cert-manager

Author	SHA1	Message	Date
Zadkiel Aharonian	c88624100b	Fix tests Signed-off-by: Zadkiel Aharonian <hello@zadkiel.fr>	2018-10-23 16:25:49 +02:00
Zadkiel Aharonian	59e905cbcc	Add ACME DigitalOcean DNS01 provider Signed-off-by: Zadkiel Aharonian <hello@zadkiel.fr>	2018-10-23 16:25:49 +02:00
James Munnelly	0478694963	Update workqueue rate limiters on issuers and ingress-shim controllers Signed-off-by: James Munnelly <james@munnelly.eu>	2018-10-23 00:09:42 +01:00
Christopher Hlubek	d09c293b73	Respect HTTP01Timeout, improve logging Signed-off-by: Christopher Hlubek <hlubek@networkteam.com>	2018-10-21 22:02:26 +02:00
James Munnelly	aee3d377f8	Fix nil pointer dereference in ACME issuer Signed-off-by: James Munnelly <james@munnelly.eu>	2018-10-18 13:27:05 +01:00
James Munnelly	b6f854f849	Remove pkg/logs package Signed-off-by: James Munnelly <james@munnelly.eu>	2018-10-18 13:27:05 +01:00
jetstack-bot	500957f37e	Merge pull request #968 from munnerz/sig-algo Update SignatureAlgorithm function to also return PublicKey type	2018-10-16 15:03:37 +01:00
jetstack-bot	9eab875005	Merge pull request #967 from munnerz/unused-args Remove unused arg from GenerateTemplate	2018-10-16 14:36:36 +01:00
jetstack-bot	825eb9fecb	Merge pull request #966 from munnerz/cleanup Remove dead code and add extra comments	2018-10-16 12:51:36 +01:00
James Munnelly	3b81bb594d	Update unit tests Signed-off-by: James Munnelly <james@munnelly.eu>	2018-10-16 12:41:29 +01:00
James Munnelly	293bfd412f	Update SignatureAlgorithm function to also return PublicKey type Signed-off-by: James Munnelly <james@munnelly.eu>	2018-10-16 12:31:24 +01:00
James Munnelly	03c6f1229f	Remove unused arg from GenerateTemplate Signed-off-by: James Munnelly <james@munnelly.eu>	2018-10-16 12:29:38 +01:00
jetstack-bot	68aa606870	Merge pull request #963 from munnerz/acme-cleanup Cleanup ACME Issue function, separate into different functions	2018-10-16 11:39:36 +01:00
jetstack-bot	bb9a85a1ee	Merge pull request #961 from munnerz/ca-issuer-status Tidy up CA Issuer's use of status conditions	2018-10-16 11:12:36 +01:00
James Munnelly	09e0f1f188	Run //hack:update-bazel Signed-off-by: James Munnelly <james@munnelly.eu>	2018-10-16 10:27:04 +01:00
James Munnelly	f33561741f	Remove unused/dead code Signed-off-by: James Munnelly <james@munnelly.eu>	2018-10-16 10:23:47 +01:00
James Munnelly	420683609b	Add comments to pkg/util functions Signed-off-by: James Munnelly <james@munnelly.eu>	2018-10-16 10:16:34 +01:00
James Munnelly	01bc1fd51a	Update acmechallenges unit tests Signed-off-by: James Munnelly <james@munnelly.eu>	2018-10-15 23:37:00 +01:00
James Munnelly	36ac13bb14	Run //hack:update-bazel Signed-off-by: James Munnelly <james@munnelly.eu>	2018-10-15 23:12:52 +01:00
James Munnelly	c1bd9c4a2e	Add missing call to retryOrder in existing order value for private key check Signed-off-by: James Munnelly <james@munnelly.eu>	2018-10-15 23:02:17 +01:00
James Munnelly	965757cce0	Retry order if existing Order certificate is invalid Signed-off-by: James Munnelly <james@munnelly.eu>	2018-10-15 23:02:17 +01:00
James Munnelly	403a746bfa	Always reset LastFailureTime in retryOrder Signed-off-by: James Munnelly <james@munnelly.eu>	2018-10-15 23:02:17 +01:00
James Munnelly	87a479e6cb	Add extra comments in ACME Issuer function Signed-off-by: James Munnelly <james@munnelly.eu>	2018-10-15 23:02:17 +01:00
James Munnelly	f553f8e8a4	Move existing order checking into own function Signed-off-by: James Munnelly <james@munnelly.eu>	2018-10-15 23:02:17 +01:00
