testing ed25519 certs before they become more
widely available on the public internet. They're not currently
supported by Vault, Venafi or ACME (Letsencrypt) issuers.

Signed-off-by: Anner J. Bonilla <abonilla@hoyosintegrity.com>
Signed-off-by: Anner J. Bonilla <annerjb@gmail.com>
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2021-06-14 11:17:35 +01:00
irbekrm
118cfb6029 Remove the defaulting for renewBefore from fuzzer 
We now calculate this default at reneal time

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-06-11 15:35:46 +01:00
irbekrm
e6b748047d Remove the default renewBefore value 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-06-11 10:03:12 +01:00
jetstack-bot
7eb301f74c
Merge pull request #4021 from irbekrm/deprecate_apis 
Deprecates old APIs
 2021-05-21 18:30:32 +01:00
Ashley Davis
333af8fd94
further static check fixes 
pkg/internal/apis/certmanager/validation/certificate_for_issuer_test.go:34:2 deadcode `defaultTestCrtName` is unused
pkg/issuer/acme/dns/rfc2136/provider_test.go:42:23 errcheck Error return value of `server.Shutdown` is not checked
pkg/issuer/acme/dns/rfc2136/provider_test.go:77:23 errcheck Error return value of `server.Shutdown` is not checked
pkg/issuer/vault/setup.go:37:2 deadcode `messageVaultHealthCheckFailed` is unused
pkg/issuer/venafi/client/request.go:143:5 gosimple S1023: redundant break statement
pkg/logs/logs.go:68:8 errcheck Error return value of `fs.Set` is not checked

the following fixes introduce a panic when the returned error is
non-nil, which could be a breaking change but was deemed to be worth it
pkg/webhook/server/server.go:58:30 errcheck Error return value is not checked
pkg/webhook/server/server.go:59:25 errcheck Error return value is not checked

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2021-05-21 12:04:05 +01:00
irbekrm
6c4d819d1d Determine requested API version from RequestKind (code review feedback) 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-05-20 15:29:51 +01:00
jetstack-bot
e30dae687a
Merge pull request #3860 from jsoref/spelling-commitment 
Deprecate UsageContentCommittment and improve public comments
 2021-05-20 11:09:52 +01:00
jetstack-bot
85c943ffc2
Merge pull request #4018 from kmodules/jp 
Use gomodules.xyz/jsonpatch instead of mattbaird/jsonpatch
 2021-05-19 18:57:51 +01:00
Josh Soref
64fb1ebc91 Deprecate UsageContentCommittment 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-05-19 12:40:10 -04:00
irbekrm
a42771b7e4 Adds a bunch of comments for exported types 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-05-19 10:19:43 +01:00
irbekrm
2bb707a1ce Remove a redundant return statement 
Part of work towards fixing errors shown by static analysis tools

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-05-19 10:17:38 +01:00
irbekrm
2cce594de1 Don't compare two booleans 
Part of work towards fixing errors shown by static analysis tools

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-05-19 10:17:18 +01:00
irbekrm
9d16261539 Deprecate alpha and beta versions of acme.cert-manager.io APIs 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-05-18 22:54:31 +01:00
irbekrm
9b867e4b75 Deprecate alpha and beta versions of cert-manager.io APIs 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-05-18 22:53:51 +01:00
Tamal Saha
2609aa51e1 Use gomodules.xyz/jsonpatch instead of mattbaird/jsonpatch 
Signed-off-by: Tamal Saha <tamal@appscode.com>
 2021-05-17 13:05:19 -07:00
Tamal Saha
da86194a9d Update to k8s 1.21.0 tool chain 
Signed-off-by: Tamal Saha <tamal@appscode.com>
 2021-05-17 08:11:19 -07:00
jetstack-bot
595d753339
Merge pull request #3982 from JoshVanL/parse-certificate-chain 
Change Vault Issuer to construct the certificate chain to populate the CertificateRequest CA with the root most cert.
 2021-05-12 17:34:13 +01:00
joshvanl
68aeb330b7 Change ParseCertificateChain to ParseSingleCertificateChain to show 
intention better

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-05-12 14:12:06 +01:00
Jake Sanders
79d8d9cb7b
Revert "Merge pull request #3724 from inteon/istio-virtualservice-for-http01" 
This reverts commit 80f27739b5, reversing
changes made to 96604d02a3.

Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-05-11 14:50:25 +01:00
Jake Sanders
423e82b65b
Revert "Merge pull request #3939 from JoshVanL/istio-api-to-internal-apis" 
This reverts commit f2a74ade5e, reversing
changes made to 7ff54e61e9.

Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-05-11 14:50:23 +01:00
Jake Sanders
8ca19b26f9
Revert "Merge pull request #3946 from inteon/fix_kubectl_apply" 
This reverts commit c7514d9262, reversing
changes made to 49cbedf262.

Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-05-11 14:50:18 +01:00
jetstack-bot
bd817cce0a
Merge pull request #3936 from irbekrm/webhook_warnings 
Webhook warnings
 2021-05-11 13:43:53 +01:00
irbekrm
6cb57c4c33 Makes ACME EAB key algo warning value unexported 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-05-11 13:14:33 +01:00
joshvanl
d17626c927 Changes vault issuer to use ParseCertificateChain from response from 
vault

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-05-10 19:07:31 +01:00
jetstack-bot
3434c78188
Merge pull request #3960 from wallrj/538-lint-fixes-richardw 
Fix some linting errors
 2021-05-07 11:50:34 +01:00
Jake Sanders
eab7c954a2
Use %v to log errors 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-05-05 16:28:46 +01:00
Jake Sanders
196e42c221
Tidy godoc comments 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-05-05 16:21:24 +01:00
Jake Sanders
f194d9b732
Add godoc comments 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-05-05 15:59:02 +01:00
Richard Wall
6f5efe4ef4 Remove redundant break statements 
pkg/internal/api/mutation/registry.go:138:3: redundant break statement (S1023)
pkg/internal/api/mutation/registry.go:157:3: redundant break statement (S1023)

Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-05-04 14:43:32 +01:00
Richard Wall
1635291afa Fix duplicate imports 
pkg/internal/apis/certmanager/validation/certificaterequest_test.go:31:2: package "github.com/jetstack/cert-manager/pkg/util/pki" is being imported more than once (ST1019)
pkg/internal/apis/certmanager/validation/certificaterequest_test.go:32:2: other import of "github.com/jetstack/cert-manager/pkg/util/pki"

Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-05-04 14:39:35 +01:00
Jake Sanders
7b06785012
deadcode: Highlight missing test 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-05-04 14:24:41 +01:00