cert-manager

Author	SHA1	Message	Date
irbekrm	ddf7e130b7	Allow users to specify which annotations should be copied from Certificate to CertificateRequest Default to all being copied except for kubectl, fluxcd, argocd annotations Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-07-26 20:00:10 +01:00
Maël Valais	af9a1e434f	data race: fix certificate requests in cache being mutated Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-20 19:50:26 +02:00
joshvanl	1678d0833e	Reverts ACME issuer from forming a chain bundle and populating the ca.crt Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-06-02 12:21:50 +01:00
jetstack-bot	efd8b7a076	Merge pull request #3866 from jandersen-plaid/jandersen-plaid-make-orders-unique-to-controlling-cr Hash orders with the issuing certificate request to ensure unique hash	2021-05-21 17:34:25 +01:00
jandersen-plaid	b5fe7ecdca	Update pkg/controller/certificaterequests/acme/acme.go Co-authored-by: Ashley Davis <SgtCoDFish@users.noreply.github.com> Signed-off-by: Jack Andersen <jandersen@plaid.com>	2021-05-21 12:08:22 -04:00
jandersen-plaid	cd1d8a2788	Update pkg/controller/certificaterequests/acme/acme_test.go Co-authored-by: Ashley Davis <SgtCoDFish@users.noreply.github.com> Signed-off-by: Jack Andersen <jandersen@plaid.com>	2021-05-21 12:08:07 -04:00
jandersen-plaid	ed88ce6030	Update pkg/controller/certificaterequests/acme/acme_test.go Co-authored-by: Ashley Davis <SgtCoDFish@users.noreply.github.com> Signed-off-by: Jack Andersen <jandersen@plaid.com>	2021-05-21 12:07:40 -04:00
Ashley Davis	c67c2c4f47	static analysis: pkg/controller fixes the following issues: pkg/controller/acmeorders/util.go:84:6 deadcode `hashChallenge` is unused pkg/controller/certificaterequests/approver/approver.go:72:14 staticcheck SA4021: x = append(y) is equivalent to x = y pkg/controller/certificaterequests/vault/vault_test.go:535:21 errcheck Error return value of `controller.Register` is not checked pkg/controller/certificates/trigger/policies/policies.go:121:26 gosimple S1039: unnecessary use of fmt.Sprintf pkg/controller/clusterissuers/sync_test.go:55:12 errcheck Error return value of `c.Register` is not checked pkg/controller/ingress-shim/sync.go:301:2 gosimple S1005: unnecessary assignment to the blank identifier Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2021-05-21 12:03:47 +01:00
irbekrm	a42771b7e4	Adds a bunch of comments for exported types Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-05-19 10:19:43 +01:00
irbekrm	881fb2ddea	Make tests fail if controller registration fail Part of work towards fixing errors discovered by static analysis tools Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-05-19 10:16:59 +01:00
Jack Andersen	b48e9664a6	Only use the new hash on certificate request names > 52 chars Signed-off-by: Jack Andersen <jandersen@plaid.com>	2021-05-18 09:08:30 -04:00
jetstack-bot	0ff2b8778c	Merge pull request #3983 from JoshVanL/parse-certificate-chain-venafi Parse certificate chain venafi	2021-05-13 14:21:14 +01:00
jetstack-bot	22ff380f39	Merge pull request #3984 from JoshVanL/parse-certificate-chain-acme Parse certificate chain acme	2021-05-13 13:50:14 +01:00
joshvanl	58a25314f7	Changes CR CA controller to use ECDSA keys Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-05-12 15:07:25 +01:00
joshvanl	ea2cfdc3c9	Updates CA issuer to updates SignCSRTemplate and propagate CA certificate down Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-05-12 14:22:59 +01:00
joshvanl	e4d3d3f725	Change ParseCertificateChain to ParseSingleCertificateChain Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-05-12 14:17:41 +01:00
joshvanl	33fcf0d082	Uses ParseCertificateChainPEM for ACME Order Response Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-05-12 14:17:02 +01:00
joshvanl	d69a4e1a3c	Change ParseCertificateChain to ParseSingleCertificateChain Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-05-12 14:15:54 +01:00
joshvanl	1030bbadb5	Change Venafi Signer to use ParseCertificateChain to populate Status.CA correctly Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-05-12 14:14:47 +01:00
jetstack-bot	3434c78188	Merge pull request #3960 from wallrj/538-lint-fixes-richardw Fix some linting errors	2021-05-07 11:50:34 +01:00
Richard Wall	c9eb75c447	Remove unused test-case field pkg/controller/certificaterequests/venafi/venafi_test.go:787:2 structcheck `issuer` is unused Signed-off-by: Richard Wall <richard.wall@jetstack.io>	2021-05-07 09:55:09 +01:00
Jake Sanders	eab7c954a2	Use %v to log errors Signed-off-by: Jake Sanders <i@am.so-aweso.me>	2021-05-05 16:28:46 +01:00
Jake Sanders	196e42c221	Tidy godoc comments Signed-off-by: Jake Sanders <i@am.so-aweso.me>	2021-05-05 16:21:24 +01:00
Jake Sanders	f194d9b732	Add godoc comments Signed-off-by: Jake Sanders <i@am.so-aweso.me>	2021-05-05 15:59:02 +01:00
Jake Sanders	bab9efaa8f	staticcheck: package imported more than once Signed-off-by: Jake Sanders <i@am.so-aweso.me>	2021-05-04 14:58:23 +01:00
