weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
1,139 Commits 45 Branches 0 Tags 96 MiB
e791680a88
Commit Graph

263 Commits

Author SHA1 Message Date
Max Ehrlich
e791680a88
Namespace was moved from a class variable to a local 
Signed-off-by: Max Ehrlich <max.ehr@gmail.com>
 2018-08-13 13:32:14 -04:00
Max Ehrlich
dab8a47ec6
Function signature for DNS01Record was changed to return an error, handle that 
Signed-off-by: Max Ehrlich <max.ehr@gmail.com>
 2018-08-13 13:32:13 -04:00
Max Ehrlich
d12fbc161f
Ensure key is good enough for acme-dns to accept 
Signed-off-by: Max Ehrlich <max.ehr@gmail.com>
 2018-08-13 13:32:13 -04:00
Max Ehrlich
240828b272
Read test host from env variable 
Signed-off-by: Max Ehrlich <max.ehr@gmail.com>
 2018-08-13 13:32:13 -04:00
Max Ehrlich
80a9e7bf03
Make sure names are consistent 
Signed-off-by: Max Ehrlich <max.ehr@gmail.com>
 2018-08-13 13:32:13 -04:00
Max Ehrlich
9d1f233729
Fix env variable names in unit test 
Signed-off-by: Max Ehrlich <max.ehr@gmail.com>
 2018-08-13 13:32:12 -04:00
Max Ehrlich
992602b472
Add unit test to dns testing 
Signed-off-by: Max Ehrlich <max.ehr@gmail.com>
 2018-08-13 13:32:12 -04:00
Max Ehrlich
310a6f8689
Add unit test for acmedns 
Signed-off-by: Max Ehrlich <max.ehr@gmail.com>
 2018-08-13 13:31:43 -04:00
Max Ehrlich
2d41d79d3c
Include acme-dns into the generic dns challenge interface 
Signed-off-by: Max Ehrlich <max.ehr@gmail.com>
 2018-08-13 13:31:42 -04:00
Max Ehrlich
795b472e8d
Flesh out acme-dns implementation, registration must occur before using cert-manager 
Signed-off-by: Max Ehrlich <max.ehr@gmail.com>
 2018-08-13 13:30:34 -04:00
Max Ehrlich
9902845c82
Add acmedns constructor to dns interface 
Signed-off-by: Max Ehrlich <max.ehr@gmail.com>
 2018-08-13 13:30:33 -04:00
Max Ehrlich
40ce2d8e86
Basic parts of implementation of acme dns, missing registration and credential retrieval 
Signed-off-by: Max Ehrlich <max.ehr@gmail.com>
 2018-08-13 13:25:43 -04:00
Max Ehrlich
110a9443e8
Stubs for acmedns and its test 
Signed-off-by: Max Ehrlich <max.ehr@gmail.com>
 2018-08-13 13:25:43 -04:00
jetstack-bot
abfbb36a48
Merge pull request #825 from ocadotechnology/820-plumb-dns-servers-more 
fix: plumb dns servers into more areas
 2018-08-13 17:48:30 +01:00
stuart.warren
4f80dca9d5 fix: plumb dns servers into more areas 
fixes: #820
Signed-off-by: stuart.warren <stuart.warren@ocado.com>
 2018-08-13 16:21:37 +01:00
James Munnelly
813996b07d Update third_party files with skip license headers 
Signed-off-by: James Munnelly <james.munnelly@jetstack.io>
 2018-08-13 16:06:07 +01:00
James Munnelly
51195e4c5f Update license header and add header to every file 
Signed-off-by: James Munnelly <james.munnelly@jetstack.io>
 2018-08-13 15:53:37 +01:00
Louis Taylor
cc9a18a872
Handle error cases 2018-08-10 11:12:15 +01:00
Louis Taylor
69f6a234c7
Catch and return dns query error in DNS01Record 2018-08-10 11:04:48 +01:00
James Munnelly
c169a1ffc1 Catch edge case where the CN and DNSNames on a Certificate have been reordered 2018-08-08 20:19:16 +01:00
James Munnelly
0dd3155fb2 Add logic to handle ready vs valid ACME orders 2018-08-08 13:39:34 +01:00
James Munnelly
071d1c6c88 Fix resourceNamespace 2018-08-07 16:13:46 +01:00
James Munnelly
3781c2d1be Update references to resourceNamespace 2018-08-07 16:13:46 +01:00
James Munnelly
3a69dd1cbf Update unit test fixture to produce mock Contexts 2018-08-07 16:13:46 +01:00
James Munnelly
38c62357f7 Update ACME issuer for new context 2018-08-07 16:13:46 +01:00
James Munnelly
f4170cbbf0 Update http01 challenge solver 2018-08-07 16:13:46 +01:00
James Munnelly
370a7a1460 Update DNS01 solver 2018-08-07 16:13:46 +01:00
James Munnelly
2fcbee05b7 Update ACME issuer 2018-08-07 16:13:46 +01:00
James Munnelly
36f9f356cd Refactor ACME client construction into dedicated ACME package 2018-08-07 15:22:53 +01:00
James Munnelly
7346240830 Update codebase for refactored API type names 2018-08-07 14:16:53 +01:00
James Munnelly
fcf812c654 Add OWNERS files to auto-label PRs. Mark apis directory as requiring a review by @munnerz. 2018-07-26 13:01:58 +01:00
James Munnelly
686e9159e5 Wait for ACME Orders to be in 'ready' state before attempting finalization 2018-07-25 18:05:45 +01:00
Louis Taylor
bcf135c7ae
clouddns: use fqdn for challenge cleanup 
This is the same as the problem fixed in #750, but for cleanup.
 2018-07-22 20:17:11 +01:00
jetstack-bot
398e1560a3
Merge pull request #670 from gurvindersingh/master 
add support CNAME for dns-01 challenge
 2018-07-20 19:36:06 +01:00
jetstack-bot
b15a18be98
Merge pull request #746 from euank/route53-invalid-change-batch 
issuer/route53: fix delete for 'NotExist' errors
 2018-07-20 18:36:59 +01:00
Euan Kemp
ea84532a5c issuer/route53: log ignored InvalidChangeBatch err 2018-07-20 10:10:02 -07:00
Louis Taylor
082f815773
clouddns: find hosted zone for challenge record 
Previously this would fail if you use a CNAME for the _acme-challenge
record.
 2018-07-20 16:53:12 +01:00
Euan Kemp
15d497b4ca issuer/route53: fix delete for 'NotExist' errors 
Fixes #736.

