weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
8,876 Commits 45 Branches 0 Tags 96 MiB
b497dadcb0
Commit Graph

8876 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
cert-manager-prow[bot]
b497dadcb0
Merge pull request #7142 from inteon/bind_update 
Tests: use supported bind9 image and run as non-root
 2024-07-01 11:07:24 +00:00
Tim Ramlot
452ee1ea41
use supported bind9 image and run bind as non-root user 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-07-01 12:57:31 +02:00
cert-manager-prow[bot]
74fe287746
Merge pull request #7141 from inteon/add_bind_resource_request_and_limit 
Tests: add bind resource request to improve availability during tests
 2024-07-01 10:56:23 +00:00
cert-manager-prow[bot]
50abeda40d
Merge pull request #6987 from cbroglie/renew-before-pct 
feat: Add renewBeforePercentage alternative to renewBefore
 2024-07-01 09:45:23 +00:00
Christopher Broglie
0f74d7536e Add renewBeforePercentage alternative to renewBefore 
Since the actual duration is unknown until a cert has been issued,
providing an absolute duration for renewBefore can result in accidental
renewal loops. The new renewBeforePercentage field computes the
effective renewBefore using the actual duration, allowing users to
better express intent while maintaining backwards compatibility.

Fixes #4423, resolves #5821

Signed-off-by: Christopher Broglie <cbroglie@cloudflare.com>
 2024-06-29 21:18:15 -07:00
Tim Ramlot
0e45b3b23b
add bind resource request to improve availability during tests, also set memory limit = request following best practice 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-28 16:05:25 +02:00
cert-manager-prow[bot]
c65c75718d
Merge pull request #7140 from inteon/bugfix_nilpointer 
BUGFIX: Venafi issuer and clusterissuer checks were failing due to nilpointer exception
 2024-06-28 09:10:21 +00:00
Tim Ramlot
e906cb8db0
BUGFIX: Venafi issuer and clusterissuer checks were failing due to nilpointer exception 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-28 10:03:43 +02:00
cert-manager-prow[bot]
1b9c02e999
Merge pull request #7126 from ThatsMrTalbot/feat/helm-default-config-apiversion-and-kind 
feat: default ControllerConfiguration apiVersion and kind in helm
 2024-06-25 11:34:56 +00:00
cert-manager-prow[bot]
054887d2ef
Merge pull request #7125 from SgtCoDFish/bump-http-lib 
Bump go-retryablehttp to address CVE-2024-6104
 2024-06-25 11:09:56 +00:00
Adam Talbot
e30ad68ab2 feat: default ControllerConfiguration apiVersion and kind in helm 
Signed-off-by: Adam Talbot <adam.talbot@venafi.com>
 2024-06-25 11:58:44 +01:00
Ashley Davis
817a2bfd21
bump go-retryablehttp to address CVE-2024-6104 
Signed-off-by: Ashley Davis <ashley.davis@venafi.com>
 2024-06-25 11:15:52 +01:00
cert-manager-prow[bot]
46100d4c2b
Merge pull request #7124 from maelvls/make-fix-e2e_cert_manager_version 
make e2e-setup-certmanager: E2E_CERT_MANAGER_VERSION now works
 2024-06-25 09:28:57 +00:00
Maël Valais
dfff8c2b62 make e2e-setup-certmanager: E2E_CERT_MANAGER_VERSION now works 
Previously,

  E2E_EXISTING_CHART=true E2E_CERT_MANAGER_VERSION=1.14.2 make e2e-setup-certmanager

would fail with the error:

