weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
5,321 Commits 45 Branches 0 Tags 96 MiB
e7219a155f
Commit Graph

2299 Commits

Author SHA1 Message Date
Jake Sanders
e7219a155f
gosimple: S1004 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-05-04 14:21:38 +01:00
Jake Sanders
aca56a7168
errcheck 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-05-04 14:19:46 +01:00
Jake Sanders
04ee9acd46
gosimple: S1019 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-05-04 14:17:06 +01:00
Jake Sanders
77d8021d3b
gosimple: S1011 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-05-04 14:16:17 +01:00
Jake Sanders
0625249fc7
errcheck: Error return value of controller.Register is not checked 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-05-04 14:14:48 +01:00
Inteon
421ea2c867 add/ remove '// +optional' tags & cleanup other annotations 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-04-30 15:08:08 +02:00
Inteon
b44e347ce1 remove podTemplate field from ACMEChallengeSolverHTTP01Istio 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-04-30 13:15:01 +02:00
joshvanl
c5e2184a4a Moves /pkg/internal/apis/istio to /pkg/internal/istio 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-04-29 12:31:57 +01:00
joshvanl
01716e2907 Fixes stutter: istio.IsIstioInstalled -> istio.IsInstalled 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-04-29 11:42:21 +01:00
joshvanl
00ceff3421 Update bazel 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-04-29 11:36:49 +01:00
joshvanl
3af22cf6c6 Move istio util duncs to pkg/util/istio 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-04-29 11:35:41 +01:00
joshvanl
e8a585f740 Move internal istio apis from pkg/issuer to pkg/internal/apis 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-04-29 11:35:20 +01:00
joshvanl
b543d103d5 Change optimistic logging to be Info, rather than debug 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-04-28 14:19:15 +01:00
joshvanl
8da0e25ced Don't log on default log level when an error occurs in optimistic 
locking

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-04-28 14:16:37 +01:00
jetstack-bot
fca9322c58
Merge pull request #3906 from clatour/more_descriptive 
Add a more descriptive FindZoneByFqdn error message
 2021-04-28 12:53:06 +01:00
Inteon
2d7dfcb462 start DynamicSharedInformerFactory unconditionally; only listen for VirtualServices conditionally 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-04-28 09:20:49 +02:00
Inteon
4d7d08b0bc Update pkg/apis/acme/v1alpha2/types_issuer.go 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-04-28 09:20:49 +02:00
Inteon
2299e8d8a6 Apply suggestions from code review 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-04-28 09:20:49 +02:00
Inteon
30634f154c improve Certificate is Ready test 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-04-28 09:20:47 +02:00
Inteon
624e2b9e69 add ACME HTTP01 Istio support 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-04-28 09:19:53 +02:00
Erik Godding Boye
249ec4fe8b Add unit tests for pki.SignCSRTemplate 
Signed-off-by: Erik Godding Boye <egboye@gmail.com>

Co-authored-by: Maël Valais <mael@vls.dev>
 2021-04-23 15:14:33 +02:00
Erik Godding Boye
b514a74d0a fix #3619: Handle CA issuer working as intermediate correctly 
Signed-off-by: Erik Godding Boye <egboye@gmail.com>
 2021-04-22 18:43:33 +02:00
Ashley Davis
3df1173a22
fix incorrect comparison function for public keys 
also adds/improves doc comments on related functions, and adds tests of
comparisons RSA keys and ECDSA keys. these tests failed as expected
before the function was changed, e.g.:

```text
Executing tests from //pkg/util/pki:go_default_test
---------------------------------------------------
--- FAIL: TestPublicKeysEqualECDSA (0.00s)
  generate_test.go:492: got an incorrect match from different curves:
    pub1 type: "P-256"
    pub2 type: "P-521"
--- FAIL: TestPublicKeysEqualRSA (0.00s)
  generate_test.go:560: got an incorrect match from different RSA keys:
    pub1: &rsa.PublicKey{N:2293...<snip>...8869, E:65537}
    pub2: &rsa.PublicKey{N:2293...<snip>...8869, E:3}
```

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2021-04-22 16:07:18 +01:00
clatour
440da719a9 fixup! Add a more descriptive FindZoneByFqdn error message 
Signed-off-by: clatour <chandler.latour@gmail.com>
 2021-04-21 17:47:48 +00:00
clatour
40a6c2bb3c fixup! Add a more descriptive FindZoneByFqdn error message 
Signed-off-by: clatour <chandler.latour@gmail.com>
 2021-04-21 17:03:31 +00:00
clatour
2c2fbd483b Add a more descriptive FindZoneByFqdn error message 
Spent a couple of days tracking down bad `SERVFAIL` for some of our
domains, and had a hard time finding where this was coming from. Make
the error slightly more descriptive to help locate it, and more inline
with the terminal error of the function.

