weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
8,617 Commits 45 Branches 0 Tags 96 MiB
8e70778f4f
Commit Graph

347 Commits

Author SHA1 Message Date
Ashley Davis
8e70778f4f
use existing object in more tests 
Signed-off-by: Ashley Davis <ashley.davis@venafi.com>
 2024-04-18 12:43:08 +01:00
Ashley Davis
01cf2d4155
rename some certificate validation tests and test explicit default group 
Signed-off-by: Ashley Davis <ashley.davis@venafi.com>
 2024-04-18 12:42:29 +01:00
jetstack-bot
6b723ce63b
Merge pull request #6871 from inteon/bugfix_exitcodes 
BUGFIX: exit with correct exit codes
 2024-03-25 12:31:39 +01:00
Tim Ramlot
bfd7a51618
BUGFIX: exit with correct exit codes 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-03-23 14:21:33 +01:00
deterclosed
e50052aded chore: remove repetitive words 
Signed-off-by: deterclosed <fliter@outlook.com>
 2024-03-23 13:37:59 +08:00
jetstack-bot
953d8b5478
Merge pull request #6277 from inteon/controller_configfile_fuzzer 
ControllerConfiguration fuzzer, only set the value in case the random value is empty
 2024-03-22 17:12:34 +01:00
Tim Ramlot
23373e4323
correctly initialize loggers, create contexts and pass contexts 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-03-08 14:32:31 +01:00
jetstack-bot
fe39c52aaf
Merge pull request #6807 from bwaldrep/bw/alias 
feat: Add optional flag to specify jks keystore alias
 2024-03-07 18:27:06 +01:00
Tim Ramlot
ad1847cc3c
prevent fuzzer from generating impossible configurations 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-03-05 19:37:23 +01:00
Tim Ramlot
620d6ff679
BUGFIX: cainjector leaderelection defaults were missing 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-03-05 19:21:35 +01:00
Bill Waldrep
d4911ebfaa
Add optional flag to specify jks keystore alias. 
Previously the JKS keystore alias was hardcoded to "certificate".
This change adds an optional configuration point to allow users
to specify a custom keystore alias. If the flag is omitted we
will default to the previous behavior.

Signed-off-by: Bill Waldrep <bwaldrep@palantir.com>
 2024-03-04 13:23:09 -05:00
Jan-Otto Kröpke
818df603f5
Allow cert-manager.io/allow-direct-injection in annotations 
Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>
 2024-02-27 12:26:33 +01:00
Tim Ramlot
1e8ec4a65f
Update internal/apis/config/webhook/types.go 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-22 11:29:05 +01:00
Diego Arce
83e0f95e58
fix: SecretName description for DynamicServingConfig 
Signed-off-by: Diego Arce <diego@arce.cr>
 2024-02-21 23:12:43 -06:00
Tim Ramlot
e85b024c20
replace deprecated functions 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-20 08:40:38 +01:00
Yuedong Wu
baa73aa8ee fix webhook validation error msg 
and use commonName variable value

Signed-off-by: Yuedong Wu <dwcn22@outlook.com>
 2024-02-19 10:16:38 +08:00
jetstack-bot
7f92e38988
Merge pull request #6614 from rodrigorfk/feat-vault-mtls 
feat: Add the ability to communicate with Vault via mTLS
 2024-02-16 18:11:26 +00:00
Tim Ramlot
8425b9fe75
use DefaultUnstructuredConverter to convert extras to unstructured 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-15 14:13:26 +01:00
Tim Ramlot
23ab96de91
use unstructured.Unstructured in Mutation webhook 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-12 11:11:33 +01:00
Tim Ramlot
8eaeeb78c0
buildAdmissionChain: return admission.PluginChain instead of admission.Interface 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-12 10:56:45 +01:00
Tim Ramlot
b9a216cdfc
Simplify webhook and switch Webhook to controller-runtime. 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-12 10:55:32 +01:00
Tim Ramlot
ffb47e52fa
remove dead & deprecated code from cert-manager codebase 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-10 17:22:23 +01:00
cloudwiz
75d1449903
move audiences under the SA ref 
Signed-off-by: cloudwiz <andrey.dubnik@maersk.com>
 2024-02-08 14:07:03 +00:00
Tim Ramlot
04220447bc
remove deprecated files and functions 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-08 10:45:06 +01:00
Adam Talbot
a8bb63f0fc fix: move server package out of internal 
Currently the TLS code here is imported by the approver-policy project. Long term we should break this code out to a new package, for now we can just move it out internal to unblock our ability to update the approver-policy imports.

