weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
8,201 Commits 45 Branches 0 Tags 96 MiB
e7f29f8bb3
Commit Graph

286 Commits

Author SHA1 Message Date
SpectralHiss
e7f29f8bb3 UTF8Value -> utf8Value in CRD JSON schema 
* Still following Go standard with UTF8Value for struct field name

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-20 08:30:54 +00:00
SpectralHiss
c87a2f6691 Add early feedback validation for otherName syntax and tests 
* Fixed warning

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-19 20:02:02 +00:00
SpectralHiss
95b9345a5d Make UTF8Value godoc comment more clear 
Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-13 17:05:12 +00:00
SpectralHiss
4bdee5f010 Rename otherNameSANs to otherNames 
* Improve the CRD godoc comments

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-13 16:21:56 +00:00
Tim Ramlot
721f71ed60 Refactor the solution 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-12-13 09:37:21 +00:00
Tim Ramlot
7b7912022a Add feature gate 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-12-13 09:16:06 +00:00
Tim Ramlot
bfd9a65160 Add OtherNameSANs field to Certificates 
* Added an otherName SAN extension mechanism
* Can take any otherName OID with String (UTF-8) like value
* cf [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) p 37 for
  more info
* otherName is only a subset of GeneralName, our specific need for for
  UserPrincipalName used in Microsoft AD/ LDAP
* We treat UPN special but we might remove this in a later commit

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-13 09:12:23 +00:00
tanujd11
a29a5913d0 addressed review comments 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 23:42:35 +05:30
tanujd11
28ca4312b3 fix: additional review comments 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 22:30:31 +05:30
tanujd11
8d362439a8 fix UTs 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 22:30:31 +05:30
tanujd11
84d7dd4aed Addressed review comments 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 22:30:31 +05:30
tanujd11
d1b3e5ca83 Move critical from NameConstraintItem to NameConstraint and remove validateNameConstraints 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 22:30:29 +05:30
tanujd11
adb9311f56 validate name constraint before signing CSR 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 22:29:45 +05:30
tanujd11
50d84c1bbc nits: added new line at EOF and comment fix 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 22:27:42 +05:30
tanujd11
589030dec1 feature: added name constraints 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 22:27:31 +05:30
Tim Ramlot
c5d7f15aa1
LiteralCertificateSubject: improve webhook logic 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-12-06 16:09:06 +01:00
Tim Ramlot
25eec9514a
rename internal API fields to match the fieldnames in the public API 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-12-06 13:59:59 +01:00
Jeremy Campbell
dc876fef16
Add x509 v3 CA Issuers Extension 
Signed-off-by: Jeremy Campbell <jeremy.campbell@okta.com>
 2023-11-16 12:45:16 -06:00
jetstack-bot
6fddbe538f
Merge pull request #6433 from vinny-sabatini/issue-5782 
fix error message when setting up vault issuer
 2023-11-14 16:30:01 +01:00
Tim Ramlot
4c94f3ef10
create ad-hoc schemes instead of sharing global ones 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-11-06 21:58:24 +01:00
Vinny Sabatini
ef6ef1f0db additional improvements to vault issuer error messages 
When initializing a Vault issuer:

* Create different error messages depending on if Vault is sealed or not initialized
* Do not explicitly parse the Vault server URL (this is covered when trying to access health endpoint)

Signed-off-by: Vinny Sabatini <vincent.sabatini@kohls.com>
 2023-10-20 16:36:11 -05:00
Vincent Sabatini
298ceb3b2a fix error message when setting up vault issuer 
* Ensure Vault URL can be parsed
* Separate generic http errors from vault specific errors when checking
health endpoint