James Munnelly	f2551d3832	Reorder checking for existingOrder Signed-off-by: James Munnelly <james@munnelly.eu>	2018-10-15 23:02:17 +01:00
James Munnelly	e4399e87c5	Move private key generation to start of Issue Signed-off-by: James Munnelly <james@munnelly.eu>	2018-10-15 23:02:17 +01:00
James Munnelly	536b6fd76f	Refactor ACME issuer generate private key code Signed-off-by: James Munnelly <james@munnelly.eu>	2018-10-15 23:02:17 +01:00
James Munnelly	374db0b458	Refactor ACME issuer cleanup orders code Signed-off-by: James Munnelly <james@munnelly.eu>	2018-10-15 23:02:17 +01:00
James Munnelly	7f6d658ee0	Tidy up CA Issuer's use of status conditions Signed-off-by: James Munnelly <james@munnelly.eu>	2018-10-15 23:01:06 +01:00
James Munnelly	6e32738f22	Handle WaitAuthorization failing properly Signed-off-by: James Munnelly <james@munnelly.eu>	2018-10-15 14:15:21 +01:00
jetstack-bot	6f291b9311	Merge pull request #955 from munnerz/refactor-units Refactor acmechallenges unit test fixture construction	2018-10-14 00:28:01 +01:00
James Munnelly	454d420dc0	Run //hack:update-bazel Signed-off-by: James Munnelly <james@munnelly.eu>	2018-10-13 23:36:34 +01:00
James Munnelly	d7f21fd59e	Refactor acmechallenges unit test fixture construction Signed-off-by: James Munnelly <james@munnelly.eu>	2018-10-13 23:36:33 +01:00
James Munnelly	84978d88d8	Add extra comments to acme and pki package Signed-off-by: James Munnelly <james@munnelly.eu>	2018-10-13 21:05:18 +01:00
jetstack-bot	54d8ef7e8a	Merge pull request #911 from vdesjardins/vault-ca-bundle vault ca bundle support	2018-10-12 15:06:39 +01:00
James Munnelly	e815e42307	Add additional API type comments Signed-off-by: James Munnelly <james@munnelly.eu>	2018-10-12 14:08:51 +01:00
James Munnelly	039a086f58	run //hack:update-bazel Signed-off-by: James Munnelly <james@munnelly.eu>	2018-10-12 12:40:40 +01:00
James Munnelly	a98415fec7	Fix up test cases after rebase Signed-off-by: James Munnelly <james@munnelly.eu>	2018-10-12 12:40:39 +01:00
James Munnelly	eadbbc85c5	Add missing boilerplate headers Signed-off-by: James Munnelly <james@munnelly.eu>	2018-10-12 12:40:39 +01:00
James Munnelly	d323a1df0d	Add unit tests for acmeorders and acmechallenges Signed-off-by: James Munnelly <james@munnelly.eu>	2018-10-12 12:40:39 +01:00
James Munnelly	9214615d6e	Fix race issues in ACME issue function. Add extended unit tests. Signed-off-by: James Munnelly <james@munnelly.eu>	2018-10-12 12:40:39 +01:00
James Munnelly	ad99639b44	Fix failing test Signed-off-by: James Munnelly <james@munnelly.eu>	2018-10-12 12:40:38 +01:00
James Munnelly	847d0c6152	Refactor controllers to return Response structures Signed-off-by: James Munnelly <james@munnelly.eu>	2018-10-12 12:40:38 +01:00
James Munnelly	1f6013e39b	Add unit tests for ACME Prepare function Signed-off-by: James Munnelly <james@munnelly.eu>	2018-10-12 12:40:38 +01:00
James Munnelly	80e0085b5a	Remove old issuer check in Prepare function Signed-off-by: James Munnelly <james@munnelly.eu>	2018-10-12 12:40:38 +01:00
James Munnelly	d316ea6fb9	Add support for backing-off creating orders after failure Signed-off-by: James Munnelly <james@munnelly.eu>	2018-10-12 12:40:38 +01:00
James Munnelly	5482ece3f5	Update unit test framework to support actions and required reactors Signed-off-by: James Munnelly <james@munnelly.eu>	2018-10-12 12:40:38 +01:00
James Munnelly	967a48e1dc	Add ACME Order & Challenge controllers Signed-off-by: James Munnelly <james@munnelly.eu>	2018-10-12 12:40:38 +01:00
James Munnelly	65487e1d2b	Update ACME HTTP solver to use Challenge resources Signed-off-by: James Munnelly <james@munnelly.eu>	2018-10-12 12:40:37 +01:00
