cert-manager

Author	SHA1	Message	Date
Maël Valais	b13b751d63	PR review with Irbe: re-queue Ingress on "Update" and "Add" of certs Signed-off-by: Maël Valais <mael@vls.dev> Co-authored-by: Irbe Krumina <irbekrm@gmail.com>	2021-07-13 19:06:10 +02:00
Maël Valais	e12173b4c2	ingress-shim: unit-test certificateDeleted, only call on deletion The func certificateDeleted was being called on every possible event (deleted, created, updated). Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-12 17:30:01 +02:00
Maël Valais	59051432e3	ingress-shim: remove unused issuer and clusterissuer listers Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-12 17:26:58 +02:00
Maël Valais	c119b64fdf	ingress-shim: I was syncing on Issuers instead of Ingresses Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-12 17:26:50 +02:00
Maël Valais	30ad33784d	ingress-shim: remove unecessary/verbose comment Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-09 18:27:08 +02:00
Maël Valais	1cb39d1efe	ingress-shim: remove duplicate line Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-09 17:43:01 +02:00
Maël Valais	0b12a5cf5f	ingress-shim: explain why the owner ref does not have a namespace Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-09 17:42:48 +02:00
Maël Valais	75b9bd6598	ingress-shim: untangle logic for "looking for cert owners" Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-07 13:27:30 +02:00
Maël Valais	26b074241a	issuing controller test: check w.Register error Signed-off-by: Maël Valais <mael@vls.dev> Co-authored-by: Richard Wall <richard.wall@jetstack.io>	2021-07-06 12:51:01 +02:00
Maël Valais	37bee71d68	static analysis party: fix errcheck warnings Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-06 12:51:01 +02:00
Maël Valais	98bf0b6478	DataForCertificate: explain what the "current" and "next" CRs are used for Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-05 13:32:32 +02:00
joshvanl	2c217f0377	Remove CA field from Vault CertificateSigningRequest controllers Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-06-29 10:50:33 +01:00
joshvanl	d0e7ccd805	Update some CSR comments Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-06-29 10:41:03 +01:00
joshvanl	f5b609e446	Adds Vault CertificateSigningRequest Issuer controller Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-06-29 09:11:43 +01:00
joshvanl	7e8bf731b2	Remove the `experimental.cert-manager.io/ca` annotation from the CertificateSigningRequest Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-06-25 16:02:37 +01:00
irbekrm	fd61e1ccc7	Delete 'next' CertificateRequests that failed in last issuance cycle So that the issuance is retried Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-06-22 07:28:06 +01:00
irbekrm	feb62b1fe5	Make the back off period const public Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-06-22 06:37:07 +01:00
irbekrm	428c280f76	Pass clock to request manager controller Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-06-22 06:36:26 +01:00
jetstack-bot	fbd2a6d06a	Merge pull request #4105 from kit837/add-clock-time-seconds Add clock_time_seconds metric	2021-06-15 21:00:53 +01:00
kit837	0f97e6d19d	pass in clock.Clock for better test Signed-off-by: kit837 <66801824+kit837@users.noreply.github.com>	2021-06-15 17:48:20 +00:00
jetstack-bot	02d90248de	Merge pull request #4079 from annerajb/support-ed25519 support-ed25519	2021-06-15 16:17:53 +01:00
jetstack-bot	91540b14a2	Merge pull request #4100 from JoshVanL/certificate-signing-request-selfsigned CertificateSigningRequest selfsigned controller	2021-06-15 12:36:39 +01:00
joshvanl	19f94c877d	Remove references to CA private key from SelfSigned CSR controller Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-06-15 12:13:52 +01:00
Anner J. Bonilla	9546a357a5	Add support for certificates with ed25519 private keys Note that using ed25519 on the public internet is not currently recommended, since it's not widely supported. You'd likely not be able to use an Ed25519 cert with an ACME issuer today. Ed25519 certs might be useful for internal PKI, though - an ed25519 CA issuer, say - or for testing ed25519 certs before they become more widely available on the public internet. They're not currently supported by Vault, Venafi or ACME (Letsencrypt) issuers. Signed-off-by: Anner J. Bonilla <abonilla@hoyosintegrity.com> Signed-off-by: Anner J. Bonilla <annerjb@gmail.com> Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2021-06-14 11:17:35 +01:00
joshvanl	d5007c2e37	Adds the CertificateSigningRequest selfsigned controller Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-06-14 10:18:54 +01:00
irbekrm	e6b748047d	Remove the default renewBefore value Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-06-11 10:03:12 +01:00
joshvanl	abdd1f54fa	Fix CA CertificateSigningRequest controller to return potential error from updating failed status Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-06-07 17:48:49 +01:00
joshvanl	d4fd4f9acc	Move determining Issuer resource Kind into CSR/util Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-06-07 15:27:43 +01:00
