weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
4,963 Commits 45 Branches 0 Tags 96 MiB
edda3b39e3
Commit Graph

855 Commits

Author SHA1 Message Date
Josh Soref
edda3b39e3 spelling: violations 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-03-04 13:04:38 -05:00
Josh Soref
ae06c26202 spelling: secret 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-03-04 13:04:38 -05:00
Josh Soref
4d84a7fbb1 spelling: preferred 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-03-04 13:04:38 -05:00
Josh Soref
a11c7873f1 spelling: object 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-03-04 13:04:38 -05:00
Josh Soref
d5eca4e4e3 spelling: normalize 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-03-04 13:04:38 -05:00
Josh Soref
6dc9d7cd97 spelling: certificate 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-03-03 21:00:18 -05:00
jetstack-bot
a9c672e900
Merge pull request #3699 from maelvls/ocsp-unit-test 
Add unit tests around the new ocspServers field
 2021-03-01 19:12:49 +00:00
Maël Valais
e7b3e6c4e5 PR comment: no more "return" in test code 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Irbe Krumina <irbekrm@gmail.com>
 2021-03-01 14:12:02 +01:00
Maël Valais
dc4f0a34e9 PR comment: compare time.Time instead of strings 
Also removed the unused "givenNamespace"

Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Irbe Krumina <irbekrm@gmail.com>
 2021-02-25 10:28:56 +01:00
Maël Valais
e50f26fc97 PR comment: fix notAfter test case using time.Truncate 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Irbe Krumina <irbekrm@gmail.com>
 2021-02-24 15:07:54 +01:00
Maël Valais
c9dcae2313 ocspServers field: add unit test 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-02-24 11:05:59 +01:00
Lars Lehtonen
0270377f6c
pkg/controller/certificaterequests/acme: fix dropped test error 
Signed-off-by: Lars Lehtonen <lars.lehtonen@gmail.com>
 2021-02-23 18:13:37 -08:00
irbekrm
b852e97ffb Removes the deprecated renew-before-expiry flag 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-02-21 10:22:25 +00:00
jetstack-bot
35febb1717
Merge pull request #3505 from hugoboos/ocsp-server 
Add option to specify OCSP server #3497
 2021-02-05 11:27:37 +00:00
joshvanl
15536801f0 Revert ingress key usage annotation to default the same as Certificate 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-02-04 16:08:30 +00:00
Maartje Eyskens
577c039220 Implement feedback 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2021-02-04 15:11:00 +00:00
Maartje Eyskens
bfce24fd59 Fix sync tests 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2021-02-04 15:11:00 +00:00
Maartje Eyskens
8ec816814f update bazel 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2021-02-04 15:11:00 +00:00
Maartje Eyskens
bbb75ee52f Allow ingress-shim to specify key usages + add server-auth to default 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2021-02-04 15:11:00 +00:00
Maël Valais
ba22785445 Rename ocspServer to oscpServers 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: James Munnelly <james@munnelly.eu>
 2021-02-03 11:13:32 +01:00
Hugo Stijns
5f18cce622 add option to specify OCSP server 
Signed-off-by: Hugo Stijns <hugo@boosboos.net>
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-02-03 09:09:03 +01:00
irbekrm
be5ba022a9 Improves error checking in TestSync function 
Also corrects some expected error values in test cases

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-02-02 11:23:42 +00:00
irbekrm
bb99260365 Skips an invalid Ingress.spec.tls entry instead of invalidating the whole Ingress 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-02-01 19:32:36 +00:00
Richard Wall
50a388a8a1 Fix unit tests 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-01-20 14:26:43 +00:00
Richard Wall
95d26b7c60 Extract the CA from Venafi response 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-01-20 14:14:48 +00:00
Matt Turner
44f69ce015 Minor log message clarification 
Supplying just a name, rather than a namespace/name, for a cainjector
source reference, results in the generic error message "invalid
certificate name". This condition is detected on its own branch so we
can be more specific.

Signed-off-by: Matt Turner <matturner@gmail.com>
 2021-01-07 19:21:11 +00:00
jetstack-bot
f19a5e6402
Merge pull request #3463 from wallrj/2667-acme-stalled-orders 
Wait for order-controller to add certificate data to the Order
 2020-12-17 16:30:41 +00:00
Richard Wall
9cd3eaabf7 Add a duration Ingress annotation to set the duration field on Certificate 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-12-16 09:40:28 +00:00
Richard Wall
27d0f011be Delete Order if its certificate data is bad or unexpected 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-12-15 13:46:52 +00:00
Richard Wall
fb01c3b3c2 Tests for handling of Orders with bad certificates 
* Badly formed certificates, and
* certificates with an unexpected public key.

Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-12-15 13:44:59 +00:00
Richard Wall
98e2f1c8f3 Wait for order-controller to add certificate data to the Order 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-12-15 10:22:38 +00:00
Richard Wall
02883417ee Re-organise the handling of non-failed but not-yet-valid Orders 
Exit early in this case and move the happy case to the end of the function.

Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-12-15 10:22:38 +00:00
Richard Wall
26aa0e29fa Add a renew-before Ingress annotation to set the renewBefore field on the Certificate 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-12-15 10:19:07 +00:00
Richard Wall
bae51b92b2 Simplify some ingress-shim helper functions 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2020-12-15 10:19:07 +00:00
jetstack-bot
cdc53b65cb
Merge pull request #3500 from meyskens/update-copy 
Update copyright to cert-manager project
 2020-12-15 10:12:31 +00:00
jetstack-bot
34396bc93b
Merge pull request #3499 from meyskens/ingress-netk8sbeta1 
Migrate Ingress to networking.k8s.io/v1beta1
 2020-12-14 09:50:12 +00:00
Maartje Eyskens
ab0cd57dc5 Use The cert-manager Authors. 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-12-11 19:04:13 +01:00
jetstack-bot
fcf54969dd
Merge pull request #3489 from exceptionfactory/3373-truststore-p12 
Add creation of truststore.p12 from CA
 2020-12-11 10:21:07 +00:00
Maartje Eyskens
c6e84d7c83 Switch informer to networking 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-12-09 16:36:11 +01:00
Maartje Eyskens
1788a9d758 Update copyright to cert-manager project 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-12-08 19:04:49 +01:00
exceptionfactory
e9dfbb7a1a Updated PKCS12 API docs and corrected code formatting #3373 
Signed-off-by: David Handermann <exceptionfactory@gmail.com>
 2020-12-08 11:23:16 -05:00
Maartje Eyskens
65281efff1 Migrate Ingress to networking.k8s.io/v1beta1 
Signed-off-by: Maartje Eyskens <maartje@eyskens.me>
 2020-12-08 14:46:01 +01:00
jetstack-bot
7c53f88f19
Merge pull request #3476 from maelvls/unit-test-backoff-one-hour 
Move the 'back off for 1 hour' logic to a unit-tested func
 2020-12-08 11:02:17 +01:00
Maël Valais
62f8db6e6a refactor(issuing): PR review: use MustCreateCryptoBundle directly 
Signed-off-by: Maël Valais <mael.valais@gmail.com>
 2020-12-06 14:22:02 +01:00
Maël Valais
6484010f5c fix(issuing): wait until req matches cert before setting failure 
The issuing controller wasn't checking if the certificate request that
it picked up is up to date. That resulted in the certificate being set
to "Failing" and "Issuing = False" due to an old certificate request
that was created during a previous issuance. The certificate would then
become stale.

Signed-off-by: Maël Valais <mael.valais@gmail.com>
 2020-12-06 14:22:02 +01:00
Maël Valais
17cd05ecab test(issuing): new test: when req mismatches, cert can't be updated 
This new unit test highlights an unexpected behavior of the issuing
controller: the issuing controller is updating the certificate's status
when the certificate request has a failure ("Reason = Failed"), but the
controller might have picked up an out-of-date certificate request.

The consequence is that the issuing controller would set the certificate
to "Issuing = False". That happens when a re-issuance is triggered with
an old failing certificate request.

Signed-off-by: Maël Valais <mael.valais@gmail.com>
 2020-12-06 14:22:02 +01:00
Maël Valais
07fd8754f5 refactor(trigger): add test case when failure just happened 
Signed-off-by: Maël Valais <mael.valais@gmail.com>
 2020-12-06 13:51:12 +01:00
Maël Valais
769303c5f8 refactor(trigger): don't backoff when exactly 60min 
As Maartje mentioned, it doesn't make sense to return backoff = true
while returning a delay of 0. Also, use time.UTC instead of time.Local.

Signed-off-by: Maël Valais <mael.valais@gmail.com>
 2020-12-06 13:44:06 +01:00
Maël Valais
27d4924b5a refactor(trigger): move backoff logic to a unit-tested func 
The trigger_controller_test.go has many unrelated test cases and I
thought it would be good to have more tightly scoped functions that are
easy to review (and most importantly, the unit tests are easy to
review).

Signed-off-by: Maël Valais <mael.valais@gmail.com>
 2020-12-06 13:40:01 +01:00
exceptionfactory
c3db3ee7cd Simplified return handling for PKCS12 functions #3733 
Signed-off-by: David Handermann <exceptionfactory@gmail.com>
 2020-12-03 07:20:31 -06:00