James Munnelly	2b663eb9a9	Update ACME DNS solver to use Challenge resources Signed-off-by: James Munnelly <james@munnelly.eu>	2018-10-12 12:40:37 +01:00
James Munnelly	f8b1e653f3	Refactor ACME Issuer to create and manage Order resources Signed-off-by: James Munnelly <james@munnelly.eu>	2018-10-12 12:40:37 +01:00
James Munnelly	4fcfbb44ef	Add IsFinalState and IsErrorState functions Signed-off-by: James Munnelly <james@munnelly.eu>	2018-10-12 12:40:37 +01:00
James Munnelly	2eb785655c	Run //hack:update-codegen Signed-off-by: James Munnelly <james@munnelly.eu>	2018-10-12 12:40:37 +01:00
James Munnelly	f3991c6edf	run //hack:update-bazel Signed-off-by: James Munnelly <james@munnelly.eu>	2018-10-12 12:40:37 +01:00
Vincent Desjardins	4e89b611cf	missing omitempty for CABundle field in Vault issuer Signed-off-by: Vincent Desjardins <vdesjardins@gmail.com>	2018-10-12 11:14:08 +00:00
James Munnelly	bfd8ac7eab	Add Order and Challenge API types Signed-off-by: James Munnelly <james@munnelly.eu>	2018-10-12 11:08:51 +01:00
Vincent Desjardins	7b01a8aa0d	update code review #2 Signed-off-by: Vincent Desjardins <vdesjardins@gmail.com>	2018-10-11 02:19:55 +00:00
Vincent Desjardins	92ac7a7c08	code review updates Signed-off-by: Vincent Desjardins <vdesjardins@gmail.com>	2018-10-11 01:22:05 +00:00
Vincent Desjardins	7c1ff275f0	vault ca bundle support Signed-off-by: Vincent Desjardins <vdesjardins@gmail.com>	2018-10-11 01:22:05 +00:00
jetstack-bot	620395511a	Merge pull request #924 from arnoldbechtoldt/useClusterIPsvc Make http01 solver serviceType configurable	2018-10-10 13:42:11 +01:00
jetstack-bot	5ea95b6cc1	Merge pull request #923 from arnoldbechtoldt/issue892 make http01 solver pod resource request/limits configurable, refs #892	2018-10-10 13:06:11 +01:00
Arnold Bechtoldt	ce1dd5e8b5	update API docs Signed-off-by: Arnold Bechtoldt <arnold.bechtoldt@inovex.de>	2018-10-10 13:31:07 +02:00
Arnold Bechtoldt	1587741820	rename setting and update docs regarding solver service type Signed-off-by: Arnold Bechtoldt <arnold.bechtoldt@inovex.de>	2018-10-08 15:24:17 +02:00
jetstack-bot	912c7672bd	Merge pull request #848 from Queuecumber/ca-nginx Include CA Certificate In Secrets	2018-10-08 13:04:37 +01:00
acoshift	3e9085f376	remove key algor validation in ACME issuer Signed-off-by: Thanatat Tamtan <acoshift@gmail.com>	2018-10-08 17:47:31 +07:00
Arnold Bechtoldt	d261e1f3f1	make serviceType configurable, fixes #928 Signed-off-by: Arnold Bechtoldt <arnold.bechtoldt@inovex.de>	2018-10-08 10:55:56 +02:00
acoshift	fc7711967e	allow ecdsa for acme Signed-off-by: Thanatat Tamtan <acoshift@gmail.com>	2018-10-07 20:22:41 +07:00
Arnold Bechtoldt	845eb7f57c	make http01 solver pod resource request/limits configurable, refs #892 Signed-off-by: Arnold Bechtoldt <arnold.bechtoldt@inovex.de>	2018-09-26 14:39:06 +02:00
splashx	4e9af51629	fix rfc2136 provider missing port error, plumb dnsNameserver01 Signed-off-by: splashx <splash@gmail.com>	2018-09-17 17:38:09 +02:00
Max Ehrlich	5eaf89ba4a	Simplify getting the ca cert bytes from the ca chain Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-09-15 17:41:17 -04:00
Max Ehrlich	f81f499d3d	Rerun gofmt Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-09-15 17:18:40 -04:00
Max Ehrlich	06fb0cefc7	Manually generate pem from cachain field since the vault api does not expose it Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-09-15 17:06:41 -04:00
Max Ehrlich	d63fbbab49	Fix go-fmt Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-09-13 18:54:30 -04:00
