cert-manager

Author	SHA1	Message	Date
Inteon	21bc98979e	improved ux Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>	2021-07-16 13:11:40 +02:00
Inteon	ac7775bdb4	made errors human readable, added unit tests, added check api to e2e, fixed os.Exit(1) Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>	2021-07-15 16:50:31 +02:00
Inteon	5458173739	Add kubectl 'cert-manager check api' command Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>	2021-07-15 16:50:31 +02:00
Maël Valais	42e65c3694	linter party: duplicate import of k8s.io/api/core/v1 (ST1019) Signed-off-by: Maël Valais <mael@vls.dev>	2021-07-06 12:51:01 +02:00
joshvanl	943f9abdb1	Minor comment and error message changes Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-06-30 18:09:32 +01:00
joshvanl	b237b5c222	Changes comment for duration annotation parsing Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-06-29 14:34:30 +01:00
joshvanl	f5b609e446	Adds Vault CertificateSigningRequest Issuer controller Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-06-29 09:11:43 +01:00
joshvanl	78a6df1ebd	Fix util/pki test which relied on hardcoded CSR common name Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-06-15 17:58:34 +01:00
Anner J. Bonilla	9546a357a5	Add support for certificates with ed25519 private keys Note that using ed25519 on the public internet is not currently recommended, since it's not widely supported. You'd likely not be able to use an Ed25519 cert with an ACME issuer today. Ed25519 certs might be useful for internal PKI, though - an ed25519 CA issuer, say - or for testing ed25519 certs before they become more widely available on the public internet. They're not currently supported by Vault, Venafi or ACME (Letsencrypt) issuers. Signed-off-by: Anner J. Bonilla <abonilla@hoyosintegrity.com> Signed-off-by: Anner J. Bonilla <annerjb@gmail.com> Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2021-06-14 11:17:35 +01:00
joshvanl	acc5431f1b	Fix signernames to allow clusterissuers with dots in name Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-05-28 10:13:00 +01:00
joshvanl	9e1b0342d0	Updates with review comments Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-05-27 18:48:50 +01:00
joshvanl	c5c206cace	Adds base CertificateSigningRequest cert-manager controller Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-05-27 00:23:50 +01:00
joshvanl	b38519fe66	Adds kube certificates v1 API utils Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-05-27 00:18:29 +01:00
jetstack-bot	96ea5e51d4	Merge pull request #3985 from JoshVanL/parse-certificate-chain-ca Parse certificate chain CA Issuer	2021-05-13 13:23:14 +01:00
jetstack-bot	595d753339	Merge pull request #3982 from JoshVanL/parse-certificate-chain Change Vault Issuer to construct the certificate chain to populate the CertificateRequest CA with the root most cert.	2021-05-12 17:34:13 +01:00
joshvanl	58a25314f7	Changes CR CA controller to use ECDSA keys Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-05-12 15:07:25 +01:00
joshvanl	d327d40297	Updates SignCSRTemplate to use ParseCertificateChain Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-05-12 14:22:59 +01:00
joshvanl	9622b664bf	Adds SecretTLSKeyPairAndCA to parse a certificate chain and CA from a target Secret Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-05-12 14:22:59 +01:00
joshvanl	68aeb330b7	Change ParseCertificateChain to ParseSingleCertificateChain to show intention better Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-05-12 14:12:06 +01:00
Jake Sanders	423e82b65b	Revert "Merge pull request #3939 from JoshVanL/istio-api-to-internal-apis" This reverts commit `f2a74ade5e`, reversing changes made to `7ff54e61e9`. Signed-off-by: Jake Sanders <i@am.so-aweso.me>	2021-05-11 14:50:23 +01:00
joshvanl	88693435b8	Change ParseCertificateChain test func to use ECDSA keys to speed up runtime Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-05-10 19:13:31 +01:00
joshvanl	744906ebaf	Adds ParseCertificateChain to parse and test a pem bundle to ensure its a valid flat chain. Returns a chain and optional CA Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-05-10 19:06:21 +01:00
Jake Sanders	bb519a59b9	Log a message when test framework fails to parse cover profile flag Signed-off-by: Jake Sanders <i@am.so-aweso.me>	2021-05-05 16:40:16 +01:00
Jake Sanders	2390264fd4	staticcheck: package "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1" is being imported more than once (ST1019) Signed-off-by: Jake Sanders <i@am.so-aweso.me>	2021-05-04 15:05:32 +01:00
Jake Sanders	741df8cbe7	errcheck: flag.CommandLine.Parse is not checked Signed-off-by: Jake Sanders <i@am.so-aweso.me>	2021-05-04 14:30:47 +01:00
joshvanl	c5e2184a4a	Moves /pkg/internal/apis/istio to /pkg/internal/istio Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-04-29 12:31:57 +01:00
