weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
3,356 Commits 45 Branches 0 Tags 96 MiB
b72e8341df
Commit Graph

3356 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
JoshVanL
b72e8341df Correctly wait for issue on e2e tests 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2019-11-13 14:36:31 +00:00
JoshVanL
0645bb6769 Use cloud flare service account in cluster namespace when using cluster 
issuer

Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2019-11-13 11:03:12 +00:00
JoshVanL
f03cf45a9e Generate Name on e2e secret names and clean up 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2019-11-13 11:03:12 +00:00
JoshVanL
d57cd5a6c7 Sets all conformance issuers to have generate name 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2019-11-13 11:02:43 +00:00
JoshVanL
854c67d718 Ensure ClusterIssuer is deleted after tests 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2019-11-13 11:02:43 +00:00
JoshVanL
56a40ddba7 Adds cluster issuer tests for all conformance issuer suites 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2019-11-13 11:02:43 +00:00
JoshVanL
dfaf2f20c2 Initialise e2e vault issuer secret namespace before each 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2019-11-13 11:02:43 +00:00
JoshVanL
d6248d20bd Make vault issuer to point to resource namespace over certificaterequest 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2019-11-13 11:02:43 +00:00
jetstack-bot
4bc4844f27
Merge pull request #2355 from JoshVanL/disable-api-service-ca-injector 
Disables API Service cainjector.go e2e test
 2019-11-13 10:22:26 +00:00
jetstack-bot
1bfec37482
Merge pull request #2349 from JoshVanL/2205-kubernetes-auth-path 
Changes the vault issuer Kubernetes auth path to require the full *mount* path
 2019-11-13 09:58:26 +00:00
JoshVanL
ee196a4578 Disables API Service cainjector.go e2e test 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2019-11-12 20:55:00 +00:00
JoshVanL
0e739bdde9 Mount path now hard codes /login endpoint in code 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2019-11-12 18:37:54 +00:00
jetstack-bot
299a5d629c
Merge pull request #2350 from JoshVanL/docs/aws-iam-policy 
Docs/aws iam policy
 2019-11-12 11:00:34 +00:00
jetstack-bot
0aba30b251
Merge pull request #2351 from JoshVanL/catalina 
Catalina
 2019-11-11 17:23:41 +00:00
JoshVanL
836800d1e7 Correctly de-duplicate ext key usages in e2e tests 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2019-11-11 14:34:45 +00:00
jetstack-bot
f83dc13a39
Merge pull request #2326 from JoshVanL/cli-output-issuer 
Increases issuer CLI output
 2019-11-11 13:52:40 +00:00
JoshVanL
d38abbe23a Update csr_test.go to include server auth key usage 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2019-11-11 13:19:25 +00:00
JoshVanL
b3c301dfd4 De-duplicate ext key usages is e2e tests getting defaults 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2019-11-11 13:18:30 +00:00
James Munnelly
c6a6f6caf0 Set serverAuth EKU by default for better Mac OS Catalina compatibility 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-11-11 13:03:35 +00:00
JoshVanL
0c078d7abe Adds missing comma to form proper json 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2019-11-11 12:57:41 +00:00
Nolan Reisbeck
a4d2b39b79 route53.rst: add route53:ListResourceRecordSets to IAM Policy 
With the provided IAM Policy, I was receiving the error:
```
{"level":"info","msg":"legolog: [WARN] [$DOMAIN] acme: error cleaning
up: failed to determine Route 53 hosted zone ID: AccessDenied: User:
arn:aws:iam::$ARN:user/$USER is not authorized to perform:
route53:ListHostedZonesByName","time":"2019-08-22T00:26:56Z"}
```