Max Ehrlich	48653e07f9	Return CA for vault certs, this uses the issuing_ca field from the vault api response, see (https://www.vaultproject.io/api/secret/pki/index.html#sign-certificate ) for details Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-09-13 18:47:44 -04:00
Max Ehrlich	25e86d5588	For now, the vault issuer will also not store it's CA certificate Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-09-13 17:07:15 -04:00
Max Ehrlich	ab450c7463	Set the CA field if a non-nil ca cert is passed Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-09-13 17:07:15 -04:00
Max Ehrlich	213d5ec6b5	Self-signed issuers return a copy of the same certificate that was issued as the CA Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-09-13 17:07:14 -04:00
Max Ehrlich	511650ca82	ACME issuers currently will not support getting the CA certificate Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-09-13 17:07:14 -04:00
Max Ehrlich	58efbc068c	Update CA issuer to return the CA cert pem Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-09-13 17:07:14 -04:00
Max Ehrlich	280382e6ce	Issue and renew should now return the bytes of the CA certificate that was used to issue the certs. This should be set to nil if not applicable Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-09-13 17:07:14 -04:00
Max Ehrlich	41c7def791	Helper function to get PEM encoded bytes of x509 certs Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-09-13 17:07:14 -04:00
Max Ehrlich	e347572541	Change key name constant to better match its function Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-09-13 17:07:14 -04:00
Max Ehrlich	2524335f3a	Set the "ca.crt" field for certificates issued with isCA so that nginx can properly identify them for client authentication Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-09-13 17:07:13 -04:00
James Munnelly	48ecee9cfb	run //hack:update-gofmt Signed-off-by: James Munnelly <james@munnelly.eu>	2018-09-13 11:25:04 +01:00
James Munnelly	b1f145625e	Set up Bazel workspace with git status and pass ldflags Signed-off-by: James Munnelly <james@munnelly.eu>	2018-09-13 11:24:52 +01:00
James Munnelly	c4e11e110f	run //hack:update-codegen Signed-off-by: James Munnelly <james@munnelly.eu>	2018-09-13 11:24:52 +01:00
James Munnelly	db65d6a170	run //hack:update-bazel Signed-off-by: James Munnelly <james@munnelly.eu>	2018-09-13 11:24:48 +01:00
jetstack-bot	140f9e7a4c	Merge pull request #891 from munnerz/metaauth-validation Relax resource validation for CloudDNS service account credentials	2018-09-12 09:34:48 +01:00
jetstack-bot	feb589feb5	Merge pull request #661 from splashx/master [ACME] Add RFC2136 DNS Provider (2nd attempt)	2018-09-12 09:11:48 +01:00
James Munnelly	01ab38e5ff	Relax resource validation for CloudDNS service account credentials Signed-off-by: James Munnelly <james@munnelly.eu>	2018-09-12 08:44:06 +01:00
Evan Anderson	265c9610ff	Add an error check for AzureDNS failure to create a solver. Add documentation comments for public methods (caught by 'go lint'). Signed-off-by: Evan Anderson <evan.k.anderson@gmail.com>	2018-09-11 01:20:44 -07:00
splashx	3761c6c3a4	fix panic, wrong logic Signed-off-by: splashx <splash@gmail.com>	2018-09-10 21:40:40 +02:00
splashx	51a8a57221	add tests for nameserver, tsigsecret and tsigname Signed-off-by: splashx <splash@gmail.com>	2018-09-10 20:03:32 +02:00
jetstack-bot	8d6701de0b	Merge pull request #838 from Queuecumber/ca-org-days Set Organization in Certificates	2018-09-10 17:56:17 +01:00
Max Ehrlich	10526f404a	Validate that vault certificates do not set the organization field Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-09-10 10:33:53 -04:00
