weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
8,416 Commits 45 Branches 0 Tags 96 MiB
8f5d3aa58c
Commit Graph

8416 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Norwin Schnyder
ebf58b9967 apply PR feedback 
Signed-off-by: Norwin Schnyder <norwin.schnyder+github@gmail.com>
 2023-12-15 10:52:57 +01:00
jetstack-bot
529d8a74a6
Merge pull request #6552 from allenmunC1/leaf-duration 
Add flag and field to customize leaf duration on dynamic certificates
 2023-12-14 16:02:38 +00:00
Richard Wall
260dc11c2d Show all issues 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2023-12-14 12:10:20 +00:00
Richard Wall
09211dabdf Enable gosec G601 
https://github.com/securego/gosec#available-rules

Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2023-12-14 12:10:20 +00:00
jetstack-bot
cf8421e13f
Merge pull request #6556 from SgtCoDFish/golangci-lint-make 
Add target + installation for golangci-lint
 2023-12-14 09:37:13 +00:00
Allen Mun
9b09aa87a7 Add flag and field to customize leaf duration on dynamic certificates 
Signed-off-by: Allen Mun <allen.mun@capitalone.com>
 2023-12-13 15:45:52 -05:00
Ashley Davis
dd61635f3b
add target + installation for golangci-lint 
This lets users locally run the same commands that are run in CI

Signed-off-by: Ashley Davis <ashley.davis@venafi.com>
 2023-12-13 19:58:01 +00:00
SpectralHiss
95b9345a5d Make UTF8Value godoc comment more clear 
Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-13 17:05:12 +00:00
SpectralHiss
4bdee5f010 Rename otherNameSANs to otherNames 
* Improve the CRD godoc comments

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-13 16:21:56 +00:00
jetstack-bot
7b36cfa808
Merge pull request #6555 from SgtCoDFish/fixlicenses 
Fix licenses file
 2023-12-13 15:19:12 +00:00
Ashley Davis
25298b75c7
fix licenses file 
Signed-off-by: Ashley Davis <ashley.davis@venafi.com>
 2023-12-13 14:22:15 +00:00
Norwin Schnyder
aa79285bed fix enum annotation 
Signed-off-by: Norwin Schnyder <norwin.schnyder+github@gmail.com>
 2023-12-13 12:31:28 +00:00
Norwin Schnyder
879ec53961 backport comment to internal api 
Signed-off-by: Norwin Schnyder <norwin.schnyder+github@gmail.com>
 2023-12-13 12:03:27 +00:00
Norwin Schnyder
b8ad8a3704 apply PR feedback 
Signed-off-by: Norwin Schnyder <norwin.schnyder+github@gmail.com>
 2023-12-13 12:00:39 +00:00
SpectralHiss
45a8bb7edf Modified one sans processing test case to make more useful 
Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-13 09:37:25 +00:00
Tim Ramlot
721f71ed60 Refactor the solution 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-12-13 09:37:21 +00:00
Tim Ramlot
7b7912022a Add feature gate 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-12-13 09:16:06 +00:00
Tim Ramlot
bfd9a65160 Add OtherNameSANs field to Certificates 
* Added an otherName SAN extension mechanism
* Can take any otherName OID with String (UTF-8) like value
* cf [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) p 37 for
  more info
* otherName is only a subset of GeneralName, our specific need for for
  UserPrincipalName used in Microsoft AD/ LDAP
* We treat UPN special but we might remove this in a later commit

