weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
5,327 Commits 45 Branches 0 Tags 96 MiB
f8b4934e7c
Commit Graph

760 Commits

Author SHA1 Message Date
Inteon
2299e8d8a6 Apply suggestions from code review 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-04-28 09:20:49 +02:00
Inteon
30634f154c improve Certificate is Ready test 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-04-28 09:20:47 +02:00
Inteon
624e2b9e69 add ACME HTTP01 Istio support 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-04-28 09:19:53 +02:00
Erik Godding Boye
5d21410156 Add new unsupported feature to exclude root CA assert in Vault issuer e2e-tests 
Signed-off-by: Erik Godding Boye <egboye@gmail.com>
 2021-04-23 15:14:33 +02:00
Erik Godding Boye
1919e4cb3f Add root CA certificate assert to e2e tests 
Signed-off-by: Erik Godding Boye <egboye@gmail.com>
 2021-04-23 15:14:33 +02:00
irbekrm
70f3d0b8c2 Temporarily revert "Enable the Venafi Cloud E2E tests" 
This reverts commit 4ddfcbf96b.

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-04-20 12:19:43 +01:00
jetstack-bot
b5be5a8730
Merge pull request #3877 from irbekrm/move_crypto_fork 
Use upstream golang/crypto for ACME EAB + move crypto fork to cert-manager org
 2021-04-13 13:28:15 +01:00
Lars Lehtonen
635dc187f5
test/integration/certificates: fix dropped error 
Signed-off-by: Lars Lehtonen <lars.lehtonen@gmail.com>
 2021-04-12 05:45:57 -07:00
irbekrm
d213b4bfdb Standardize deprecation warnings 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-04-12 09:38:49 +01:00
irbekrm
697836e446 Update comment for replace directive in go.mod 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-04-09 15:11:22 +01:00
irbekrm
2c2b3da2a7 Add e2e test cases for different ACME EAB configurations 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-04-09 10:28:34 +01:00
jetstack-bot
1dad685e48
Merge pull request #3873 from irbekrm/remove_legacy_functions 
Remove legacy e2e util functions for Issuer creation
 2021-04-09 10:24:45 +01:00
irbekrm
333f600661 Remove legacy e2e util functions for Issuer creation 
Use test/util/gen instead

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-04-08 18:30:45 +01:00
Richard Wall
c769432db5 Re-enable the Venafi TPP E2E tests 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-04-08 18:23:48 +01:00
Richard Wall
4ddfcbf96b Enable the Venafi Cloud E2E tests 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-04-08 18:23:48 +01:00
jetstack-bot
10a871dc62
Merge pull request #3444 from maelvls/bug-certificaterequest-not-updated 
Bug: certificaterequest not updated after its certificate is updated
 2021-04-06 20:17:57 +01:00
Maël Valais
dc99a5e8ca acme-http01-e2e: PR comment: Equal -> ContainElements for DNS names 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Irbe Krumina <irbekrm@gmail.com>
 2021-04-06 18:09:28 +02:00
Maël Valais
6cda600e42 acme-http01-e2e: PR comment: 30 seconds of wait is enough 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Irbe Krumina <irbekrm@gmail.com>
 2021-04-06 18:09:28 +02:00
Maël Valais
98fe26b939 acme-http01-e2e: PR comment: check cert is unready before correcting it 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Irbe Krumina <irbekrm@gmail.com>
 2021-04-06 18:09:28 +02:00
Maël Valais
85128f26ce trigger-controller: PR comment: rephrase log about skipping issuance 
The log message:

    multiple CertificateRequests found for the 'next' revision 2,
    skipping issuance until no more duplicate.

can be better phrased as:

    multiple CertificateRequests are found for the 'next' revision 2,
    issuance is skipped until there are no more duplicates.

Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 18:09:28 +02:00
Maël Valais
3832f551aa acme-http01-e2e: "validations" are not actually verifying the X.509 cert 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 18:09:27 +02:00
Maël Valais
78e2e7fdca acme-http01-e2e: pebble was returning the same 400 as boulder 
Pebble:

  400 urn:ietf:params:acme:error:rejectedIdentifier: Order included an identifier for which issuance is forbidden by policy: "google.com"

Let's Encrypt's boulder:

  400 urn:ietf:params:acme:error:rejectedIdentifier: Cannot issue for "google.com"

Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 18:09:27 +02:00
Maël Valais
18a9461023 acme-http01-e2e: add a test case to show the cert update bug 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 18:09:27 +02:00
Maël Valais
89c3dc1afa gen: document why we do not pass an entire Certificate 
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
 2021-04-06 18:09:27 +02:00
jetstack-bot
e7333df106
Merge pull request #3838 from wallrj/3289-stable-api-versions 
Update cainjector to use stable API versions
 2021-04-06 15:19:57 +01:00
Richard Wall
3d7f370b21 Re-enable the cainjector E2E tests for apiregistration 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-04-06 14:04:26 +01:00
Richard Wall
20510e45f0 Update cainjector to use stable API versions 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-04-01 17:23:28 +01:00
Richard Wall
39ebccd0ba Skip the Venafi Cloud conformance tests by default 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-04-01 09:13:36 +01:00
Richard Wall
a372e1afb6 Delete empty Venafi Cloud issuer tests 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-04-01 09:13:36 +01:00
jetstack-bot
e29a3df86d
Merge pull request #3785 from JoshVanL/approval-subject-access-review 
Approval subject access review
 2021-04-01 08:00:39 +01:00
irbekrm
81a8588b91 Bumps versions of Gazelle, go_rules, Kazel, protobuf 
Signed-off-by: irbekrm <irbekrm@gmail.com>

Bumps versions of Gazelle, go_rules, Kazel and protobuf

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-03-29 08:25:12 +01:00
joshvanl
820b8556a3 Fix go linting 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-26 17:41:42 +00:00
joshvanl
b75655fbb6 Updates approval e2e tests to include custom resource definitions 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-26 17:26:28 +00:00
joshvanl
109b3e0b28 Rename Wehook's API server host flag from --master to --api-server-host 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-26 17:26:28 +00:00
joshvanl
a97be01bd8 Adds test comment to approval e2e test 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-26 17:26:28 +00:00
joshvanl
8048034b0e Adds permissions to approve "issuer.cert-manager.io/*", "clusterissuer.cert-manager.io/*" signers to the cert-manager-controller ServiceAccount 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-26 17:26:28 +00:00
joshvanl
157b577056 Adds Approval SubjectAccessReview checks to e2e UserInfo suite 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-26 17:26:28 +00:00
joshvanl
f640f64fcb Update integration test framework to restart the API to share the 
address with the webhook

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-26 17:26:28 +00:00
jetstack-bot
a8c75fab1a
Merge pull request #3773 from JoshVanL/certificate-revision-history-limit 
Certificate revision history limit
 2021-03-26 11:13:58 +00:00
jetstack-bot
7946df1da7
Merge pull request #3788 from maelvls/refactor-trigger-unit-tests 
Refactor trigger-controller unit tests
 2021-03-25 11:41:36 +00:00
joshvanl
d5ccbdb277 Fix test controller name of revision manager in integration test 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-23 15:58:35 +00:00
Maël Valais
71e707387a trigger-controller: refactor test, inject gatherer and policychain 
Injecting the whole Gatherer struct was not necessary for testing
since DataForCertificate is now fully unit-tested. With that, we
can mock the Gatherer.Evaluate function. Since there is no reason
to inject a full Gatherer object into the trigger controller, I chose
to inject a simple policies.Func. I named the function "shouldReissue"
since this is exactly what this function does.

I also refactored the test cases to use the same gen.Certificate
that we use in the rest of the codebase.

Signed-off-by: Maël Valais <mael@vls.dev>
 2021-03-23 13:55:11 +01:00
Lars Lehtonen
b98e39bfbf
test/e2e/suite/conformance/certificates: fix dropped error 
Signed-off-by: Lars Lehtonen <lars.lehtonen@gmail.com>
 2021-03-21 17:44:35 -07:00
joshvanl
1235ff3bef Adds tests to ensure Approve is present, and Denied is not 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
e6c74d94b4 Adds check for approval condition in e2e CertificateRequest helper 
func

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
jetstack-bot
0b4abcc77a
Merge pull request #3770 from jonathansp/master 
tests: allow setting DNSName and ChallengeKey for webhook integration tests
 2021-03-15 16:30:16 +00:00
joshvanl
2a08d8a8df Adds integration tests for revision manager 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-15 14:54:34 +00:00
jetstack-bot
70c66e02a0
Merge pull request #3641 from JoshVanL/certificate-request-identity 
CertificateRequest UserInfo fields
 2021-03-15 14:26:15 +00:00
Jonathan Prates
466ffe336d tests: allow setting dnsname and acme challenge key for webhook integration tests 
Signed-off-by: Jonathan Simon Prates <jonathan.simonprates@gmail.com>
 2021-03-15 13:18:27 +00:00
irbekrm
a89133b637 Better wording and wrap long comment lines. 
Co-authored-by: Maël Valais <mael@vls.dev>
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-03-15 08:48:23 +00:00