weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
5,734 Commits 45 Branches 0 Tags 96 MiB
ff2dfd7b64
Commit Graph

243 Commits

Author SHA1 Message Date
joshvanl
ff2dfd7b64 Moves venafi addon into the framework addons package 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-07-19 15:50:23 +01:00
Maël Valais
1cd44fa730 gateway-shim: conformance: a cert should get created for a Gateway 
Signed-off-by: Maël Valais <mael@vls.dev>
 2021-07-15 20:34:50 +02:00
jetstack-bot
75d91bcb29
Merge pull request #4103 from JoshVanL/certificate-signing-request=vault 
CertificateSigningRequest Vault controller
 2021-07-02 13:33:37 +01:00
joshvanl
943f9abdb1 Minor comment and error message changes 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-06-30 18:09:32 +01:00
Inteon
fd20a0584a
Add explicit WithObservedGeneration versions of the Wait and Condition functions 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-06-29 15:48:13 +02:00
Inteon
879108d9e4
deduplicate logic in CertificateHasCondition, WaitForCertificateReady & add WaitForCertificateReadyUpdate for testing Certificate update operations 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-06-29 14:16:30 +02:00
Inteon
6ceaf6d4bd
deduplicate subdomain name generation logic in tests 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-06-29 12:29:45 +02:00
joshvanl
f054611b32 Change vault policy string to not require escaping 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-06-29 10:41:03 +01:00
joshvanl
680c4f4a41 Fix vault setup in e2e by reverting ttl duration 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-06-29 10:41:03 +01:00
joshvanl
a6a394236b Revert Vault e2e ttl setting, and make Ed keys an unsupported feature 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-06-29 10:41:03 +01:00
joshvanl
889e7b9c50 Revert e2e vault setup to use original max certificate TTL, and fix 
custom app role auth path in CSR tests

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-06-29 10:41:03 +01:00
joshvanl
aac1f24450 Expands CSR validation to allow not checking CA as the Root 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-06-29 10:37:46 +01:00
joshvanl
2c193f9f60 Changes Vault e2e addon to enable Kubernetes Auth signing and make roles 
ready for ClusterIssuer testing

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-06-29 09:11:43 +01:00
joshvanl
7e8bf731b2 Remove the experimental.cert-manager.io/ca annotation from the 
CertificateSigningRequest

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-06-25 16:02:37 +01:00
jetstack-bot
1f602cfcd4
Merge pull request #4110 from RinkiyaKeDad/add_flags_for_acme_test 
adding flags for config in the acme issuer tests
 2021-06-18 14:56:23 +01:00
Arsh Sharma
2629d5976d combined into one struct 
Signed-off-by: Arsh Sharma <arshsharma461@gmail.com>
 2021-06-18 16:57:07 +05:30
joshvanl
b3804bb162 Cleans up CSR E2E validation functions, allow 30s duration fuzz, allow 
common name copy to DNS names, spelling

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-06-18 12:20:43 +01:00
RinkiyaKeDad
607ea9c1cd initial commit 
Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>
 2021-06-17 12:08:02 +05:30
joshvanl
b35a9170b7 Fix ecdsa public CSR key validation 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-06-16 10:43:49 +01:00
joshvanl
f92bdeaa80 Adds Ed25519 tests to CertificateSigningRequest conformance tests 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-06-15 18:34:08 +01:00
joshvanl
6736a2d82c Adds missing validation functions to the default 
CertificateSigningRequest e2e conformance tests

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-06-15 17:58:34 +01:00
joshvanl
a0f0d85f5f Remove unused CertificateSigningRequest helper functions 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-06-15 17:58:34 +01:00
joshvanl
82e2b4e078 Refactor all validations into validations package 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-06-15 17:58:34 +01:00
joshvanl
159c8ca760 Move featureset into separate helper package 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-06-15 17:58:34 +01:00
joshvanl
40bcbdd3e9 Adds CertificateSigningRequest e2e validation functions 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-06-15 17:58:34 +01:00
Anner J. Bonilla
9546a357a5
Add support for certificates with ed25519 private keys 
Note that using ed25519 on the public internet is not currently
recommended, since it's not widely supported. You'd likely not be able
to use an Ed25519 cert with an ACME issuer today.

