weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
8,512 Commits 45 Branches 0 Tags 96 MiB
a2b3cc81c3
Commit Graph

3350 Commits

Author SHA1 Message Date
Tim Ramlot
a2b3cc81c3
stop using github.com/go-ldap/ldap/v3 ParseDN and use a custom ParseDN function instead 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-20 08:34:53 +01:00
jetstack-bot
d642df3b5f
Merge pull request #6770 from inteon/dn_parse_quick_fix 
Fix a memory bug in ldap's ParseDN function by disabling part of the functionality
 2024-02-19 15:02:30 +00:00
Tim Ramlot
4a8b8c4e09
Fix a memory bug in ldap's ParseDN function by disabling part of the functionality 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-19 12:55:06 +01:00
Yuedong Wu
baa73aa8ee fix webhook validation error msg 
and use commonName variable value

Signed-off-by: Yuedong Wu <dwcn22@outlook.com>
 2024-02-19 10:16:38 +08:00
jetstack-bot
7f92e38988
Merge pull request #6614 from rodrigorfk/feat-vault-mtls 
feat: Add the ability to communicate with Vault via mTLS
 2024-02-16 18:11:26 +00:00
Tim Ramlot
23ab96de91
use unstructured.Unstructured in Mutation webhook 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-12 11:11:33 +01:00
Tim Ramlot
b9a216cdfc
Simplify webhook and switch Webhook to controller-runtime. 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-12 10:55:32 +01:00
Tim Ramlot
ffb47e52fa
remove dead & deprecated code from cert-manager codebase 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-10 17:22:23 +01:00
jetstack-bot
c4c0fd3268
Merge pull request #6744 from andrey-dubnik/master 
Move token audiences under the SA ref for the Vault kubernetes auth
 2024-02-09 11:58:18 +00:00
Tim Ramlot
c3b8cbd608
improve comment that explains what removeReqID does and when it fails 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-08 17:20:36 +01:00
Tim Ramlot
06b3cd3372
add testcase for nested errors 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-08 17:15:28 +01:00
Tim Ramlot
deab9548c0
use errors.Is instead of errors.As 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-08 17:15:28 +01:00
Tim Ramlot
893d30d938
migrate to github.com/aws/aws-sdk-go-v2 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-08 17:15:28 +01:00
cloudwiz
75d1449903
move audiences under the SA ref 
Signed-off-by: cloudwiz <andrey.dubnik@maersk.com>
 2024-02-08 14:07:03 +00:00
Tim Ramlot
04220447bc
remove deprecated files and functions 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-08 10:45:06 +01:00
jetstack-bot
968ad2f9ed
Merge pull request #6724 from inteon/fix_sans_critical 
Fix changed behavior: set critical flag of SANs extension based on subject
 2024-02-07 13:55:30 +00:00
Adam Talbot
a8bb63f0fc fix: move server package out of internal 
Currently the TLS code here is imported by the approver-policy project. Long term we should break this code out to a new package, for now we can just move it out internal to unblock our ability to update the approver-policy imports.

Signed-off-by: Adam Talbot <adam.talbot@venafi.com>
 2024-02-07 11:31:17 +00:00
Tim Ramlot
0acde5b1a4
fix changed behavior: set critical flag of SANs extension based on subject 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-07 11:01:34 +01:00
cloudwiz
624f874d69
updated spelling and generated CRDs 
Signed-off-by: cloudwiz <andrey.dubnik@maersk.com>
 2024-02-06 15:06:31 +00:00
cloudwiz
9cf9cb7ea5
Vault extra audiences (#3) 
---------

