weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
8,436 Commits 45 Branches 0 Tags 96 MiB
cdba8a7025
Commit Graph

70 Commits

Author SHA1 Message Date
Jeremy Campbell
dc876fef16
Add x509 v3 CA Issuers Extension 
Signed-off-by: Jeremy Campbell <jeremy.campbell@okta.com>
 2023-11-16 12:45:16 -06:00
Tim Ramlot
c70d9aba08
Rename DontAllowInsecureCSRUsageDefinition feature flag to DisallowInsecureCSRUsageDefinition and make it a Beta flag. 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-08-25 15:18:14 +02:00
Tim Ramlot
5ba29272c0
add validation to pki CertificateTemplate function 
and add support for add DontAllowInsecureCSRUsageDefinition featuregate
to use old behavior in controller

Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-07-05 13:04:21 +02:00
Tim Ramlot
e7530880ce
use Version 3 for all Certificates and Version 0 for all CertificateRequests 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-05-11 10:21:55 +02:00
Tim Ramlot
0cf0f80b40
switch to non-deprecated functions in source code 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-05-10 19:22:49 +02:00
irbekrm
7d592a8270 Swap upstream core informers factory with out wrapper 
This does not actually change how the informers work. This also adds a partial metadata client to root context

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-03-22 09:03:16 +00:00
Tim Ramlot
b999749854
improve gen.CSR and use it everywhere 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2022-11-10 09:21:31 +01:00
joshvanl
e804431dba Fire event for informational purposes when the CertificateRequest has not yet been approved. 
Signed-off-by: joshvanl <me@joshvanl.dev>
 2022-10-23 18:04:58 +01:00
Ashley Davis
fb231ab641
Remove bazel 🎉 
This removes all .bazel and .bzl files, and a bunch of scripts relating
to bazel, now that it's been entirely replaced.

There are still a few places where traces could be removed, but this
removes the brunt of the bazel stuff that remains.

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-07-26 11:38:50 +01:00
Ashley Davis
3a055cc2f5
rename all uses of github.com/jetstack/cert-manager 
This was done by running the following command twice:

 ```bash
 grep -Ri "github.com/jetstack/cert-manager" . | \
 cut -d":" -f1 | \
 sort | \
 uniq | \
 xargs sed -i
 "s/github.com\/jetstack\/cert-manager/github.com\/cert-manager\/cert-manager/"
 ```

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2022-02-02 09:08:31 +00:00
joshvanl
bd18c0ed86 Update CertificateRequest controllers to use new controller factory 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2022-01-27 12:51:49 +00:00
Igor Zibarev
f9ceb8a73e Fix some lint issues regarding comments 
References issue #4457

Signed-off-by: Igor Zibarev <zibarev.i@gmail.com>
 2021-11-02 13:57:20 +03:00
Ashley Davis
68f5ceb3b4
Fix manually specified Certificate and CertificateRequest versions 
Basically all modern X.509 certs are version 3, but confusingly to
specify "version 3" in an encoded cert, the version number is actually
2.

For PKCS#10 CSRs, the only valid version is 1, which again
confusingly has the value "0" when encoded.

This was incorrect in many places, including one place in which the
version number on a CSR was used as a certificate's version number,
when the two are entirely unrelated.

Go ignores these values, so there's no functional changes here; still,
it's better to be accurate.

Go ignoring CSR version and specifying 0:
https://cs.opensource.google/go/go/+/refs/tags/go1.17:src/crypto/x509/x509.go;l=1958

Go ignoring Certificate version and specifying 2:
https://cs.opensource.google/go/go/+/refs/tags/go1.17:src/crypto/x509/x509.go;l=1534

PKCS#10 CSR specification in RFC 2986 section 4.1:
https://datatracker.ietf.org/doc/html/rfc2986#section-4

X.509 Cert specification in RFC 5280 section 4.1.2.1:
https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.1

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2021-08-19 14:48:12 +01:00
joshvanl
58a25314f7 Changes CR CA controller to use ECDSA keys 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-05-12 15:07:25 +01:00
joshvanl
ea2cfdc3c9 Updates CA issuer to updates SignCSRTemplate and propagate CA 
certificate down

