weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
5,399 Commits 45 Branches 0 Tags 96 MiB
ecc552a7de
Commit Graph

350 Commits

Author SHA1 Message Date
jetstack-bot
595d753339
Merge pull request #3982 from JoshVanL/parse-certificate-chain 
Change Vault Issuer to construct the certificate chain to populate the CertificateRequest CA with the root most cert.
 2021-05-12 17:34:13 +01:00
joshvanl
68aeb330b7 Change ParseCertificateChain to ParseSingleCertificateChain to show 
intention better

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-05-12 14:12:06 +01:00
Jake Sanders
79d8d9cb7b
Revert "Merge pull request #3724 from inteon/istio-virtualservice-for-http01" 
This reverts commit 80f27739b5, reversing
changes made to 96604d02a3.

Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-05-11 14:50:25 +01:00
Jake Sanders
423e82b65b
Revert "Merge pull request #3939 from JoshVanL/istio-api-to-internal-apis" 
This reverts commit f2a74ade5e, reversing
changes made to 7ff54e61e9.

Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-05-11 14:50:23 +01:00
Jake Sanders
8ca19b26f9
Revert "Merge pull request #3946 from inteon/fix_kubectl_apply" 
This reverts commit c7514d9262, reversing
changes made to 49cbedf262.

Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-05-11 14:50:18 +01:00
jetstack-bot
bd817cce0a
Merge pull request #3936 from irbekrm/webhook_warnings 
Webhook warnings
 2021-05-11 13:43:53 +01:00
irbekrm
6cb57c4c33 Makes ACME EAB key algo warning value unexported 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-05-11 13:14:33 +01:00
joshvanl
d17626c927 Changes vault issuer to use ParseCertificateChain from response from 
vault

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-05-10 19:07:31 +01:00
jetstack-bot
3434c78188
Merge pull request #3960 from wallrj/538-lint-fixes-richardw 
Fix some linting errors
 2021-05-07 11:50:34 +01:00
Jake Sanders
eab7c954a2
Use %v to log errors 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-05-05 16:28:46 +01:00
Jake Sanders
196e42c221
Tidy godoc comments 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-05-05 16:21:24 +01:00
Jake Sanders
f194d9b732
Add godoc comments 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-05-05 15:59:02 +01:00
Richard Wall
6f5efe4ef4 Remove redundant break statements 
pkg/internal/api/mutation/registry.go:138:3: redundant break statement (S1023)
pkg/internal/api/mutation/registry.go:157:3: redundant break statement (S1023)

Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-05-04 14:43:32 +01:00
Richard Wall
1635291afa Fix duplicate imports 
pkg/internal/apis/certmanager/validation/certificaterequest_test.go:31:2: package "github.com/jetstack/cert-manager/pkg/util/pki" is being imported more than once (ST1019)
pkg/internal/apis/certmanager/validation/certificaterequest_test.go:32:2: other import of "github.com/jetstack/cert-manager/pkg/util/pki"

Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-05-04 14:39:35 +01:00
Jake Sanders
7b06785012
deadcode: Highlight missing test 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-05-04 14:24:41 +01:00
Jake Sanders
e7219a155f
gosimple: S1004 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-05-04 14:21:38 +01:00
Jake Sanders
aca56a7168
errcheck 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-05-04 14:19:46 +01:00
Inteon
421ea2c867 add/ remove '// +optional' tags & cleanup other annotations 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-04-30 15:08:08 +02:00
Inteon
b44e347ce1 remove podTemplate field from ACMEChallengeSolverHTTP01Istio 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-04-30 13:15:01 +02:00
irbekrm
f46aad2b74 Implements suggestions from code review 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-04-29 17:47:27 +01:00
joshvanl
c5e2184a4a Moves /pkg/internal/apis/istio to /pkg/internal/istio 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-04-29 12:31:57 +01:00
irbekrm
c33f8b5d04 ACME issuer webhook validation returns a warning if EAB key algorithm is set 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-04-29 11:54:50 +01:00
irbekrm
bffebe2cb6 Calls to validating webhook can now return warnings 
Adds warnings to the top level validating functions' signatures

