cert-manager

Author	SHA1	Message	Date
Tim Ramlot	dd4f5f4e39	fix unparam linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-04-30 10:47:21 +02:00
Tim Ramlot	8ea7cbc362	fix forbidigo linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-04-30 10:01:34 +02:00
Tim Ramlot	16a344eed1	fix nosprintfhostport linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2024-04-30 10:01:34 +02:00
Rodrigo Fior Kuntzer	0e51dc709a	tests: require Vault mTLS during e2e Signed-off-by: Rodrigo Fior Kuntzer <rodrigo@miro.com>	2024-02-15 18:20:24 +01:00
Richard Wall	38288e530a	Work around bugs in vault-client-sdk Signed-off-by: Richard Wall <richard.wall@venafi.com>	2024-01-09 14:56:42 +00:00
Richard Wall	3f75290e04	Use vault-client-go instead Signed-off-by: Richard Wall <richard.wall@venafi.com>	2024-01-09 13:36:37 +00:00
jetstack-bot	cc8925ae9f	Merge pull request #6404 from SpectralHiss/hef/otherNameSANs Other name sans support in Certificates	2024-01-03 14:16:23 +00:00
Richard Wall	19ade4b79e	Replace all calls to RandStringBytes and RandStringRunes With k8s.io/apimachinery/pkg/util/rand#String instead Signed-off-by: Richard Wall <richard.wall@venafi.com>	2024-01-02 15:41:07 +00:00
SpectralHiss	7f349eff69	Allow other SANS in Vault e2e framework * This is to enable conformance testing of the otherName alpha feature Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>	2024-01-02 09:28:10 +00:00
Richard Wall	a02c36fb94	Upgrade to the latest chart version Signed-off-by: Richard Wall <richard.wall@venafi.com>	2023-10-05 15:28:46 +01:00
Richard Wall	b8eda230bc	Use OpenShift Vault Helm chart settings Signed-off-by: Richard Wall <richard.wall@venafi.com>	2023-10-05 15:28:46 +01:00
Richard Wall	4497ad5103	MAKELEVEL was a bad choice which prevents me running the e2e.test binary from my OLM Makefile Signed-off-by: Richard Wall <richard.wall@venafi.com>	2023-10-05 15:28:46 +01:00
Richard Wall	0b7f36a10a	Allow the E2E tests to run on clusters that have not been prepared by the Makefile Signed-off-by: Richard Wall <richard.wall@venafi.com>	2023-10-04 16:58:41 +01:00
Tim Ramlot	cf8e37291a	replace k8s.io/utils/pointer with k8s.io/utils/ptr Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-08-28 09:33:10 +02:00
Tim Ramlot	7098c25a55	move e2e framework back to e2e module Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-07-07 19:26:10 +02:00
irbekrm	97a3eb8697	Makes test framework accessible externally Signed-off-by: irbekrm <irbekrm@gmail.com>	2023-05-10 12:09:35 +01:00
Tim Ramlot	f16a3f56d1	replace usage of wait.PollImmediate Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-05-09 15:20:45 +02:00
Tim Ramlot	349aaf666b	resolve feedback Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-04-28 15:07:28 +02:00
Tim Ramlot	29e22e3900	account for pod not yet existing Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-04-28 13:05:18 +02:00
Tim Ramlot	42e6282d02	use cluster-wide shared Vault instance Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-04-28 13:05:18 +02:00
Tim Ramlot	3ed79f9129	upgrade vault Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-04-25 09:22:19 +02:00
Tim Ramlot	ebe39934aa	vault test code cleanliness improvements Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2023-04-13 16:44:49 +02:00
Ashley Davis	6ce6ae839e	separate binaries/tests into separate modules with minimal dependencies also add gomod validation in CI, along with a cmrel version bump Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2023-04-05 10:30:39 +01:00
Maël Valais	76eef68730	serviceAccountRef: the vault issuer can now use bound SA tokens Previously, the Vault issuer was only able to use a Secret in order to use the "Kubernetes authentication" method. The downside to this service account Secret token is that it has the default JWT iss "kubernetes/serviceaccount" (along with the fact that the token is not bound to a particular pod and has no expiry). With the new serviceAccountRef, cert-manager now requests the token on behalf of the pod in order to authenticate with Vault. Signed-off-by: Maël Valais <mael@vls.dev>	2023-02-06 18:28:49 +01:00
Maël Valais	f4f72c16e6	e2e: use Vault 1.12.1 instead of the outdated 1.2.3 The main reason for bumping Vault's version is because 1.2.3 is not compatible with the config parameter `disable_iss_validation`, which is needed for accommodating the future tests [1] that rely on bound tokens and static tokens. For context, Vault 1.2.3 was released on Sep 9, 2019 [2] but `disable_iss_validation` was only added on July 21st, 2020 in Vault 1.5.0. Due to a breaking change that happened in Vault 1.5.0 [3] in which Vault started loading the pod's token instead of using the same token (to be reviewed) for authenticating. An alternative solution could have been to prevent the service account from being mounted to the pod, but I figured that having the two service accounts separated is a better practice. [1]: https://github.com/cert-manager/cert-manager/pull/5502 [2]: https://github.com/hashicorp/vault/commit/c14bd9a2 [3]: https://github.com/hashicorp/vault/blob/main/CHANGELOG.md#150 Signed-off-by: Maël Valais <mael@vls.dev>	2022-12-02 16:36:16 +01:00
