weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
8,397 Commits 45 Branches 0 Tags 96 MiB
bd7e4f00a0
Commit Graph

1305 Commits

Author SHA1 Message Date
Richard Wall
1f3f627ac1 Skip the OtherNames conformance tests on Venafi Cloud 
Until such time as we configure the server to allow us to use those fields.

Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2024-01-17 14:46:35 +00:00
Richard Wall
f333a69df1 Read admin groups from the client certificate instead of hard coding them 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2024-01-17 12:00:29 +00:00
Richard Wall
8189bc1c61 Update cmd/ctl's go.mod to v1.14.0-alpha.1 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2024-01-12 15:26:04 +00:00
SpectralHiss
a517dcd086 Require feature gate in otherName SAN cert e2e 
Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2024-01-12 14:52:51 +00:00
Richard Wall
0dcb758119 Create a dedicated Admin user for use in tests 
Instead of relying on the default user which is deprecated.

Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2024-01-11 16:02:06 +00:00
jetstack-bot
a1c134e78c
Merge pull request #6574 from ThatsMrTalbot/tls-metrics-endpoint 
feat: add tls to metrics endpoint
 2024-01-10 14:48:17 +00:00
Richard Wall
38288e530a Work around bugs in vault-client-sdk 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2024-01-09 14:56:42 +00:00
Richard Wall
a2b5ef4ac7 make update-licenses 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2024-01-09 13:56:35 +00:00
Richard Wall
3f75290e04 Use vault-client-go instead 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2024-01-09 13:36:37 +00:00
SpectralHiss
ddbdb16575 Fix e2e validation test error message assertion 
Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2024-01-09 09:31:52 +00:00
Tim Ramlot
224cf06208
use k8s.io/apimachinery/pkg/util/sets for FeatureSet 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-05 19:19:10 +01:00
Tim Ramlot
253e6b0bc0
replace util contains function with slices.Contains 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-05 11:57:44 +01:00
Adam Talbot
d27fcc2762 refactor: refactored metrics server code into internal package 
Signed-off-by: Adam Talbot <adam.talbot@venafi.com>
 2024-01-04 15:49:25 +00:00
Tim Ramlot
8ca617a8ea
replace custom util function with k8s.io/apimachinery/util/sets 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-04 14:38:30 +01:00
jetstack-bot
24d0fddec5
Merge pull request #6593 from inteon/use_slices 
Use slices go library
 2024-01-04 13:36:02 +00:00
Richard Wall
014aad52ea Update cmd/ctl's go.mod to v1.14.0-alpha.0 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2024-01-04 10:01:25 +00:00
Tim Ramlot
950948e465
start using the new 'slices' library and deprecate old util functions 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-04 09:32:17 +01:00
Tim Ramlot
8111b43b10
stop relying on context.DeadlineExceeded error in tests 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-03 16:18:35 +01:00
Tim Ramlot
790a824a49
bump dependencies 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-03 16:18:35 +01:00
jetstack-bot
cc8925ae9f
Merge pull request #6404 from SpectralHiss/hef/otherNameSANs 
Other name sans support in Certificates
 2024-01-03 14:16:23 +00:00
SpectralHiss
7350863d8a Add order agnostic matcher for SANs 
* This is to ensure Vault conformance passes since it outputs SANs in
  different order to other issuers
* Matcher was tested manually only we will add tests to it in future

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2024-01-03 09:13:11 +00:00
Richard Wall
19ade4b79e Replace all calls to RandStringBytes and RandStringRunes 
With k8s.io/apimachinery/pkg/util/rand#String instead

Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2024-01-02 15:41:07 +00:00
SpectralHiss
7f349eff69 Allow other SANS in Vault e2e framework 
* This is to enable conformance testing of the otherName alpha feature

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2024-01-02 09:28:10 +00:00
Tim Ramlot
a24b2466d3
upgrade golang.org/x/crypto 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-02 10:03:19 +01:00
SpectralHiss
7b9670120c The sample issuer won't work with OtherName CSR 
* The sample code leverages standard library only
* It does not leverage util/pki from cert-manager nor issuer-lib

