cert-manager

Author	SHA1	Message	Date
Jake Sanders	e7219a155f	gosimple: S1004 Signed-off-by: Jake Sanders <i@am.so-aweso.me>	2021-05-04 14:21:38 +01:00
Jake Sanders	aca56a7168	errcheck Signed-off-by: Jake Sanders <i@am.so-aweso.me>	2021-05-04 14:19:46 +01:00
Inteon	421ea2c867	add/ remove '// +optional' tags & cleanup other annotations Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>	2021-04-30 15:08:08 +02:00
Inteon	b44e347ce1	remove podTemplate field from ACMEChallengeSolverHTTP01Istio Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>	2021-04-30 13:15:01 +02:00
joshvanl	c5e2184a4a	Moves /pkg/internal/apis/istio to /pkg/internal/istio Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-04-29 12:31:57 +01:00
joshvanl	00ceff3421	Update bazel Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-04-29 11:36:49 +01:00
joshvanl	e8a585f740	Move internal istio apis from pkg/issuer to pkg/internal/apis Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-04-29 11:35:20 +01:00
Inteon	2299e8d8a6	Apply suggestions from code review Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>	2021-04-28 09:20:49 +02:00
Inteon	624e2b9e69	add ACME HTTP01 Istio support Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>	2021-04-28 09:19:53 +02:00
jetstack-bot	b5be5a8730	Merge pull request #3877 from irbekrm/move_crypto_fork Use upstream golang/crypto for ACME EAB + move crypto fork to cert-manager org	2021-04-13 13:28:15 +01:00
irbekrm	fc9d966a1c	Certificate's revision history limit validated by webhook To avoid helm upgrade issues, see https://github.com/jetstack/cert-manager/issues/3880 Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-04-12 14:59:28 +01:00
irbekrm	d213b4bfdb	Standardize deprecation warnings Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-04-12 09:38:49 +01:00
irbekrm	09af959071	Issuer's ACME EAB algorithm can no longer be set It is hardcoded to HS256 in golang.org/x/crypto Also, we now use a fork of golang.org/x/crypto in cert-manager org. Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-04-09 10:28:19 +01:00
joshvanl	85ff4301b8	Passes through request context of webhook to admission functions Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-04-03 13:19:01 +01:00
jetstack-bot	e29a3df86d	Merge pull request #3785 from JoshVanL/approval-subject-access-review Approval subject access review	2021-04-01 08:00:39 +01:00
joshvanl	46f1d853f5	Adds comment about why we convert CRs into internal types when validating approval Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-30 15:33:27 +01:00
irbekrm	81a8588b91	Bumps versions of Gazelle, go_rules, Kazel, protobuf Signed-off-by: irbekrm <irbekrm@gmail.com> Bumps versions of Gazelle, go_rules, Kazel and protobuf Signed-off-by: irbekrm <irbekrm@gmail.com>	2021-03-29 08:25:12 +01:00
joshvanl	820b8556a3	Fix go linting Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-26 17:41:42 +00:00
joshvanl	55e74c3e02	Update bazel build files Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-26 17:28:14 +00:00
joshvanl	4be73eaec0	Add plugins to webhook server Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-26 17:26:28 +00:00
joshvanl	3ecef47b2a	Remove SubjectAccessReview validation registry Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-26 17:26:28 +00:00
joshvanl	29a7a90d85	Remove old approval SAR registry Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-26 17:26:28 +00:00
joshvanl	8380569470	Move approval validation to new internal webhook admission plugin Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-26 17:26:28 +00:00
joshvanl	746cd7460b	Updates approval review comment to correctly state cluster scope and issuer name Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-26 17:26:28 +00:00
joshvanl	d69e798b83	Update validation approved tests for new string Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-26 17:26:28 +00:00
joshvanl	ed22fb99f6	Change approved/denied forbidden error to read better for EU Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-26 17:26:28 +00:00
