weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
8,714 Commits 45 Branches 0 Tags 96 MiB
dd4f5f4e39
Commit Graph

454 Commits

Author SHA1 Message Date
Tim Ramlot
dd4f5f4e39
fix unparam linter 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-04-30 10:47:21 +02:00
Tim Ramlot
000e9ff4c9
fix ineffassign linter 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-04-29 16:56:03 +02:00
Tim Ramlot
ae98ba806b
fix gocritic linter 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-04-29 15:50:47 +02:00
Tim Ramlot
d976d0c353
fix gosimple linter 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-04-29 15:32:09 +02:00
Tim Ramlot
042f59d283
fix unused linter 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-04-29 15:29:00 +02:00
Tim Ramlot
aac2233b1a
fix ginkgolinter linter 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-04-29 15:18:01 +02:00
Tim Ramlot
4e66b95473
fix wastedassign linter 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-04-29 15:15:05 +02:00
Tim Ramlot
9db044b232
fix gci linter 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-04-29 13:47:25 +02:00
Erik Godding Boye
003c1b12e8
Promote AdditionalCertificateOutputFormats feature gate to Beta and enable by default 
Signed-off-by: Erik Godding Boye <egboye@gmail.com>
 2024-04-28 17:29:35 +02:00
Tim Ramlot
eb3b832f7a
add go makefile module 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-04-22 15:56:30 +02:00
Tim Ramlot
c3b1a5d8c8
add namespace to gen builders 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-20 08:40:38 +01:00
Tim Ramlot
b77910d785
change signature of SetCertificateDuration and SetCertificateRenewBefore 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-20 08:40:38 +01:00
Tim Ramlot
473c8337b2
replace deprecated NewCertManagerBasicCertificate function 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-20 08:40:38 +01:00
jetstack-bot
7f92e38988
Merge pull request #6614 from rodrigorfk/feat-vault-mtls 
feat: Add the ability to communicate with Vault via mTLS
 2024-02-16 18:11:26 +00:00
Rodrigo Fior Kuntzer
0e51dc709a
tests: require Vault mTLS during e2e 
Signed-off-by: Rodrigo Fior Kuntzer <rodrigo@miro.com>
 2024-02-15 18:20:24 +01:00
Richard Wall
1f3f627ac1 Skip the OtherNames conformance tests on Venafi Cloud 
Until such time as we configure the server to allow us to use those fields.

Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2024-01-17 14:46:35 +00:00
Richard Wall
f333a69df1 Read admin groups from the client certificate instead of hard coding them 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2024-01-17 12:00:29 +00:00
SpectralHiss
a517dcd086 Require feature gate in otherName SAN cert e2e 
Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2024-01-12 14:52:51 +00:00
SpectralHiss
ddbdb16575 Fix e2e validation test error message assertion 
Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2024-01-09 09:31:52 +00:00
Tim Ramlot
224cf06208
use k8s.io/apimachinery/pkg/util/sets for FeatureSet 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-05 19:19:10 +01:00
Tim Ramlot
8111b43b10
stop relying on context.DeadlineExceeded error in tests 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-03 16:18:35 +01:00
jetstack-bot
cc8925ae9f
Merge pull request #6404 from SpectralHiss/hef/otherNameSANs 
Other name sans support in Certificates
 2024-01-03 14:16:23 +00:00
SpectralHiss
7350863d8a Add order agnostic matcher for SANs 
* This is to ensure Vault conformance passes since it outputs SANs in
  different order to other issuers
* Matcher was tested manually only we will add tests to it in future

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2024-01-03 09:13:11 +00:00
Richard Wall
19ade4b79e Replace all calls to RandStringBytes and RandStringRunes 
With k8s.io/apimachinery/pkg/util/rand#String instead

Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2024-01-02 15:41:07 +00:00
SpectralHiss
7b9670120c The sample issuer won't work with OtherName CSR 
* The sample code leverages standard library only
* It does not leverage util/pki from cert-manager nor issuer-lib

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2024-01-02 08:47:32 +00:00
SpectralHiss
1b48cb664b Fix csr_test.go critical SAN on tests without Subjects 
* Also fixed the conformance e2e test by including a Subject and
  matching the values