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-05-12 14:22:59 +01:00
Jake Sanders
eab7c954a2
Use %v to log errors 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-05-05 16:28:46 +01:00
Jake Sanders
bab9efaa8f
staticcheck: package imported more than once 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-05-04 14:58:23 +01:00
Jake Sanders
0625249fc7
errcheck: Error return value of controller.Register is not checked 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-05-04 14:14:48 +01:00
joshvanl
e05adbf06b Remove expected events when Ready Denied condition set 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-04-09 18:20:07 +01:00
joshvanl
50a84eaf1d Sets the Ready condition to False when a request is Denied 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-04-09 15:34:32 +01:00
joshvanl
32d0c5af4e Updates Approved/Denied tests for new reasons 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
a3e63b1787 Update CertificateRequest controllers to use new Denied type, and add 
tests for when a CertificateRequest is denied

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
e62e8c517b Updates CertificateRequest signer tests to check Approved behaviour 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
Maël Valais
f6cb6b8787 ocspServers test: give a link to the TODO issue 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-03-05 16:57:38 +01:00
Maël Valais
97893e1c69 PR comment: fix misspelling 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-03-05 16:42:48 +01:00
Maël Valais
0facd3bdd4 ocspServers field: fix flaky unit test 
Truncating the time to the second did not seem to be enough. Some CI
builds would fail due to the truncation yielding different times.

Instead of truncating, I propose to use a delta of 1 second.

Signed-off-by: Maël Valais <mael@vls.dev>
 2021-03-04 17:20:51 +01:00
Maël Valais
e7b3e6c4e5 PR comment: no more "return" in test code 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Irbe Krumina <irbekrm@gmail.com>
 2021-03-01 14:12:02 +01:00
Maël Valais
dc4f0a34e9 PR comment: compare time.Time instead of strings 
Also removed the unused "givenNamespace"

Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Irbe Krumina <irbekrm@gmail.com>
 2021-02-25 10:28:56 +01:00
Maël Valais
e50f26fc97 PR comment: fix notAfter test case using time.Truncate 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Irbe Krumina <irbekrm@gmail.com>
 2021-02-24 15:07:54 +01:00
Maël Valais
c9dcae2313 ocspServers field: add unit test 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-02-24 11:05:59 +01:00
Maël Valais
ba22785445 Rename ocspServer to oscpServers 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: James Munnelly <james@munnelly.eu>
 2021-02-03 11:13:32 +01:00
Hugo Stijns
5f18cce622 add option to specify OCSP server 
Signed-off-by: Hugo Stijns <hugo@boosboos.net>
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-02-03 09:09:03 +01:00
Maartje Eyskens
ab0cd57dc5 Use The cert-manager Authors. 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-12-11 19:04:13 +01:00
Maartje Eyskens
1788a9d758 Update copyright to cert-manager project 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-12-08 19:04:49 +01:00
Richard Wall
81eb53f597 ./hack/update-all.sh 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-08-20 14:28:06 +01:00
Richard Wall
a70298180a Run a script to update v1alpha2 usage to v1 
Script is available at https://github.com/jetstack/cert-manager/pull/3201

Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-08-20 14:26:51 +01:00
Maartje Eyskens
827ce9c5ad Revert log levels on errors 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-08-12 10:59:42 +02:00
Maartje Eyskens
86dee5ed41 Set error log levels 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-08-12 10:59:41 +02:00
Maartje Eyskens
fecd0b3518 Set all log levels for info 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-08-12 10:59:41 +02:00
jetstack-bot
35add56ef5
Merge pull request #2625 from srbraun/crl 
adds option to specify CRL Distribution Point. #2612
 2020-03-23 13:33:32 +00:00
Sergey Braun
9b76cdd402
adds CDP field and description to CA issuer 
Signed-off-by: Sergey Braun <dev@skra.space>
 2020-03-19 12:52:43 +01:00
Josh Soref
81aaf3d7d2 spelling: signing 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2020-02-24 17:20:49 -05:00
Josh Soref
08f7e24c74 spelling: invalid 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2020-02-24 16:43:19 -05:00
JoshVanL
b989f4e604
Remove cert-manager core issuers from marking CR as InvalidRequest 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2020-01-17 13:35:05 +00:00
JoshVanL
1c9557b729
Adds InvalidRequest condition set to CertificateRequest controllers 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2020-01-09 15:13:54 +00:00
JoshVanL
de7aaa84d3 Update CertificateRequest controller unit tests 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2019-11-19 22:09:01 +00:00
JoshVanL
94d077a5fb Adds status sub resource and changes updates 
Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2019-09-30 13:47:50 +01:00
James Munnelly
973f4aa424 Update codebase for external dependencies 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-09-26 12:52:43 +01:00
James Munnelly
bf9fbea23f Update codebase for new meta apigroup 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-09-20 19:25:04 +01:00
James Munnelly
58754abf37 Refactor codebase for v1alpha2 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2019-09-20 16:22:43 +01:00