cert-manager

Author	SHA1	Message	Date
Tim Ramlot	c3b8cbd608	improve comment that explains what removeReqID does and when it fails Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-02-08 17:20:36 +01:00
Tim Ramlot	06b3cd3372	add testcase for nested errors Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-02-08 17:15:28 +01:00
Tim Ramlot	deab9548c0	use errors.Is instead of errors.As Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-02-08 17:15:28 +01:00
Tim Ramlot	893d30d938	migrate to github.com/aws/aws-sdk-go-v2 Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-02-08 17:15:28 +01:00
Tim Ramlot	5b8c1213b6	redact the body of failed authentication requests Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-01-31 10:05:00 +01:00
jetstack-bot	0b33337f1d	Merge pull request #6679 from wallrj/remove-DisableInstanceDiscovery-field Remove unnecessary Azure workload identity setting: DisableInstanceDiscovery: true	2024-01-30 19:45:27 +00:00
Richard Wall	67e06fce78	A hack to DisableInstanceDiscovery during tests Signed-off-by: Richard Wall <richard.wall@venafi.com>	2024-01-30 18:03:05 +00:00
Tim Ramlot	b9dd4903ad	improve error message logging Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-01-30 16:55:37 +01:00
Richard Wall	420d3114df	Remove unnecessary Azure workload identity setting: DisableInstanceDiscovery: true Signed-off-by: Richard Wall <richard.wall@venafi.com>	2024-01-30 15:50:05 +00:00
Tim Ramlot	90cbbc9d87	replace the azcore.ResponseError error message to make it stable across retries Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-01-30 16:20:52 +01:00
Richard Wall	ee5cba487a	Stop using the deprecated SingleInflight field of miekg/dns Signed-off-by: Richard Wall <richard.wall@venafi.com>	2024-01-26 17:53:50 +00:00
Tim Ramlot	9a049532d0	Update Azure SDK and remove deprecated autorest dependency Co-authored-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> Signed-off-by: Philip Laine <philip.laine@gmail.com>	2024-01-12 12:06:34 +01:00
jetstack-bot	4edb4b0ad0	Merge pull request #6619 from ThatsMrTalbot/feat/http-max-body-size feat: limit the size of the body read back from http requests	2024-01-08 20:41:08 +00:00
Adam Talbot	d0ec66237c	feat: limit the size of the body read back from http requests Signed-off-by: Adam Talbot <adam.talbot@venafi.com>	2024-01-08 20:28:01 +00:00
Richard Wall	7bda41c282	Use io instead of deprecated ioutil Signed-off-by: Richard Wall <richard.wall@venafi.com>	2024-01-04 15:05:24 +00:00
Tim Ramlot	950948e465	start using the new 'slices' library and deprecate old util functions Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-01-04 09:32:17 +01:00
Richard Wall	865063594d	Fix gosec 501 Signed-off-by: Richard Wall <richard.wall@venafi.com>	2024-01-02 11:20:16 +00:00
Richard Wall	0ea258327d	Fix gosec G505 Signed-off-by: Richard Wall <richard.wall@venafi.com>	2024-01-02 10:10:11 +00:00
jetstack-bot	c7714e65f0	Merge pull request #6551 from wallrj/gosec-601 Fix gosec G601: Implicit memory aliasing of items from a range statement	2023-12-20 18:21:37 +00:00
Richard Wall	4de9e956e5	Fix gosec G601: Implicit memory aliasing of items from a range statement Signed-off-by: Richard Wall <richard.wall@venafi.com>	2023-12-20 17:25:41 +00:00
Adam Talbot	247a034116	feat: update gateway api to v1 Signed-off-by: Adam Talbot <adam.talbot@venafi.com>	2023-12-18 21:00:42 +00:00
Richard Wall	8bed166858	Add ReadHeaderTimeout to all http.Server where that setting is missing Signed-off-by: Richard Wall <richard.wall@venafi.com>	2023-12-07 11:42:22 +00:00
jetstack-bot	6fddbe538f	Merge pull request #6433 from vinny-sabatini/issue-5782 fix error message when setting up vault issuer	2023-11-14 16:30:01 +01:00
Richard Wall	9b5dd86084	Configure HTTP01 solver Pod with readOnlyRootFilesystem Signed-off-by: Richard Wall <richard.wall@venafi.com>	2023-10-31 14:47:24 +00:00
Vinny Sabatini	d15e55a16c	Update pkg/issuer/vault/setup.go Co-authored-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> Signed-off-by: Vinny Sabatini <vincent.sabatini@gmail.com>	2023-10-24 09:52:52 -05:00
Vinny Sabatini	ef6ef1f0db	additional improvements to vault issuer error messages When initializing a Vault issuer: * Create different error messages depending on if Vault is sealed or not initialized * Do not explicitly parse the Vault server URL (this is covered when trying to access health endpoint) Signed-off-by: Vinny Sabatini <vincent.sabatini@kohls.com>	2023-10-20 16:36:11 -05:00
