weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
8,397 Commits 45 Branches 0 Tags 96 MiB
bd7e4f00a0
Commit Graph

814 Commits

Author SHA1 Message Date
Richard Wall
1f3f627ac1 Skip the OtherNames conformance tests on Venafi Cloud 
Until such time as we configure the server to allow us to use those fields.

Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2024-01-17 14:46:35 +00:00
Richard Wall
f333a69df1 Read admin groups from the client certificate instead of hard coding them 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2024-01-17 12:00:29 +00:00
SpectralHiss
a517dcd086 Require feature gate in otherName SAN cert e2e 
Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2024-01-12 14:52:51 +00:00
Richard Wall
38288e530a Work around bugs in vault-client-sdk 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2024-01-09 14:56:42 +00:00
Richard Wall
a2b5ef4ac7 make update-licenses 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2024-01-09 13:56:35 +00:00
Richard Wall
3f75290e04 Use vault-client-go instead 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2024-01-09 13:36:37 +00:00
SpectralHiss
ddbdb16575 Fix e2e validation test error message assertion 
Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2024-01-09 09:31:52 +00:00
Tim Ramlot
224cf06208
use k8s.io/apimachinery/pkg/util/sets for FeatureSet 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-05 19:19:10 +01:00
Tim Ramlot
253e6b0bc0
replace util contains function with slices.Contains 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-05 11:57:44 +01:00
Tim Ramlot
8ca617a8ea
replace custom util function with k8s.io/apimachinery/util/sets 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-04 14:38:30 +01:00
Tim Ramlot
950948e465
start using the new 'slices' library and deprecate old util functions 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-04 09:32:17 +01:00
Tim Ramlot
8111b43b10
stop relying on context.DeadlineExceeded error in tests 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-03 16:18:35 +01:00
Tim Ramlot
790a824a49
bump dependencies 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-03 16:18:35 +01:00
jetstack-bot
cc8925ae9f
Merge pull request #6404 from SpectralHiss/hef/otherNameSANs 
Other name sans support in Certificates
 2024-01-03 14:16:23 +00:00
SpectralHiss
7350863d8a Add order agnostic matcher for SANs 
* This is to ensure Vault conformance passes since it outputs SANs in
  different order to other issuers
* Matcher was tested manually only we will add tests to it in future

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2024-01-03 09:13:11 +00:00
Richard Wall
19ade4b79e Replace all calls to RandStringBytes and RandStringRunes 
With k8s.io/apimachinery/pkg/util/rand#String instead

Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2024-01-02 15:41:07 +00:00
SpectralHiss
7f349eff69 Allow other SANS in Vault e2e framework 
* This is to enable conformance testing of the otherName alpha feature

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2024-01-02 09:28:10 +00:00
Tim Ramlot
a24b2466d3
upgrade golang.org/x/crypto 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-02 10:03:19 +01:00
SpectralHiss
7b9670120c The sample issuer won't work with OtherName CSR 
* The sample code leverages standard library only
* It does not leverage util/pki from cert-manager nor issuer-lib

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2024-01-02 08:47:32 +00:00
SpectralHiss
1b48cb664b Fix csr_test.go critical SAN on tests without Subjects 
* Also fixed the conformance e2e test by including a Subject and
  matching the values

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-21 18:44:49 +00:00
SpectralHiss
c59037a19b Simplify e2e test fixture for otherName 
* Fix Bug in critical on empty subject logic

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-21 17:48:50 +00:00
SpectralHiss
120240fec2 Add critical extension to only SAN 
Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-21 12:06:33 +00:00
jetstack-bot
c7714e65f0
Merge pull request #6551 from wallrj/gosec-601 
Fix gosec G601: Implicit memory aliasing of items from a range statement
 2023-12-20 18:21:37 +00:00
Richard Wall
4de9e956e5 Fix gosec G601: Implicit memory aliasing of items from a range statement 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2023-12-20 17:25:41 +00:00
SpectralHiss
78d6e1b491 Add OtherNames e2e test to conformance suite 
Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-20 15:29:31 +00:00
SpectralHiss
e7f29f8bb3 UTF8Value -> utf8Value in CRD JSON schema 
* Still following Go standard with UTF8Value for struct field name