Signed-off-by: Vincent Sabatini <vincent.sabatini@gmail.com>
 2023-10-19 08:23:04 -05:00
Tim Ramlot
c51b23497d
update the Condition Message for IncorrectCertificate 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-10-17 17:43:26 +02:00
Tim Ramlot
b6ba4ded86
add test for SecretCertificateNameAnnotationsMismatch 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-10-17 17:31:38 +02:00
Tim Ramlot
15bc387da6
make changes based on feedback 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-10-13 19:42:13 +02:00
Tim Ramlot
61bdecf68a
only sort the duplicates 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-10-11 14:05:50 +02:00
Tim Ramlot
d40dae9d67
Fix DuplicateSecretName issue 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-10-11 13:47:44 +02:00
Tim Ramlot
e5f50002e1
introduce configfile for cainjector options 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-09-28 12:56:11 +02:00
jetstack-bot
798116152c
Merge pull request #6302 from inteon/update_api_comments 
Review Certificate and CertificateRequest API comments
 2023-09-01 12:38:39 +02:00
Tim Ramlot
b98043f6b8
apply review suggestions 
Co-authored-by: Maël Valais <mael@vls.dev>
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-09-01 12:20:00 +02:00
Tim Ramlot
7c2b4adee7
Rewrite comments in cert-manager API 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-09-01 12:19:35 +02:00
jetstack-bot
3216d18f84
Merge pull request #6298 from inteon/feature_gates 
Feature gates: promote StableCertificateRequestName and SecretsFilteredCaching to Beta
 2023-08-30 19:25:45 +02:00
Tim Ramlot
b5dc93c6e3
make myself the owner of StableCertificateRequestName, meaning I will continue developing this feature to GA 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-08-30 18:36:42 +02:00
Tim Ramlot
cf8e37291a
replace k8s.io/utils/pointer with k8s.io/utils/ptr 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-08-28 09:33:10 +02:00
Tim Ramlot
882b771f55
promote StableCertificateRequestName and SecretsFilteredCaching to Beta 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-08-25 21:32:08 +02:00
Tim Ramlot
c70d9aba08
Rename DontAllowInsecureCSRUsageDefinition feature flag to DisallowInsecureCSRUsageDefinition and make it a Beta flag. 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-08-25 15:18:14 +02:00
Tim Ramlot
1795c1985f
more clearly indicate that the example is a template 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-08-25 14:38:24 +02:00
Tim Ramlot
f158e1dfac
cleanup featuregate comments 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-08-25 09:36:47 +02:00
Tim Ramlot
80a3923fd2
use logsapi.LoggingConfiguration instead of logs.Options 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-08-17 12:51:19 +02:00
Tim Ramlot
31b5ed6620
Make webhook Logging options configurable using configfile. 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-08-17 12:00:50 +02:00
Tim Ramlot
e8b5b2e354
Fix bug in ControllerConfiguration's defaulting of logging config, where config would not be correctly defaulted in case a partial logging configuration is provided. 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-08-17 11:19:16 +02:00
Tim Ramlot
db1fcdabb1
add comment explaining port 0 behavior 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-08-16 11:08:36 +02:00
Tim Ramlot
b19d11d267
change the types of ports in the WebhookConfiguration: 
internal: *int -> int32
public: *int -> *int32

Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-08-15 20:53:58 +02:00
guiyong.ou
3d76c20f51 cleanup: some redundant code clean up 
Signed-off-by: guiyong.ou <guiyong.ou@daocloud.io>
 2023-08-14 17:36:25 +08:00
jetstack-bot
9d618a17fb
Merge pull request #6242 from inteon/restructure_controller_configfile 
Restructure the controller configfile
 2023-08-10 15:37:09 +02:00
Tim Ramlot
f50167ce31
restructure the controller configfile 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-08-10 11:30:33 +02:00
Tim Ramlot
ae287461d0
prepare cmctl improvements 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-08-01 10:32:35 +02:00
Cody W. Eilar
282a6d58a9 Preserve internal types 
- Needed to add custom conversion functions to handle conversions from
  public facing types to internal ones.

Signed-off-by: Cody W. Eilar <ecody@vmware.com>
 2023-07-27 16:44:38 -07:00
Cody W. Eilar
6212b63e51 Address the non-optional values in internal config 
- This  commit changes the internal config to have fewer number of
  optional parameters.  It changes the types to match the ones that are
  already present in https://github.com/kubernetes/apimachinery/blob/master/pkg/apis/meta/v1/conversion.go
  so that custom converters do not have to be written for types "int"
  and "float32".

Signed-off-by: Cody W. Eilar <ecody@vmware.com>
 2023-07-27 16:44:38 -07:00
Cody W. Eilar
1243fe285b Add to ability to start controller with config file 
Signed-off-by: Cody W. Eilar <ecody@vmware.com>
 2023-07-27 16:44:38 -07:00