weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
8,331 Commits 45 Branches 0 Tags 96 MiB
d186b61414
Commit Graph

1293 Commits

Author SHA1 Message Date
Tim Ramlot
224cf06208
use k8s.io/apimachinery/pkg/util/sets for FeatureSet 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-05 19:19:10 +01:00
Tim Ramlot
253e6b0bc0
replace util contains function with slices.Contains 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-05 11:57:44 +01:00
Tim Ramlot
8ca617a8ea
replace custom util function with k8s.io/apimachinery/util/sets 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-04 14:38:30 +01:00
jetstack-bot
24d0fddec5
Merge pull request #6593 from inteon/use_slices 
Use slices go library
 2024-01-04 13:36:02 +00:00
Richard Wall
014aad52ea Update cmd/ctl's go.mod to v1.14.0-alpha.0 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2024-01-04 10:01:25 +00:00
Tim Ramlot
950948e465
start using the new 'slices' library and deprecate old util functions 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-04 09:32:17 +01:00
Tim Ramlot
8111b43b10
stop relying on context.DeadlineExceeded error in tests 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-03 16:18:35 +01:00
Tim Ramlot
790a824a49
bump dependencies 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-03 16:18:35 +01:00
jetstack-bot
cc8925ae9f
Merge pull request #6404 from SpectralHiss/hef/otherNameSANs 
Other name sans support in Certificates
 2024-01-03 14:16:23 +00:00
SpectralHiss
7350863d8a Add order agnostic matcher for SANs 
* This is to ensure Vault conformance passes since it outputs SANs in
  different order to other issuers
* Matcher was tested manually only we will add tests to it in future

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2024-01-03 09:13:11 +00:00
Richard Wall
19ade4b79e Replace all calls to RandStringBytes and RandStringRunes 
With k8s.io/apimachinery/pkg/util/rand#String instead

Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2024-01-02 15:41:07 +00:00
SpectralHiss
7f349eff69 Allow other SANS in Vault e2e framework 
* This is to enable conformance testing of the otherName alpha feature

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2024-01-02 09:28:10 +00:00
Tim Ramlot
a24b2466d3
upgrade golang.org/x/crypto 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-02 10:03:19 +01:00
SpectralHiss
7b9670120c The sample issuer won't work with OtherName CSR 
* The sample code leverages standard library only
* It does not leverage util/pki from cert-manager nor issuer-lib

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2024-01-02 08:47:32 +00:00
SpectralHiss
1b48cb664b Fix csr_test.go critical SAN on tests without Subjects 
* Also fixed the conformance e2e test by including a Subject and
  matching the values

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-21 18:44:49 +00:00
SpectralHiss
c59037a19b Simplify e2e test fixture for otherName 
* Fix Bug in critical on empty subject logic

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-21 17:48:50 +00:00
SpectralHiss
120240fec2 Add critical extension to only SAN 
Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-21 12:06:33 +00:00
jetstack-bot
d9252716da
Merge pull request #6562 from ThatsMrTalbot/fix/normalise-install-flags 
fix: normalise install flags to match other commands
 2023-12-21 08:37:11 +00:00
jetstack-bot
c7714e65f0
Merge pull request #6551 from wallrj/gosec-601 
Fix gosec G601: Implicit memory aliasing of items from a range statement
 2023-12-20 18:21:37 +00:00
Tim Ramlot
0dabd1f008
refactor code, deduplicating init logic across install and uninstall 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-12-20 18:54:01 +01:00
Richard Wall
4de9e956e5 Fix gosec G601: Implicit memory aliasing of items from a range statement 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2023-12-20 17:25:41 +00:00
SpectralHiss
78d6e1b491 Add OtherNames e2e test to conformance suite 
Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-20 15:29:31 +00:00
SpectralHiss
e7f29f8bb3 UTF8Value -> utf8Value in CRD JSON schema 
* Still following Go standard with UTF8Value for struct field name

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-20 08:30:54 +00:00
SpectralHiss
c87a2f6691 Add early feedback validation for otherName syntax and tests 
* Fixed warning