Signed-off-by: Nolan Reisbeck <nreisbeck@doctorondemand.com>
 2019-11-11 12:57:07 +00:00
JoshVanL
7ec3103eb4 Changes the vault issuer Kubernetes auth path to require the full path 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2019-11-11 12:49:02 +00:00
JoshVanL
06ce5061ba Set printer columns by changing crds in deploy 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2019-11-11 12:25:37 +00:00
jetstack-bot
f46029b999
Merge pull request #2324 from CoaxVex/master 
Correct order api group owner reference when creating challenges
 2019-11-07 17:39:34 +00:00
jetstack-bot
57e045fd96
Merge pull request #2316 from JoshVanL/2312-check-all-vault-secrets 
Ensure we check all the secrets that vault cluster issuers may be
 2019-11-07 17:39:25 +00:00
jetstack-bot
d3254e3843
Merge pull request #2260 from JoshVanL/2247-cert-key-usages 
Ensure key usages are set on CertificateRequests created by the Certificate controller
 2019-11-07 17:14:34 +00:00
jetstack-bot
5255187604
Merge pull request #2250 from baelish/master 
serviceAccountSecretRef is not always required
 2019-11-07 17:14:26 +00:00
jetstack-bot
1b11e9b812
Merge pull request #2323 from JoshVanL/e2e-test-vault-flake 
Creates a proper wrapper for vault port-forwarding to keep it alive and healthy
 2019-11-07 16:45:26 +00:00
JoshVanL
2f91506565 Move vault issuer cleanup to JsutAfterEach 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2019-11-05 19:08:35 +00:00
JoshVanL
57dad45441 Adds more informative output of kubectl get on [cluster]issuers 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2019-11-05 18:26:48 +00:00
JoshVanL
b4e62d0fce Increase vault health timeout try 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2019-11-05 17:59:38 +00:00
Harold Drost
62c4e0b6eb serviceAccountSecretRef is not always required 
The cert-manager code will use what it's called ambient permissions.
This worked for us until we moved from v0.8 to v0.11 though I've found
the issue present in v10 also.

Signed-off-by: Harold Drost <baelish@bluecell.net>
 2019-11-05 15:57:58 +00:00
JoshVanL
50d9b1f038 Ignore key encipherment of e2e tests when key is EC 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2019-11-05 15:23:51 +00:00
Nils Cant
0df53cecab Revert "Add update permission on certificaterequests/finalizers to cert-manager-controller-certificates cluster role" 
This reverts commit dcd1f9fc01.
 2019-11-05 15:35:20 +01:00
Nils Cant
dcd1f9fc01 Add update permission on certificaterequests/finalizers to cert-manager-controller-certificates cluster role 2019-11-05 15:32:05 +01:00
JoshVanL
b2337cdf9e Creates a proper wrapper for vault port-forwarding to keep it alive and 
healthy

Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2019-11-05 14:23:23 +00:00
Nils Cant
765a0cb21d Correct order api group owner reference when creating challenges 
Signed-off-by: Nils Cant <nils.cant@vargen.io>
 2019-11-05 15:22:32 +01:00
JoshVanL
206c4a3909 Ensure no ECDSA keys have key enrichment expected for e2e 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2019-11-05 14:22:25 +00:00
JoshVanL
9c2a37fbfd Remove key encipherment for DNS01 ACME ECDSA certs 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2019-11-05 14:22:25 +00:00
JoshVanL
2bb8bfe07a Adds server auth to Venafi default key usages 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2019-11-05 14:22:25 +00:00
JoshVanL
48afefbeb4 Adds key usage exceptions for vault in e2e tests 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2019-11-05 14:22:25 +00:00
JoshVanL
78196cffe5 If certificate uses Vault or ACME issuer then add server/client auth key 
usages as expected

Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2019-11-05 14:22:25 +00:00
JoshVanL
192566d789 Adds conversion for key usage int to string 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2019-11-05 14:22:25 +00:00
JoshVanL
fca395bb4d Expose non-matching key-usages with string 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2019-11-05 14:22:25 +00:00
JoshVanL
a03560b93a Updates tests to ensure that key usages are correctly checked 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2019-11-05 14:22:25 +00:00
JoshVanL
bca6ebc520 Ensure key usages are set on CertificateRequests created by the 
Certificate controller

Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2019-11-05 14:22:25 +00:00
jetstack-bot
6bf7c0f079
Merge pull request #2261 from munnerz/authz-error-reason 
Surface ACME Challenge failure reason on Challenge resource if available
 2019-11-03 17:23:05 +00:00
JoshVanL
3406f5a465 Ensure we check all the secrets that vault cluster issuers may be 
watching

Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2019-11-01 16:02:57 +00:00
James Munnelly
00ad3446ef Surface ACME Challenge failure reason on Challenge resource if available 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-10-29 09:22:08 +00:00
jetstack-bot
79711c5e34
Merge pull request #2270 from yurrriq/fix-chart 
Chart.yaml: add missing apiVersion
 2019-10-28 15:39:06 +00:00