jetstack-bot	d55cd7ffe5	Merge pull request #664 from kiwigrid/enable-clouddns-meta-auth enable clouddns meta auth	2018-09-10 13:49:17 +01:00
James Munnelly	ac08365928	Fix up test failure Signed-off-by: James Munnelly <james@munnelly.eu>	2018-09-10 13:25:33 +01:00
James Munnelly	8c5c402d1e	Fix up bug preventing saBytes being used. Add comments. Signed-off-by: James Munnelly <james@munnelly.eu>	2018-09-10 13:21:51 +01:00
Max Ehrlich	fc8167581f	Update tests to support multiple orgs Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-09-08 16:21:13 -04:00
Max Ehrlich	6a9f1d2348	Update code to allow setting multiple organizations Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-09-08 16:21:13 -04:00
Max Ehrlich	a3f5f7b7e9	Add test for successful cert with organization set Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-09-08 16:21:13 -04:00
Max Ehrlich	54b567e734	Add test case that should fail acme validation Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-09-08 16:21:13 -04:00
Max Ehrlich	340d2725e7	Generate certificates with the new organization field Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-09-08 16:21:12 -04:00
Max Ehrlich	b3e9e33e9d	Validation for acme issuers Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-09-08 16:21:12 -04:00
Max Ehrlich	986a7af74f	Add the organization field to the certificate spec Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-09-08 16:21:12 -04:00
James Munnelly	9d3ea5649a	Fix acme.privateKeySecretRef validation message Signed-off-by: James Munnelly <james@munnelly.eu>	2018-09-08 18:17:11 +01:00
James Munnelly	a48b60581b	Run gofmt with go 1.11 Signed-off-by: James Munnelly <james@munnelly.eu>	2018-09-08 03:19:00 +01:00
splashx	41111f7879	patch with rfc2136 Signed-off-by: splashx <splash@gmail.com>	2018-09-07 00:56:00 +02:00
jetstack-bot	834fda15a1	Merge pull request #478 from munnerz/webhooks Add validating webhook and webhook tls autoconfiguration	2018-09-05 13:00:50 +01:00
JuanJo Ciarlante	1266f4116b	minor cleanups Signed-off-by: JuanJo Ciarlante <juanjosec@gmail.com>	2018-08-28 22:23:57 -03:00
JuanJo Ciarlante	225a37ce7c	augment acmedns unit testing Signed-off-by: JuanJo Ciarlante <juanjosec@gmail.com>	2018-08-28 22:20:31 -03:00
JuanJo Ciarlante	ef2924c26a	[jjo] fix panic from acmedns.go constructor failure Signed-off-by: JuanJo Ciarlante <juanjosec@gmail.com>	2018-08-27 19:36:13 -03:00
rico.pahlisch	3b270623fd	enable clouddns meta auth Signed-off-by: Rico Pahlisch <rico.pahlisch@kiwigrid.com>	2018-08-27 09:13:05 +02:00
Frank Hamand	8b28b5adce	Fix cloudflare provider failing on cleanup if no record is found It's possible for cert-manager to get in a bad state where it thinks there's something to cleanup, but repeatedly fails to clean it up. Not finding the record should not be an error when we're trying to delete the record anyway. Signed-off-by: Frank Hamand <frankhamand@gmail.com>	2018-08-21 09:59:37 +01:00
James Munnelly	91bec0909c	Add validation webhook Signed-off-by: James Munnelly <james.munnelly@jetstack.io>	2018-08-20 12:34:05 +01:00
jetstack-bot	972f86704d	Merge pull request #787 from Queuecumber/master Add ACME-DNS as a DNS-01 Provider	2018-08-17 13:33:57 +01:00
Max Ehrlich	65e6a65143	Update the test to support nameservers Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-08-14 14:57:21 -04:00
Max Ehrlich	96a037fc23	Fix go fmt failing Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-08-14 14:48:51 -04:00
jetstack-bot	dba15aabe6	Merge pull request #658 from munnerz/is-ca Add 'isCA' field to Certificate spec	2018-08-14 12:35:53 +01:00
