weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
7,152 Commits 45 Branches 0 Tags 96 MiB
96dd8849ca
Commit Graph

127 Commits

Author SHA1 Message Date
Tim Ramlot
93caba980e apply go fmt for go1.19 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2022-08-04 09:51:57 +00:00
Ashley Davis
fb231ab641
Remove bazel 🎉 
This removes all .bazel and .bzl files, and a bunch of scripts relating
to bazel, now that it's been entirely replaced.

There are still a few places where traces could be removed, but this
removes the brunt of the bazel stuff that remains.

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-07-26 11:38:50 +01:00
Ashley Davis
eccde015ac
add CRD generation to makefile, replacing bazel 
- includes a run of make update-crds which causes some trivial changes
- updates version of YQ to latest
- makes hack/update-crds.sh just call make
- makes hack/verify-crds.sh just call make
- moves functionality of hack/verify-crds.sh to hack/check-crds.sh,
  using the makefile for generating alternative CRDs for comparison
- removes the bazel test associated with CRDs

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-06-27 13:25:18 +01:00
Luca Comellini
091549620b
Bump Go to 1.18 
Signed-off-by: Luca Comellini <luca.com@gmail.com>
 2022-06-02 15:50:13 -07:00
Cody W. Eilar
2da5974fb4 Improve logging output for webhook cert renewal 
- Make "cert-manager certificate" explicit in log output
- Include DNSNames for context

Signed-off-by: Cody W. Eilar <ecody@vmware.com>
 2022-05-24 12:48:45 -07:00
Ashley Davis
6420aa4bfa
fix imports in a few files 
this is according to our policy on organizing imports, see:
https://cert-manager.io/docs/contributing/coding-conventions/#organizing-imports

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-02-18 17:42:45 +00:00
Ashley Davis
3a055cc2f5
rename all uses of github.com/jetstack/cert-manager 
This was done by running the following command twice:

 ```bash
 grep -Ri "github.com/jetstack/cert-manager" . | \
 cut -d":" -f1 | \
 sort | \
 uniq | \
 xargs sed -i
 "s/github.com\/jetstack\/cert-manager/github.com\/cert-manager\/cert-manager/"
 ```

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-02-02 09:08:31 +00:00
James Munnelly
787ff34e38 Add copyright attribution 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-01-20 11:07:49 +00:00
James Munnelly
fa61625d5f Regenerate test CRDs 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-01-20 10:56:51 +00:00
James Munnelly
65b8994330 Avoid defaulting objects before validation 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-01-20 10:56:51 +00:00
James Munnelly
0bba671152 Ensure defaulting is applied in the correct API version during mutation 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-01-20 10:56:50 +00:00
James Munnelly
07a0171e98 Use regular discovery client instead of cache 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-01-20 10:56:50 +00:00
James Munnelly
e13c879681 Remove old handlers & admission plugins 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-01-20 10:56:50 +00:00
James Munnelly
708de3c580 webhook: use new admission-plugin backed validation and mutation handlers 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-01-20 10:56:46 +00:00
James Munnelly
572aecd48d Add webhook admission package to implement admission control in a clearer manner 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2022-01-20 10:54:18 +00:00
James Munnelly
5d7df17a24 pkg/webhook/authority: extract logger from context 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-12-17 18:52:26 +00:00
James Munnelly
bdb06ae55b Fix failing unit test 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-12-17 18:32:27 +00:00
James Munnelly
81f22fd49c Upgrade k8s.io dependencies to v0.23.1 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-12-17 16:27:47 +00:00
Richard Wall
4eedf4fcfd Test conversion code using sample CRDs and remove conversion configuration from cert-manager CRDs 
* Generate CRDs for the sample API types
* Allow alternative CRDs to be loaded into the envtest API server
* Override the conversion configuration of the CRDs
* Show webhook server logs in tests
* Simplify the loading of the test API CRDs
* Allow the ConversionHandler to be overridden in tests

Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-12-14 17:33:22 +00:00
James Munnelly
1a96d9f32d config.cert-manager.io -> webhook.config.cert-manager.io 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-12-01 12:57:08 +00:00
James Munnelly
71a69cc488 Add unit tests for configfile loading 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-11-26 14:12:54 +00:00
James Munnelly
0e1d603c93 Add support for reading config from WebhookConfiguration object 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-11-26 14:12:54 +00:00
jetstack-bot
f61d534975
Merge pull request #4550 from irbekrm/pprof 
Pprof
 2021-10-26 11:20:40 +01:00
irbekrm
73a696ddb3 Pprof addr for webhook defaults to localhost 
Also whether it is enabled and the address can now be configured via commandline flags

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-10-26 12:18:32 +03:00
James Munnelly
e7dea9f2a2 Replace all references to pkg/internal with internal 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-10-21 12:27:04 +01:00
irbekrm
cb6a746726 Runs ./hack/update-all.sh 
New format of Go build tags gets added

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-09-30 10:08:19 +01:00
Eng Zer Jun
54e70d2cc4
refactor: move from io/ioutil to io and os package 
The io/ioutil package has been deprecated in Go 1.16. This commit
replaces the existing io/ioutil functions with their new definitions in
io and os packages.

Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
 2021-08-23 19:50:42 +08:00
Ashley Davis
68f5ceb3b4
Fix manually specified Certificate and CertificateRequest versions 
Basically all modern X.509 certs are version 3, but confusingly to
specify "version 3" in an encoded cert, the version number is actually
2.