joshvanl	92c6ce88bb	Register approval checks with validation init registration Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-26 17:26:28 +00:00
joshvanl	53cb1835f7	Adds SubjectAccessReview registry to the validation Registry Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-26 17:26:28 +00:00
joshvanl	78aba9c01f	Adds approval condition SubjectAccessReview check Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-26 17:26:28 +00:00
jetstack-bot	bad96f5102	Merge pull request #3582 from lalitadithya/vault_health_check_and_namespace_fix Vault health check and namespace fix	2021-03-26 15:20:58 +00:00
jetstack-bot	a8c75fab1a	Merge pull request #3773 from JoshVanL/certificate-revision-history-limit Certificate revision history limit	2021-03-26 11:13:58 +00:00
joshvanl	59ca6ca850	Move CertificateRequest revisionHistoryLimit validation to OpenAPI validation Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-23 15:58:14 +00:00
lalit@lalitadithya.com	127acfc7e1	Fix null pointer in tests Signed-off-by: lalit@lalitadithya.com <lalit@lalitadithya.com>	2021-03-17 19:03:16 +05:30
lalit@lalitadithya.com	b654eaf564	Fix broken test build Signed-off-by: lalit@lalitadithya.com <lalit@lalitadithya.com>	2021-03-17 19:03:16 +05:30
lalit@lalitadithya.com	1858692619	Add vault namespace to requestTokenWithKubernetesAuth Signed-off-by: lalit@lalitadithya.com <lalit@lalitadithya.com>	2021-03-17 19:03:15 +05:30
lalit@lalitadithya.com	22fcbcfa2f	Append headers instead of replacing them when headers is not nil Signed-off-by: lalit@lalitadithya.com <lalit@lalitadithya.com>	2021-03-17 19:03:15 +05:30
lalit@lalitadithya.com	df80da0838	Fix typo Signed-off-by: lalit@lalitadithya.com <lalit@lalitadithya.com>	2021-03-17 19:03:15 +05:30
Lalit Adithya	917b9b2b98	Checking if vault is unsealed and active using the HTTP endpoint Signed-off-by: lalit@lalitadithya.com <lalit@lalitadithya.com>	2021-03-17 19:03:08 +05:30
Lalit Adithya	3343c69be8	Added X-VAULT-NAMESPACE header for the requestTokenWithAppRoleRef API call Signed-off-by: lalit@lalitadithya.com <lalit@lalitadithya.com>	2021-03-17 18:53:44 +05:30
joshvanl	65acf10858	Don't log error output in approver when CertificateRequest is deleted Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-17 13:10:39 +00:00
joshvanl	b9646a832e	Updates certificate request validation to use new signature Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-17 13:10:39 +00:00
joshvanl	32d0c5af4e	Updates Approved/Denied tests for new reasons Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-17 13:10:39 +00:00
joshvanl	98a33791e4	Remove CertificateRequest Approve/Deny Reasons Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-17 13:10:39 +00:00
joshvanl	4e042011e6	Adds CertificateRequest approval condition validation to ensure: - Only a single Approve _or_ Deny condition may exist - They cannot be modified once set - They must always have a status of `True` Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-17 13:10:39 +00:00
joshvanl	417b947733	Updates CertificateRequest conditions to include a distinct 'Denied' condition type Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-17 13:10:39 +00:00
joshvanl	d61ccb1730	Adds CertificateRequest Approved condition type, with Approved and Denied Reasons Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-17 13:10:39 +00:00
joshvanl	ba50140aa2	Updates generated clients Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-15 15:04:00 +00:00
joshvanl	f905f6a2aa	Adds ObservedGeneration to issuer condition status Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-15 15:04:00 +00:00
joshvanl	486cca9a19	Add RevisionHistoryLimit validation to enforce values of 1 or greater Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-15 14:53:55 +00:00
joshvanl	9c71814bdc	Updates generated API machinery Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-03-15 14:53:55 +00:00

1 2 3 4 5 ...

332 Commits