weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
5,399 Commits 45 Branches 0 Tags 96 MiB
ecc552a7de
Commit Graph

193 Commits

Author SHA1 Message Date
jetstack-bot
96ea5e51d4
Merge pull request #3985 from JoshVanL/parse-certificate-chain-ca 
Parse certificate chain CA Issuer
 2021-05-13 13:23:14 +01:00
jetstack-bot
595d753339
Merge pull request #3982 from JoshVanL/parse-certificate-chain 
Change Vault Issuer to construct the certificate chain to populate the CertificateRequest CA with the root most cert.
 2021-05-12 17:34:13 +01:00
joshvanl
58a25314f7 Changes CR CA controller to use ECDSA keys 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-05-12 15:07:25 +01:00
joshvanl
d327d40297 Updates SignCSRTemplate to use ParseCertificateChain 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-05-12 14:22:59 +01:00
joshvanl
9622b664bf Adds SecretTLSKeyPairAndCA to parse a certificate chain and CA from a 
target Secret

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-05-12 14:22:59 +01:00
joshvanl
68aeb330b7 Change ParseCertificateChain to ParseSingleCertificateChain to show 
intention better

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-05-12 14:12:06 +01:00
Jake Sanders
423e82b65b
Revert "Merge pull request #3939 from JoshVanL/istio-api-to-internal-apis" 
This reverts commit f2a74ade5e, reversing
changes made to 7ff54e61e9.

Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-05-11 14:50:23 +01:00
joshvanl
88693435b8 Change ParseCertificateChain test func to use ECDSA keys to speed up 
runtime

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-05-10 19:13:31 +01:00
joshvanl
744906ebaf Adds ParseCertificateChain to parse and test a pem bundle to ensure its 
a valid flat chain. Returns a chain and optional CA

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-05-10 19:06:21 +01:00
Jake Sanders
bb519a59b9
Log a message when test framework fails to parse cover profile flag 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-05-05 16:40:16 +01:00
Jake Sanders
2390264fd4
staticcheck: package "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1" is being imported more than once (ST1019) 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-05-04 15:05:32 +01:00
Jake Sanders
741df8cbe7
errcheck: flag.CommandLine.Parse is not checked 
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-05-04 14:30:47 +01:00
joshvanl
c5e2184a4a Moves /pkg/internal/apis/istio to /pkg/internal/istio 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-04-29 12:31:57 +01:00
joshvanl
01716e2907 Fixes stutter: istio.IsIstioInstalled -> istio.IsInstalled 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-04-29 11:42:21 +01:00
joshvanl
00ceff3421 Update bazel 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-04-29 11:36:49 +01:00
joshvanl
3af22cf6c6 Move istio util duncs to pkg/util/istio 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-04-29 11:35:41 +01:00
Erik Godding Boye
249ec4fe8b Add unit tests for pki.SignCSRTemplate 
Signed-off-by: Erik Godding Boye <egboye@gmail.com>

Co-authored-by: Maël Valais <mael@vls.dev>
 2021-04-23 15:14:33 +02:00
Erik Godding Boye
b514a74d0a fix #3619: Handle CA issuer working as intermediate correctly 
Signed-off-by: Erik Godding Boye <egboye@gmail.com>
 2021-04-22 18:43:33 +02:00
Ashley Davis
3df1173a22
fix incorrect comparison function for public keys 
also adds/improves doc comments on related functions, and adds tests of
comparisons RSA keys and ECDSA keys. these tests failed as expected
before the function was changed, e.g.:

```text
Executing tests from //pkg/util/pki:go_default_test
---------------------------------------------------
--- FAIL: TestPublicKeysEqualECDSA (0.00s)
  generate_test.go:492: got an incorrect match from different curves:
    pub1 type: "P-256"
    pub2 type: "P-521"
--- FAIL: TestPublicKeysEqualRSA (0.00s)
  generate_test.go:560: got an incorrect match from different RSA keys:
    pub1: &rsa.PublicKey{N:2293...<snip>...8869, E:65537}
    pub2: &rsa.PublicKey{N:2293...<snip>...8869, E:3}
```

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2021-04-22 16:07:18 +01:00
Maël Valais
f56db9f93d Revert "Handle CA issuer working as intermediate" (#3847) 
As discussed in #3847, I went too fast and /lgtm from my bed. That led
to having a piece of code that could potentially break people's
cert-manager deployments.

Our plan is to have the same PR re-opened so that we can have it
released for v1.4 (due on Friday 11 June 2021 as per our timeline).