  Error: unknown flag: --version1.14.2

Signed-off-by: Maël Valais <mael@vls.dev>
 2024-06-25 10:13:04 +02:00
cert-manager-prow[bot]
b10c02a39d
Merge pull request #7123 from cert-manager/self-upgrade-master 
[CI] Merge self-upgrade-master into master
 2024-06-25 07:47:56 +00:00
Tim Ramlot
db4ab7feb6
remove duplicate Make targets 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-25 09:34:13 +02:00
cert-manager-bot
e0b345bafe BOT: run 'make upgrade-klone' and 'make generate' 
Signed-off-by: cert-manager-bot <cert-manager-bot@users.noreply.github.com>
 2024-06-25 00:19:54 +00:00
cert-manager-prow[bot]
f037fd2c68
Merge pull request #7106 from inteon/conformance_cleanup 
Refactor Certificate conformance to tabular tests
 2024-06-24 14:29:56 +00:00
cert-manager-prow[bot]
837c6a1e06
Merge pull request #7036 from fidelity-contributions/feature/5514-venafi-issuer-ca-ref-support 
Feature/5514 - Add SecretRef support for venafi TPP issuer CA Bundle
 2024-06-24 14:18:20 +00:00
Tim Ramlot
7eba9c8551
skip conformance test if featureGate is not enabled 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-24 13:15:28 +02:00
Tim Ramlot
ecf7b155ee
fix CertificateOrganization matcher 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-24 13:15:28 +02:00
Tim Ramlot
3703b07eba
reorder certificate conformance tests 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-24 13:15:28 +02:00
Tim Ramlot
e4669aaa00
transform certificate conformance tests into tabular tests 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-24 13:15:28 +02:00
Tim Ramlot
e9ab52c768
move duplicate certificate conformance test logic to function 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-24 13:15:28 +02:00
cert-manager-prow[bot]
edfc1a3ffc
Merge pull request #7119 from inteon/conformance_venafi 
Fix Venafi conformance test
 2024-06-24 11:15:03 +00:00
Tim Ramlot
b65903f048
add missing featureset.OnlySAN required feature 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-24 11:32:09 +02:00
cert-manager-prow[bot]
9c28f4dc26
Merge pull request #6966 from mindw/mindw/add_proc_go_build_metrics 
Add process and go runtime metrics for controller
 2024-06-21 19:21:00 +00:00
cert-manager-prow[bot]
f7100f3dbb
Merge pull request #7110 from inteon/simplify_csr_conformance_tests 
Simplify CertificateSigningRequest conformance tests and add missing tests
 2024-06-21 15:18:00 +00:00
Tim Ramlot
c3a76a9c6e
self-review changes 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-21 15:33:13 +02:00
Gabi Davar
52be4c0945
reduced go metrics to default minimum. 
Signed-off-by: Gabi Davar <grizzly.nyo@gmail.com>
 2024-06-21 15:07:57 +03:00
Tim Ramlot
6790dac656
remove LiteralSubjectFeature from unsupported features for ACME 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-21 10:14:20 +02:00
Gabi Davar
531b1f1d59
Expose Prometheus process and go runtime metrics. 
Signed-off-by: Gabi Davar <grizzly.nyo@gmail.com>
 2024-06-21 10:31:35 +03:00
cert-manager-prow[bot]
a7bdbec9e3
Merge pull request #7105 from inteon/vault_bugfix 
BUGFIX: retry signing when encountering transient error (Vault issuer)
 2024-06-20 15:46:00 +00:00
Tim Ramlot
7572d3075f
add testcase 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-20 13:35:06 +02:00
Tim Ramlot
9e649cc8f1
only retry when encountering a Vault non-InvalidData error 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-20 13:35:02 +02:00
Tim Ramlot
fa6f654598
copy the unsupportedFeatures from the Certificate conformance tests to the CertificateSigningRequest conformance tests 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-19 17:44:49 +02:00
Tim Ramlot
05495d0e4c
fix KeyUsageCertSign check to match actual behavior for CertificateSigningRequests 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-19 17:31:09 +02:00
Tim Ramlot
688ffd8106
add missing certificatesigningrequest conformance tests 
(tests that exist for the Certificate resousources but not for the CertificateSigningRequest resources)

Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-19 17:31:09 +02:00
Tim Ramlot
c8624cd1d1
simplify certificatesigningrequest conformance tests 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-19 17:28:29 +02:00
Tim Ramlot
03e1db1b77
BUGFIX: retry signing when encountering transient error 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-19 06:06:11 +02:00
cert-manager-prow[bot]
ba89d61f06
Merge pull request #7103 from cert-manager/dependabot/go_modules/go_modules-802a617a5b 
Bump the go_modules group across 2 directories with 1 update
 2024-06-18 16:31:57 +00:00
cert-manager-prow[bot]
9f8707d0f8
Merge pull request #4330 from joshmue/vault_client_cert_auth 
Add client certificate auth method for Vault issuer
 2024-06-18 12:19:57 +00:00
Tim Ramlot
a6f7d5defa
Bump the go_modules group across 2 directories with 1 update 
Bumps the go_modules group with 1 update in the / directory: [github.com/vektah/gqlparser/v2](https://github.com/vektah/gqlparser).
Bumps the go_modules group with 1 update in the /cmd/controller directory: [github.com/vektah/gqlparser/v2](https://github.com/vektah/gqlparser).

Updates `github.com/vektah/gqlparser/v2` from 2.5.11 to 2.5.15
- [Release notes](https://github.com/vektah/gqlparser/releases)
- [Commits](https://github.com/vektah/gqlparser/compare/v2.5.11...v2.5.15)

Updates `github.com/vektah/gqlparser/v2` from 2.5.11 to 2.5.15
- [Release notes](https://github.com/vektah/gqlparser/releases)
- [Commits](https://github.com/vektah/gqlparser/compare/v2.5.11...v2.5.15)

---
updated-dependencies:
- dependency-name: github.com/vektah/gqlparser/v2
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/vektah/gqlparser/v2
  dependency-type: indirect
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-06-18 14:10:20 +02:00
Tim Ramlot
f25fb18da5
use correct contexts in new test code 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-18 14:06:05 +02:00
cert-manager-prow[bot]
d44f654185
Merge pull request #7094 from inteon/upgrade_deps 
Upgrade dependencies
 2024-06-17 12:24:56 +00:00
cert-manager-prow[bot]
cfb3f38c3a
Merge pull request #7100 from inteon/cleanup_test_helpers 
Cleanup test helpers by increasing usage of gen package.
 2024-06-17 08:51:56 +00:00
Tim Ramlot
363a63ac96
Add client certificate authentication for Vault issuers 
Co-authored-by: Maël Valais <mael@vls.dev>
Signed-off-by: Joshua Mühlfort <muehlfort@gonicus.de>
 2024-06-17 09:16:26 +02:00
Tim Ramlot
d5659b9217
upgrade test dependencies 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-17 08:41:32 +02:00
Tim Ramlot
e0cdfd37bf
introduce gen.CSRForCertificate and gen.CSRWithSignerForCertificate and use it to deduplicate test code 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-14 15:53:18 +02:00
Tim Ramlot
255d954106
replace NewCertManagerBasicCertificateRequest contents with gen builder 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-14 15:53:13 +02:00