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-19 20:02:02 +00:00
Adam Talbot
247a034116 feat: update gateway api to v1 
Signed-off-by: Adam Talbot <adam.talbot@venafi.com>
 2023-12-18 21:00:42 +00:00
SpectralHiss
4bdee5f010 Rename otherNameSANs to otherNames 
* Improve the CRD godoc comments

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-13 16:21:56 +00:00
Tim Ramlot
721f71ed60 Refactor the solution 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-12-13 09:37:21 +00:00
Tim Ramlot
bfd9a65160 Add OtherNameSANs field to Certificates 
* Added an otherName SAN extension mechanism
* Can take any otherName OID with String (UTF-8) like value
* cf [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) p 37 for
  more info
* otherName is only a subset of GeneralName, our specific need for for
  UserPrincipalName used in Microsoft AD/ LDAP
* We treat UPN special but we might remove this in a later commit

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-13 09:12:23 +00:00
Tim Ramlot
6f7ebbed7b
replace deprecated pkcs12 function call with pkcs12.LegacyRC2 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-11-27 12:32:19 +01:00
Tim Ramlot
99d473bbf1
bump the go-jose dependency 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-11-24 14:32:53 +01:00
Tim Ramlot
aa23a7e973
bump docker to fix cve alert 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-11-15 22:29:04 +01:00
Tim Ramlot
c953e48b7e
fix CVE alert 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-11-15 15:04:59 +01:00
Ashley Davis
96e081fbd3
regenerate hardcoded certs 
fixes #6476

Signed-off-by: Ashley Davis <ashley.davis@venafi.com>
 2023-11-14 13:26:24 +00:00
jetstack-bot
d2f6bbe579
Merge pull request #6028 from inteon/fix_scheme_errors 
Stop using global runtime.Scheme variables
 2023-11-06 22:57:09 +01:00
Tim Ramlot
4c94f3ef10
create ad-hoc schemes instead of sharing global ones 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-11-06 21:58:24 +01:00
Tim Ramlot
d756311b2e
bump grpc library version to fix CVE alert 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-10-27 13:14:02 +02:00
Ashley Davis
e514b1acf8
bump golang.org/x/net v0.15.0 => v0.17.0 
part of addressing CVE-2023-44487 / CVE-2023-39325
(which, again, we're not super concerned about)

Signed-off-by: Ashley Davis <ashley.davis@venafi.com>
 2023-10-19 09:47:18 +01:00
Tim Ramlot
e63d061269
add tests 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-10-11 13:48:01 +02:00
Richard Wall
a02c36fb94 Upgrade to the latest chart version 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2023-10-05 15:28:46 +01:00
Richard Wall
b8eda230bc Use OpenShift Vault Helm chart settings 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2023-10-05 15:28:46 +01:00
Richard Wall
4497ad5103 MAKELEVEL was a bad choice which prevents me running the e2e.test binary from my OLM Makefile 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2023-10-05 15:28:46 +01:00
Richard Wall
0b7f36a10a Allow the E2E tests to run on clusters that have not been prepared by the Makefile 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2023-10-04 16:58:41 +01:00
Tim Ramlot
ef3bd7d3b2
upgrade all dependencies 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-09-28 12:07:27 +02:00
Tim Ramlot
6916dbec34
fix go-restful 'DO NOT USE' version 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-09-26 13:40:05 +02:00
Tim Ramlot
9749f1253d
upgrade dependencies 
Co-authored-by: Paul Merrison <paul@tetrate.io>
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-09-12 11:38:10 +02:00
Tim Ramlot
80953b185e
fix trivy CVE alert for cyphar/filepath-securejoin 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-09-12 09:05:23 +02:00
Tim Ramlot
2d4ee5c222
upgrade docker dependencies 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-09-01 14:20:35 +02:00
Tim Ramlot
079b329a8b
upgrade cert-manager to latest master digest 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-09-01 13:29:28 +02:00
Tim Ramlot
bd86d6c4fe
remove old github.com/miekg/dns replace statement 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-09-01 12:23:12 +02:00
jetstack-bot
3216d18f84
Merge pull request #6298 from inteon/feature_gates 
Feature gates: promote StableCertificateRequestName and SecretsFilteredCaching to Beta
 2023-08-30 19:25:45 +02:00