James Munnelly	8d3d095a29	Add 'isCA' field to Certificate spec Signed-off-by: James Munnelly <james.munnelly@jetstack.io>	2018-08-14 10:32:48 +01:00
James Munnelly	22f5d8c816	Fix issue causing existing ingresses to not be cleaned up properly Signed-off-by: James Munnelly <james.munnelly@jetstack.io>	2018-08-14 10:23:29 +01:00
James Munnelly	974fc9e1bb	Add unit test for cleaning up existing ingress Signed-off-by: James Munnelly <james.munnelly@jetstack.io>	2018-08-14 10:23:28 +01:00
Max Ehrlich	f7b1d413fb	Fix test for acme-dns provider Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-08-13 14:04:19 -04:00
Max Ehrlich	465bdc51d1	Boilerplate header Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-08-13 13:37:44 -04:00
Max Ehrlich	8d7baed20a	Support DNS01Nameservers field Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-08-13 13:37:03 -04:00
Max Ehrlich	b1eadabf42	Change wording from "accounts" to "account" Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-08-13 13:32:14 -04:00
Max Ehrlich	e791680a88	Namespace was moved from a class variable to a local Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-08-13 13:32:14 -04:00
Max Ehrlich	dab8a47ec6	Function signature for DNS01Record was changed to return an error, handle that Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-08-13 13:32:13 -04:00
Max Ehrlich	0209938c94	Add validation logic Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-08-13 13:32:13 -04:00
Max Ehrlich	d12fbc161f	Ensure key is good enough for acme-dns to accept Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-08-13 13:32:13 -04:00
Max Ehrlich	240828b272	Read test host from env variable Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-08-13 13:32:13 -04:00
Max Ehrlich	80a9e7bf03	Make sure names are consistent Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-08-13 13:32:13 -04:00
Max Ehrlich	9d1f233729	Fix env variable names in unit test Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-08-13 13:32:12 -04:00
Max Ehrlich	992602b472	Add unit test to dns testing Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-08-13 13:32:12 -04:00
Max Ehrlich	310a6f8689	Add unit test for acmedns Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-08-13 13:31:43 -04:00
Max Ehrlich	f369d691fe	Keeping names consistent again Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-08-13 13:31:42 -04:00
Max Ehrlich	2d41d79d3c	Include acme-dns into the generic dns challenge interface Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-08-13 13:31:42 -04:00
Max Ehrlich	795b472e8d	Flesh out acme-dns implementation, registration must occur before using cert-manager Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-08-13 13:30:34 -04:00
Max Ehrlich	5695b867f6	Keep naming consistent Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-08-13 13:30:34 -04:00
Max Ehrlich	f7a42fb9fd	Add acme-dns issuer config to the issuer definition and update docs Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-08-13 13:30:33 -04:00
Max Ehrlich	8251d96c21	Add acme-dns issuer to provider configuration Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-08-13 13:30:33 -04:00
Max Ehrlich	9902845c82	Add acmedns constructor to dns interface Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-08-13 13:30:33 -04:00
Max Ehrlich	40ce2d8e86	Basic parts of implementation of acme dns, missing registration and credential retrieval Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-08-13 13:25:43 -04:00
Max Ehrlich	110a9443e8	Stubs for acmedns and its test Signed-off-by: Max Ehrlich <max.ehr@gmail.com>	2018-08-13 13:25:43 -04:00
