With the goal of making folks working on these parts of code be aware that this is the one bit that will be imported in external projects
Signed-off-by: irbekrm <irbekrm@gmail.com>
Previously it wasn't possible to set a custom CA bundle for an ACME
server, leading users to either patch the cert-manager system CA bundle
manually or else use SkipTLSVerify which is a security issue.
This adds CABundle for ACME, similar to what we have for Vault and
Venafi TPP issuers.
Longer term we'd like to have a more fully featured approach. It would
for example make sense to support loading CA bundles from ConfigMaps or
Secrets (similar to what we do for Vault issuers today), but for now this
change is the simplest change.
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
This removes all .bazel and .bzl files, and a bunch of scripts relating
to bazel, now that it's been entirely replaced.
There are still a few places where traces could be removed, but this
removes the brunt of the bazel stuff that remains.
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
This is the final part of implementing
https://github.com/cert-manager/cert-manager/pull/5214
This timeout is shorter than the 2 minute timeout we increased
controllers to - that's because we'd generally expect that controller
sync loops would need to do additional actions before and after making
HTTP requests.
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
Logging middleware probably isn't the place for this in any case, but
more broadly there's little need to add additional timeouts here since
we have a context timeout configured during issuance and ACME timeouts
configured at the level of the HTTP client we use.
This is the second part of implementing the timeouts proposal from
https://github.com/cert-manager/cert-manager/pull/5214
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
If we register multiple DNS providers while running the webhook server,
it will cause an unexpected exit with 'WebService with duplicate root
path detected' error. This issue happens because the root path of each
DNS provider is equal since they share the group name.
This commit installs APIGroup once for multiple DNS providers by
extracting apiGroupInfo variable and InstallAPIGroup call from solver
(DNS provider) loop in ChallengeServer constructor.
Signed-off-by: Sunghoon Kang <hoon@linecorp.com>
Allow the functionality to set up a new ACME client and to retrieve and decode ACME account's key to be stubbed in tests
Signed-off-by: irbekrm <irbekrm@gmail.com>