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-21 18:44:49 +00:00
SpectralHiss
c59037a19b Simplify e2e test fixture for otherName 
* Fix Bug in critical on empty subject logic

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-21 17:48:50 +00:00
SpectralHiss
120240fec2 Add critical extension to only SAN 
Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-21 12:06:33 +00:00
jetstack-bot
c7714e65f0
Merge pull request #6551 from wallrj/gosec-601 
Fix gosec G601: Implicit memory aliasing of items from a range statement
 2023-12-20 18:21:37 +00:00
Richard Wall
4de9e956e5 Fix gosec G601: Implicit memory aliasing of items from a range statement 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2023-12-20 17:25:41 +00:00
SpectralHiss
78d6e1b491 Add OtherNames e2e test to conformance suite 
Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-20 15:29:31 +00:00
SpectralHiss
e7f29f8bb3 UTF8Value -> utf8Value in CRD JSON schema 
* Still following Go standard with UTF8Value for struct field name

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-20 08:30:54 +00:00
SpectralHiss
c87a2f6691 Add early feedback validation for otherName syntax and tests 
* Fixed warning

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-19 20:02:02 +00:00
Adam Talbot
247a034116 feat: update gateway api to v1 
Signed-off-by: Adam Talbot <adam.talbot@venafi.com>
 2023-12-18 21:00:42 +00:00
SpectralHiss
4bdee5f010 Rename otherNameSANs to otherNames 
* Improve the CRD godoc comments

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-13 16:21:56 +00:00
Tim Ramlot
721f71ed60 Refactor the solution 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-12-13 09:37:21 +00:00
Tim Ramlot
bfd9a65160 Add OtherNameSANs field to Certificates 
* Added an otherName SAN extension mechanism
* Can take any otherName OID with String (UTF-8) like value
* cf [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) p 37 for
  more info
* otherName is only a subset of GeneralName, our specific need for for
  UserPrincipalName used in Microsoft AD/ LDAP
* We treat UPN special but we might remove this in a later commit

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-13 09:12:23 +00:00
Ashley Davis
96e081fbd3
regenerate hardcoded certs 
fixes #6476

Signed-off-by: Ashley Davis <ashley.davis@venafi.com>
 2023-11-14 13:26:24 +00:00
Tim Ramlot
e63d061269
add tests 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-10-11 13:48:01 +02:00
Tim Ramlot
cf8e37291a
replace k8s.io/utils/pointer with k8s.io/utils/ptr 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-08-28 09:33:10 +02:00
Tim Ramlot
7098c25a55
move e2e framework back to e2e module 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-07-07 19:26:10 +02:00
Tim Ramlot
dcf3c99e63
fix Kubernetes CSR tests, making sure the Usages match what is encoded in the CSR blob 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-07-05 13:04:21 +02:00
jetstack-bot
308c1472aa
Merge pull request #6031 from inteon/remove_deprecated_3 
Replace deprecated wait.PollUntil and wait.Poll
 2023-05-10 17:52:54 +01:00
irbekrm
97a3eb8697 Makes test framework accessible externally 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-05-10 12:09:35 +01:00
Tim Ramlot
e08a13496d
replace deprecated wait.PollUntil() and wait.Poll() 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-05-09 17:47:53 +02:00
jetstack-bot
3fee31c0c5
Merge pull request #6030 from inteon/remove_deprecated_2 
Replace deprecated wait.PollImmediate
 2023-05-09 15:31:55 +01:00
Tim Ramlot
e9c4cd9f3f
check that issuer is not nil before reading its field values on cleanup 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-05-09 15:21:46 +02:00
Tim Ramlot
f16a3f56d1
replace usage of wait.PollImmediate 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-05-09 15:20:45 +02:00
jetstack-bot
a64088792d
Merge pull request #5991 from inteon/pr/JoshVanL/4810 
Server Side Apply: Adds support for CA Injector controller
 2023-05-05 14:21:07 +01:00
Tim Ramlot
349aaf666b
resolve feedback 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-04-28 15:07:28 +02:00