weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
8,447 Commits 45 Branches 0 Tags 96 MiB
899d55ae57
Commit Graph

1310 Commits

Author SHA1 Message Date
Tim Ramlot
899d55ae57
remove webhook conversion logic 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-02 11:19:08 +01:00
Tim Ramlot
5ac022ad70
remove versionchecker, because it was moved to cert-manager/cmctl 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-29 11:50:09 +01:00
Tim Ramlot
9a1913f922
run 'make update-licenses' 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-28 11:00:00 +01:00
Tim Ramlot
8f5d3aa58c
upgrade and cleanup dependencies 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-28 10:59:23 +01:00
Tim Ramlot
7b94868513
remove cmctl from this repo 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-24 16:15:34 +01:00
Richard Wall
1f3f627ac1 Skip the OtherNames conformance tests on Venafi Cloud 
Until such time as we configure the server to allow us to use those fields.

Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2024-01-17 14:46:35 +00:00
Richard Wall
f333a69df1 Read admin groups from the client certificate instead of hard coding them 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2024-01-17 12:00:29 +00:00
Richard Wall
8189bc1c61 Update cmd/ctl's go.mod to v1.14.0-alpha.1 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2024-01-12 15:26:04 +00:00
SpectralHiss
a517dcd086 Require feature gate in otherName SAN cert e2e 
Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2024-01-12 14:52:51 +00:00
Richard Wall
0dcb758119 Create a dedicated Admin user for use in tests 
Instead of relying on the default user which is deprecated.

Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2024-01-11 16:02:06 +00:00
jetstack-bot
a1c134e78c
Merge pull request #6574 from ThatsMrTalbot/tls-metrics-endpoint 
feat: add tls to metrics endpoint
 2024-01-10 14:48:17 +00:00
Richard Wall
38288e530a Work around bugs in vault-client-sdk 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2024-01-09 14:56:42 +00:00
Richard Wall
a2b5ef4ac7 make update-licenses 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2024-01-09 13:56:35 +00:00
Richard Wall
3f75290e04 Use vault-client-go instead 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2024-01-09 13:36:37 +00:00
SpectralHiss
ddbdb16575 Fix e2e validation test error message assertion 
Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2024-01-09 09:31:52 +00:00
Tim Ramlot
224cf06208
use k8s.io/apimachinery/pkg/util/sets for FeatureSet 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-05 19:19:10 +01:00
Tim Ramlot
253e6b0bc0
replace util contains function with slices.Contains 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-05 11:57:44 +01:00
Adam Talbot
d27fcc2762 refactor: refactored metrics server code into internal package 
Signed-off-by: Adam Talbot <adam.talbot@venafi.com>
 2024-01-04 15:49:25 +00:00
Tim Ramlot
8ca617a8ea
replace custom util function with k8s.io/apimachinery/util/sets 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-04 14:38:30 +01:00
jetstack-bot
24d0fddec5
Merge pull request #6593 from inteon/use_slices 
Use slices go library
 2024-01-04 13:36:02 +00:00
Richard Wall
014aad52ea Update cmd/ctl's go.mod to v1.14.0-alpha.0 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2024-01-04 10:01:25 +00:00
Tim Ramlot
950948e465
start using the new 'slices' library and deprecate old util functions 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-04 09:32:17 +01:00
Tim Ramlot
8111b43b10
stop relying on context.DeadlineExceeded error in tests 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-03 16:18:35 +01:00
Tim Ramlot
790a824a49
bump dependencies 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-03 16:18:35 +01:00
jetstack-bot
cc8925ae9f
Merge pull request #6404 from SpectralHiss/hef/otherNameSANs 
Other name sans support in Certificates
 2024-01-03 14:16:23 +00:00
SpectralHiss
7350863d8a Add order agnostic matcher for SANs 
* This is to ensure Vault conformance passes since it outputs SANs in
  different order to other issuers
* Matcher was tested manually only we will add tests to it in future

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2024-01-03 09:13:11 +00:00
Richard Wall
19ade4b79e Replace all calls to RandStringBytes and RandStringRunes 
With k8s.io/apimachinery/pkg/util/rand#String instead

Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2024-01-02 15:41:07 +00:00
SpectralHiss
7f349eff69 Allow other SANS in Vault e2e framework 
* This is to enable conformance testing of the otherName alpha feature

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2024-01-02 09:28:10 +00:00
Tim Ramlot
a24b2466d3
upgrade golang.org/x/crypto 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-02 10:03:19 +01:00
SpectralHiss
7b9670120c The sample issuer won't work with OtherName CSR 
* The sample code leverages standard library only
* It does not leverage util/pki from cert-manager nor issuer-lib

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2024-01-02 08:47:32 +00:00
Adam Talbot
ae143c15f6 feat: add tls to metrics endpoint 
Signed-off-by: Adam Talbot <adam.talbot@venafi.com>
 2023-12-27 17:15:00 +00:00
SpectralHiss
1b48cb664b Fix csr_test.go critical SAN on tests without Subjects 
* Also fixed the conformance e2e test by including a Subject and
  matching the values

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-21 18:44:49 +00:00
SpectralHiss
c59037a19b Simplify e2e test fixture for otherName 
* Fix Bug in critical on empty subject logic

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-21 17:48:50 +00:00
SpectralHiss
120240fec2 Add critical extension to only SAN 
Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-21 12:06:33 +00:00
jetstack-bot
d9252716da
Merge pull request #6562 from ThatsMrTalbot/fix/normalise-install-flags 
fix: normalise install flags to match other commands
 2023-12-21 08:37:11 +00:00
jetstack-bot
c7714e65f0
Merge pull request #6551 from wallrj/gosec-601 
Fix gosec G601: Implicit memory aliasing of items from a range statement
 2023-12-20 18:21:37 +00:00
Tim Ramlot
0dabd1f008
refactor code, deduplicating init logic across install and uninstall 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-12-20 18:54:01 +01:00
Richard Wall
4de9e956e5 Fix gosec G601: Implicit memory aliasing of items from a range statement 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2023-12-20 17:25:41 +00:00
SpectralHiss
78d6e1b491 Add OtherNames e2e test to conformance suite 
Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-20 15:29:31 +00:00
SpectralHiss
e7f29f8bb3 UTF8Value -> utf8Value in CRD JSON schema 
* Still following Go standard with UTF8Value for struct field name

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-20 08:30:54 +00:00
SpectralHiss
c87a2f6691 Add early feedback validation for otherName syntax and tests 
* Fixed warning

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-19 20:02:02 +00:00
Adam Talbot
247a034116 feat: update gateway api to v1 
Signed-off-by: Adam Talbot <adam.talbot@venafi.com>
 2023-12-18 21:00:42 +00:00
SpectralHiss
4bdee5f010 Rename otherNameSANs to otherNames 
* Improve the CRD godoc comments

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-13 16:21:56 +00:00
Tim Ramlot
721f71ed60 Refactor the solution 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-12-13 09:37:21 +00:00
Tim Ramlot
bfd9a65160 Add OtherNameSANs field to Certificates 
* Added an otherName SAN extension mechanism
* Can take any otherName OID with String (UTF-8) like value
* cf [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) p 37 for
  more info
* otherName is only a subset of GeneralName, our specific need for for
  UserPrincipalName used in Microsoft AD/ LDAP
* We treat UPN special but we might remove this in a later commit

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-13 09:12:23 +00:00
Tim Ramlot
6f7ebbed7b
replace deprecated pkcs12 function call with pkcs12.LegacyRC2 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-11-27 12:32:19 +01:00
Tim Ramlot
99d473bbf1
bump the go-jose dependency 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-11-24 14:32:53 +01:00
Tim Ramlot
aa23a7e973
bump docker to fix cve alert 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-11-15 22:29:04 +01:00
Tim Ramlot
c953e48b7e
fix CVE alert 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-11-15 15:04:59 +01:00
Ashley Davis
96e081fbd3
regenerate hardcoded certs 
fixes #6476

Signed-off-by: Ashley Davis <ashley.davis@venafi.com>
 2023-11-14 13:26:24 +00:00