weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
5,688 Commits 45 Branches 0 Tags 96 MiB
b13b751d63
Commit Graph

2473 Commits

Author SHA1 Message Date
Maël Valais
b13b751d63 PR review with Irbe: re-queue Ingress on "Update" and "Add" of certs 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Irbe Krumina <irbekrm@gmail.com>
 2021-07-13 19:06:10 +02:00
Maël Valais
e12173b4c2 ingress-shim: unit-test certificateDeleted, only call on deletion 
The func certificateDeleted was being called on every possible event
(deleted, created, updated).

Signed-off-by: Maël Valais <mael@vls.dev>
 2021-07-12 17:30:01 +02:00
Maël Valais
59051432e3 ingress-shim: remove unused issuer and clusterissuer listers 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-07-12 17:26:58 +02:00
Maël Valais
c119b64fdf ingress-shim: I was syncing on Issuers instead of Ingresses 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-07-12 17:26:50 +02:00
Maël Valais
30ad33784d ingress-shim: remove unecessary/verbose comment 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-07-09 18:27:08 +02:00
Maël Valais
1cb39d1efe ingress-shim: remove duplicate line 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-07-09 17:43:01 +02:00
Maël Valais
0b12a5cf5f ingress-shim: explain why the owner ref does not have a namespace 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-07-09 17:42:48 +02:00
Maël Valais
75b9bd6598 ingress-shim: untangle logic for "looking for cert owners" 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-07-07 13:27:30 +02:00
Maël Valais
e218e12d77 rfc2136 dns01: "the algothrim" -> "algorithm is not supported" 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Ashley Davis <ashley.davis@jetstack.io>
 2021-07-06 12:51:01 +02:00
Maël Valais
d31768f61e cloudflare dns01: consistent err prefix "while querying the Clouflare API..." 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Richard Wall <richard.wall@jetstack.io>
 2021-07-06 12:51:01 +02:00
Maël Valais
26b074241a issuing controller test: check w.Register error 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Richard Wall <richard.wall@jetstack.io>
 2021-07-06 12:51:01 +02:00
Maël Valais
b62e51dc2c validation: leftmost align and guard statements instead of 'switch' 
The switch statement was making it a bit harder to read. I also renamed
variables to make more sense in the context of this function.

Signed-off-by: Maël Valais <mael@vls.dev>
 2021-07-06 12:51:01 +02:00
Maël Valais
d6d9aee9c7 linter party: ineffective 'break', commented "do nothing" instead 
Signed-off-by: Maël Valais <mael@vls.dev>

Signed-off-by: Maël Valais <mael@vls.dev>
 2021-07-06 12:51:01 +02:00
Maël Valais
ee2f22acde linter party: receiver name should be omitted instead of _ (ST1006) 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-07-06 12:51:01 +02:00
Maël Valais
42e65c3694 linter party: duplicate import of k8s.io/api/core/v1 (ST1019) 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-07-06 12:51:01 +02:00
Maël Valais
f813cc1ecd linter party: var 'accountJson' should be 'accountJSON' 
Signed-off-by: Maël Valais <mael@vls.dev>

Signed-off-by: Maël Valais <mael@vls.dev>
 2021-07-06 12:51:01 +02:00
Maël Valais
4e0864ff42 linter party: deadcode, remove 'messageErrorInvalidKeyPair' 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-07-06 12:51:01 +02:00
Maël Valais
338a6eb490 linter party: uncapitalize error messages (ST1005) 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-07-06 12:51:01 +02:00
Maël Valais
435e7f00ba linter party: ST1005: replace "Cloudflare" with "the Cloudflare" 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-07-06 12:51:01 +02:00
Maël Valais
37bee71d68 static analysis party: fix errcheck warnings 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-07-06 12:51:01 +02:00
jetstack-bot
e7a9ec0dab
Merge pull request #4178 from maelvls/vault-cabundle-base64 
vault issuer: specify that the caBundle must be base64-encoded
 2021-07-05 20:31:27 +01:00
Maël Valais
98bf0b6478
DataForCertificate: explain what the "current" and "next" CRs are used for 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-07-05 13:32:32 +02:00
ulrich giraud
b9c9231305 vault issuer: specify that the caBundle must be base64-encoded 
Signed-off-by: Ulrich GIRAUD <ulrich.giraud@pole-emploi.fr>
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-07-02 20:54:03 +02:00
jetstack-bot
75d91bcb29
Merge pull request #4103 from JoshVanL/certificate-signing-request=vault 
CertificateSigningRequest Vault controller
 2021-07-02 13:33:37 +01:00
jetstack-bot
08b6fb1a6f
Merge pull request #4147 from thiscantbeserious/issue/4134 
Cloudflare: refactor DNS01 challenge to use API for finding the nearest Zone
 2021-07-02 10:38:37 +01:00
Simon Sanladerer
f53109642e Cloudflare: refactor DNS01 challenge to use API for finding the nearest Zone 
Signed-off-by: Simon Sanladerer <simon@sanladerer.com>
 2021-07-01 02:36:46 +02:00
joshvanl
943f9abdb1 Minor comment and error message changes 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-06-30 18:09:32 +01:00
Inteon
fd20a0584a
Add explicit WithObservedGeneration versions of the Wait and Condition functions 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-06-29 15:48:13 +02:00
joshvanl
67ba2b15da Updates comment for internal vault client New func, that errors should 
be considered for retrying

