weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
5,199 Commits 45 Branches 0 Tags 96 MiB
bbafeeef67
Commit Graph

319 Commits

Author SHA1 Message Date
joshvanl
85ff4301b8 Passes through request context of webhook to admission functions 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-04-03 13:19:01 +01:00
jetstack-bot
e29a3df86d
Merge pull request #3785 from JoshVanL/approval-subject-access-review 
Approval subject access review
 2021-04-01 08:00:39 +01:00
joshvanl
46f1d853f5 Adds comment about why we convert CRs into internal types when 
validating approval

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-30 15:33:27 +01:00
irbekrm
81a8588b91 Bumps versions of Gazelle, go_rules, Kazel, protobuf 
Signed-off-by: irbekrm <irbekrm@gmail.com>

Bumps versions of Gazelle, go_rules, Kazel and protobuf

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-03-29 08:25:12 +01:00
joshvanl
820b8556a3 Fix go linting 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-26 17:41:42 +00:00
joshvanl
55e74c3e02 Update bazel build files 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-26 17:28:14 +00:00
joshvanl
4be73eaec0 Add plugins to webhook server 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-26 17:26:28 +00:00
joshvanl
3ecef47b2a Remove SubjectAccessReview validation registry 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-26 17:26:28 +00:00
joshvanl
29a7a90d85 Remove old approval SAR registry 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-26 17:26:28 +00:00
joshvanl
8380569470 Move approval validation to new internal webhook admission plugin 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-26 17:26:28 +00:00
joshvanl
746cd7460b Updates approval review comment to correctly state cluster scope and 
issuer name

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-26 17:26:28 +00:00
joshvanl
d69e798b83 Update validation approved tests for new string 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-26 17:26:28 +00:00
joshvanl
ed22fb99f6 Change approved/denied forbidden error to read better for EU 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-26 17:26:28 +00:00
joshvanl
92c6ce88bb Register approval checks with validation init registration 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-26 17:26:28 +00:00
joshvanl
53cb1835f7 Adds SubjectAccessReview registry to the validation Registry 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-26 17:26:28 +00:00
joshvanl
78aba9c01f Adds approval condition SubjectAccessReview check 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-26 17:26:28 +00:00
jetstack-bot
bad96f5102
Merge pull request #3582 from lalitadithya/vault_health_check_and_namespace_fix 
Vault health check and namespace fix
 2021-03-26 15:20:58 +00:00
jetstack-bot
a8c75fab1a
Merge pull request #3773 from JoshVanL/certificate-revision-history-limit 
Certificate revision history limit
 2021-03-26 11:13:58 +00:00
joshvanl
59ca6ca850 Move CertificateRequest revisionHistoryLimit validation to OpenAPI 
validation

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-23 15:58:14 +00:00
lalit@lalitadithya.com
127acfc7e1 Fix null pointer in tests 
Signed-off-by: lalit@lalitadithya.com <lalit@lalitadithya.com>
 2021-03-17 19:03:16 +05:30
lalit@lalitadithya.com
b654eaf564 Fix broken test build 
Signed-off-by: lalit@lalitadithya.com <lalit@lalitadithya.com>
 2021-03-17 19:03:16 +05:30
lalit@lalitadithya.com
1858692619 Add vault namespace to requestTokenWithKubernetesAuth 
Signed-off-by: lalit@lalitadithya.com <lalit@lalitadithya.com>
 2021-03-17 19:03:15 +05:30
lalit@lalitadithya.com
22fcbcfa2f Append headers instead of replacing them when headers is not nil 
Signed-off-by: lalit@lalitadithya.com <lalit@lalitadithya.com>
 2021-03-17 19:03:15 +05:30
lalit@lalitadithya.com
df80da0838 Fix typo 
Signed-off-by: lalit@lalitadithya.com <lalit@lalitadithya.com>
 2021-03-17 19:03:15 +05:30
Lalit Adithya
917b9b2b98 Checking if vault is unsealed and active using the HTTP endpoint 
Signed-off-by: lalit@lalitadithya.com <lalit@lalitadithya.com>
 2021-03-17 19:03:08 +05:30
Lalit Adithya
3343c69be8 Added X-VAULT-NAMESPACE header for the requestTokenWithAppRoleRef API call 
Signed-off-by: lalit@lalitadithya.com <lalit@lalitadithya.com>
 2021-03-17 18:53:44 +05:30
joshvanl
65acf10858 Don't log error output in approver when CertificateRequest is deleted 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
b9646a832e Updates certificate request validation to use new signature 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
32d0c5af4e Updates Approved/Denied tests for new reasons 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
98a33791e4 Remove CertificateRequest Approve/Deny Reasons 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
4e042011e6 Adds CertificateRequest approval condition validation to ensure: 
- Only a single Approve _or_ Deny condition may exist
- They cannot be modified once set
- They must always have a status of `True`

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
417b947733 Updates CertificateRequest conditions to include a distinct 'Denied' 
condition type

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
d61ccb1730 Adds CertificateRequest Approved condition type, with Approved and 
Denied Reasons

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
ba50140aa2 Updates generated clients 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-15 15:04:00 +00:00
joshvanl
f905f6a2aa Adds ObservedGeneration to issuer condition status 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-15 15:04:00 +00:00
joshvanl
486cca9a19 Add RevisionHistoryLimit validation to enforce values of 1 or greater 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-15 14:53:55 +00:00
joshvanl
9c71814bdc Updates generated API machinery 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-15 14:53:55 +00:00
joshvanl
0f6c4795ac Adds RevisionHistoryLimit field to Certificate 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-15 14:53:55 +00:00
jetstack-bot
70c66e02a0
Merge pull request #3641 from JoshVanL/certificate-request-identity 
CertificateRequest UserInfo fields
 2021-03-15 14:26:15 +00:00
joshvanl
4dd6d19011 Adds review comment suggestions/cleanup 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-11 19:12:02 +00:00
jetstack-bot
c2634d3538
Merge pull request #3613 from JoshVanL/certificate-condition-observed-generation 
Certificate condition observed generation
 2021-03-08 09:47:45 +00:00
Josh Soref
3b957488c3 spelling: will 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-03-04 13:04:38 -05:00
joshvanl
6b551b2add Updates generated conversion for OverservedGeneration 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-04 17:03:26 +00:00
joshvanl
efdb73b446 Adds ObservedGeneration int64 field to Certificate Conditions 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-04 17:03:26 +00:00
joshvanl
25f2a0579f Make annotations only immutable when they belong to acme.cert-manager.io 
and cert-manager.io

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-02-17 10:02:16 +00:00
joshvanl
cdeca6a9f4 Updates testdata to use new validation function signature. Updates 
registry and scheme install

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-02-08 19:14:35 +00:00
joshvanl
77d382c355 Updates validation functions to use new admission request signature. 
Updates installs to include mutation and identity

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-02-08 19:09:58 +00:00
joshvanl
d043a6ada6 Updates CertificateRequest validation to make the resource immutable 
upon creation. The spec and metadata.annotation fields cannot be
changed after creation

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-02-08 19:08:54 +00:00
joshvanl
66276927f6 Adds internal identity validation and mutation functions, and registers 
with registries

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-02-08 19:07:39 +00:00
joshvanl
c09f47afed Updates internal validation function registry to include admission 
request

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-02-08 19:06:37 +00:00