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-13 09:12:23 +00:00
Norwin Schnyder
9185ca3195 update internal api for the conversion logic 
Signed-off-by: Norwin Schnyder <norwin.schnyder+github@gmail.com>
 2023-12-12 19:48:46 +01:00
Norwin Schnyder
b79e73f484 fix controller-gen errors 
Signed-off-by: Norwin Schnyder <norwin.schnyder+github@gmail.com>
 2023-12-12 18:25:15 +01:00
jetstack-bot
8da699a735
Merge pull request #6542 from tanujd11/fix/name-constraints-csr-structure 
fix: structure of nameconstraint in CSR
 2023-12-12 16:07:16 +00:00
jetstack-bot
4ae25789a2
Merge pull request #6537 from wallrj/golangci-lint 
Add the golangci-lint GitHub action
 2023-12-12 15:22:03 +00:00
Norwin Schnyder
56dcb3e1dd enhance unit tests 
Signed-off-by: Norwin Schnyder <norwin.schnyder+github@gmail.com>
 2023-12-12 15:06:57 +00:00
Tim Ramlot
849b6bda9e
add tests & final cleanup 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-12-12 15:57:07 +01:00
Norwin Schnyder
c583278ce8 generate manifests 
Signed-off-by: Norwin Schnyder <norwin.schnyder+github@gmail.com>
 2023-12-12 14:27:41 +00:00
Norwin Schnyder
b8f4f3b518 pkcs12 encoding with different algorithms 
Signed-off-by: Norwin Schnyder <norwin.schnyder+github@gmail.com>
 2023-12-12 14:27:00 +00:00
Tim Ramlot
cfaf3f338e
cleanup code 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-12-12 13:47:55 +01:00
tanujd11
da84cf5b88 fix: imports 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-12 17:10:32 +05:30
tanujd11
652feb50cc Addressed review comments 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-12 17:05:33 +05:30
tanujd11
5f0a715863 add nameConstraints from openssl 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-12 00:40:45 +05:30
jetstack-bot
37e425c4da
Merge pull request #6545 from wallrj/bump-go 
Bump Go to 1.21.5
 2023-12-11 18:05:47 +00:00
Richard Wall
f3a91ac8aa Bump Go to 1.21.5 
- go1.21.4 (released 2023-11-07) includes security fixes to the path/filepath package, as well as bug fixes to the linker, the runtime, the compiler, and the go/types, net/http, and runtime/cgo packages.
- go1.21.5 (released 2023-12-05) includes security fixes to the go command, and the net/http and path/filepath packages, as well as bug fixes to the compiler, the go command, the runtime, and the crypto/rand, net, os, and syscall packages.

Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2023-12-11 17:27:09 +00:00
tanujd11
bc75f8488d fix: structure of nameconstraint in CSR 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-11 18:00:15 +05:30
jetstack-bot
e8d279025c
Merge pull request #6500 from tanujd11/feature/ca-cert-name-constraint 
feature: added name constraints in certs with isCA enabled
 2023-12-08 12:18:42 +00:00
tanujd11
a29a5913d0 addressed review comments 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 23:42:35 +05:30
Richard Wall
70cf0d200b Add the golangci-lint GitHub action 
Initially we enable only the gosec linter and only check G112
because that has been addressed in #6534.

Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2023-12-07 18:03:04 +00:00
tanujd11
28ca4312b3 fix: additional review comments 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 22:30:31 +05:30
tanujd11
8d362439a8 fix UTs 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 22:30:31 +05:30
tanujd11
84d7dd4aed Addressed review comments 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 22:30:31 +05:30
tanujd11
d1b3e5ca83 Move critical from NameConstraintItem to NameConstraint and remove validateNameConstraints 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 22:30:29 +05:30
tanujd11
adb9311f56 validate name constraint before signing CSR 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 22:29:45 +05:30
tanujd11
50d84c1bbc nits: added new line at EOF and comment fix 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 22:27:42 +05:30
tanujd11
589030dec1 feature: added name constraints 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 22:27:31 +05:30
jetstack-bot
e7e3e5f4de
Merge pull request #6534 from wallrj/server-timeout 
Mitigate potential Slowloris attacks by setting ReadHeaderTimeout in all http.Server instances
 2023-12-07 13:28:05 +01:00
jetstack-bot
5484a92df8
Merge pull request #6535 from inteon/cleanup_generate_csr 
Refactor GenerateCSR and deprecate the helper functions
 2023-12-07 13:15:05 +01:00
Richard Wall
8bed166858 Add ReadHeaderTimeout to all http.Server where that setting is missing 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2023-12-07 11:42:22 +00:00
Tim Ramlot
767764d598
refactor GenerateCSR and deprecated the helper functions 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-12-06 18:16:19 +01:00
jetstack-bot
4209de2371
Merge pull request #6533 from inteon/cleanup_literal_subject_validation 
BUGFIX: LiteralCertificateSubject webhook logic
 2023-12-06 16:24:44 +01:00
Tim Ramlot
c5d7f15aa1
LiteralCertificateSubject: improve webhook logic 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-12-06 16:09:06 +01:00
jetstack-bot
40951826ab
Merge pull request #6531 from inteon/rename_fields_internal_api 
Rename internal API fields to match the field names in the public API
 2023-12-06 14:46:43 +01:00