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-06-29 14:34:49 +01:00
joshvanl
b237b5c222 Changes comment for duration annotation parsing 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-06-29 14:34:30 +01:00
Inteon
879108d9e4
deduplicate logic in CertificateHasCondition, WaitForCertificateReady & add WaitForCertificateReadyUpdate for testing Certificate update operations 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-06-29 14:16:30 +02:00
joshvanl
2c217f0377 Remove CA field from Vault CertificateSigningRequest controllers 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-06-29 10:50:33 +01:00
joshvanl
d0e7ccd805 Update some CSR comments 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-06-29 10:41:03 +01:00
joshvanl
f5b609e446 Adds Vault CertificateSigningRequest Issuer controller 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-06-29 09:11:43 +01:00
joshvanl
7e8bf731b2 Remove the experimental.cert-manager.io/ca annotation from the 
CertificateSigningRequest

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-06-25 16:02:37 +01:00
irbekrm
fd61e1ccc7 Delete 'next' CertificateRequests that failed in last issuance cycle 
So that the issuance is retried

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-06-22 07:28:06 +01:00
irbekrm
feb62b1fe5 Make the back off period const public 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-06-22 06:37:07 +01:00
irbekrm
428c280f76 Pass clock to request manager controller 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-06-22 06:36:26 +01:00
jetstack-bot
67c8176801
Merge pull request #4106 from JoshVanL/ctl-experimental-create-csr 
ctl experimental create certificatesigningrequest
 2021-06-18 15:44:24 +01:00
jetstack-bot
c23ce682eb
Merge pull request #4101 from JoshVanL/certificate-signing-request-e2e=conformance 
CertificateSigningRequest E2E Conformance Suite
 2021-06-18 13:13:23 +01:00
jetstack-bot
fbd2a6d06a
Merge pull request #4105 from kit837/add-clock-time-seconds 
Add clock_time_seconds metric
 2021-06-15 21:00:53 +01:00
kit837
4d55dbd217 run ./hack/update-bazel.sh 
Signed-off-by: kit837 <66801824+kit837@users.noreply.github.com>
 2021-06-15 17:48:31 +00:00
kit837
0f97e6d19d pass in clock.Clock for better test 
Signed-off-by: kit837 <66801824+kit837@users.noreply.github.com>
 2021-06-15 17:48:20 +00:00
joshvanl
78a6df1ebd Fix util/pki test which relied on hardcoded CSR common name 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-06-15 17:58:34 +01:00
jetstack-bot
02d90248de
Merge pull request #4079 from annerajb/support-ed25519 
support-ed25519
 2021-06-15 16:17:53 +01:00
joshvanl
ee8130f159 Adds utilities for converting kubernetes certificates v1 usages to x509 
usages

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-06-15 15:18:07 +01:00
jetstack-bot
91540b14a2
Merge pull request #4100 from JoshVanL/certificate-signing-request-selfsigned 
CertificateSigningRequest selfsigned controller
 2021-06-15 12:36:39 +01:00
joshvanl
19f94c877d Remove references to CA private key from SelfSigned CSR controller 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-06-15 12:13:52 +01:00
kit837
228168cee9 Add clock_time_seconds metric 
Fixes: https://github.com/jetstack/cert-manager/issues/3730
Related: https://github.com/jetstack/cert-manager/pull/3746

Signed-off-by: kit837 <66801824+kit837@users.noreply.github.com>
 2021-06-14 23:25:46 +00:00
Anner J. Bonilla
9546a357a5
Add support for certificates with ed25519 private keys 
Note that using ed25519 on the public internet is not currently
recommended, since it's not widely supported. You'd likely not be able
to use an Ed25519 cert with an ACME issuer today.

Ed25519 certs might be useful for internal PKI, though - an ed25519 CA
issuer, say - or for testing ed25519 certs before they become more
widely available on the public internet. They're not currently
supported by Vault, Venafi or ACME (Letsencrypt) issuers.

Signed-off-by: Anner J. Bonilla <abonilla@hoyosintegrity.com>
Signed-off-by: Anner J. Bonilla <annerjb@gmail.com>
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2021-06-14 11:17:35 +01:00