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2024-01-02 08:47:32 +00:00
Adam Talbot
ae143c15f6 feat: add tls to metrics endpoint 
Signed-off-by: Adam Talbot <adam.talbot@venafi.com>
 2023-12-27 17:15:00 +00:00
SpectralHiss
1b48cb664b Fix csr_test.go critical SAN on tests without Subjects 
* Also fixed the conformance e2e test by including a Subject and
  matching the values

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-21 18:44:49 +00:00
SpectralHiss
c59037a19b Simplify e2e test fixture for otherName 
* Fix Bug in critical on empty subject logic

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-21 17:48:50 +00:00
SpectralHiss
120240fec2 Add critical extension to only SAN 
Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-21 12:06:33 +00:00
jetstack-bot
d9252716da
Merge pull request #6562 from ThatsMrTalbot/fix/normalise-install-flags 
fix: normalise install flags to match other commands
 2023-12-21 08:37:11 +00:00
jetstack-bot
c7714e65f0
Merge pull request #6551 from wallrj/gosec-601 
Fix gosec G601: Implicit memory aliasing of items from a range statement
 2023-12-20 18:21:37 +00:00
Tim Ramlot
0dabd1f008
refactor code, deduplicating init logic across install and uninstall 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-12-20 18:54:01 +01:00
Richard Wall
4de9e956e5 Fix gosec G601: Implicit memory aliasing of items from a range statement 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2023-12-20 17:25:41 +00:00
SpectralHiss
78d6e1b491 Add OtherNames e2e test to conformance suite 
Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-20 15:29:31 +00:00
SpectralHiss
e7f29f8bb3 UTF8Value -> utf8Value in CRD JSON schema 
* Still following Go standard with UTF8Value for struct field name

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-20 08:30:54 +00:00
SpectralHiss
c87a2f6691 Add early feedback validation for otherName syntax and tests 
* Fixed warning

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-19 20:02:02 +00:00
Adam Talbot
247a034116 feat: update gateway api to v1 
Signed-off-by: Adam Talbot <adam.talbot@venafi.com>
 2023-12-18 21:00:42 +00:00
SpectralHiss
4bdee5f010 Rename otherNameSANs to otherNames 
* Improve the CRD godoc comments

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-13 16:21:56 +00:00
Tim Ramlot
721f71ed60 Refactor the solution 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-12-13 09:37:21 +00:00
Tim Ramlot
bfd9a65160 Add OtherNameSANs field to Certificates 
* Added an otherName SAN extension mechanism
* Can take any otherName OID with String (UTF-8) like value
* cf [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) p 37 for
  more info
* otherName is only a subset of GeneralName, our specific need for for
  UserPrincipalName used in Microsoft AD/ LDAP
* We treat UPN special but we might remove this in a later commit

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-13 09:12:23 +00:00
Tim Ramlot
6f7ebbed7b
replace deprecated pkcs12 function call with pkcs12.LegacyRC2 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-11-27 12:32:19 +01:00
Tim Ramlot
99d473bbf1
bump the go-jose dependency 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-11-24 14:32:53 +01:00
Tim Ramlot
aa23a7e973
bump docker to fix cve alert 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-11-15 22:29:04 +01:00
Tim Ramlot
c953e48b7e
fix CVE alert 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-11-15 15:04:59 +01:00
Ashley Davis
96e081fbd3
regenerate hardcoded certs 
fixes #6476

Signed-off-by: Ashley Davis <ashley.davis@venafi.com>
 2023-11-14 13:26:24 +00:00
jetstack-bot
d2f6bbe579
Merge pull request #6028 from inteon/fix_scheme_errors 
Stop using global runtime.Scheme variables
 2023-11-06 22:57:09 +01:00
Tim Ramlot
4c94f3ef10
create ad-hoc schemes instead of sharing global ones 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-11-06 21:58:24 +01:00
Tim Ramlot
d756311b2e
bump grpc library version to fix CVE alert 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-10-27 13:14:02 +02:00
Ashley Davis
e514b1acf8
bump golang.org/x/net v0.15.0 => v0.17.0 
part of addressing CVE-2023-44487 / CVE-2023-39325
(which, again, we're not super concerned about)

Signed-off-by: Ashley Davis <ashley.davis@venafi.com>
 2023-10-19 09:47:18 +01:00
Tim Ramlot
e63d061269
add tests 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-10-11 13:48:01 +02:00