Signed-off-by: cloudwiz <andrey.dubnik@maersk.com>
 2024-02-06 10:06:17 +00:00
Tim Ramlot
899d55ae57
remove webhook conversion logic 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-02 11:19:08 +01:00
Tim Ramlot
5b8c1213b6
redact the body of failed authentication requests 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-31 10:05:00 +01:00
jetstack-bot
0b33337f1d
Merge pull request #6679 from wallrj/remove-DisableInstanceDiscovery-field 
Remove unnecessary Azure workload identity setting: DisableInstanceDiscovery: true
 2024-01-30 19:45:27 +00:00
Richard Wall
67e06fce78 A hack to DisableInstanceDiscovery during tests 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2024-01-30 18:03:05 +00:00
Tim Ramlot
b9dd4903ad
improve error message logging 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-30 16:55:37 +01:00
Richard Wall
420d3114df Remove unnecessary Azure workload identity setting: DisableInstanceDiscovery: true 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2024-01-30 15:50:05 +00:00
Tim Ramlot
90cbbc9d87
replace the azcore.ResponseError error message to make it stable across retries 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-30 16:20:52 +01:00
Tim Ramlot
5ac022ad70
remove versionchecker, because it was moved to cert-manager/cmctl 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-29 11:50:09 +01:00
Richard Wall
ee5cba487a Stop using the deprecated SingleInflight field of miekg/dns 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2024-01-26 17:53:50 +00:00
Rodrigo Fior Kuntzer
199c98689f
feat: supporting Vault server mTLS 
Signed-off-by: Rodrigo Fior Kuntzer <rodrigo@miro.com>
 2024-01-15 09:25:30 -03:00
Tim Ramlot
67f8a03cae
update AzureDNS auth API comments 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-12 12:07:02 +01:00
Tim Ramlot
9a049532d0
Update Azure SDK and remove deprecated autorest dependency 
Co-authored-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
Signed-off-by: Philip Laine <philip.laine@gmail.com>
 2024-01-12 12:06:34 +01:00
jetstack-bot
a1c134e78c
Merge pull request #6574 from ThatsMrTalbot/tls-metrics-endpoint 
feat: add tls to metrics endpoint
 2024-01-10 14:48:17 +00:00
SpectralHiss
892e6eef01 Fix OtherName Value UniversalValue .Type() detection 
Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2024-01-10 10:35:43 +00:00
SpectralHiss
0b83f78fff Remove redundant otherName match tests 
* We do not need to include otherName in fuzzy certificate detection
  checks

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2024-01-09 17:02:24 +00:00
Tim Ramlot
3dad3f320b
don't check OtherNames when fuzzy matching 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-09 16:41:13 +01:00
Tim Ramlot
736896d264
introduce UniversalValue 'Type()' 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-09 16:40:32 +01:00
SpectralHiss
38c2b33a71 Add otherName detection to TestSecretDataAltNamesMatchSpec 
Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2024-01-09 14:01:09 +00:00
SpectralHiss
b6fdcede90 Add test for different order OtherName value 
* Simplify sorting implementation for OtherName slice equality

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2024-01-09 11:39:17 +00:00
SpectralHiss
7b13c72fed Detect otherName changes to CR trigger reissuance 
Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2024-01-09 09:58:43 +00:00
jetstack-bot
c3304feec5
Merge pull request #6618 from SpectralHiss/hef/missed-otherName-changes 
Hef/missed other name changes
 2024-01-09 09:44:29 +00:00
jetstack-bot
4edb4b0ad0
Merge pull request #6619 from ThatsMrTalbot/feat/http-max-body-size 
feat: limit the size of the body read back from http requests
 2024-01-08 20:41:08 +00:00
Adam Talbot
d0ec66237c feat: limit the size of the body read back from http requests 
Signed-off-by: Adam Talbot <adam.talbot@venafi.com>
 2024-01-08 20:28:01 +00:00
SpectralHiss
d186b61414 Add attribution to pkg/util/pki/asn1_util.go 
Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2024-01-08 13:34:09 +00:00
SpectralHiss
d07dd3de5f Fix OtherName feature flag validation logic 
* Improve test comments for UniversalValue

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2024-01-08 13:34:09 +00:00
jetstack-bot
e0189a6a30
Merge pull request #6607 from inteon/deprecate_util_function 
Deprecate URLsFromStrings which is only used in other deprecated functions
 2024-01-05 15:23:16 +00:00
Tim Ramlot
c584ee6dfb
use generics for mustAllSync variants 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-05 11:58:14 +01:00
Tim Ramlot
a49bc65b03
deprecate URLsFromStrings which is only used in other deprecated functions 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-05 11:50:13 +01:00
Adam Talbot
d27fcc2762 refactor: refactored metrics server code into internal package 
Signed-off-by: Adam Talbot <adam.talbot@venafi.com>
 2024-01-04 15:49:25 +00:00
Richard Wall
7bda41c282 Use io instead of deprecated ioutil 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2024-01-04 15:05:24 +00:00