jetstack-bot	abfbb36a48	Merge pull request #825 from ocadotechnology/820-plumb-dns-servers-more fix: plumb dns servers into more areas	2018-08-13 17:48:30 +01:00
stuart.warren	4f80dca9d5	fix: plumb dns servers into more areas fixes: #820 Signed-off-by: stuart.warren <stuart.warren@ocado.com>	2018-08-13 16:21:37 +01:00
James Munnelly	813996b07d	Update third_party files with skip license headers Signed-off-by: James Munnelly <james.munnelly@jetstack.io>	2018-08-13 16:06:07 +01:00
James Munnelly	51195e4c5f	Update license header and add header to every file Signed-off-by: James Munnelly <james.munnelly@jetstack.io>	2018-08-13 15:53:37 +01:00
jetstack-bot	7d581d60c2	Merge pull request #816 from kragniz/catch-dns-error Catch and return dns query error in DNS01Record	2018-08-10 12:16:03 +01:00
Louis Taylor	cc9a18a872	Handle error cases	2018-08-10 11:12:15 +01:00
jetstack-bot	d0002f6c71	Merge pull request #811 from jetstack/selfsigned-ca-bundle Don't bundle the CA certificate when selfsigned	2018-08-10 11:07:12 +01:00
Louis Taylor	69f6a234c7	Catch and return dns query error in DNS01Record	2018-08-10 11:04:48 +01:00
James Munnelly	2110aacc3b	Don't bundle the CA certificate when selfsigned	2018-08-09 16:32:10 +01:00
James Munnelly	c169a1ffc1	Catch edge case where the CN and DNSNames on a Certificate have been reordered	2018-08-08 20:19:16 +01:00
James Munnelly	503186c2d2	Add unit test for PublicKeyMatchesCertificate	2018-08-08 13:39:34 +01:00
James Munnelly	0dd3155fb2	Add logic to handle ready vs valid ACME orders	2018-08-08 13:39:34 +01:00
James Munnelly	1ed6855bde	Expose GetCertificate function	2018-08-08 13:39:30 +01:00
James Munnelly	fa0bc9998e	Add RenewBeforeDuration option to controller context	2018-08-08 13:34:30 +01:00
James Munnelly	071d1c6c88	Fix resourceNamespace	2018-08-07 16:13:46 +01:00
James Munnelly	3781c2d1be	Update references to resourceNamespace	2018-08-07 16:13:46 +01:00
James Munnelly	3a69dd1cbf	Update unit test fixture to produce mock Contexts	2018-08-07 16:13:46 +01:00
James Munnelly	38c62357f7	Update ACME issuer for new context	2018-08-07 16:13:46 +01:00
James Munnelly	f4170cbbf0	Update http01 challenge solver	2018-08-07 16:13:46 +01:00
James Munnelly	370a7a1460	Update DNS01 solver	2018-08-07 16:13:46 +01:00
James Munnelly	2fcbee05b7	Update ACME issuer	2018-08-07 16:13:46 +01:00
James Munnelly	e9285c6bdb	Update selfsigned issuer	2018-08-07 16:13:46 +01:00
James Munnelly	3f325d1659	Update CA issuer	2018-08-07 16:13:46 +01:00
James Munnelly	7ee345f88c	Update Vault issuer	2018-08-07 16:13:46 +01:00
James Munnelly	a46774fe44	Update Issuers controller	2018-08-07 16:13:46 +01:00
James Munnelly	59880abd43	Update ClusterIssuer controller	2018-08-07 16:13:46 +01:00
James Munnelly	9cc07eefe5	Update Certificate controller	2018-08-07 16:13:46 +01:00
James Munnelly	61a27d3b6c	Update validation to use consts moved into pkg/controller	2018-08-07 16:13:46 +01:00
James Munnelly	9dc20d3c35	Remove dedicated issuer context and move issuer registration into controller pkg	2018-08-07 16:13:46 +01:00
James Munnelly	36f9f356cd	Refactor ACME client construction into dedicated ACME package	2018-08-07 15:22:53 +01:00
James Munnelly	7346240830	Update codebase for refactored API type names	2018-08-07 14:16:53 +01:00
James Munnelly	3e95b9410c	Update generated files	2018-08-07 14:16:49 +01:00
James Munnelly	f46f99a1cb	Rename API types (keeping API surface identical)	2018-08-07 14:08:31 +01:00
James Munnelly	29eb04adfe	Move API types into separate files	2018-08-07 11:48:38 +01:00