Signed-off-by: Maël Valais <mael@vls.dev>
 2021-04-07 10:25:31 +02:00
Erik Godding Boye
bbafeeef67 fix #3619: Handle CA issuer working as intermediate correctly 
Signed-off-by: Erik Godding Boye <egboye@gmail.com>
 2021-04-06 19:45:48 +02:00
Ashley Davis
ef5aa91f35
improve comment to match the function definition 
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2021-03-19 13:59:33 +00:00
Ashley Davis
b246c92a45
clarify exact curve types of current ECDSA keys 
it's conceivable that in the future we could have Ed25519 certs,
which would also have a key size of 256 but would be a new named entry
here

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2021-03-19 13:59:30 +00:00
Josh Soref
895cb51ed9 spelling: nonexistent 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-03-04 13:04:38 -05:00
Mitsuo Heijo
ffa79f6b8d
Fix build on go1.16 
Signed-off-by: Mitsuo Heijo <mitsuo.heijo@gmail.com>
 2021-02-26 22:47:56 +09:00
Maartje Eyskens
7078a5c7b8 Rename the User Agent fields 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-12-15 17:25:18 +01:00
Maartje Eyskens
ab0cd57dc5 Use The cert-manager Authors. 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-12-11 19:04:13 +01:00
Maartje Eyskens
1788a9d758 Update copyright to cert-manager project 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-12-08 19:04:49 +01:00
Mateusz Gozdek
27fa2f1ec4
Fix various typos found by codespell 
Found by running this command:

codespell -S .git,*.png,go.sum -L keypair,iam,ans,unknwon,tage,ths,creater

Signed-off-by: Mateusz Gozdek <mgozdekof@gmail.com>
 2020-11-07 14:55:13 +01:00
Raphaël Pinson
b2d719d6c3
Add encode_usages_in_request to Certificate spec (fix #3301) 
Signed-off-by: Raphaël Pinson <raphael.pinson@camptocamp.com>
 2020-10-16 15:40:32 +02:00
Maartje Eyskens
52bda8a33f Fix validation in CSR 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-10-08 15:24:56 +02:00
jetstack-bot
4a13dd72f3
Merge pull request #3279 from meyskens/fix-double-signing-validation 
Fix double "signing" KU validation
 2020-09-22 10:27:51 +01:00
Maartje Eyskens
e01bf377de Split out logic 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-09-17 14:46:23 +02:00
Maartje Eyskens
ce8ca4ca20 Fixes validation when teh 2 signing keys are set 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-09-14 11:05:44 +02:00
Maartje Eyskens
e989384c96 Update tests 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-09-07 09:30:11 +02:00
Maartje Eyskens
8d15ec6bc8 Only encode EKUs if there are EKUs to be encoded 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-09-07 09:00:53 +02:00
Lars Lehtonen
ae8afe2257
pkg/util/pki: fix dropped errors 
Signed-off-by: Lars Lehtonen <lars.lehtonen@gmail.com>
 2020-09-03 19:32:24 -07:00
Maartje Eyskens
3154be722c Implement feedback 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-08-25 14:44:43 +02:00
Maartje Eyskens
abb56fb0b5 Add CSR validation 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-08-25 10:39:24 +02:00
Maartje Eyskens
f6610fb744 Support key usages 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-08-24 20:10:01 +02:00
Maartje Eyskens
0e17b9d237 Add boilerplate 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-08-24 11:21:41 +02:00
Maartje Eyskens
d15054e4ea Add extended key usages into CSR 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-08-24 10:22:58 +02:00
Richard Wall
01b5d0fa88 Fix tests in ./pkg/controller/certificates/... 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-08-20 14:28:06 +01:00
Richard Wall
81eb53f597 ./hack/update-all.sh 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-08-20 14:28:06 +01:00
Richard Wall
a70298180a Run a script to update v1alpha2 usage to v1 
Script is available at https://github.com/jetstack/cert-manager/pull/3201

Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-08-20 14:26:51 +01:00
Maartje Eyskens
9dd00905e9 Update klog 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>

klog v2

Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-08-12 10:59:41 +02:00
JoshVanL
49ee468161
Adds integration test for issuer controller secret annotations, and 
fixes GenerateTempalate func

Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
 2020-08-06 11:08:13 +01:00
Haoxiang Zhou
4f26537ff7 Set visibility to public 
Signed-off-by: Haoxiang Zhou <haoxiang.zhou@jetstack.io>
 2020-07-02 16:12:47 +01:00
Haoxiang Zhou
fe80b7d760 Moved predicate package to pkg/util 
Signed-off-by: Haoxiang Zhou <haoxiang.zhou@jetstack.io>
 2020-07-02 12:23:15 +01:00
James Munnelly
1adfe16690 Bulk fix of non-test staticcheck failures 
Signed-off-by: James Munnelly <james@munnelly.eu>
 2020-06-26 12:25:08 +01:00