weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
8,879 Commits 45 Branches 0 Tags 96 MiB
c58b08e7b7
Commit Graph

3469 Commits

Author SHA1 Message Date
Tim Ramlot
c58b08e7b7
pki match: remove return values that are always nil 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-07-02 13:38:35 +02:00
Yuedong Wu
df37eba376 fix API fields description for venafi tpp 
Signed-off-by: Yuedong Wu <dwcn22@outlook.com>
 2024-07-01 20:55:51 +08:00
cert-manager-prow[bot]
50abeda40d
Merge pull request #6987 from cbroglie/renew-before-pct 
feat: Add renewBeforePercentage alternative to renewBefore
 2024-07-01 09:45:23 +00:00
Christopher Broglie
0f74d7536e Add renewBeforePercentage alternative to renewBefore 
Since the actual duration is unknown until a cert has been issued,
providing an absolute duration for renewBefore can result in accidental
renewal loops. The new renewBeforePercentage field computes the
effective renewBefore using the actual duration, allowing users to
better express intent while maintaining backwards compatibility.

Fixes #4423, resolves #5821

Signed-off-by: Christopher Broglie <cbroglie@cloudflare.com>
 2024-06-29 21:18:15 -07:00
Tim Ramlot
e906cb8db0
BUGFIX: Venafi issuer and clusterissuer checks were failing due to nilpointer exception 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-28 10:03:43 +02:00
cert-manager-prow[bot]
837c6a1e06
Merge pull request #7036 from fidelity-contributions/feature/5514-venafi-issuer-ca-ref-support 
Feature/5514 - Add SecretRef support for venafi TPP issuer CA Bundle
 2024-06-24 14:18:20 +00:00
Gabi Davar
52be4c0945
reduced go metrics to default minimum. 
Signed-off-by: Gabi Davar <grizzly.nyo@gmail.com>
 2024-06-21 15:07:57 +03:00
Gabi Davar
531b1f1d59
Expose Prometheus process and go runtime metrics. 
Signed-off-by: Gabi Davar <grizzly.nyo@gmail.com>
 2024-06-21 10:31:35 +03:00
Tim Ramlot
7572d3075f
add testcase 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-20 13:35:06 +02:00
Tim Ramlot
9e649cc8f1
only retry when encountering a Vault non-InvalidData error 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-20 13:35:02 +02:00
Tim Ramlot
03e1db1b77
BUGFIX: retry signing when encountering transient error 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-19 06:06:11 +02:00
cert-manager-prow[bot]
9f8707d0f8
Merge pull request #4330 from joshmue/vault_client_cert_auth 
Add client certificate auth method for Vault issuer
 2024-06-18 12:19:57 +00:00
cert-manager-prow[bot]
d44f654185
Merge pull request #7094 from inteon/upgrade_deps 
Upgrade dependencies
 2024-06-17 12:24:56 +00:00
Tim Ramlot
363a63ac96
Add client certificate authentication for Vault issuers 
Co-authored-by: Maël Valais <mael@vls.dev>
Signed-off-by: Joshua Mühlfort <muehlfort@gonicus.de>
 2024-06-17 09:16:26 +02:00
Tim Ramlot
e0cdfd37bf
introduce gen.CSRForCertificate and gen.CSRWithSignerForCertificate and use it to deduplicate test code 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-14 15:53:18 +02:00
Sankalp Yengaldas
85094e17be add error check for venafiTPP CA 
Signed-off-by: Sankalp Yengaldas <sankalp.yb@fmr.com>
 2024-06-14 05:07:44 -04:00
Tim Ramlot
8c6168b40a
replace deprecated function call 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-06-13 21:03:05 +02:00
Adam Talbot
934d4196ab feat: normalize azure errors 
Signed-off-by: Adam Talbot <adam.talbot@venafi.com>
 2024-06-13 14:52:28 +01:00
Tim Ramlot
18b701b73e
overhaul of startupapicheck: add checks that mutation and validation work and add extensive testing 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-05-30 15:54:08 +02:00
cert-manager-prow[bot]
a26a0a856f
Merge pull request #6821 from inteon/bump_deps 
Bump all dependencies
 2024-05-21 09:06:59 +00:00
Tim Ramlot
c1fe43efe7
bump code generators 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-05-17 19:14:03 +02:00
cert-manager-prow[bot]
055f08d67e
Merge pull request #7015 from inteon/support_duration_string 
Support duration strings in config API
 2024-05-17 13:19:52 +00:00
Tim Ramlot
085c63dd9a
apply PR feedback: add kubebuilder annotations 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-05-17 14:20:28 +02:00
cert-manager-prow[bot]
d04fecf112