joshvanl	1678d0833e	Reverts ACME issuer from forming a chain bundle and populating the ca.crt Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-06-02 12:21:50 +01:00
joshvanl	36bd7a459c	Changes CSR util signername to use if statements rather than switch Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-05-28 10:34:43 +01:00
joshvanl	acc5431f1b	Fix signernames to allow clusterissuers with dots in name Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-05-28 10:13:00 +01:00
joshvanl	9e1b0342d0	Updates with review comments Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-05-27 18:48:50 +01:00
joshvanl	e014b6655d	Use ca.crt with the CertificateSigningRequest CA controller Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-05-27 10:49:21 +01:00
joshvanl	62dee4783e	Adds CertificateSigningRequest CA Issuer controller as optional controller Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-05-27 00:32:24 +01:00
joshvanl	3b74c34089	Adds CertificateSigningRequest CA Issuer controller Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-05-27 00:25:02 +01:00
joshvanl	c5c206cace	Adds base CertificateSigningRequest cert-manager controller Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-05-27 00:23:50 +01:00
jetstack-bot	efd8b7a076	Merge pull request #3866 from jandersen-plaid/jandersen-plaid-make-orders-unique-to-controlling-cr Hash orders with the issuing certificate request to ensure unique hash	2021-05-21 17:34:25 +01:00
jandersen-plaid	b5fe7ecdca	Update pkg/controller/certificaterequests/acme/acme.go Co-authored-by: Ashley Davis <SgtCoDFish@users.noreply.github.com> Signed-off-by: Jack Andersen <jandersen@plaid.com>	2021-05-21 12:08:22 -04:00
jandersen-plaid	cd1d8a2788	Update pkg/controller/certificaterequests/acme/acme_test.go Co-authored-by: Ashley Davis <SgtCoDFish@users.noreply.github.com> Signed-off-by: Jack Andersen <jandersen@plaid.com>	2021-05-21 12:08:07 -04:00
jandersen-plaid	ed88ce6030	Update pkg/controller/certificaterequests/acme/acme_test.go Co-authored-by: Ashley Davis <SgtCoDFish@users.noreply.github.com> Signed-off-by: Jack Andersen <jandersen@plaid.com>	2021-05-21 12:07:40 -04:00
Ashley Davis	219a620871	static analysis fixes pkg/ctl/scheme.go:17:1: package comment should be of the form "Package ctl ..." pkg/issuer/acme/dns/acmedns/acmedns.go:43:2: var accountJson should be accountJSON pkg/issuer/acme/dns/acmedns/acmedns.go:50:43: func parameter accountJson should be accountJSON pkg/controller/certificates/trigger/policies/policies.go:57:1: comment on exported type Chain should be of the form "Chain ..." (with optional leading article) pkg/controller/ingress-shim/sync.go:36:2: package "github.com/jetstack/cert-manager/pkg/logs" is being imported more than once (ST1019) pkg/controller/ingress-shim/sync.go:37:2: other import of "github.com/jetstack/cert-manager/pkg/logs" Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2021-05-21 12:04:11 +01:00
Ashley Davis	c67c2c4f47	static analysis: pkg/controller fixes the following issues: pkg/controller/acmeorders/util.go:84:6 deadcode `hashChallenge` is unused pkg/controller/certificaterequests/approver/approver.go:72:14 staticcheck SA4021: x = append(y) is equivalent to x = y pkg/controller/certificaterequests/vault/vault_test.go:535:21 errcheck Error return value of `controller.Register` is not checked pkg/controller/certificates/trigger/policies/policies.go:121:26 gosimple S1039: unnecessary use of fmt.Sprintf pkg/controller/clusterissuers/sync_test.go:55:12 errcheck Error return value of `c.Register` is not checked pkg/controller/ingress-shim/sync.go:301:2 gosimple S1005: unnecessary assignment to the blank identifier Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2021-05-21 12:03:47 +01:00
irbekrm	e1dff85cad	Feedback from code review Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-05-21 12:03:47 +01:00
irbekrm	17728b8437	Handle cert renewal when renewalBefore slightly less than cert duration correctly Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-05-21 12:03:47 +01:00
Josh Soref	64fb1ebc91	Deprecate UsageContentCommittment Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>	2021-05-19 12:40:10 -04:00
irbekrm	06f6b46f30	Implements feedback from code review Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-05-19 13:20:05 +01:00
irbekrm	bbfd2294f9	Integration test for ACME Orders controller Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-05-19 13:11:48 +01:00
irbekrm	d8c941da8e	Refactors creation of ACME Orders controller So that it easier used with the existing test framework and also is more similar to how most other controllers are created Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-05-19 13:11:18 +01:00
irbekrm	8d55b69796	Unit test pending ACME order with valid challenges Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-05-19 13:06:12 +01:00
irbekrm	1e235c79f2	Re-queue Order with finalized Challenges, but pending state To avoid stuck Orders in case of a misbehaving ACME server Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-05-19 13:05:44 +01:00

1 2 3 4 5 ...

1058 Commits