weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
8,917 Commits 45 Branches 0 Tags 96 MiB
e1c19274c2
Commit Graph

116 Commits

Author SHA1 Message Date
Tim Ramlot
c58b08e7b7
pki match: remove return values that are always nil 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-07-02 13:38:35 +02:00
cert-manager-prow[bot]
50abeda40d
Merge pull request #6987 from cbroglie/renew-before-pct 
feat: Add renewBeforePercentage alternative to renewBefore
 2024-07-01 09:45:23 +00:00
Christopher Broglie
0f74d7536e Add renewBeforePercentage alternative to renewBefore 
Since the actual duration is unknown until a cert has been issued,
providing an absolute duration for renewBefore can result in accidental
renewal loops. The new renewBeforePercentage field computes the
effective renewBefore using the actual duration, allowing users to
better express intent while maintaining backwards compatibility.

Fixes #4423, resolves #5821

Signed-off-by: Christopher Broglie <cbroglie@cloudflare.com>
 2024-06-29 21:18:15 -07:00
Tim Ramlot
1aacfd826a
promote the LiteralCertificateSubject feature to Beta 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-05-14 17:25:28 +02:00
Tim Ramlot
dd4f5f4e39
fix unparam linter 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-04-30 10:47:21 +02:00
Tim Ramlot
ae98ba806b
fix gocritic linter 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-04-29 15:50:47 +02:00
Tim Ramlot
9db044b232
fix gci linter 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-04-29 13:47:25 +02:00
Erik Godding Boye
003c1b12e8
Promote AdditionalCertificateOutputFormats feature gate to Beta and enable by default 
Signed-off-by: Erik Godding Boye <egboye@gmail.com>
 2024-04-28 17:29:35 +02:00
cert-manager-prow[bot]
410b7a6ffb
Merge pull request #6963 from inteon/graduate_DisallowInsecureCSRUsageDefinition 
Graduate 'DisallowInsecureCSRUsageDefinition' to GA (part 2)
 2024-04-26 17:22:35 +00:00
cert-manager-prow[bot]
4fe21418f1
Merge pull request #6961 from ThatsMrTalbot/feat/graduate-gateway-api-to-beta 
feat: graduate gateway-api to beta and enable by default
 2024-04-26 14:27:34 +00:00
Tim Ramlot
38cd0accdb
graduate 'DisallowInsecureCSRUsageDefinition' to GA 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-04-26 16:14:31 +02:00
findnature
f9f2e1cd8f chore: remove repetitive words 
Signed-off-by: findnature <cricis@aliyun.com>
 2024-04-26 10:00:43 +08:00
Adam Talbot
a7f089b64c feat: graduate gateway-api to beta and enable by default 
Signed-off-by: Adam Talbot <adam.talbot@venafi.com>
 2024-04-25 17:05:58 +01:00
Youngjun
237dfd9f0d refectoring: remove unnecessary code 
Signed-off-by: Youngjun <yj.yoo@okestro.com>
 2024-04-22 14:24:59 +09:00
Tim Ramlot
968cefe02f
improve CertificateOwnsSecret and add tests 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-05 16:24:59 +01:00
Tim Ramlot
78a5032d2c
fix bug in CertificateOwnsSecret and add unit test 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-05 12:59:39 +01:00
Tim Ramlot
41404a7fd7
rename UseCertificateRequestNameConstraints to NameConstraints 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-03 15:49:18 +01:00
SpectralHiss
4bdee5f010 Rename otherNameSANs to otherNames 
* Improve the CRD godoc comments