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-04-29 11:45:52 +01:00
joshvanl
00ceff3421 Update bazel 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-04-29 11:36:49 +01:00
joshvanl
e8a585f740 Move internal istio apis from pkg/issuer to pkg/internal/apis 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-04-29 11:35:20 +01:00
Inteon
2299e8d8a6 Apply suggestions from code review 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-04-28 09:20:49 +02:00
Inteon
624e2b9e69 add ACME HTTP01 Istio support 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-04-28 09:19:53 +02:00
jetstack-bot
b5be5a8730
Merge pull request #3877 from irbekrm/move_crypto_fork 
Use upstream golang/crypto for ACME EAB + move crypto fork to cert-manager org
 2021-04-13 13:28:15 +01:00
irbekrm
fc9d966a1c Certificate's revision history limit validated by webhook 
To avoid helm upgrade issues, see https://github.com/jetstack/cert-manager/issues/3880

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-04-12 14:59:28 +01:00
irbekrm
d213b4bfdb Standardize deprecation warnings 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-04-12 09:38:49 +01:00
irbekrm
09af959071 Issuer's ACME EAB algorithm can no longer be set 
It is hardcoded to HS256 in golang.org/x/crypto

Also, we now use a fork of golang.org/x/crypto
in cert-manager org.

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-04-09 10:28:19 +01:00
joshvanl
85ff4301b8 Passes through request context of webhook to admission functions 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-04-03 13:19:01 +01:00
jetstack-bot
e29a3df86d
Merge pull request #3785 from JoshVanL/approval-subject-access-review 
Approval subject access review
 2021-04-01 08:00:39 +01:00
joshvanl
46f1d853f5 Adds comment about why we convert CRs into internal types when 
validating approval

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-30 15:33:27 +01:00
irbekrm
81a8588b91 Bumps versions of Gazelle, go_rules, Kazel, protobuf 
Signed-off-by: irbekrm <irbekrm@gmail.com>

Bumps versions of Gazelle, go_rules, Kazel and protobuf

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-03-29 08:25:12 +01:00
joshvanl
820b8556a3 Fix go linting 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-26 17:41:42 +00:00
joshvanl
55e74c3e02 Update bazel build files 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-26 17:28:14 +00:00
joshvanl
4be73eaec0 Add plugins to webhook server 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-26 17:26:28 +00:00
joshvanl
3ecef47b2a Remove SubjectAccessReview validation registry 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-26 17:26:28 +00:00
joshvanl
29a7a90d85 Remove old approval SAR registry 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-26 17:26:28 +00:00
joshvanl
8380569470 Move approval validation to new internal webhook admission plugin 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-26 17:26:28 +00:00
joshvanl
746cd7460b Updates approval review comment to correctly state cluster scope and 
issuer name

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-26 17:26:28 +00:00
joshvanl
d69e798b83 Update validation approved tests for new string 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-26 17:26:28 +00:00
joshvanl
ed22fb99f6 Change approved/denied forbidden error to read better for EU 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-26 17:26:28 +00:00
joshvanl
92c6ce88bb Register approval checks with validation init registration 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-26 17:26:28 +00:00
joshvanl
53cb1835f7 Adds SubjectAccessReview registry to the validation Registry 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-26 17:26:28 +00:00
joshvanl
78aba9c01f Adds approval condition SubjectAccessReview check 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-26 17:26:28 +00:00
jetstack-bot
bad96f5102
Merge pull request #3582 from lalitadithya/vault_health_check_and_namespace_fix 
Vault health check and namespace fix
 2021-03-26 15:20:58 +00:00
jetstack-bot
a8c75fab1a
Merge pull request #3773 from JoshVanL/certificate-revision-history-limit 
Certificate revision history limit
 2021-03-26 11:13:58 +00:00
joshvanl
59ca6ca850 Move CertificateRequest revisionHistoryLimit validation to OpenAPI 
validation

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-23 15:58:14 +00:00