Merge pull request #7014 from inteon/improve_config_validation 
Improve config validation
 2024-05-17 09:43:53 +00:00
cert-manager-prow[bot]
a9b28df5bc
Merge pull request #7030 from inteon/promote_literalsubject_to_beta 
Promote the LiteralCertificateSubject feature to Beta
 2024-05-14 17:01:51 +00:00
Tim Ramlot
e51f4a46db
update CRD field comments 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-05-14 17:49:56 +02:00
cert-manager-prow[bot]
7db560c595
Merge pull request #6351 from eplightning/azure-concurrency 
Handle multiple concurrent Azure DNS01 challenges for the same FQDN
 2024-05-14 15:43:50 +00:00
Tim Ramlot
b4dc162156
Complete validation logic for config API and obtain 100% coverage for its tests. 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-05-14 17:31:37 +02:00
Tim Ramlot
60324bcb5e
Add support for duration values in "Go time.ParseDuration" format. 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-05-14 17:31:23 +02:00
cert-manager-prow[bot]
ac287e1f26
Merge pull request #7013 from inteon/deduplicate_shared_config 
Deduplicate shared config API structs
 2024-05-14 14:28:50 +00:00
cert-manager-prow[bot]
1e0a1ae1aa
Merge pull request #6775 from inteon/support_oid_in_literal_subject 
LiteralSubject: Add support for numeric OID subject attribute type
 2024-05-14 11:24:50 +00:00
cert-manager-prow[bot]
cd2d71f670
Merge pull request #6878 from pwhitehead-splunk/support-assume-role-with-web-identity 
support assumeRoleWithWebIdentity for Route53 issuer
 2024-05-14 09:31:50 +00:00
Tim Ramlot
cfe974b775
deduplicate shared config API structs 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-05-14 09:28:10 +02:00
Paul Whitehead
44f79d6c47 better handling of nil structs 
Signed-off-by: Paul Whitehead <pwhitehead@splunk.com>
 2024-05-13 09:44:12 -06:00
Tim Ramlot
0a45298971
improve tests based on review 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-05-10 20:44:07 +02:00
Tim Ramlot
9d1c959a1e
LiteralSubject: add support for literal oid type values 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-05-10 20:44:07 +02:00
Bartosz Slawianowski
0f6eaa9ab8 Fix lint 
Signed-off-by: Bartosz Slawianowski <bartosz.slawianowski@natzka.com>
 2024-05-10 11:28:28 +02:00
Bartosz Slawianowski
c180fefc9c Remove unnecessary AWS SDK dependency 
Signed-off-by: Bartosz Slawianowski <bartosz.slawianowski@natzka.com>
 2024-05-10 11:08:43 +02:00
Bartosz Slawianowski
747d88ce66 Rewrite to new Azure SDK 
Signed-off-by: Bartosz Slawianowski <bartosz.slawianowski@natzka.com>
 2024-05-10 11:07:00 +02:00
Bartosz Slawianowski
53f73d5891 Fix error handling and add basic test 
Signed-off-by: Bartosz Slawianowski <bartosz.slawianowski@natzka.com>
 2024-05-10 10:34:31 +02:00
Bartosz Slawianowski
dead7c2211 feat: Support concurrent updates for Azure DNS 
Signed-off-by: Bartosz Slawianowski <bartosz.slawianowski@natzka.com>
 2024-05-10 10:34:30 +02:00
Paul Whitehead
8bed53266e move token to constant 
Signed-off-by: Paul Whitehead <pwhitehead@splunk.com>
 2024-05-09 15:15:09 -06:00
Tim Ramlot
81232c2fe3
revert in-tree ParseDN function now that upstream ParseDN function has been fixed 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-05-09 21:41:09 +02:00
Tim Ramlot
d0e635fc36
remove deprecated ParseSubjectStringToRawDERBytes function & refactor and move tests 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-05-08 18:05:25 +02:00
Paul Whitehead
910ca56d58 fix golangci linting 
Signed-off-by: Paul Whitehead <pwhitehead@splunk.com>
 2024-05-07 14:00:04 -06:00
pwhitehead
35571e014d refactor to use token request API 
Signed-off-by: Paul Whitehead <pwhitehead@splunk.com>
 2024-05-07 11:11:21 -06:00
Paul Whitehead
528428b31f support assumeRoleWithWebIdentity for Route53 issuer 
Signed-off-by: Paul Whitehead <pwhitehead@splunk.com>

fix test signature
 2024-05-07 11:10:17 -06:00
Tim Ramlot
1248be8bba
add contextcheck linter exceptions 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-05-07 12:37:04 +02:00
Tim Ramlot
de54201f69
fix noctx linter 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-05-07 12:19:41 +02:00
Tim Ramlot
52320fbeea
fix contextcheck linter 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-05-07 12:19:41 +02:00