Richard Wall	c15d30742d	Remove duplicate import pkg/controller/certificaterequests/venafi/venafi_test.go:43:2: package "github.com/jetstack/cert-manager/pkg/controller/test" is being imported more than once (ST1019) pkg/controller/certificaterequests/venafi/venafi_test.go:44:2: other import of "github.com/jetstack/cert-manager/pkg/controller/test" Signed-off-by: Richard Wall <richard.wall@jetstack.io>	2021-05-04 14:50:37 +01:00
Jake Sanders	0625249fc7	errcheck: Error return value of `controller.Register` is not checked Signed-off-by: Jake Sanders <i@am.so-aweso.me>	2021-05-04 14:14:48 +01:00
joshvanl	e05adbf06b	Remove expected events when Ready Denied condition set Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-04-09 18:20:07 +01:00
joshvanl	ff3e4bb07d	Don't fire an event when the Denied ready condition is set Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-04-09 18:19:44 +01:00
joshvanl	50a84eaf1d	Sets the Ready condition to False when a request is Denied Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-04-09 15:34:32 +01:00
joshvanl	1d75fc480e	Adds Denied to certificaterequests reporter Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-04-09 15:26:15 +01:00
Jack Andersen	ceab5f1b15	Adjust comment to reflect what the hash applies to Signed-off-by: Jack Andersen <jandersen@plaid.com>	2021-04-07 10:37:11 -04:00
Jack Andersen	6fc20a7055	Hash orders with the issuing certificate request to ensure unique hash Signed-off-by: Jack Andersen <jandersen@plaid.com>	2021-04-07 10:27:47 -04:00
joshvanl	18ae2295f9	Pass context through to client calls in controllers and acme issuer Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-31 20:34:12 +01:00
Salman	800d6019bf	Replace reflect.DeepEqual with semantic equality check and remove status marshal Signed-off-by: salmanahmed404 <salmanahmed404@gmail.com>	2021-03-27 12:49:14 +05:30
jetstack-bot	19ae739ab7	Merge pull request #3760 from SgtCoDFish/selfsigned-validity-3634 selfsigned: warn when certs are issued with empty issuer DNs	2021-03-26 12:30:58 +00:00
Ashley Davis	5e31fa37ff	selfsigned: warn when certs have empty issuer DNs as raised in#3634 - RFC 5280 states that the issuer field cannot be empty, but this could easily happen with selfsigned certs which had an empty subject (as the issuer matches the subject when the cert is self signed) this commit detects when a cert would be issued selfsigned with an empty subject DN and emits a warning event, allowing cluster operators to detect the warning and potentially either re-issue to generate a compliant cert, or else accept the risk. Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2021-03-26 11:51:46 +00:00
joshvanl	14d6f0720a	Don't log from multiple controllers when a CertificateRequest is deleted Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-23 17:49:52 +00:00
joshvanl	65acf10858	Don't log error output in approver when CertificateRequest is deleted Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-17 13:10:39 +00:00
joshvanl	32d0c5af4e	Updates Approved/Denied tests for new reasons Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-17 13:10:39 +00:00
joshvanl	c94ad99731	Updates approver controller to use custom Approved Reason Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-17 13:10:39 +00:00
joshvanl	a3e63b1787	Update CertificateRequest controllers to use new Denied type, and add tests for when a CertificateRequest is denied Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-17 13:10:39 +00:00
joshvanl	09f91a2a99	Update approver controller to use new Denied condition type Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-17 13:10:39 +00:00
joshvanl	e62e8c517b	Updates CertificateRequest signer tests to check Approved behaviour Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-17 13:10:39 +00:00
joshvanl	1d758a5ccf	Updates the base CertificateRequest controller to first check for the approval condition to be present and set to true, before processing further Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-17 13:10:39 +00:00
joshvanl	2db7582586	Adds CertificateRequest approver controller. This controller will currently _always_ set the Approved condition to true on CertificateRequests Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-17 13:10:39 +00:00
jetstack-bot	70c66e02a0	Merge pull request #3641 from JoshVanL/certificate-request-identity CertificateRequest UserInfo fields	2021-03-15 14:26:15 +00:00
Maël Valais	f6cb6b8787	ocspServers test: give a link to the TODO issue Signed-off-by: Maël Valais <mael@vls.dev>	2021-03-05 16:57:38 +01:00
Maël Valais	97893e1c69	PR comment: fix misspelling Signed-off-by: Maël Valais <mael@vls.dev> Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>	2021-03-05 16:42:48 +01:00
Maël Valais	0facd3bdd4	ocspServers field: fix flaky unit test Truncating the time to the second did not seem to be enough. Some CI builds would fail due to the truncation yielding different times. Instead of truncating, I propose to use a delta of 1 second. Signed-off-by: Maël Valais <mael@vls.dev>	2021-03-04 17:20:51 +01:00

1 2 3 4 5

244 Commits