weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
5,246 Commits 45 Branches 0 Tags 96 MiB
b5fe7ecdca
Commit Graph

5246 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
jandersen-plaid
b5fe7ecdca Update pkg/controller/certificaterequests/acme/acme.go 
Co-authored-by: Ashley Davis <SgtCoDFish@users.noreply.github.com>
Signed-off-by: Jack Andersen <jandersen@plaid.com>
 2021-05-21 12:08:22 -04:00
jandersen-plaid
cd1d8a2788 Update pkg/controller/certificaterequests/acme/acme_test.go 
Co-authored-by: Ashley Davis <SgtCoDFish@users.noreply.github.com>
Signed-off-by: Jack Andersen <jandersen@plaid.com>
 2021-05-21 12:08:07 -04:00
jandersen-plaid
ed88ce6030 Update pkg/controller/certificaterequests/acme/acme_test.go 
Co-authored-by: Ashley Davis <SgtCoDFish@users.noreply.github.com>
Signed-off-by: Jack Andersen <jandersen@plaid.com>
 2021-05-21 12:07:40 -04:00
Jack Andersen
b48e9664a6 Only use the new hash on certificate request names > 52 chars 
Signed-off-by: Jack Andersen <jandersen@plaid.com>
 2021-05-18 09:08:30 -04:00
Jack Andersen
ceab5f1b15 Adjust comment to reflect what the hash applies to 
Signed-off-by: Jack Andersen <jandersen@plaid.com>
 2021-04-07 10:37:11 -04:00
Jack Andersen
6fc20a7055 Hash orders with the issuing certificate request to ensure unique hash 
Signed-off-by: Jack Andersen <jandersen@plaid.com>
 2021-04-07 10:27:47 -04:00
jetstack-bot
9f612f0c2e
Merge pull request #3862 from jetstack/revert-3847-fix/3619 
Revert "Handle CA issuer working as intermediate correctly"
 2021-04-07 09:46:57 +01:00
Maël Valais
f56db9f93d Revert "Handle CA issuer working as intermediate" (#3847) 
As discussed in #3847, I went too fast and /lgtm from my bed. That led
to having a piece of code that could potentially break people's
cert-manager deployments.

Our plan is to have the same PR re-opened so that we can have it
released for v1.4 (due on Friday 11 June 2021 as per our timeline).

Signed-off-by: Maël Valais <mael@vls.dev>
 2021-04-07 10:25:31 +02:00
jetstack-bot
79ccab3e69
Merge pull request #3847 from erikgb/fix/3619 
Handle CA issuer working as intermediate correctly
 2021-04-07 07:33:57 +01:00
jetstack-bot
2dd6b6e224
Merge pull request #3795 from JoshVanL/certificates-issuing-retry-denied-requests 
Adds Denied check to CertificateRequests in issuing controller to retry denied requests
 2021-04-06 21:34:57 +01:00
jetstack-bot
10a871dc62
Merge pull request #3444 from maelvls/bug-certificaterequest-not-updated 
Bug: certificaterequest not updated after its certificate is updated
 2021-04-06 20:17:57 +01:00
jetstack-bot
6ad91e0700
Merge pull request #3833 from JoshVanL/controller-issuer-context 
Pass context through to client calls in controllers and acme issuer
 2021-04-06 18:53:57 +01:00
Erik Godding Boye
bbafeeef67 fix #3619: Handle CA issuer working as intermediate correctly 
Signed-off-by: Erik Godding Boye <egboye@gmail.com>
 2021-04-06 19:45:48 +02:00
Erik Godding Boye
861db7bf4e Fix minor local dev environment issue 
Signed-off-by: Erik Godding Boye <egboye@gmail.com>
 2021-04-06 19:45:48 +02:00
Maël Valais
8f5a094b0c trigger-controller: PR comment: failure mode -> failure state 
Cf. https://github.com/jetstack/cert-manager/pull/3444#pullrequestreview-629189131

Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 19:14:49 +02:00
Maël Valais
181d4ee281 DataForCertificate: typo certitificate -> certificate 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-04-06 19:06:21 +02:00
Maël Valais
a7486d5025 DataForCertificate: "Failure" CR condition -> "Failed" 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-04-06 18:58:31 +02:00
Maël Valais
2361f355aa DataForCertificate: PR comment: certificate -> cert-manager certificate 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 18:44:26 +02:00
Maël Valais
de0de24aad DataForCertificate: PR comment: mode -> state 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 18:42:17 +02:00
Maël Valais
c875518da1 DataForCertificate: PR comment: mismatch -> does not match 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 18:34:18 +02:00
Maël Valais
8b41ec1d54 DataForCertificate: PR comment: distinguish X.509 vs. Kubernetes cert 
The cert-manager team tends to use the word "certificate" for two very
different contexts:

1. sometimes, we use the word "certificate" to refer to a X.509
   certificate (a blob of ASN.1-encoded data and then PEM-formated);
2. and sometimes we refer to "certificate" as one item of the Kubernetes
   custom resource /apis/cert-manager.io/v1/certificates.

This commit makes sure the reader understands that we are talking about
the Kubernetes object here.

Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 18:25:48 +02:00
Maël Valais
a724f1ce31 DataForCertificate: PR comment: mismatches is a noun 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 18:09:59 +02:00
Maël Valais
c1d722b116 DataForCertificate: fix diagrams' Failed conditions 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-04-06 18:09:59 +02:00
Maël Valais
6c9477439c trigger-controller: hint people to look at gatherer.go diagrams 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-04-06 18:09:59 +02:00
Maël Valais
497f561ef7 DataForCertificate: hint people to look at gatherer.go diagrams 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-04-06 18:09:59 +02:00
Maël Valais
068a1c466f DataForCertificate: better wording for the "error returned" 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-04-06 18:09:59 +02:00
Maël Valais
f588d4138a DataForCertificate: explain what the "current" and "next" CRs are used for 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-04-06 18:09:47 +02:00
Maël Valais
a1a43b6784 DataForCertificate: PR comment: explain why we return a "duplicate CR" err 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 18:09:29 +02:00
Maël Valais
450d27f5d0 trigger-controller: PR comment: and -> if there is 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 18:09:28 +02:00
Maël Valais
c1bf35f4ed trigger-controller: further comments on shouldBackoffReissuingOnFailure 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Irbe Krumina <irbekrm@gmail.com>
 2021-04-06 18:09:28 +02:00
Maël Valais
a2bbdb7c51 DataForCertificate: explain what is the "next" certificate request 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 18:09:28 +02:00
Maël Valais
27f258cf3c trigger-controller: PR comment: use a single "fixedClock" 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Irbe Krumina <irbekrm@gmail.com>
 2021-04-06 18:09:28 +02:00
Maël Valais
36c2cc4d3b trigger-controller: PR comment: explain what "if nextCR != nil" is about 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Irbe Krumina <irbekrm@gmail.com>
 2021-04-06 18:09:28 +02:00
Maël Valais
dc99a5e8ca acme-http01-e2e: PR comment: Equal -> ContainElements for DNS names 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Irbe Krumina <irbekrm@gmail.com>
 2021-04-06 18:09:28 +02:00
Maël Valais
6cda600e42 acme-http01-e2e: PR comment: 30 seconds of wait is enough 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Irbe Krumina <irbekrm@gmail.com>
 2021-04-06 18:09:28 +02:00
Maël Valais
98fe26b939 acme-http01-e2e: PR comment: check cert is unready before correcting it 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Irbe Krumina <irbekrm@gmail.com>
 2021-04-06 18:09:28 +02:00
Maël Valais
85128f26ce trigger-controller: PR comment: rephrase log about skipping issuance 
The log message:

    multiple CertificateRequests found for the 'next' revision 2,
    skipping issuance until no more duplicate.

can be better phrased as:

    multiple CertificateRequests are found for the 'next' revision 2,
    issuance is skipped until there are no more duplicates.

Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 18:09:28 +02:00
Maël Valais
05c1fb9fc2 trigger-controller: reissue on mismatch using NextRevisionRequest 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 18:09:28 +02:00
Maël Valais
eb6d1399fc DataForCertificate: the func now fetches NextRevisionRequest 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 18:09:27 +02:00
Maël Valais
9305766ff2 trigger-controller: add two unit tests to showcase #3250 
Note that I had initially made createCryptoBundle public since I found
it inconvenient to have to pass a testing.T when we know that we should
never be  failing inside this func (I mean, the failure  zould not be due
to a wrong test case).

After a comment from Maartje, I realize that I could just use an anonymous
function for that purpose.

Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 18:09:27 +02:00
Maël Valais
3832f551aa acme-http01-e2e: "validations" are not actually verifying the X.509 cert 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 18:09:27 +02:00
Maël Valais
78e2e7fdca acme-http01-e2e: pebble was returning the same 400 as boulder 
Pebble:

  400 urn:ietf:params:acme:error:rejectedIdentifier: Order included an identifier for which issuance is forbidden by policy: "google.com"

Let's Encrypt's boulder:

  400 urn:ietf:params:acme:error:rejectedIdentifier: Cannot issue for "google.com"

Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 18:09:27 +02:00
Maël Valais
18a9461023 acme-http01-e2e: add a test case to show the cert update bug 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 18:09:27 +02:00
Maël Valais
89c3dc1afa gen: document why we do not pass an entire Certificate 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 18:09:27 +02:00
Maël Valais
747aba056c createCryptoBundle: cert-manager.io/certificate-revision was wrong 
It was set to a pointer value instead of the actual int value.

Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 18:09:27 +02:00
jetstack-bot
5925973f89
Merge pull request #3832 from JoshVanL/webhook-validation-request-context 
Webhook validation request context passthrough
 2021-04-06 16:34:58 +01:00
joshvanl
a072738c42 Move canceled context defer to first in stack for [cluster]issuer 
controllers

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-04-06 16:26:18 +01:00
jetstack-bot
e7333df106
Merge pull request #3838 from wallrj/3289-stable-api-versions 
Update cainjector to use stable API versions
 2021-04-06 15:19:57 +01:00
Richard Wall
3d7f370b21 Re-enable the cainjector E2E tests for apiregistration 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-04-06 14:04:26 +01:00
jetstack-bot
2abafa18be
Merge pull request #3846 from irbekrm/reinstate_line_wrapping 
Reinstate line wrapping
 2021-04-03 17:02:51 +01:00