Prior to this change, it was quite possible to end up with a queue of
cleanup tasks that would never succeed.
 2018-07-19 10:20:27 -07:00
jetstack-bot
6348c6ffca
Merge pull request #722 from autonomic-ai/support-ec-keys 
Add keyAlgorithm and keySize fields to Certificates, and support ECDSA keys
 2018-07-18 10:00:36 +01:00
Afolabi Badmos
445e522432 Add support for EC keys 
- This PR adds two fields to CertificateSpec:
  - `keyAlgorithm`, denotes which algorithm to use when generating
    a private key. Can be either `rsa` or `ecdsa`. When not set, the
    default algorithm used `rsa`.
  - `keySize`, denotes the key size of the private key being generated.
    For `rsa`, minimum key size is 2048 and maximum is 8192.
    For `ecdsa`, sizes 224, 256, 384 & 521 are supported.
    See https://golang.org/pkg/crypto/elliptic

- `keySize` can be set without being explicit about `keyAlgorithm`.
  - If `keySize` is specified and `keyAlgorithm` is not provided, `rsa` will
    be used as the key algorithm.

- `keyAlgorithm` can be set without being explicit about `keySize`.
  - If `keyAlgorithm` is specified and `keySize` is not provided, key size
    key size of `256` will be used for `ecdsa` key algorithm and
    key size of `2048` will be used for `rsa` key algorithm.

- helper functions in `pki` package now return crypto.PrivateKey
 2018-07-17 12:42:07 -04:00
jetstack-bot
c08cd80730
Merge pull request #622 from munnerz/istio-annotation 
Add auth.istio.io annotation to ACME HTTP01 service
 2018-07-11 17:18:33 +01:00
jetstack-bot
bd7f15d5f4
Merge pull request #710 from kragniz/dns-flag 
Add flag for setting nameservers for DNS01 check
 2018-07-11 14:26:33 +01:00
Gustav Westling
641b497242 route53: update managed by DNS record comment 2018-07-08 12:09:00 +02:00
Louis Taylor
cbc61ef7f9
Fix tests 2018-07-05 12:41:33 +01:00
Louis Taylor
3eaca6a318
Add flag for custom dns01 nameservers 2018-07-05 12:40:53 +01:00
André Cruz
936e2b98ee Support the new "ready" order status 2018-07-03 15:31:14 +01:00
James Munnelly
bbb65baa38 Run go fmt 2018-06-26 01:24:52 +01:00
Guilherme Blanco
8d69e1e811 Added annotation to pod to prevent istio-sidecar-injector to add an envoy-proxy 2018-06-26 01:24:52 +01:00
James Munnelly
65b6ae2643 Add auth.istio.io annotation to ACME HTTP01 service 2018-06-26 01:24:52 +01:00
James Munnelly
fe5e748170 Don't return invalid/expired orders in shouldAttemptValidation 2018-06-25 10:46:10 +01:00