weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
5,362 Commits 45 Branches 0 Tags 96 MiB
d69a4e1a3c
Commit Graph

225 Commits

Author SHA1 Message Date
joshvanl
d69a4e1a3c Change ParseCertificateChain to ParseSingleCertificateChain 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-05-12 14:15:54 +01:00
joshvanl
1030bbadb5 Change Venafi Signer to use ParseCertificateChain to populate Status.CA 
correctly

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-05-12 14:14:47 +01:00
jetstack-bot
3434c78188
Merge pull request #3960 from wallrj/538-lint-fixes-richardw 
Fix some linting errors
 2021-05-07 11:50:34 +01:00
Richard Wall
c9eb75c447 Remove unused test-case field 
pkg/controller/certificaterequests/venafi/venafi_test.go:787:2                           structcheck  `issuer` is unused

Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-05-07 09:55:09 +01:00
Jake Sanders
eab7c954a2
Use %v to log errors 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-05-05 16:28:46 +01:00
Jake Sanders
196e42c221
Tidy godoc comments 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-05-05 16:21:24 +01:00
Jake Sanders
f194d9b732
Add godoc comments 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-05-05 15:59:02 +01:00
Jake Sanders
bab9efaa8f
staticcheck: package imported more than once 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-05-04 14:58:23 +01:00
Richard Wall
c15d30742d Remove duplicate import 
pkg/controller/certificaterequests/venafi/venafi_test.go:43:2: package "github.com/jetstack/cert-manager/pkg/controller/test" is being imported more than once (ST1019)
pkg/controller/certificaterequests/venafi/venafi_test.go:44:2: other import of "github.com/jetstack/cert-manager/pkg/controller/test"

Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-05-04 14:50:37 +01:00
Jake Sanders
0625249fc7
errcheck: Error return value of controller.Register is not checked 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-05-04 14:14:48 +01:00
joshvanl
e05adbf06b Remove expected events when Ready Denied condition set 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-04-09 18:20:07 +01:00
joshvanl
ff3e4bb07d Don't fire an event when the Denied ready condition is set 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-04-09 18:19:44 +01:00
joshvanl
50a84eaf1d Sets the Ready condition to False when a request is Denied 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-04-09 15:34:32 +01:00
joshvanl
1d75fc480e Adds Denied to certificaterequests reporter 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-04-09 15:26:15 +01:00
joshvanl
18ae2295f9 Pass context through to client calls in controllers and acme issuer 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-31 20:34:12 +01:00
Salman
800d6019bf Replace reflect.DeepEqual with semantic equality check and remove status marshal 
Signed-off-by: salmanahmed404 <salmanahmed404@gmail.com>
 2021-03-27 12:49:14 +05:30
jetstack-bot
19ae739ab7
Merge pull request #3760 from SgtCoDFish/selfsigned-validity-3634 
selfsigned: warn when certs are issued with empty issuer DNs
 2021-03-26 12:30:58 +00:00
Ashley Davis
5e31fa37ff
selfsigned: warn when certs have empty issuer DNs 
as raised in#3634 - RFC 5280 states that the issuer field cannot be
empty, but this could easily happen with selfsigned certs which had
an empty subject (as the issuer matches the subject when the cert is
self signed)

this commit detects when a cert would be issued selfsigned with an
empty subject DN and emits a warning event, allowing cluster operators
to detect the warning and potentially either re-issue to generate a
compliant cert, or else accept the risk.

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2021-03-26 11:51:46 +00:00
joshvanl
14d6f0720a Don't log from multiple controllers when a CertificateRequest is deleted 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-23 17:49:52 +00:00
joshvanl
65acf10858 Don't log error output in approver when CertificateRequest is deleted 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
32d0c5af4e Updates Approved/Denied tests for new reasons 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
c94ad99731 Updates approver controller to use custom Approved Reason 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
a3e63b1787 Update CertificateRequest controllers to use new Denied type, and add 
tests for when a CertificateRequest is denied