Vincent Sabatini	298ceb3b2a	fix error message when setting up vault issuer * Ensure Vault URL can be parsed * Separate generic http errors from vault specific errors when checking health endpoint Signed-off-by: Vincent Sabatini <vincent.sabatini@gmail.com>	2023-10-19 08:23:04 -05:00
Maël Valais	d1d92b6398	venafi: ResetCertificate wasn't working Signed-off-by: Maël Valais <mael@vls.dev>	2023-10-06 16:24:15 +02:00
Tim Ramlot	ef3bd7d3b2	upgrade all dependencies Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-09-28 12:07:27 +02:00
Josh Soref	05117f5f75	Add cluster-autoscaler.kubernetes.io/safe-to-evict Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2023-09-14 12:47:04 -04:00
Eng Zer Jun	c274d7e929	refactor: remove redundant nil check From the Go specification: "3. If the map is nil, the number of iterations is 0." [1] Therefore, an additional nil check for before the loop is unnecessary. [1]: https://go.dev/ref/spec#For_range Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>	2023-09-05 19:05:59 +08:00
Tim Ramlot	cf8e37291a	replace k8s.io/utils/pointer with k8s.io/utils/ptr Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-08-28 09:33:10 +02:00
jetstack-bot	15b2643abf	Merge pull request #6253 from fayvori/master Fix messageAppRoleAuthKeyRequired error message	2023-08-17 19:01:31 +02:00
guiyong.ou	3d76c20f51	cleanup: some redundant code clean up Signed-off-by: guiyong.ou <guiyong.ou@daocloud.io>	2023-08-14 17:36:25 +08:00
Ignat Belousov	17c34eaafa	Returned time to each function Signed-off-by: Ignat Belousov <ignat.belousov2000@yahoo.com>	2023-08-10 10:05:37 +02:00
Ignat Belousov	88f1500843	Fix messageAppRoleAuthKeyRequired error message Signed-off-by: Ignat Belousov <ignatbelousov@Ignats-MacBook-Pro.local>	2023-08-10 10:05:37 +02:00
Ashley Davis	a53bec25e7	Update nameserver lookup test to use upstream targets In the long term I don't think this test should be run as a unit test because it can randomly break due to changes in DNS config we don't control, which is a pretty poor user experience for someone trying to change unrelated code. If we're going to run this kind of check, we should probably run it as a periodic rather than a presubmit, perhaps with the test being run on presubmit when the DNS util code is changed. But that's all more work than I can really do now. Instead, I'll copy what the upstream go-lego is doing, which should unblock us for now: `07c4daeff3/challenge/dns01/nameserver_test.go` Signed-off-by: Ashley Davis <ashley.davis@venafi.com>	2023-08-09 09:27:30 +01:00
Tim Ramlot	90f84b9c40	remove VCert fork dependency replace statement Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-07-10 11:26:16 +02:00
Tim Ramlot	5ba29272c0	add validation to pki CertificateTemplate function and add support for add DontAllowInsecureCSRUsageDefinition featuregate to use old behavior in controller Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-07-05 13:04:21 +02:00
Richard Boldiš	2b2ada9491	fix: handle multiple cloudflare dns-01 challenges for the same FQDN Signed-off-by: Richard Boldiš <richard@boldis.dev>	2023-06-27 18:13:35 +02:00
Florian Liebhart	b47c5a1361	update documentation on the DNSQuery function Signed-off-by: Florian Liebhart <flo.liebhart@gmail.com>	2023-06-20 10:36:27 +02:00
Florian Liebhart	ae27bfb0d6	write some unit tests for CAA Validation Signed-off-by: Florian Liebhart <flo.liebhart@gmail.com>	2023-06-19 16:27:00 +02:00
Florian Liebhart	9ddf2bab90	remove HTTPS endpoint for default nameservers; remove DNS-over-TLS Signed-off-by: Florian Liebhart <flo.liebhart@gmail.com>	2023-06-19 16:06:39 +02:00
Tim Ramlot	3a29635c66	add support for DoH and DoT Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-06-19 15:59:40 +02:00
Florian Liebhart	894e1f99d6	fix error for dns endpoint propagation Signed-off-by: Florian Liebhart <flo.liebhart@gmail.com>	2023-06-19 15:32:01 +02:00
Florian Liebhart	a934bbf462	Make the DNS-Over-HTTPS Json endpoint configurable Signed-off-by: Florian Liebhart <flo.liebhart@gmail.com>	2023-06-19 15:32:01 +02:00
Florian Liebhart	857d0aef9e	Add logging for the DNS over HTTPS selfcheck Signed-off-by: Florian Liebhart <flo.liebhart@gmail.com>	2023-06-19 15:32:01 +02:00
Florian Liebhart	fa2f063c28	rebase master Signed-off-by: Florian Liebhart <flo.liebhart@gmail.com>	2023-06-19 15:32:01 +02:00
schrodit	53a5a95d9f	Add enableServiceLink to test pod definition Signed-off-by: schrodit <mail@timschrodi.tech>	2023-06-12 09:54:37 +02:00
schrodit	c9559882c4	Remove service links from http solver pod Signed-off-by: schrodit <mail@timschrodi.tech>	2023-06-12 09:26:22 +02:00

1 2 3 4 5 ...

947 Commits