Signed-off-by: Adam Talbot <adam.talbot@venafi.com>
 2024-02-07 11:31:17 +00:00
cloudwiz
624f874d69
updated spelling and generated CRDs 
Signed-off-by: cloudwiz <andrey.dubnik@maersk.com>
 2024-02-06 15:06:31 +00:00
cloudwiz
9cf9cb7ea5
Vault extra audiences (#3) 
---------

Signed-off-by: cloudwiz <andrey.dubnik@maersk.com>
 2024-02-06 10:06:17 +00:00
Tim Ramlot
899d55ae57
remove webhook conversion logic 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-02 11:19:08 +01:00
Rodrigo Fior Kuntzer
199c98689f
feat: supporting Vault server mTLS 
Signed-off-by: Rodrigo Fior Kuntzer <rodrigo@miro.com>
 2024-01-15 09:25:30 -03:00
jetstack-bot
a1c134e78c
Merge pull request #6574 from ThatsMrTalbot/tls-metrics-endpoint 
feat: add tls to metrics endpoint
 2024-01-10 14:48:17 +00:00
Adam Talbot
0175ab30dc fix: correct log line now tls is not just for webhook 
Signed-off-by: Adam Talbot <adam.talbot@venafi.com>
 2024-01-10 14:38:07 +00:00
SpectralHiss
d07dd3de5f Fix OtherName feature flag validation logic 
* Improve test comments for UniversalValue

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2024-01-08 13:34:09 +00:00
Tim Ramlot
968cefe02f
improve CertificateOwnsSecret and add tests 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-05 16:24:59 +01:00
jetstack-bot
8848559d3d
Merge pull request #6608 from inteon/bug_certificateownssecret 
Fix bug in CertificateOwnsSecret and add unit test
 2024-01-05 15:23:23 +00:00
Tim Ramlot
78a5032d2c
fix bug in CertificateOwnsSecret and add unit test 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-05 12:59:39 +01:00
Adam Talbot
d27fcc2762 refactor: refactored metrics server code into internal package 
Signed-off-by: Adam Talbot <adam.talbot@venafi.com>
 2024-01-04 15:49:25 +00:00
Richard Wall
76fe8e2bbd Ignore eab.KeyAlgorithm deprecation warning 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2024-01-04 15:36:59 +00:00
Tim Ramlot
41404a7fd7
rename UseCertificateRequestNameConstraints to NameConstraints 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-03 15:49:18 +01:00
jetstack-bot
cc8925ae9f
Merge pull request #6404 from SpectralHiss/hef/otherNameSANs 
Other name sans support in Certificates
 2024-01-03 14:16:23 +00:00
Houssem El Fekih
c90fd33fb8 Update internal/apis/certmanager/types_certificate.go 
Co-authored-by: Ashley Davis <SgtCoDFish@users.noreply.github.com>
Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2024-01-03 13:29:03 +00:00
jetstack-bot
4af78fe98a
Merge pull request #6548 from snorwin/modern-pkcs12 
New option to specify encryption and MAC algorithms for PKCS#12 keystores.
 2024-01-03 12:54:22 +00:00
Tim Ramlot
8223df9e91
rename Algorithms to Profile 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-03 13:45:02 +01:00
Houssem El Fekih
5cc5c8169f Update internal/apis/certmanager/types_certificate.go 
Co-authored-by: Ashley Davis <SgtCoDFish@users.noreply.github.com>
Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2024-01-03 11:57:39 +00:00
Richard Wall
036e3a8e74 Replace all uses of sets.String with the generic sets.Set 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2024-01-02 17:24:38 +00:00
Adam Talbot
eb5033c40f feat: add validation for metrics tls config 
Signed-off-by: Adam Talbot <adam.talbot@venafi.com>
 2024-01-02 15:25:41 +00:00
Adam Talbot
ae143c15f6 feat: add tls to metrics endpoint 
Signed-off-by: Adam Talbot <adam.talbot@venafi.com>
 2023-12-27 17:15:00 +00:00
pevidex
5ce1cfec9c test: add missing test for ed25519 key algorithm 
Signed-off-by: pevidex <ricardojosexavier@hotmail.com>
 2023-12-25 01:26:40 +00:00
pevidex
8a516503de fix: mention ed25519 on validation webhook error when key is not valid 
Signed-off-by: pevidex <ricardojosexavier@hotmail.com>
 2023-12-25 01:24:59 +00:00
jetstack-bot
ebb955f3f0
Merge pull request #6565 from ThatsMrTalbot/fix/flag-validation-not-called 
fix: validation functions are not called anywhere
 2023-12-21 09:11:11 +00:00
Adam Talbot
59184de02f test: add tests for config validation functions 
Signed-off-by: Adam Talbot <adam.talbot@venafi.com>
 2023-12-21 08:58:02 +00:00