weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
8,452 Commits 45 Branches 0 Tags 96 MiB
a8bb63f0fc
Commit Graph

75 Commits

Author SHA1 Message Date
Adam Talbot
a8bb63f0fc fix: move server package out of internal 
Currently the TLS code here is imported by the approver-policy project. Long term we should break this code out to a new package, for now we can just move it out internal to unblock our ability to update the approver-policy imports.

Signed-off-by: Adam Talbot <adam.talbot@venafi.com>
 2024-02-07 11:31:17 +00:00
Tim Ramlot
899d55ae57
remove webhook conversion logic 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-02 11:19:08 +01:00
jetstack-bot
a1c134e78c
Merge pull request #6574 from ThatsMrTalbot/tls-metrics-endpoint 
feat: add tls to metrics endpoint
 2024-01-10 14:48:17 +00:00
Adam Talbot
d27fcc2762 refactor: refactored metrics server code into internal package 
Signed-off-by: Adam Talbot <adam.talbot@venafi.com>
 2024-01-04 15:49:25 +00:00
Tim Ramlot
6458aaf518
stop using deprecated klog functions 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-03 16:18:35 +01:00
Adam Talbot
ae143c15f6 feat: add tls to metrics endpoint 
Signed-off-by: Adam Talbot <adam.talbot@venafi.com>
 2023-12-27 17:15:00 +00:00
Richard Wall
8bed166858 Add ReadHeaderTimeout to all http.Server where that setting is missing 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2023-12-07 11:42:22 +00:00
Tim Ramlot
073d90611e
limit webhook admission input 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-11-17 14:23:57 +01:00
Tim Ramlot
e7530880ce
use Version 3 for all Certificates and Version 0 for all CertificateRequests 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-05-11 10:21:55 +02:00
Tim Ramlot
e08a13496d
replace deprecated wait.PollUntil() and wait.Poll() 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-05-09 17:47:53 +02:00
Tim Ramlot
d656b2d9da
replace deprecated PollImmediateUntil with PollUntilContextCancel 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-05-07 10:15:46 +02:00
Tobo Atchou
ee638a91ff cert-manager-webhook to provide logs when handling request 
Signed-off-by: Tobo Atchou <tobo.atchou@gmail.com>
 2023-04-22 10:41:44 +02:00
Ashley Davis
fb231ab641
Remove bazel 🎉 
This removes all .bazel and .bzl files, and a bunch of scripts relating
to bazel, now that it's been entirely replaced.

There are still a few places where traces could be removed, but this
removes the brunt of the bazel stuff that remains.

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-07-26 11:38:50 +01:00
Cody W. Eilar
2da5974fb4 Improve logging output for webhook cert renewal 
- Make "cert-manager certificate" explicit in log output
- Include DNSNames for context

Signed-off-by: Cody W. Eilar <ecody@vmware.com>
 2022-05-24 12:48:45 -07:00
Ashley Davis
3a055cc2f5
rename all uses of github.com/jetstack/cert-manager 
This was done by running the following command twice:

 ```bash
 grep -Ri "github.com/jetstack/cert-manager" . | \
 cut -d":" -f1 | \
 sort | \
 uniq | \
 xargs sed -i
 "s/github.com\/jetstack\/cert-manager/github.com\/cert-manager\/cert-manager/"
 ```

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-02-02 09:08:31 +00:00
James Munnelly
bdb06ae55b Fix failing unit test 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-12-17 18:32:27 +00:00
James Munnelly
81f22fd49c Upgrade k8s.io dependencies to v0.23.1 
Signed-off-by: James Munnelly <jmunnelly@apple.com>
 2021-12-17 16:27:47 +00:00
irbekrm
73a696ddb3 Pprof addr for webhook defaults to localhost 
Also whether it is enabled and the address can now be configured via commandline flags

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-10-26 12:18:32 +03:00
Eng Zer Jun
54e70d2cc4
refactor: move from io/ioutil to io and os package 
The io/ioutil package has been deprecated in Go 1.16. This commit
replaces the existing io/ioutil functions with their new definitions in
io and os packages.

Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
 2021-08-23 19:50:42 +08:00
Ashley Davis
68f5ceb3b4
Fix manually specified Certificate and CertificateRequest versions 
Basically all modern X.509 certs are version 3, but confusingly to
specify "version 3" in an encoded cert, the version number is actually
2.

For PKCS#10 CSRs, the only valid version is 1, which again
confusingly has the value "0" when encoded.

This was incorrect in many places, including one place in which the
version number on a CSR was used as a certificate's version number,
when the two are entirely unrelated.

Go ignores these values, so there's no functional changes here; still,
it's better to be accurate.