Signed-off-by: clatour <chandler.latour@gmail.com>
 2021-04-20 22:06:24 +00:00
jetstack-bot
b95836421f
Merge pull request #3878 from JoshVanL/certificate-request-controller-denied-ready-condition 
Set the Ready condition to False when a CertificateRequest has been denied for all CertificateRequests that reference a cert-manager.io signer
 2021-04-13 17:22:11 +01:00
jetstack-bot
06b68d35e0
Merge pull request #3835 from RinkiyaKeDad/3620_constants_in_eventf 
chore: used constants for string literals when recording new events
 2021-04-13 15:14:11 +01:00
jetstack-bot
b5be5a8730
Merge pull request #3877 from irbekrm/move_crypto_fork 
Use upstream golang/crypto for ACME EAB + move crypto fork to cert-manager org
 2021-04-13 13:28:15 +01:00
RinkiyaKeDad
0b87eeae97 added reason prefix for all 
Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>
 2021-04-13 16:40:56 +05:30
irbekrm
fc9d966a1c Certificate's revision history limit validated by webhook 
To avoid helm upgrade issues, see https://github.com/jetstack/cert-manager/issues/3880

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-04-12 14:59:28 +01:00
irbekrm
d213b4bfdb Standardize deprecation warnings 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-04-12 09:38:49 +01:00
joshvanl
e05adbf06b Remove expected events when Ready Denied condition set 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-04-09 18:20:07 +01:00
joshvanl
ff3e4bb07d Don't fire an event when the Denied ready condition is set 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-04-09 18:19:44 +01:00
joshvanl
9a5e36e732 Change Denied CertificateRequest Ready reason to just 'Denied' 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-04-09 18:19:11 +01:00
joshvanl
50a84eaf1d Sets the Ready condition to False when a request is Denied 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-04-09 15:34:32 +01:00
joshvanl
1d75fc480e Adds Denied to certificaterequests reporter 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-04-09 15:26:15 +01:00
joshvanl
b61757187e Adds the RequestDenied Ready condition reason to API 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-04-09 15:11:28 +01:00
irbekrm
09af959071 Issuer's ACME EAB algorithm can no longer be set 
It is hardcoded to HS256 in golang.org/x/crypto

Also, we now use a fork of golang.org/x/crypto
in cert-manager org.

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-04-09 10:28:19 +01:00
jetstack-bot
805ca33b9e
Merge pull request #3622 from foosinn/fix-letsencrypt-multi 
Fix letsencrypt with rfc2136 and multiple dnsNames
 2021-04-08 15:11:45 +01:00
Maël Valais
88a6fa1315 issuing-controller: explain why we do the Ready + Denied checks 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-04-08 15:16:36 +02:00
RinkiyaKeDad
bba7c1011d added prefix and made constants public 
Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>
 2021-04-08 12:17:15 +05:30
Maël Valais
f56db9f93d Revert "Handle CA issuer working as intermediate" (#3847) 
As discussed in #3847, I went too fast and /lgtm from my bed. That led
to having a piece of code that could potentially break people's
cert-manager deployments.

Our plan is to have the same PR re-opened so that we can have it
released for v1.4 (due on Friday 11 June 2021 as per our timeline).

Signed-off-by: Maël Valais <mael@vls.dev>
 2021-04-07 10:25:31 +02:00
jetstack-bot
79ccab3e69
Merge pull request #3847 from erikgb/fix/3619 
Handle CA issuer working as intermediate correctly
 2021-04-07 07:33:57 +01:00
jetstack-bot
2dd6b6e224
Merge pull request #3795 from JoshVanL/certificates-issuing-retry-denied-requests 
Adds Denied check to CertificateRequests in issuing controller to retry denied requests
 2021-04-06 21:34:57 +01:00
jetstack-bot
10a871dc62
Merge pull request #3444 from maelvls/bug-certificaterequest-not-updated 
Bug: certificaterequest not updated after its certificate is updated
 2021-04-06 20:17:57 +01:00
jetstack-bot
6ad91e0700
Merge pull request #3833 from JoshVanL/controller-issuer-context 
Pass context through to client calls in controllers and acme issuer
 2021-04-06 18:53:57 +01:00
Erik Godding Boye
bbafeeef67 fix #3619: Handle CA issuer working as intermediate correctly 
Signed-off-by: Erik Godding Boye <egboye@gmail.com>
 2021-04-06 19:45:48 +02:00
Maël Valais
8f5a094b0c trigger-controller: PR comment: failure mode -> failure state 
Cf. https://github.com/jetstack/cert-manager/pull/3444#pullrequestreview-629189131

Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 19:14:49 +02:00
Maël Valais
181d4ee281 DataForCertificate: typo certitificate -> certificate 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-04-06 19:06:21 +02:00