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-13 16:21:56 +00:00
Tim Ramlot
7b7912022a Add feature gate 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-12-13 09:16:06 +00:00
tanujd11
adb9311f56 validate name constraint before signing CSR 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 22:29:45 +05:30
tanujd11
589030dec1 feature: added name constraints 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 22:27:31 +05:30
Tim Ramlot
4c94f3ef10
create ad-hoc schemes instead of sharing global ones 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-11-06 21:58:24 +01:00
Tim Ramlot
c51b23497d
update the Condition Message for IncorrectCertificate 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-10-17 17:43:26 +02:00
Tim Ramlot
b6ba4ded86
add test for SecretCertificateNameAnnotationsMismatch 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-10-17 17:31:38 +02:00
Tim Ramlot
15bc387da6
make changes based on feedback 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-10-13 19:42:13 +02:00
Tim Ramlot
61bdecf68a
only sort the duplicates 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-10-11 14:05:50 +02:00
Tim Ramlot
d40dae9d67
Fix DuplicateSecretName issue 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-10-11 13:47:44 +02:00
jetstack-bot
3216d18f84
Merge pull request #6298 from inteon/feature_gates 
Feature gates: promote StableCertificateRequestName and SecretsFilteredCaching to Beta
 2023-08-30 19:25:45 +02:00
Tim Ramlot
b5dc93c6e3
make myself the owner of StableCertificateRequestName, meaning I will continue developing this feature to GA 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-08-30 18:36:42 +02:00
Tim Ramlot
cf8e37291a
replace k8s.io/utils/pointer with k8s.io/utils/ptr 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-08-28 09:33:10 +02:00
Tim Ramlot
882b771f55
promote StableCertificateRequestName and SecretsFilteredCaching to Beta 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-08-25 21:32:08 +02:00
Tim Ramlot
c70d9aba08
Rename DontAllowInsecureCSRUsageDefinition feature flag to DisallowInsecureCSRUsageDefinition and make it a Beta flag. 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-08-25 15:18:14 +02:00
Tim Ramlot
1795c1985f
more clearly indicate that the example is a template 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-08-25 14:38:24 +02:00
Tim Ramlot
f158e1dfac
cleanup featuregate comments 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-08-25 09:36:47 +02:00
Tim Ramlot
36ddf19e2e
improve Trigger, Readiness and PostIssuance Policy chains 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-07-24 09:42:19 +02:00
jetstack-bot
843deed22f
Merge pull request #6199 from inteon/add_validation_to_pki 
Add validation to pki CertificateTemplate functions
 2023-07-07 09:32:14 +02:00
Tim Ramlot
5ba29272c0
add validation to pki CertificateTemplate function 
and add support for add DontAllowInsecureCSRUsageDefinition featuregate
to use old behavior in controller

Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-07-05 13:04:21 +02:00
Tim Ramlot
bfa61c7804
add comments explaining what the label and annotation checks do 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-29 18:50:28 +02:00
Tim Ramlot
c16a34e0b1
use .Delete() 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-29 18:50:24 +02:00
Tim Ramlot
1649730a0d
Update internal/controller/certificates/policies/checks.go 
Co-authored-by: Richard Wall <wallrj@users.noreply.github.com>
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-29 12:54:20 +01:00
Tim Ramlot
a9339849e5
improve label and annotation checks 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-23 17:05:42 +02:00
Tim Ramlot
229f99c197
update testcase based on feedback 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-23 09:14:38 +02:00
Tim Ramlot
19377b43b1
fix feedback from @wallrj 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-21 15:31:20 +02:00
Tim Ramlot
d310d8597c
improve comments 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-20 16:48:56 +02:00
Tim Ramlot
22440e8710
add SecretPublicKeysDiffersFromCurrentCertificateRequest check 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-20 16:48:50 +02:00
Tim Ramlot
9c9e833c5a
add TODO comment that explains that we don't understand the reason for the current behaviour 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-14 14:51:07 +02:00
Tim Ramlot
3aa7b82e43
Update internal/controller/certificates/policies/checks.go 
Co-authored-by: EDDIE-DAV <136573637+EDDIE-DAV@users.noreply.github.com>
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-14 10:19:52 +01:00
Tim Ramlot
8ddf016b00
fix a bug that caused the issuer-ref and certificate-name annotations on Secrets to be correct when being updated. 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-13 16:54:32 +02:00
jetstack-bot
c5e6bf39d6
Merge pull request #6054 from inteon/correct_versions 
Use Version 3 for *x509.Certificate
 2023-05-26 13:57:32 +01:00
irbekrm
8a34cbc0a0 Adds some warnings for folks to not import feature gates into shared code 
Really we should restructure this to remove the possibility of accidentally overwriting other component's feature gates

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-05-23 12:02:55 +01:00