Ed25519 certs might be useful for internal PKI, though - an ed25519 CA
issuer, say - or for testing ed25519 certs before they become more
widely available on the public internet. They're not currently
supported by Vault, Venafi or ACME (Letsencrypt) issuers.

Signed-off-by: Anner J. Bonilla <abonilla@hoyosintegrity.com>
Signed-off-by: Anner J. Bonilla <annerjb@gmail.com>
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2021-06-14 11:17:35 +01:00
jetstack-bot
3242b83b12
Merge pull request #4081 from JoshVanL/certificate-signing-request-ca-e2e 
Certificate Signing Request CA e2e
 2021-06-09 13:13:30 +01:00
joshvanl
9ef5fef3a1 Changes kube CSR CA e2e tests to be more readable and improve validation 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-06-09 11:36:21 +01:00
joshvanl
5a64222475 Adds CA Issuer CertificateSigningRequest e2e test 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-06-07 15:32:54 +01:00
RinkiyaKeDad
438a0fff13 removed nil line 
Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>
 2021-06-04 13:10:04 +05:30
RinkiyaKeDad
662bc5030c removed more stuff 
Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>
 2021-06-03 12:37:27 +05:30
RinkiyaKeDad
d463eef2d2 restore framework struct 
Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>
 2021-05-26 18:07:36 +05:30
RinkiyaKeDad
b2df19eafd ran update-bazel.sh 
Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>
 2021-05-26 13:06:31 +05:30
RinkiyaKeDad
90bc65bbd2 deleted framework.go 
Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>
 2021-05-25 12:08:25 +05:30
irbekrm
f2933be499 ECDSA instead of RSA keys generated for test Vault CA's root and intermediate 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-05-20 21:48:09 +01:00
irbekrm
0ebce264f1 Allow to optionally configure Vault intermediate PKI with root CA 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-05-20 13:05:26 +01:00
irbekrm
ef627a13b6 Adds a few comments 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2021-05-20 11:31:01 +01:00
Jake Sanders
79d8d9cb7b
Revert "Merge pull request #3724 from inteon/istio-virtualservice-for-http01" 
This reverts commit 80f27739b5, reversing
changes made to 96604d02a3.

Signed-off-by: Jake Sanders <i@am.so-aweso.me>
 2021-05-11 14:50:25 +01:00
Inteon
2299e8d8a6 Apply suggestions from code review 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-04-28 09:20:49 +02:00
Inteon
30634f154c improve Certificate is Ready test 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-04-28 09:20:47 +02:00
Inteon
624e2b9e69 add ACME HTTP01 Istio support 
Signed-off-by: Inteon <42113979+inteon@users.noreply.github.com>
 2021-04-28 09:19:53 +02:00
Erik Godding Boye
5d21410156 Add new unsupported feature to exclude root CA assert in Vault issuer e2e-tests 
Signed-off-by: Erik Godding Boye <egboye@gmail.com>
 2021-04-23 15:14:33 +02:00
Erik Godding Boye
1919e4cb3f Add root CA certificate assert to e2e tests 
Signed-off-by: Erik Godding Boye <egboye@gmail.com>
 2021-04-23 15:14:33 +02:00
Richard Wall
3d7f370b21 Re-enable the cainjector E2E tests for apiregistration 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-04-06 14:04:26 +01:00
joshvanl
1235ff3bef Adds tests to ensure Approve is present, and Denied is not 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
e6c74d94b4 Adds check for approval condition in e2e CertificateRequest helper 
func

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-17 13:10:39 +00:00
joshvanl
1232ff799d Reorder ready condition if statement to make more clear 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-04 17:04:11 +00:00
joshvanl
c07106ed6b Adds ExpectConditionReadyObservedGeneration as a framework validation 
Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-04 17:04:11 +00:00
joshvanl
d02f043354 Adds a check of the observedGeneration in e2e tests for ready 
certificates

Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
 2021-03-04 17:04:11 +00:00
Richard Wall
9eadb56cb9 Disable trust chain verification in ACME issuer e2e tests 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2021-01-20 14:26:43 +00:00