weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
639 Commits 45 Branches 0 Tags 96 MiB
b0e65f84c7
Commit Graph

254 Commits

Author SHA1 Message Date
James Munnelly
b0e65f84c7 Add TODO for domain label values 2018-04-04 11:30:15 +01:00
James Munnelly
01efbca114 Merge branch 'master' into acmev2 2018-04-04 11:27:37 +01:00
jetstack-bot
95883c47dd
Merge pull request #363 from euank/nonstatic-aws-creds 
Allow non-static AWS credentials for Route 53, gated by "ambient credentials" flags
 2018-03-26 12:35:18 +01:00
jetstack-bot
977b038d2b
Merge pull request #408 from kragniz/resource-limits 
Add limits to http validation pod
 2018-03-26 10:47:51 +01:00
Euan Kemp
faac0701ab issuer/route53: respect 'ambient' flag for region 
This notably results in the region being a required field if the
'ambient' option is not set for a given issuer.
 2018-03-24 14:16:33 -07:00
Louis Taylor
e8d6861d31
Increase memory limits 2018-03-24 00:24:51 +00:00
Euan Kemp
dd48f4aa05 issuer/acme/dns: add ambient=false unit test 2018-03-23 14:30:43 -07:00
Euan Kemp
971ef4f198 issuer/route53: remove unused integ test 
I'm convinced this test was never run and also did not provide any
significant value in this project.
 2018-03-23 14:30:43 -07:00
Euan Kemp
0d39da5174 issuer/route53: improve logging hosted zone errs 2018-03-23 14:30:43 -07:00
Euan Kemp
0fb787eae7 controller: add ambient issuer flags and feature 
This implements ambient credential support for AWS, gated behind flags
for issuers and cluster issuers.

This adds the pair of flags discussed in
https://github.com/jetstack/cert-manager/issues/308.

It provides an implementation for those flag's effects for the route53
solver.
 2018-03-23 14:30:43 -07:00
Euan Kemp
0e6ca80a70 issuer/route53: remove zone-id env test 
The zone id is never read from the environment; this test tests
functionality which doesn't exist in the actual software, so there's no
point in having it.
 2018-03-23 14:30:43 -07:00
Matt Moyer
14c109af46 Drop unused NewDNSProvider() method. 
Signed-off-by: Matt Moyer <moyer@heptio.com>
 2018-03-23 14:30:42 -07:00
Matt Moyer
1236a93d1e Allow non-static AWS credentials for Route 53. 
This change maintains backwards compatibility, but makes the `accessKeyID` and `secretAccessKeySecretRef` fields of the `route53` DNS provider optional.
If not provided, AWS credentials will be loaded from `AWS_*` environment variables or the EC2 metadata service.
This should also work for things that impersonate the EC2 metadata service, such as [kube2iam](https://github.com/jtblin/kube2iam) and [kail](https://github.com/uswitch/kiam).

Signed-off-by: Matt Moyer <moyer@heptio.com>
 2018-03-23 14:30:42 -07:00
James Munnelly
e786e47d73 Add ensurePod and ensureService tests 2018-03-23 18:50:46 +00:00
James Munnelly
0d945e86f5 Add 5s acme client connect timeout 2018-03-23 18:50:46 +00:00
James Munnelly
8d48e75d6e Use GetAccount to check if acme account is already registered 2018-03-23 18:50:46 +00:00
James Munnelly
e91dfc40af Fix ACME CSR generation 2018-03-23 18:50:46 +00:00
James Munnelly
cb042e886f Fix buildOrder function 2018-03-23 18:50:46 +00:00
James Munnelly
8ad26f6378 Fix log message print formatting 2018-03-23 18:50:46 +00:00
James Munnelly
d4b07ab0bb Add log messages throughout ACME Present process 2018-03-23 18:50:46 +00:00
James Munnelly
8eaf63cf29 Fix testReachability 2018-03-23 18:50:46 +00:00
James Munnelly
9cb346313c Fix panic in http solver 2018-03-23 18:50:46 +00:00
James Munnelly
02f1b37caf Add correct HasSynced func 2018-03-23 18:50:46 +00:00
James Munnelly
649fdecdd2 Add comment explaining new HasSynced usages 2018-03-23 18:50:46 +00:00
James Munnelly
0a7cefecf4 Call Pod & Service lister HasSynced method in Cert controller construction 2018-03-23 18:50:46 +00:00
James Munnelly
06f9d6e40d Fix listing existing pods/services/ingresses in http solver 2018-03-23 18:50:46 +00:00
James Munnelly
e10affd765 Add comments to test fixture 2018-03-23 18:50:46 +00:00
James Munnelly
48edcd2f96 Run gofmt 2018-03-23 18:50:45 +00:00
James Munnelly
bf3570af0d Add OwnerReferences to HTTP solver resources 2018-03-23 18:50:45 +00:00
James Munnelly
cfc11f324b Fix bugs in http challenge solver 2018-03-23 18:50:45 +00:00
James Munnelly
36c825fa48 Set order.URL in createOrder 2018-03-23 18:50:45 +00:00
James Munnelly
d617bec346 Don't use order URL as a pod label. Cleanup existing resources if multiple exist. 2018-03-23 18:50:45 +00:00
James Munnelly
393e146543 Fix arguments to ensureIngress 2018-03-23 18:50:45 +00:00
James Munnelly
c9dfd408b7 Run gofmt 2018-03-23 18:50:45 +00:00
James Munnelly
42c5599305 Rename integration test framework to unit 2018-03-23 18:50:45 +00:00
James Munnelly
0a0747dac7 Move OrderURL into OrderStatus struct and fix up http solver 2018-03-23 18:50:45 +00:00
James Munnelly
7a44cb3e0e Make HTTP challenge solver async 2018-03-23 18:50:45 +00:00
James Munnelly
de59fc70ee Add pick challenge type unit test 2018-03-23 18:50:45 +00:00
James Munnelly
eccc3d5a8e Change log level of useful messages 2018-03-23 18:50:45 +00:00
James Munnelly
d0d30a0fc2 Disable check for acme account being valid 2018-03-23 18:50:45 +00:00
James Munnelly
e25f832033 Replace calls to acme.GetAccount with acme.CreateAccount 2018-03-23 18:50:45 +00:00
James Munnelly
13e2584ff3 Log events when creating orders 2018-03-23 18:50:45 +00:00
James Munnelly
8de002a697 Never overwrite an acme private key 2018-03-23 18:50:45 +00:00
James Munnelly
8542e1c3a4 Use order finalize url when finalizing 2018-03-23 18:50:45 +00:00
James Munnelly
058387cd44 Fix bug causing skipTLSVerify to be ignore during acme registration 2018-03-23 18:50:45 +00:00
James Munnelly
599fa90f57 Agree to terms of service when registering acme account 2018-03-23 18:50:45 +00:00
James Munnelly
a2ad31c849 Fix acme http test and remove old acme prepare test 2018-03-23 18:50:45 +00:00
James Munnelly
23f694cf0d Add skipTLSVerify field to ACME issuer spec 2018-03-23 18:50:45 +00:00
James Munnelly
32b6e9cbef Fix http_test.go 2018-03-23 18:50:44 +00:00
James Munnelly
0de2866e33 Add OrderURL api field 2018-03-23 18:50:44 +00:00