weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
4,939 Commits 45 Branches 0 Tags 96 MiB
e7b3e6c4e5
Commit Graph

847 Commits

Author SHA1 Message Date
Maël Valais
e7b3e6c4e5 PR comment: no more "return" in test code 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Irbe Krumina <irbekrm@gmail.com>
 2021-03-01 14:12:02 +01:00
Maël Valais
dc4f0a34e9 PR comment: compare time.Time instead of strings 
Also removed the unused "givenNamespace"

Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Irbe Krumina <irbekrm@gmail.com>
 2021-02-25 10:28:56 +01:00
Maël Valais
e50f26fc97 PR comment: fix notAfter test case using time.Truncate 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Irbe Krumina <irbekrm@gmail.com>
 2021-02-24 15:07:54 +01:00
Maël Valais
c9dcae2313 ocspServers field: add unit test 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-02-24 11:05:59 +01:00
irbekrm
b852e97ffb Removes the deprecated renew-before-expiry flag 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-02-21 10:22:25 +00:00
jetstack-bot
35febb1717
Merge pull request #3505 from hugoboos/ocsp-server 
Add option to specify OCSP server #3497
 2021-02-05 11:27:37 +00:00
joshvanl
15536801f0 Revert ingress key usage annotation to default the same as Certificate 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-02-04 16:08:30 +00:00
Maartje Eyskens
577c039220 Implement feedback 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2021-02-04 15:11:00 +00:00
Maartje Eyskens
bfce24fd59 Fix sync tests 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2021-02-04 15:11:00 +00:00
Maartje Eyskens
8ec816814f update bazel 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2021-02-04 15:11:00 +00:00
Maartje Eyskens
bbb75ee52f Allow ingress-shim to specify key usages + add server-auth to default 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2021-02-04 15:11:00 +00:00
Maël Valais
ba22785445 Rename ocspServer to oscpServers 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: James Munnelly <james@munnelly.eu>
 2021-02-03 11:13:32 +01:00
Hugo Stijns
5f18cce622 add option to specify OCSP server 
Signed-off-by: Hugo Stijns <hugo@boosboos.net>
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-02-03 09:09:03 +01:00
irbekrm
be5ba022a9 Improves error checking in TestSync function 
Also corrects some expected error values in test cases

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-02-02 11:23:42 +00:00
irbekrm
bb99260365 Skips an invalid Ingress.spec.tls entry instead of invalidating the whole Ingress 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-02-01 19:32:36 +00:00
Richard Wall
50a388a8a1 Fix unit tests 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-01-20 14:26:43 +00:00
Richard Wall
95d26b7c60 Extract the CA from Venafi response 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-01-20 14:14:48 +00:00
Matt Turner
44f69ce015 Minor log message clarification 
Supplying just a name, rather than a namespace/name, for a cainjector
source reference, results in the generic error message "invalid
certificate name". This condition is detected on its own branch so we
can be more specific.

Signed-off-by: Matt Turner <matturner@gmail.com>
 2021-01-07 19:21:11 +00:00
jetstack-bot
f19a5e6402
Merge pull request #3463 from wallrj/2667-acme-stalled-orders 
Wait for order-controller to add certificate data to the Order
 2020-12-17 16:30:41 +00:00
Richard Wall
9cd3eaabf7 Add a duration Ingress annotation to set the duration field on Certificate 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-12-16 09:40:28 +00:00
Richard Wall
27d0f011be Delete Order if its certificate data is bad or unexpected 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-12-15 13:46:52 +00:00
Richard Wall
fb01c3b3c2 Tests for handling of Orders with bad certificates 
* Badly formed certificates, and
* certificates with an unexpected public key.

Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-12-15 13:44:59 +00:00
Richard Wall
98e2f1c8f3 Wait for order-controller to add certificate data to the Order 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-12-15 10:22:38 +00:00
Richard Wall
02883417ee Re-organise the handling of non-failed but not-yet-valid Orders 
Exit early in this case and move the happy case to the end of the function.

Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-12-15 10:22:38 +00:00
Richard Wall
26aa0e29fa Add a renew-before Ingress annotation to set the renewBefore field on the Certificate 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-12-15 10:19:07 +00:00
Richard Wall
bae51b92b2 Simplify some ingress-shim helper functions 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-12-15 10:19:07 +00:00
jetstack-bot
cdc53b65cb
Merge pull request #3500 from meyskens/update-copy 
Update copyright to cert-manager project
 2020-12-15 10:12:31 +00:00
jetstack-bot
34396bc93b
Merge pull request #3499 from meyskens/ingress-netk8sbeta1 
Migrate Ingress to networking.k8s.io/v1beta1
 2020-12-14 09:50:12 +00:00
Maartje Eyskens
ab0cd57dc5 Use The cert-manager Authors. 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-12-11 19:04:13 +01:00
jetstack-bot
fcf54969dd
Merge pull request #3489 from exceptionfactory/3373-truststore-p12 
Add creation of truststore.p12 from CA
 2020-12-11 10:21:07 +00:00
Maartje Eyskens
c6e84d7c83 Switch informer to networking 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-12-09 16:36:11 +01:00
Maartje Eyskens
1788a9d758 Update copyright to cert-manager project 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-12-08 19:04:49 +01:00
exceptionfactory
e9dfbb7a1a Updated PKCS12 API docs and corrected code formatting #3373 
Signed-off-by: David Handermann <exceptionfactory@gmail.com>
 2020-12-08 11:23:16 -05:00
Maartje Eyskens
65281efff1 Migrate Ingress to networking.k8s.io/v1beta1 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-12-08 14:46:01 +01:00
jetstack-bot
7c53f88f19
Merge pull request #3476 from maelvls/unit-test-backoff-one-hour 
Move the 'back off for 1 hour' logic to a unit-tested func
 2020-12-08 11:02:17 +01:00
Maël Valais
62f8db6e6a refactor(issuing): PR review: use MustCreateCryptoBundle directly 
Signed-off-by: Maël Valais <mael.valais@gmail.com>
 2020-12-06 14:22:02 +01:00
Maël Valais
6484010f5c fix(issuing): wait until req matches cert before setting failure 
The issuing controller wasn't checking if the certificate request that
it picked up is up to date. That resulted in the certificate being set
to "Failing" and "Issuing = False" due to an old certificate request
that was created during a previous issuance. The certificate would then
become stale.

Signed-off-by: Maël Valais <mael.valais@gmail.com>
 2020-12-06 14:22:02 +01:00
Maël Valais
17cd05ecab test(issuing): new test: when req mismatches, cert can't be updated 
This new unit test highlights an unexpected behavior of the issuing
controller: the issuing controller is updating the certificate's status
when the certificate request has a failure ("Reason = Failed"), but the
controller might have picked up an out-of-date certificate request.

The consequence is that the issuing controller would set the certificate
to "Issuing = False". That happens when a re-issuance is triggered with
an old failing certificate request.

Signed-off-by: Maël Valais <mael.valais@gmail.com>
 2020-12-06 14:22:02 +01:00
Maël Valais
07fd8754f5 refactor(trigger): add test case when failure just happened 
Signed-off-by: Maël Valais <mael.valais@gmail.com>
 2020-12-06 13:51:12 +01:00
Maël Valais
769303c5f8 refactor(trigger): don't backoff when exactly 60min 
As Maartje mentioned, it doesn't make sense to return backoff = true
while returning a delay of 0. Also, use time.UTC instead of time.Local.

Signed-off-by: Maël Valais <mael.valais@gmail.com>
 2020-12-06 13:44:06 +01:00
Maël Valais
27d4924b5a refactor(trigger): move backoff logic to a unit-tested func 
The trigger_controller_test.go has many unrelated test cases and I
thought it would be good to have more tightly scoped functions that are
easy to review (and most importantly, the unit tests are easy to
review).

Signed-off-by: Maël Valais <mael.valais@gmail.com>
 2020-12-06 13:40:01 +01:00
exceptionfactory
c3db3ee7cd Simplified return handling for PKCS12 functions #3733 
Signed-off-by: David Handermann <exceptionfactory@gmail.com>
 2020-12-03 07:20:31 -06:00
exceptionfactory
9dd90f8f2b Added creation of truststore.p12 from CA for #3373 
Signed-off-by: David Handermann <exceptionfactory@gmail.com>
 2020-12-01 14:37:42 -05:00
jetstack-bot
6fd14b0241
Merge pull request #3464 from wallrj/3396-renew-before-expiry-duration 
Fix and deprecate the --renew-before-expiration-duration flag
 2020-12-01 12:07:06 +01:00
Maartje Eyskens
d705838e83 Implement feedback 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-11-20 09:46:49 +01:00
Maartje Eyskens
66f787ef33 Fix a lost EnableNotAfterDate 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-11-20 09:46:49 +01:00
Maartje Eyskens
04d88479e4 Pass duration on until ACME order creation 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-11-20 09:46:49 +01:00
Maartje Eyskens
1b33e8029a Fix unit tests 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-11-20 09:46:08 +01:00
Maartje Eyskens
7b6573aa35 Add duration into ACME 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-11-20 09:45:32 +01:00
Richard Wall
1fc1fa88a0 Prevent instant renewal when the renewBefore value matches the duration 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-11-19 15:00:27 +00:00