weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
8,201 Commits 45 Branches 0 Tags 96 MiB
e7f29f8bb3
Commit Graph

1413 Commits

Author SHA1 Message Date
SpectralHiss
4bdee5f010 Rename otherNameSANs to otherNames 
* Improve the CRD godoc comments

Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
 2023-12-13 16:21:56 +00:00
Tim Ramlot
721f71ed60 Refactor the solution 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-12-13 09:37:21 +00:00
tanujd11
589030dec1 feature: added name constraints 
Signed-off-by: tanujd11 <dwiveditanuj41@gmail.com>
 2023-12-07 22:27:31 +05:30
Tim Ramlot
6f7ebbed7b
replace deprecated pkcs12 function call with pkcs12.LegacyRC2 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-11-27 12:32:19 +01:00
jetstack-bot
c9e028f3db
Merge pull request #6347 from lauraseidler/fix/gateway-warning-http 
Do not process Gateway listeners that do not support TLS
 2023-11-17 16:18:19 +01:00
Jeremy Campbell
dc876fef16
Add x509 v3 CA Issuers Extension 
Signed-off-by: Jeremy Campbell <jeremy.campbell@okta.com>
 2023-11-16 12:45:16 -06:00
jetstack-bot
6fddbe538f
Merge pull request #6433 from vinny-sabatini/issue-5782 
fix error message when setting up vault issuer
 2023-11-14 16:30:01 +01:00
Tim Ramlot
4c94f3ef10
create ad-hoc schemes instead of sharing global ones 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-11-06 21:58:24 +01:00
Vincent Sabatini
298ceb3b2a fix error message when setting up vault issuer 
* Ensure Vault URL can be parsed
* Separate generic http errors from vault specific errors when checking
health endpoint

Signed-off-by: Vincent Sabatini <vincent.sabatini@gmail.com>
 2023-10-19 08:23:04 -05:00
Max Brauer
432430b311
Rename webhookConfig to controllerConfig 
Signed-off-by: Max Brauer <mbrauer@vmware.com>
 2023-10-18 15:28:14 +02:00
Tim Ramlot
15bc387da6
make changes based on feedback 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-10-13 19:42:13 +02:00
Tim Ramlot
e63d061269
add tests 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-10-11 13:48:01 +02:00
Tim Ramlot
d40dae9d67
Fix DuplicateSecretName issue 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-10-11 13:47:44 +02:00
Laura Seidler
6ac88fd6b9
Do not process Gateway listeners that do not support TLS 
Otherwise, these will raise warnings in the next steps (e.g. about empty
TLS blocks, which are not supported for HTTP listeners).

Signed-off-by: Laura Seidler <hello@laura-seidler.de>
 2023-10-11 12:48:55 +02:00
Laura Seidler
6240ecbea3
Add test case to explicitly support TLS listeners 
Signed-off-by: Laura Seidler <hello@laura-seidler.de>
 2023-10-11 12:48:45 +02:00
Laura Seidler
9165f186cb
Use constants instead of strings for gateway protocol types 
These were already used in some places, this makes the usage more consistent
and easier to grep where different protocols are being used.

Signed-off-by: Laura Seidler <hello@laura-seidler.de>
 2023-10-11 12:48:39 +02:00
Tim Ramlot
ef3bd7d3b2
upgrade all dependencies 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-09-28 12:07:27 +02:00
Tim Ramlot
860df2294b
fix feedback: make hash secure 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-09-21 13:24:07 +02:00
Tim Ramlot
fa2d9333e3
BUGFIX: CertificateRequest short names must be unique. 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-09-20 14:51:24 +02:00
jetstack-bot
3216d18f84
Merge pull request #6298 from inteon/feature_gates 
Feature gates: promote StableCertificateRequestName and SecretsFilteredCaching to Beta
 2023-08-30 19:25:45 +02:00
Tim Ramlot
cf8e37291a
replace k8s.io/utils/pointer with k8s.io/utils/ptr 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-08-28 09:33:10 +02:00
Tim Ramlot
68cbbf8c42
update tests to work with StableCertificateRequestName featuregate being enabled by default 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-08-25 21:32:08 +02:00
Tim Ramlot
c70d9aba08
Rename DontAllowInsecureCSRUsageDefinition feature flag to DisallowInsecureCSRUsageDefinition and make it a Beta flag. 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-08-25 15:18:14 +02:00
Ashley Davis
87102cf47e
add tests for ipv6 in ingress-shim 
Signed-off-by: Ashley Davis <ashley.davis@venafi.com>
 2023-08-15 10:52:57 +01:00
jetstack-bot
9462d8ae9d
Merge pull request #6267 from zhangzhiqiangcs/distinguish-dns-names-ip-address 
distinguish dns names and ip address
 2023-08-15 11:00:03 +02:00
zhangzhiqiang02
a518056e0b
distinguish dns names and ip address 
Signed-off-by: zhangzhiqiang02 <zhangzhiqiang02@megvii.com>
 2023-08-15 09:56:36 +08:00
guiyong.ou
ad27e88a4b fix small possible 
Signed-off-by: guiyong.ou <guiyong.ou@daocloud.io>
 2023-08-14 19:51:52 +08:00
guiyong.ou
3d76c20f51 cleanup: some redundant code clean up 
Signed-off-by: guiyong.ou <guiyong.ou@daocloud.io>
 2023-08-14 17:36:25 +08:00
Cody W. Eilar
1243fe285b Add to ability to start controller with config file 
Signed-off-by: Cody W. Eilar <ecody@vmware.com>
 2023-07-27 16:44:38 -07:00
jetstack-bot
0b9366c0fb
Merge pull request #6232 from inteon/fix_log_reassignment 
[BUGFIX] Incorrect re-assignment of cross-invocation variable
 2023-07-26 13:35:07 +02:00
Ashley Davis
7e1ce241ac
use supplied context where possible 
this was discovered as part of the investigation into #6104