joshvanl	01716e2907	Fixes stutter: istio.IsIstioInstalled -> istio.IsInstalled Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-04-29 11:42:21 +01:00
joshvanl	00ceff3421	Update bazel Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-04-29 11:36:49 +01:00
joshvanl	3af22cf6c6	Move istio util duncs to pkg/util/istio Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>	2021-04-29 11:35:41 +01:00
Erik Godding Boye	249ec4fe8b	Add unit tests for pki.SignCSRTemplate Signed-off-by: Erik Godding Boye <egboye@gmail.com> Co-authored-by: Maël Valais <mael@vls.dev>	2021-04-23 15:14:33 +02:00
Erik Godding Boye	b514a74d0a	fix #3619 : Handle CA issuer working as intermediate correctly Signed-off-by: Erik Godding Boye <egboye@gmail.com>	2021-04-22 18:43:33 +02:00
Ashley Davis	3df1173a22	fix incorrect comparison function for public keys also adds/improves doc comments on related functions, and adds tests of comparisons RSA keys and ECDSA keys. these tests failed as expected before the function was changed, e.g.: ```text Executing tests from //pkg/util/pki:go_default_test --------------------------------------------------- --- FAIL: TestPublicKeysEqualECDSA (0.00s) generate_test.go:492: got an incorrect match from different curves: pub1 type: "P-256" pub2 type: "P-521" --- FAIL: TestPublicKeysEqualRSA (0.00s) generate_test.go:560: got an incorrect match from different RSA keys: pub1: &rsa.PublicKey{N:2293...<snip>...8869, E:65537} pub2: &rsa.PublicKey{N:2293...<snip>...8869, E:3} ``` Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2021-04-22 16:07:18 +01:00
Maël Valais	f56db9f93d	Revert "Handle CA issuer working as intermediate" (#3847 ) As discussed in #3847, I went too fast and /lgtm from my bed. That led to having a piece of code that could potentially break people's cert-manager deployments. Our plan is to have the same PR re-opened so that we can have it released for v1.4 (due on Friday 11 June 2021 as per our timeline). Signed-off-by: Maël Valais <mael@vls.dev>	2021-04-07 10:25:31 +02:00
Erik Godding Boye	bbafeeef67	fix #3619 : Handle CA issuer working as intermediate correctly Signed-off-by: Erik Godding Boye <egboye@gmail.com>	2021-04-06 19:45:48 +02:00
Ashley Davis	ef5aa91f35	improve comment to match the function definition Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2021-03-19 13:59:33 +00:00
Ashley Davis	b246c92a45	clarify exact curve types of current ECDSA keys it's conceivable that in the future we could have Ed25519 certs, which would also have a key size of 256 but would be a new named entry here Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>	2021-03-19 13:59:30 +00:00
Josh Soref	895cb51ed9	spelling: nonexistent Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>	2021-03-04 13:04:38 -05:00
Mitsuo Heijo	ffa79f6b8d	Fix build on go1.16 Signed-off-by: Mitsuo Heijo <mitsuo.heijo@gmail.com>	2021-02-26 22:47:56 +09:00
Maartje Eyskens	7078a5c7b8	Rename the User Agent fields Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-12-15 17:25:18 +01:00
Maartje Eyskens	ab0cd57dc5	Use The cert-manager Authors. Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-12-11 19:04:13 +01:00
Maartje Eyskens	1788a9d758	Update copyright to cert-manager project Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-12-08 19:04:49 +01:00
Mateusz Gozdek	27fa2f1ec4	Fix various typos found by codespell Found by running this command: codespell -S .git,*.png,go.sum -L keypair,iam,ans,unknwon,tage,ths,creater Signed-off-by: Mateusz Gozdek <mgozdekof@gmail.com>	2020-11-07 14:55:13 +01:00
Raphaël Pinson	b2d719d6c3	Add encode_usages_in_request to Certificate spec (fix #3301 ) Signed-off-by: Raphaël Pinson <raphael.pinson@camptocamp.com>	2020-10-16 15:40:32 +02:00
Maartje Eyskens	52bda8a33f	Fix validation in CSR Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-10-08 15:24:56 +02:00
jetstack-bot	4a13dd72f3	Merge pull request #3279 from meyskens/fix-double-signing-validation Fix double "signing" KU validation	2020-09-22 10:27:51 +01:00
Maartje Eyskens	e01bf377de	Split out logic Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-09-17 14:46:23 +02:00
Maartje Eyskens	ce8ca4ca20	Fixes validation when teh 2 signing keys are set Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-09-14 11:05:44 +02:00
Maartje Eyskens	e989384c96	Update tests Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-09-07 09:30:11 +02:00
Maartje Eyskens	8d15ec6bc8	Only encode EKUs if there are EKUs to be encoded Signed-off-by: Maartje Eyskens <maartje@eyskens.me>	2020-09-07 09:00:53 +02:00
Lars Lehtonen	ae8afe2257	pkg/util/pki: fix dropped errors Signed-off-by: Lars Lehtonen <lars.lehtonen@gmail.com>	2020-09-03 19:32:24 -07:00

1 2 3 4 5

206 Commits