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
09f91a2a99 Update approver controller to use new Denied condition type 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
e62e8c517b Updates CertificateRequest signer tests to check Approved behaviour 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
1d758a5ccf Updates the base CertificateRequest controller to first check for the 
approval condition to be present and set to true, before processing
further

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
2db7582586 Adds CertificateRequest approver controller. This controller will 
currently _always_ set the Approved condition to true on
CertificateRequests

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
jetstack-bot
70c66e02a0
Merge pull request #3641 from JoshVanL/certificate-request-identity 
CertificateRequest UserInfo fields
 2021-03-15 14:26:15 +00:00
Maël Valais
f6cb6b8787 ocspServers test: give a link to the TODO issue 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-03-05 16:57:38 +01:00
Maël Valais
97893e1c69 PR comment: fix misspelling 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-03-05 16:42:48 +01:00
Maël Valais
0facd3bdd4 ocspServers field: fix flaky unit test 
Truncating the time to the second did not seem to be enough. Some CI
builds would fail due to the truncation yielding different times.

Instead of truncating, I propose to use a delta of 1 second.

Signed-off-by: Maël Valais <mael@vls.dev>
 2021-03-04 17:20:51 +01:00
jetstack-bot
a9c672e900
Merge pull request #3699 from maelvls/ocsp-unit-test 
Add unit tests around the new ocspServers field
 2021-03-01 19:12:49 +00:00
Maël Valais
e7b3e6c4e5 PR comment: no more "return" in test code 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Irbe Krumina <irbekrm@gmail.com>
 2021-03-01 14:12:02 +01:00
Maël Valais
dc4f0a34e9 PR comment: compare time.Time instead of strings 
Also removed the unused "givenNamespace"

Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Irbe Krumina <irbekrm@gmail.com>
 2021-02-25 10:28:56 +01:00
Maël Valais
e50f26fc97 PR comment: fix notAfter test case using time.Truncate 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Irbe Krumina <irbekrm@gmail.com>
 2021-02-24 15:07:54 +01:00
Maël Valais
c9dcae2313 ocspServers field: add unit test 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-02-24 11:05:59 +01:00
Lars Lehtonen
0270377f6c
pkg/controller/certificaterequests/acme: fix dropped test error 
Signed-off-by: Lars Lehtonen <lars.lehtonen@gmail.com>
 2021-02-23 18:13:37 -08:00
joshvanl
235adea826 Remove CertificateRequest validation in CertificateRequest controllers 
as this happens at admission time.

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-02-08 19:20:57 +00:00
Maël Valais
ba22785445 Rename ocspServer to oscpServers 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: James Munnelly <james@munnelly.eu>
 2021-02-03 11:13:32 +01:00
Hugo Stijns
5f18cce622 add option to specify OCSP server 
Signed-off-by: Hugo Stijns <hugo@boosboos.net>
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-02-03 09:09:03 +01:00
Richard Wall
50a388a8a1 Fix unit tests 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-01-20 14:26:43 +00:00
Richard Wall
95d26b7c60 Extract the CA from Venafi response 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-01-20 14:14:48 +00:00
Richard Wall
27d0f011be Delete Order if its certificate data is bad or unexpected 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-12-15 13:46:52 +00:00
Richard Wall
fb01c3b3c2 Tests for handling of Orders with bad certificates 
* Badly formed certificates, and
* certificates with an unexpected public key.

Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-12-15 13:44:59 +00:00
Richard Wall
98e2f1c8f3 Wait for order-controller to add certificate data to the Order 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-12-15 10:22:38 +00:00
Richard Wall
02883417ee Re-organise the handling of non-failed but not-yet-valid Orders 
Exit early in this case and move the happy case to the end of the function.

Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-12-15 10:22:38 +00:00
Maartje Eyskens
ab0cd57dc5 Use The cert-manager Authors. 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-12-11 19:04:13 +01:00
Maartje Eyskens
1788a9d758 Update copyright to cert-manager project 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-12-08 19:04:49 +01:00
Maartje Eyskens
d705838e83 Implement feedback 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-11-20 09:46:49 +01:00
Maartje Eyskens
66f787ef33 Fix a lost EnableNotAfterDate 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-11-20 09:46:49 +01:00