Signed-off-by: Ashley Davis <ashley.davis@venafi.com>
 2023-07-26 11:06:31 +01:00
Tim Ramlot
c7d0e0a13e
instead of creating a new local log variable, we were updating the cross-invocation log variable and were adding more Values to the log variable, causing high memory usage and incorrect log messages 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-07-25 20:31:47 +02:00
Tim Ramlot
36ddf19e2e
improve Trigger, Readiness and PostIssuance Policy chains 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-07-24 09:42:19 +02:00
jetstack-bot
843deed22f
Merge pull request #6199 from inteon/add_validation_to_pki 
Add validation to pki CertificateTemplate functions
 2023-07-07 09:32:14 +02:00
Tim Ramlot
5ba29272c0
add validation to pki CertificateTemplate function 
and add support for add DontAllowInsecureCSRUsageDefinition featuregate
to use old behavior in controller

Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-07-05 13:04:21 +02:00
Tim Ramlot
a9339849e5
improve label and annotation checks 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-23 17:05:42 +02:00
jetstack-bot
4d1486bbfc
Merge pull request #6168 from inteon/add_public_key_match 
Add SecretPublicKeysDiffersFromCurrentCertificateRequest check
 2023-06-23 16:55:40 +02:00
Tim Ramlot
19377b43b1
fix feedback from @wallrj 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-21 15:31:20 +02:00
Tim Ramlot
82499eb75b
fix failing TestNewReadinessPolicyChain test 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-20 19:06:02 +02:00
Tim Ramlot
9000a06956
BUGFIX: we incidentally removed the feature gate check that enables the UseCertificateRequestBasicConstraints feature 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-14 21:31:25 +02:00
Tim Ramlot
fe4f4e4aa6
re-add TODO comment and make the message more clear 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-14 14:51:39 +02:00
Tim Ramlot
8ddf016b00
fix a bug that caused the issuer-ref and certificate-name annotations on Secrets to be correct when being updated. 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-13 16:54:32 +02:00
cui fliter
4723347260 fix function name in comments 
Signed-off-by: cui fliter <imcusg@gmail.com>
 2023-06-07 17:17:07 +08:00
jetstack-bot
c5e6bf39d6
Merge pull request #6054 from inteon/correct_versions 
Use Version 3 for *x509.Certificate
 2023-05-26 13:57:32 +01:00
irbekrm
b1a59164e0 Don't import controller's feature gate setup into a shared library 
To prevent controller's feature gates from overwriting other component's feature gates

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-05-23 12:01:30 +01:00
Tim Ramlot
e7530880ce
use Version 3 for all Certificates and Version 0 for all CertificateRequests 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-05-11 10:21:55 +02:00
Tim Ramlot
0cf0f80b40
switch to non-deprecated functions in source code 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-05-10 19:22:49 +02:00
Tim Ramlot
e08a13496d
replace deprecated wait.PollUntil() and wait.Poll() 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-05-09 17:47:53 +02:00
Tim Ramlot
dc12a5d0a0
revert setting flags for logging tests 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-05-05 18:08:29 +02:00
Tim Ramlot
5091a3bff4
use same logging flags for every cli and simplify flag logic 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-05-05 18:08:29 +02:00