James Munnelly	fcf812c654	Add OWNERS files to auto-label PRs. Mark apis directory as requiring a review by @munnerz.	2018-07-26 13:01:58 +01:00
jetstack-bot	317e6e829c	Merge pull request #761 from kragniz/runtime-validation Add base of issuer-specific validation to certificates at runtime	2018-07-26 11:20:29 +01:00
Louis Taylor	791488e2ed	Better test coverage	2018-07-26 10:50:28 +01:00
James Munnelly	686e9159e5	Wait for ACME Orders to be in 'ready' state before attempting finalization	2018-07-25 18:05:45 +01:00
Louis Taylor	474c8ed27f	Add extra testcase	2018-07-25 17:41:05 +01:00
Louis Taylor	db5383051e	Remove duplicated check	2018-07-25 15:55:19 +01:00
Louis Taylor	c5cf376c5e	Run ValidateCertificateForIssuer during sync	2018-07-25 15:45:37 +01:00
Louis Taylor	d23bad8c2f	nameForIssuer -> NameForIssuer	2018-07-25 15:45:13 +01:00
Louis Taylor	aa60a41591	Add tests	2018-07-25 15:44:25 +01:00
Louis Taylor	cdae8cbce8	Add base issuer validation	2018-07-25 15:44:06 +01:00
Louis Taylor	bcf135c7ae	clouddns: use fqdn for challenge cleanup This is the same as the problem fixed in #750, but for cleanup.	2018-07-22 20:17:11 +01:00
jetstack-bot	398e1560a3	Merge pull request #670 from gurvindersingh/master add support CNAME for dns-01 challenge	2018-07-20 19:36:06 +01:00
jetstack-bot	b15a18be98	Merge pull request #746 from euank/route53-invalid-change-batch issuer/route53: fix delete for 'NotExist' errors	2018-07-20 18:36:59 +01:00
Euan Kemp	ea84532a5c	issuer/route53: log ignored InvalidChangeBatch err	2018-07-20 10:10:02 -07:00
Louis Taylor	082f815773	clouddns: find hosted zone for challenge record Previously this would fail if you use a CNAME for the _acme-challenge record.	2018-07-20 16:53:12 +01:00
Euan Kemp	15d497b4ca	issuer/route53: fix delete for 'NotExist' errors Fixes #736. Prior to this change, it was quite possible to end up with a queue of cleanup tasks that would never succeed.	2018-07-19 10:20:27 -07:00
jetstack-bot	6348c6ffca	Merge pull request #722 from autonomic-ai/support-ec-keys Add keyAlgorithm and keySize fields to Certificates, and support ECDSA keys	2018-07-18 10:00:36 +01:00
Afolabi Badmos	445e522432	Add support for EC keys - This PR adds two fields to CertificateSpec: - `keyAlgorithm`, denotes which algorithm to use when generating a private key. Can be either `rsa` or `ecdsa`. When not set, the default algorithm used `rsa`. - `keySize`, denotes the key size of the private key being generated. For `rsa`, minimum key size is 2048 and maximum is 8192. For `ecdsa`, sizes 224, 256, 384 & 521 are supported. See https://golang.org/pkg/crypto/elliptic - `keySize` can be set without being explicit about `keyAlgorithm`. - If `keySize` is specified and `keyAlgorithm` is not provided, `rsa` will be used as the key algorithm. - `keyAlgorithm` can be set without being explicit about `keySize`. - If `keyAlgorithm` is specified and `keySize` is not provided, key size key size of `256` will be used for `ecdsa` key algorithm and key size of `2048` will be used for `rsa` key algorithm. - helper functions in `pki` package now return crypto.PrivateKey	2018-07-17 12:42:07 -04:00
Louis Taylor	969c4530a0	Add Contains util function	2018-07-12 10:27:05 +01:00
jetstack-bot	a162a5bb8e	Merge pull request #612 from vdesjardins/custom-approle-path Vault: configurable appRole authentication path	2018-07-11 17:53:33 +01:00
jetstack-bot	c08cd80730	Merge pull request #622 from munnerz/istio-annotation Add auth.istio.io annotation to ACME HTTP01 service	2018-07-11 17:18:33 +01:00
Vincent Desjardins	7fae0fccf1	code review fixes	2018-07-11 16:00:39 +00:00

... 2 3 4 5 6 ...

738 Commits