jetstack-bot	1137f9964c	Merge pull request #5478 from Git-Jiro/use_hashicorp_vault_helmchart Migrate Vault helm chart in e2e tests from ad-hoc version to official chart from hashicorp	2022-11-04 10:34:06 +00:00
Tim Ramlot	fd6032fc45	re-order Helm parameters & move some values to constants Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>	2022-11-04 11:02:04 +01:00
Martin Schimandl	9071eac950	use Vault Helm Chart provied by Hashicorp Signed-off-by: Martin Schimandl <martin.schimandl@gmail.com>	2022-10-08 09:45:52 +01:00
Nils	81e6c24293	fixup! Add option to load Vault CA bundle from Kubernetes Secret Co-authored-by: Josh van Leeuwen <joshua.vanleeuwen@jetstack.io> Signed-off-by: Nils Mueller <nm@impactful.it>	2022-08-21 07:41:15 +03:00
Ashley Davis	fb231ab641	Remove bazel 🎉 This removes all .bazel and .bzl files, and a bunch of scripts relating to bazel, now that it's been entirely replaced. There are still a few places where traces could be removed, but this removes the brunt of the bazel stuff that remains. Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2022-07-26 11:38:50 +01:00
Ashley Davis	3a055cc2f5	rename all uses of github.com/jetstack/cert-manager This was done by running the following command twice: ```bash grep -Ri "github.com/jetstack/cert-manager" . \| \ cut -d":" -f1 \| \ sort \| \ uniq \| \ xargs sed -i "s/github.com\/jetstack\/cert-manager/github.com\/cert-manager\/cert-manager/" ``` Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2022-02-02 09:08:31 +00:00
joshvanl	943f9abdb1	Minor comment and error message changes Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-06-30 18:09:32 +01:00
joshvanl	f054611b32	Change vault policy string to not require escaping Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-06-29 10:41:03 +01:00
joshvanl	680c4f4a41	Fix vault setup in e2e by reverting ttl duration Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-06-29 10:41:03 +01:00
joshvanl	a6a394236b	Revert Vault e2e ttl setting, and make Ed keys an unsupported feature Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-06-29 10:41:03 +01:00
joshvanl	889e7b9c50	Revert e2e vault setup to use original max certificate TTL, and fix custom app role auth path in CSR tests Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-06-29 10:41:03 +01:00
joshvanl	2c193f9f60	Changes Vault e2e addon to enable Kubernetes Auth signing and make roles ready for ClusterIssuer testing Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-06-29 09:11:43 +01:00
irbekrm	f2933be499	ECDSA instead of RSA keys generated for test Vault CA's root and intermediate Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-05-20 21:48:09 +01:00
irbekrm	0ebce264f1	Allow to optionally configure Vault intermediate PKI with root CA Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-05-20 13:05:26 +01:00
irbekrm	ef627a13b6	Adds a few comments Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-05-20 11:31:01 +01:00
Maartje Eyskens	ab0cd57dc5	Use The cert-manager Authors. Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-12-11 19:04:13 +01:00
Maartje Eyskens	1788a9d758	Update copyright to cert-manager project Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-12-08 19:04:49 +01:00
Richard Wall	a70298180a	Run a script to update v1alpha2 usage to v1 Script is available at https://github.com/jetstack/cert-manager/pull/3201 Signed-off-by: Richard Wall <richard.wall@jetstack.io>	2020-08-20 14:26:51 +01:00
JoshVanL	e465329b80	Revert vault free port and expose listener port from metrics server Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>	2020-05-26 23:01:55 +01:00
JoshVanL	fac8c30211	Ensures that integration tests use a free/or random port to start the metrics server. Tests that do not depend on metrics, do not actually start the server. Creates a shared test "FreePort" func. Fixes context placement. Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>	2020-05-21 10:48:55 +01:00
James Munnelly	881b886049	Update Kubernetes API client call-sites Signed-off-by: James Munnelly <james@munnelly.eu>	2020-03-26 12:58:50 +00:00
James Munnelly	8b43813072	Update test/e2e to no longer deploy using addons Signed-off-by: James Munnelly <james@munnelly.eu>	2020-01-22 22:08:27 +00:00
Periklis Tsirakidis	a1f63b953d	Use vault api and sdk modules instead of tagged repo Signed-off-by: Periklis Tsirakidis <periklis@nefeli.eu>	2020-01-20 12:27:09 +01:00
JoshVanL	f03cf45a9e	Generate Name on e2e secret names and clean up Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>	2019-11-13 11:03:12 +00:00
JoshVanL	b4e62d0fce	Increase vault health timeout try Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>	2019-11-05 17:59:38 +00:00

1 2

70 Commits