260 Commits

Author	SHA1	Message	Date
Maartje Eyskens	be205c04e6	Run a codegen update ... Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2021-01-08 15:05:32 +01:00
Maartje Eyskens	ab0cd57dc5	Use The cert-manager Authors. ... Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-12-11 19:04:13 +01:00
Maartje Eyskens	1788a9d758	Update copyright to cert-manager project ... Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-12-08 19:04:49 +01:00
jetstack-bot	0bcf759a25	Merge pull request #3433 from sorah/vault-issuer-exclude-root ... Handle Vault issuer working as intermediate correctly	2020-12-03 09:23:14 +01:00
Sorah Fukumori	f768afd0a3	vault: change condition precise ... Signed-off-by: Sorah Fukumori <her@sorah.jp>	2020-11-28 18:13:49 +09:00
Sorah Fukumori	90c4f9e561	Avoid named return variables ... Co-authored-by: Maartje Eyskens <maartje@eyskens.me> Signed-off-by: Sorah Fukumori <her@sorah.jp>	2020-11-28 18:06:49 +09:00
Maartje Eyskens	a869c59cb7	Remove internal API tags and annotations ... Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-11-20 13:42:24 +01:00
Maartje Eyskens	d705838e83	Implement feedback ... Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-11-20 09:46:49 +01:00
Maartje Eyskens	b7014c3dbd	Fix rename in json too ... Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-11-20 09:46:49 +01:00
Maartje Eyskens	59048fed64	Rename field ... Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-11-20 09:46:49 +01:00
Maartje Eyskens	04d88479e4	Pass duration on until ACME order creation ... Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-11-20 09:46:49 +01:00
Maartje Eyskens	7b6573aa35	Add duration into ACME ... Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-11-20 09:45:32 +01:00
Mateusz Gozdek	27fa2f1ec4	Fix various typos found by codespell ... Found by running this command: codespell -S .git,*.png,go.sum -L keypair,iam,ans,unknwon,tage,ths,creater Signed-off-by: Mateusz Gozdek <mgozdekof@gmail.com>	2020-11-07 14:55:13 +01:00
Sorah Fukumori	25fc672b80	vault: use issuing_ca field when no ca_chain available ... Signed-off-by: Sorah Fukumori <her@sorah.jp>	2020-11-06 05:12:04 +09:00
Sorah Fukumori	69a0816ca1	vault: Handle missing ca_chain just in case ... certutil should ensure CAChain always set... 3298836f6a/sdk/helper/certutil/types.go Signed-off-by: Sorah Fukumori <her@sorah.jp>	2020-11-06 05:12:03 +09:00
Sorah Fukumori	2f70e9d4db	vault: extract PEM extraction to a dedicated function ... Signed-off-by: Sorah Fukumori <her@sorah.jp>	2020-11-06 05:12:03 +09:00
Sorah Fukumori	64a5aecfdd	Handle Vault issuer working as intermediate correctly ... This patch changes a certificate issued with Vault issuer as follows: - `ca.crt`: a root certificate, returned in `ca_chain` from Vault - `tls.crt`: a leaf certificate, plus intermediate certificates if available in `ca_chain` i.e. `tls.crt` won't include a root certificate This is a breaking change; Vault issuer had included an issuing CA as a chain in `tls.crt`, but after this change it will no longer include a root certificate when the issuing CA is not an intermediate. For `ca.crt`, it had included a issuing CA only, which can be an intermediate. `tls.crt` is not expected to contain a root certificate, as generally clients must trust root certificates in advance. It is considered redundant transmitting a root certificate from servers to clients during TLS handshake. Other issuers, e.g. ACME, behave the same. This fixes https://github.com/jetstack/cert-manager/issues/2166 This patch is based on https://github.com/jetstack/cert-manager/pull/3340 Co-authored-by: Chris Randles <randles.chris@gmail.com> Signed-off-by: Sorah Fukumori <her@sorah.jp>	2020-11-06 05:12:03 +09:00
Richard Wall	885755630c	Add API validation for Venafi Issuer config ... Signed-off-by: Richard Wall <richard.wall@jetstack.io>	2020-10-22 15:04:11 +01:00
Raphaël Pinson	e1c8d3ad71	Regenerate CRDs ... Signed-off-by: Raphaël Pinson <raphael.pinson@camptocamp.com>	2020-10-16 15:40:34 +02:00
Raphaël Pinson	b2d719d6c3	Add encode_usages_in_request to Certificate spec (fix #3301) ... Signed-off-by: Raphaël Pinson <raphael.pinson@camptocamp.com>	2020-10-16 15:40:32 +02:00