For PKCS#10 CSRs, the only valid version is 1, which again
confusingly has the value "0" when encoded.

This was incorrect in many places, including one place in which the
version number on a CSR was used as a certificate's version number,
when the two are entirely unrelated.

Go ignores these values, so there's no functional changes here; still,
it's better to be accurate.

Go ignoring CSR version and specifying 0:
https://cs.opensource.google/go/go/+/refs/tags/go1.17:src/crypto/x509/x509.go;l=1958

Go ignoring Certificate version and specifying 2:
https://cs.opensource.google/go/go/+/refs/tags/go1.17:src/crypto/x509/x509.go;l=1534

PKCS#10 CSR specification in RFC 2986 section 4.1:
https://datatracker.ietf.org/doc/html/rfc2986#section-4

X.509 Cert specification in RFC 5280 section 4.1.2.1:
https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.1

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2021-08-19 14:48:12 +01:00
Inteon
91ec4c773a
use correct contexts everywhere & don't restart apiserver to add crds 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-08-12 20:05:01 +02:00
Inteon
abc39053b2
resolve .Stop() failures 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-08-07 10:19:07 +02:00
jetstack-bot
b04e42c437
Merge pull request #4253 from JoshVanL/apiextensions-v1beta1-v1 
Conversion: Apiextensions v1beta1 -> v1
 2021-07-30 15:49:49 +01:00
joshvanl
8470ba96f0 Change webhook admission/mutation to no longer understand and reject anything which is not 
v1 (remove v1beta1)

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-07-29 11:10:24 +01:00
joshvanl
be2ad9ed15 Update sample ACME webhook to use apiextensions v1beta1 -> v1 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-07-26 17:04:35 +01:00
joshvanl
5762b5706e Update Conversion webhook to no longer understand v1beta1, only v1 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-07-26 17:02:18 +01:00
Inteon
632459c6d9
resolve bug & cleanup 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-07-23 15:41:24 +02:00
Inteon
81e216eeba
wait for goroutines to end before exiting 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-07-23 15:30:26 +02:00
Ashley Davis
333af8fd94
further static check fixes 
pkg/internal/apis/certmanager/validation/certificate_for_issuer_test.go:34:2 deadcode `defaultTestCrtName` is unused
pkg/issuer/acme/dns/rfc2136/provider_test.go:42:23 errcheck Error return value of `server.Shutdown` is not checked
pkg/issuer/acme/dns/rfc2136/provider_test.go:77:23 errcheck Error return value of `server.Shutdown` is not checked
pkg/issuer/vault/setup.go:37:2 deadcode `messageVaultHealthCheckFailed` is unused
pkg/issuer/venafi/client/request.go:143:5 gosimple S1023: redundant break statement
pkg/logs/logs.go:68:8 errcheck Error return value of `fs.Set` is not checked

the following fixes introduce a panic when the returned error is
non-nil, which could be a breaking change but was deemed to be worth it
pkg/webhook/server/server.go:58:30 errcheck Error return value is not checked
pkg/webhook/server/server.go:59:25 errcheck Error return value is not checked

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2021-05-21 12:04:05 +01:00
Tamal Saha
2609aa51e1 Use gomodules.xyz/jsonpatch instead of mattbaird/jsonpatch 
Signed-off-by: Tamal Saha <tamal@appscode.com>
 2021-05-17 13:05:19 -07:00
jetstack-bot
bd817cce0a
Merge pull request #3936 from irbekrm/webhook_warnings 
Webhook warnings
 2021-05-11 13:43:53 +01:00
jetstack-bot
3434c78188
Merge pull request #3960 from wallrj/538-lint-fixes-richardw 
Fix some linting errors
 2021-05-07 11:50:34 +01:00
Jake Sanders
98c3b56e43
close stopch in failure cases 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-05-06 12:18:56 +01:00
Jake Sanders
eab7c954a2
Use %v to log errors 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-05-05 16:28:46 +01:00
Jake Sanders
03cc4dc24d
Update bazel 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-05-04 15:24:12 +01:00
Jake Sanders
e01d96381c
errheck: Error return value of source.Run is not checked 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-05-04 14:45:45 +01:00
Richard Wall
2eece85082 Use bytes.Equal instead of bytes.Compare 
pkg/webhook/server/tls/file_source.go:140:5: should use bytes.Equal(keyData, f.cachedKeyBytes) instead (S1004)
pkg/webhook/server/tls/file_source.go:140:54: should use bytes.Equal(certData, f.cachedCertBytes) instead (S1004)

Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-05-04 14:26:43 +01:00
irbekrm
f46aad2b74 Implements suggestions from code review 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-04-29 17:47:27 +01:00
irbekrm
bffebe2cb6 Calls to validating webhook can now return warnings 
Adds warnings to the top level validating functions' signatures

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-04-29 11:45:52 +01:00
joshvanl
85ff4301b8 Passes through request context of webhook to admission functions 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-04-03 13:19:01 +01:00
joshvanl
4be73eaec0 Add plugins to webhook server 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-26 17:26:28 +00:00
joshvanl
13d8cc707f Adds SubjectAccessReview checks in webhook, if ValidateUpdate Succeeds 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-26 17:26:28 +00:00