weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
5,246 Commits 45 Branches 0 Tags 96 MiB
b5fe7ecdca
Commit Graph

2260 Commits

Author SHA1 Message Date
jandersen-plaid
b5fe7ecdca Update pkg/controller/certificaterequests/acme/acme.go 
Co-authored-by: Ashley Davis <SgtCoDFish@users.noreply.github.com>
Signed-off-by: Jack Andersen <jandersen@plaid.com>
 2021-05-21 12:08:22 -04:00
jandersen-plaid
cd1d8a2788 Update pkg/controller/certificaterequests/acme/acme_test.go 
Co-authored-by: Ashley Davis <SgtCoDFish@users.noreply.github.com>
Signed-off-by: Jack Andersen <jandersen@plaid.com>
 2021-05-21 12:08:07 -04:00
jandersen-plaid
ed88ce6030 Update pkg/controller/certificaterequests/acme/acme_test.go 
Co-authored-by: Ashley Davis <SgtCoDFish@users.noreply.github.com>
Signed-off-by: Jack Andersen <jandersen@plaid.com>
 2021-05-21 12:07:40 -04:00
Jack Andersen
b48e9664a6 Only use the new hash on certificate request names > 52 chars 
Signed-off-by: Jack Andersen <jandersen@plaid.com>
 2021-05-18 09:08:30 -04:00
Jack Andersen
ceab5f1b15 Adjust comment to reflect what the hash applies to 
Signed-off-by: Jack Andersen <jandersen@plaid.com>
 2021-04-07 10:37:11 -04:00
Jack Andersen
6fc20a7055 Hash orders with the issuing certificate request to ensure unique hash 
Signed-off-by: Jack Andersen <jandersen@plaid.com>
 2021-04-07 10:27:47 -04:00
Maël Valais
f56db9f93d Revert "Handle CA issuer working as intermediate" (#3847) 
As discussed in #3847, I went too fast and /lgtm from my bed. That led
to having a piece of code that could potentially break people's
cert-manager deployments.

Our plan is to have the same PR re-opened so that we can have it
released for v1.4 (due on Friday 11 June 2021 as per our timeline).

Signed-off-by: Maël Valais <mael@vls.dev>
 2021-04-07 10:25:31 +02:00
jetstack-bot
79ccab3e69
Merge pull request #3847 from erikgb/fix/3619 
Handle CA issuer working as intermediate correctly
 2021-04-07 07:33:57 +01:00
jetstack-bot
2dd6b6e224
Merge pull request #3795 from JoshVanL/certificates-issuing-retry-denied-requests 
Adds Denied check to CertificateRequests in issuing controller to retry denied requests
 2021-04-06 21:34:57 +01:00
jetstack-bot
10a871dc62
Merge pull request #3444 from maelvls/bug-certificaterequest-not-updated 
Bug: certificaterequest not updated after its certificate is updated
 2021-04-06 20:17:57 +01:00
jetstack-bot
6ad91e0700
Merge pull request #3833 from JoshVanL/controller-issuer-context 
Pass context through to client calls in controllers and acme issuer
 2021-04-06 18:53:57 +01:00
Erik Godding Boye
bbafeeef67 fix #3619: Handle CA issuer working as intermediate correctly 
Signed-off-by: Erik Godding Boye <egboye@gmail.com>
 2021-04-06 19:45:48 +02:00
Maël Valais
8f5a094b0c trigger-controller: PR comment: failure mode -> failure state 
Cf. https://github.com/jetstack/cert-manager/pull/3444#pullrequestreview-629189131

Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 19:14:49 +02:00
Maël Valais
181d4ee281 DataForCertificate: typo certitificate -> certificate 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-04-06 19:06:21 +02:00
Maël Valais
a7486d5025 DataForCertificate: "Failure" CR condition -> "Failed" 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-04-06 18:58:31 +02:00
Maël Valais
2361f355aa DataForCertificate: PR comment: certificate -> cert-manager certificate 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 18:44:26 +02:00
Maël Valais
de0de24aad DataForCertificate: PR comment: mode -> state 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 18:42:17 +02:00
Maël Valais
c875518da1 DataForCertificate: PR comment: mismatch -> does not match 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 18:34:18 +02:00
Maël Valais
8b41ec1d54 DataForCertificate: PR comment: distinguish X.509 vs. Kubernetes cert 
The cert-manager team tends to use the word "certificate" for two very
different contexts:

1. sometimes, we use the word "certificate" to refer to a X.509
   certificate (a blob of ASN.1-encoded data and then PEM-formated);
2. and sometimes we refer to "certificate" as one item of the Kubernetes
   custom resource /apis/cert-manager.io/v1/certificates.

This commit makes sure the reader understands that we are talking about
the Kubernetes object here.

Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 18:25:48 +02:00
Maël Valais
a724f1ce31 DataForCertificate: PR comment: mismatches is a noun 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 18:09:59 +02:00
Maël Valais
c1d722b116 DataForCertificate: fix diagrams' Failed conditions 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-04-06 18:09:59 +02:00
Maël Valais
6c9477439c trigger-controller: hint people to look at gatherer.go diagrams 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-04-06 18:09:59 +02:00
Maël Valais
497f561ef7 DataForCertificate: hint people to look at gatherer.go diagrams 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-04-06 18:09:59 +02:00
Maël Valais
068a1c466f DataForCertificate: better wording for the "error returned" 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-04-06 18:09:59 +02:00
Maël Valais
f588d4138a DataForCertificate: explain what the "current" and "next" CRs are used for 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-04-06 18:09:47 +02:00
Maël Valais
a1a43b6784 DataForCertificate: PR comment: explain why we return a "duplicate CR" err 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 18:09:29 +02:00
Maël Valais
450d27f5d0 trigger-controller: PR comment: and -> if there is 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 18:09:28 +02:00
Maël Valais
c1bf35f4ed trigger-controller: further comments on shouldBackoffReissuingOnFailure 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Irbe Krumina <irbekrm@gmail.com>
 2021-04-06 18:09:28 +02:00
Maël Valais
a2bbdb7c51 DataForCertificate: explain what is the "next" certificate request 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 18:09:28 +02:00
Maël Valais
27f258cf3c trigger-controller: PR comment: use a single "fixedClock" 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Irbe Krumina <irbekrm@gmail.com>
 2021-04-06 18:09:28 +02:00
Maël Valais
36c2cc4d3b trigger-controller: PR comment: explain what "if nextCR != nil" is about 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Irbe Krumina <irbekrm@gmail.com>
 2021-04-06 18:09:28 +02:00
Maël Valais
85128f26ce trigger-controller: PR comment: rephrase log about skipping issuance 
The log message:

    multiple CertificateRequests found for the 'next' revision 2,
    skipping issuance until no more duplicate.

can be better phrased as:

    multiple CertificateRequests are found for the 'next' revision 2,
    issuance is skipped until there are no more duplicates.

Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 18:09:28 +02:00
Maël Valais
05c1fb9fc2 trigger-controller: reissue on mismatch using NextRevisionRequest 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 18:09:28 +02:00
Maël Valais
eb6d1399fc DataForCertificate: the func now fetches NextRevisionRequest 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 18:09:27 +02:00
Maël Valais
9305766ff2 trigger-controller: add two unit tests to showcase #3250 
Note that I had initially made createCryptoBundle public since I found
it inconvenient to have to pass a testing.T when we know that we should
never be  failing inside this func (I mean, the failure  zould not be due
to a wrong test case).

After a comment from Maartje, I realize that I could just use an anonymous
function for that purpose.

Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 18:09:27 +02:00
Maël Valais
747aba056c createCryptoBundle: cert-manager.io/certificate-revision was wrong 
It was set to a pointer value instead of the actual int value.

Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 18:09:27 +02:00
jetstack-bot
5925973f89
Merge pull request #3832 from JoshVanL/webhook-validation-request-context 
Webhook validation request context passthrough
 2021-04-06 16:34:58 +01:00
joshvanl
a072738c42 Move canceled context defer to first in stack for [cluster]issuer 
controllers

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-04-06 16:26:18 +01:00
joshvanl
c9d2a63802 Update failIssueCertificate signature and give more context in comment 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-04-03 13:30:29 +01:00
joshvanl
06cffcdf59 Adds Denied check to CertificateRequests in issuing controller to retry 
denied requests

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-04-03 13:21:23 +01:00
joshvanl
85ff4301b8 Passes through request context of webhook to admission functions 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-04-03 13:19:01 +01:00
Richard Wall
20510e45f0 Update cainjector to use stable API versions 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-04-01 17:23:28 +01:00
jetstack-bot
e29a3df86d
Merge pull request #3785 from JoshVanL/approval-subject-access-review 
Approval subject access review
 2021-04-01 08:00:39 +01:00
joshvanl
18ae2295f9 Pass context through to client calls in controllers and acme issuer 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-31 20:34:12 +01:00
joshvanl
46f1d853f5 Adds comment about why we convert CRs into internal types when 
validating approval

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-30 15:33:27 +01:00
jetstack-bot
517d211103
Merge pull request #3816 from irbekrm/update_bazel 
Bump versions of Gazelle, go_rules, Kazel, protobuf
 2021-03-30 13:44:38 +01:00
irbekrm
81a8588b91 Bumps versions of Gazelle, go_rules, Kazel, protobuf 
Signed-off-by: irbekrm <irbekrm@gmail.com>

Bumps versions of Gazelle, go_rules, Kazel and protobuf

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-03-29 08:25:12 +01:00
Salman
800d6019bf Replace reflect.DeepEqual with semantic equality check and remove status marshal 
Signed-off-by: salmanahmed404 <salmanahmed404@gmail.com>
 2021-03-27 12:49:14 +05:30
Salman
572bfb9111 Replace reflect.DeepEqual with semantic equality check 
Signed-off-by: salmanahmed404 <salmanahmed404@gmail.com>
 2021-03-27 12:49:14 +05:30
joshvanl
820b8556a3 Fix go linting 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-26 17:41:42 +00:00