Maartje Eyskens	542b329914	Implement feedback ... Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-10-08 15:24:56 +02:00
Maartje Eyskens	0dbf037312	remove json tags from internal type ... Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-10-08 15:24:56 +02:00
Maartje Eyskens	ed9c2e4f45	Fix description ... Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-10-08 15:24:56 +02:00
Maartje Eyskens	eb3c2f4b1b	Fix unit test ... Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-10-08 15:24:56 +02:00
Maartje Eyskens	918e1e04f3	Add e2e tests + fix validation ... Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-10-08 15:24:56 +02:00
Maartje Eyskens	39de7f3b99	Fix IP type ... Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-10-08 15:24:56 +02:00
Maartje Eyskens	0cda5b3421	Fix conversion ... Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-10-08 15:24:56 +02:00
Maartje Eyskens	b3e25815a5	Add support for IPs in ACME ... Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-10-08 15:24:56 +02:00
Maartje Eyskens	c60edce94c	Patch mistake made in patchDuplicateKeyUsage and write tests for it ... Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-10-02 16:17:20 +02:00
Maartje Eyskens	6930ee1753	Fix edge case with isCA ... Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-09-15 10:43:26 +02:00
Maartje Eyskens	87eaf40dd4	Add test to test not erroring on reordered values ... Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-09-14 17:11:20 +02:00
Maartje Eyskens	01150dfbde	Update bazel ... Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-09-14 11:20:54 +02:00
Maartje Eyskens	ce8ca4ca20	Fixes validation when teh 2 signing keys are set ... Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-09-14 11:05:44 +02:00
Maartje Eyskens	89a0f25220	run update-all ... Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-08-31 10:11:55 +02:00
Maartje Eyskens	0f641502e2	Update pkg/internal/apis/certmanager/install/install.go ... Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-08-30 12:59:05 +02:00
Maartje Eyskens	71cc584de2	Update pkg/internal/apis/certmanager/install/install.go ... Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-08-29 18:40:17 +02:00
Haoxiang Zhou	46ab9178ed	Change order of adding versions to scheme to change priority ... Signed-off-by: Haoxiang Zhou <haoxiang.zhou@jetstack.io>	2020-08-28 15:44:53 +02:00
jetstack-bot	647035a266	Merge pull request #3211 from meyskens/csr-extkey ... Extended key usages into CSR	2020-08-27 15:33:37 +01:00
jetstack-bot	6f2fc8e86e	Merge pull request #3166 from meyskens/k8s-119-rc ... Update k8s toolchain to 1.19.0	2020-08-27 15:07:37 +01:00
Maartje Eyskens	b319ff897b	Implement feedback + improve logic ... Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-08-27 14:42:20 +02:00
Maartje Eyskens	e0749ad822	Implement feedback ... Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-08-27 13:02:18 +02:00
Richard Wall	3e63b2bf5d	Update references to URISANs and EmailSANs in the validation ... Signed-off-by: Richard Wall <richard.wall@jetstack.io>	2020-08-27 09:33:49 +01:00
Maartje Eyskens	14ea7c3f65	Update k8s toolchain to 0.19.0-rc.3 ... Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-08-26 14:15:54 +02:00
jetstack-bot	6a2f9538fc	Merge pull request #3208 from meyskens/acme-multi-chain ... Add support for alternate certs with PrefferedChain in ACME	2020-08-26 12:03:35 +01:00
Maartje Eyskens	627b57fed5	Add validation for CR creation only to match Key usages with the CSR if both are set ... Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-08-25 14:38:57 +02:00
Maartje Eyskens	3bb0431618	Fix syntax ... Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-08-25 10:41:25 +02:00
Maartje Eyskens	abb56fb0b5	Add CSR validation ... Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-08-25 10:39:24 +02:00
Maartje Eyskens	90d6a54151	Add support for alternate certs with PrefferedChain in ACME ... Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-08-21 17:56:26 +02:00
Haoxiang Zhou	acaea2d96e	Rename field to DisableAccountKeyGeneration ... Signed-off-by: Haoxiang Zhou <haoxiang.zhou@jetstack.io>	2020-08-21 09:55:21 +02:00
Haoxiang Zhou	4cb01a3c4e	Add new field for v1 API as well ... Signed-off-by: Haoxiang Zhou <haoxiang.zhou@jetstack.io>	2020-08-21 09:55:21 +02:00