Go ignoring CSR version and specifying 0:
https://cs.opensource.google/go/go/+/refs/tags/go1.17:src/crypto/x509/x509.go;l=1958

Go ignoring Certificate version and specifying 2:
https://cs.opensource.google/go/go/+/refs/tags/go1.17:src/crypto/x509/x509.go;l=1534

PKCS#10 CSR specification in RFC 2986 section 4.1:
https://datatracker.ietf.org/doc/html/rfc2986#section-4

X.509 Cert specification in RFC 5280 section 4.1.2.1:
https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.1

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2021-08-19 14:48:12 +01:00
Inteon
91ec4c773a
use correct contexts everywhere & don't restart apiserver to add crds 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-08-12 20:05:01 +02:00
Inteon
abc39053b2
resolve .Stop() failures 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-08-07 10:19:07 +02:00
jetstack-bot
b04e42c437
Merge pull request #4253 from JoshVanL/apiextensions-v1beta1-v1 
Conversion: Apiextensions v1beta1 -> v1
 2021-07-30 15:49:49 +01:00
joshvanl
8470ba96f0 Change webhook admission/mutation to no longer understand and reject anything which is not 
v1 (remove v1beta1)

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-07-29 11:10:24 +01:00
joshvanl
be2ad9ed15 Update sample ACME webhook to use apiextensions v1beta1 -> v1 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-07-26 17:04:35 +01:00
joshvanl
5762b5706e Update Conversion webhook to no longer understand v1beta1, only v1 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-07-26 17:02:18 +01:00
Inteon
632459c6d9
resolve bug & cleanup 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-07-23 15:41:24 +02:00
Inteon
81e216eeba
wait for goroutines to end before exiting 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-07-23 15:30:26 +02:00
Ashley Davis
333af8fd94
further static check fixes 
pkg/internal/apis/certmanager/validation/certificate_for_issuer_test.go:34:2 deadcode `defaultTestCrtName` is unused
pkg/issuer/acme/dns/rfc2136/provider_test.go:42:23 errcheck Error return value of `server.Shutdown` is not checked
pkg/issuer/acme/dns/rfc2136/provider_test.go:77:23 errcheck Error return value of `server.Shutdown` is not checked
pkg/issuer/vault/setup.go:37:2 deadcode `messageVaultHealthCheckFailed` is unused
pkg/issuer/venafi/client/request.go:143:5 gosimple S1023: redundant break statement
pkg/logs/logs.go:68:8 errcheck Error return value of `fs.Set` is not checked

the following fixes introduce a panic when the returned error is
non-nil, which could be a breaking change but was deemed to be worth it
pkg/webhook/server/server.go:58:30 errcheck Error return value is not checked
pkg/webhook/server/server.go:59:25 errcheck Error return value is not checked

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2021-05-21 12:04:05 +01:00
jetstack-bot
3434c78188
Merge pull request #3960 from wallrj/538-lint-fixes-richardw 
Fix some linting errors
 2021-05-07 11:50:34 +01:00
Jake Sanders
98c3b56e43
close stopch in failure cases 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-05-06 12:18:56 +01:00
Jake Sanders
eab7c954a2
Use %v to log errors 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-05-05 16:28:46 +01:00
Jake Sanders
03cc4dc24d
Update bazel 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-05-04 15:24:12 +01:00
Jake Sanders
e01d96381c
errheck: Error return value of source.Run is not checked 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-05-04 14:45:45 +01:00
Richard Wall
2eece85082 Use bytes.Equal instead of bytes.Compare 
pkg/webhook/server/tls/file_source.go:140:5: should use bytes.Equal(keyData, f.cachedKeyBytes) instead (S1004)
pkg/webhook/server/tls/file_source.go:140:54: should use bytes.Equal(certData, f.cachedCertBytes) instead (S1004)

Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-05-04 14:26:43 +01:00
joshvanl
85ff4301b8 Passes through request context of webhook to admission functions 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-04-03 13:19:01 +01:00
Maartje Eyskens
ab0cd57dc5 Use The cert-manager Authors. 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-12-11 19:04:13 +01:00
Maartje Eyskens
1788a9d758 Update copyright to cert-manager project 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-12-08 19:04:49 +01:00
Mateusz Gozdek
27fa2f1ec4
Fix various typos found by codespell 
Found by running this command:

codespell -S .git,*.png,go.sum -L keypair,iam,ans,unknwon,tage,ths,creater

Signed-off-by: Mateusz Gozdek <mgozdekof@gmail.com>
 2020-11-07 14:55:13 +01:00
Richard Wall
7e60151a26 Remove unused testcase field 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-09-04 18:00:53 +01:00
Richard Wall
4eb49ffe72 Add boilerplate to new test 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-09-04 17:44:06 +01:00
Richard Wall
fd1959ec30 Use separate methods for each ConversionReview type 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-09-04 17:12:57 +01:00
Maartje Eyskens
b4c5221e2b One more fix 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-09-02 16:08:03 +02:00
Maartje Eyskens
c7522c2b91 Cast conversion request in the correct API group 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-09-02 16:03:14 +02:00
Maartje Eyskens
47266ffbbc Implement feedback from review 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-08-27 14:46:28 +02:00
Maartje Eyskens
db0a321d32 Add boilerplate 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-08-27 13:33:02 +02:00
Maartje Eyskens
71c3d2fb6b Update bazel 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-08-27 13:10:06 +02:00
Maartje Eyskens
e0749ad822 Implement feedback 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-08-27 13:02:18 +02:00
Maartje Eyskens
136085ac6b Fix conversion (insert facepalm here) 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-08-26 19:03:15 +02:00
Maartje Eyskens
697fe1052a DIY conversions for admissions 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-08-26 17:52:28 +02:00