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-20 08:30:54 +00:00
SpectralHiss
c87a2f6691 Add early feedback validation for otherName syntax and tests 
* Fixed warning

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-19 20:02:02 +00:00
Adam Talbot
247a034116 feat: update gateway api to v1 
Signed-off-by: Adam Talbot <adam.talbot@venafi.com>
 2023-12-18 21:00:42 +00:00
SpectralHiss
4bdee5f010 Rename otherNameSANs to otherNames 
* Improve the CRD godoc comments

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-13 16:21:56 +00:00
Tim Ramlot
721f71ed60 Refactor the solution 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-12-13 09:37:21 +00:00
Tim Ramlot
bfd9a65160 Add OtherNameSANs field to Certificates 
* Added an otherName SAN extension mechanism
* Can take any otherName OID with String (UTF-8) like value
* cf [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) p 37 for
  more info
* otherName is only a subset of GeneralName, our specific need for for
  UserPrincipalName used in Microsoft AD/ LDAP
* We treat UPN special but we might remove this in a later commit

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-13 09:12:23 +00:00
Tim Ramlot
99d473bbf1
bump the go-jose dependency 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-11-24 14:32:53 +01:00
Tim Ramlot
c953e48b7e
fix CVE alert 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-11-15 15:04:59 +01:00
Ashley Davis
96e081fbd3
regenerate hardcoded certs 
fixes #6476

Signed-off-by: Ashley Davis <ashley.davis@venafi.com>
 2023-11-14 13:26:24 +00:00
Tim Ramlot
4c94f3ef10
create ad-hoc schemes instead of sharing global ones 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-11-06 21:58:24 +01:00
Ashley Davis
e514b1acf8
bump golang.org/x/net v0.15.0 => v0.17.0 
part of addressing CVE-2023-44487 / CVE-2023-39325
(which, again, we're not super concerned about)

Signed-off-by: Ashley Davis <ashley.davis@venafi.com>
 2023-10-19 09:47:18 +01:00
Tim Ramlot
e63d061269
add tests 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-10-11 13:48:01 +02:00
Richard Wall
a02c36fb94 Upgrade to the latest chart version 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2023-10-05 15:28:46 +01:00
Richard Wall
b8eda230bc Use OpenShift Vault Helm chart settings 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2023-10-05 15:28:46 +01:00
Richard Wall
4497ad5103 MAKELEVEL was a bad choice which prevents me running the e2e.test binary from my OLM Makefile 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2023-10-05 15:28:46 +01:00
Richard Wall
0b7f36a10a Allow the E2E tests to run on clusters that have not been prepared by the Makefile 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2023-10-04 16:58:41 +01:00
Tim Ramlot
ef3bd7d3b2
upgrade all dependencies 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-09-28 12:07:27 +02:00
Tim Ramlot
6916dbec34
fix go-restful 'DO NOT USE' version 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-09-26 13:40:05 +02:00
Tim Ramlot
9749f1253d
upgrade dependencies 
Co-authored-by: Paul Merrison <paul@tetrate.io>
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-09-12 11:38:10 +02:00
Tim Ramlot
cf8e37291a
replace k8s.io/utils/pointer with k8s.io/utils/ptr 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-08-28 09:33:10 +02:00
Tim Ramlot
2d83af777b
upgrade to k8s 1.28.1 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-08-25 17:39:02 +02:00
Tim Ramlot
3fc1f8a580
upgrade all dependencies 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-08-24 19:54:25 +02:00
Tim Ramlot
df0d6f22a3
cleanup go imports 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-08-10 09:48:14 +02:00
Tim Ramlot
82ec7b3ee0
downgrade k8s.io/kube-openapi 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-07-24 09:53:13 +02:00
Tim Ramlot
19918da4c8
run 'make update-licenses' 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-07-24 09:38:27 +02:00