weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
8,486 Commits 45 Branches 0 Tags 96 MiB
ffb47e52fa
Commit Graph

948 Commits

Author SHA1 Message Date
Tim Ramlot
ffb47e52fa
remove dead & deprecated code from cert-manager codebase 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-10 17:22:23 +01:00
Tim Ramlot
c3b8cbd608
improve comment that explains what removeReqID does and when it fails 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-08 17:20:36 +01:00
Tim Ramlot
06b3cd3372
add testcase for nested errors 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-08 17:15:28 +01:00
Tim Ramlot
deab9548c0
use errors.Is instead of errors.As 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-08 17:15:28 +01:00
Tim Ramlot
893d30d938
migrate to github.com/aws/aws-sdk-go-v2 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-02-08 17:15:28 +01:00
Tim Ramlot
5b8c1213b6
redact the body of failed authentication requests 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-31 10:05:00 +01:00
jetstack-bot
0b33337f1d
Merge pull request #6679 from wallrj/remove-DisableInstanceDiscovery-field 
Remove unnecessary Azure workload identity setting: DisableInstanceDiscovery: true
 2024-01-30 19:45:27 +00:00
Richard Wall
67e06fce78 A hack to DisableInstanceDiscovery during tests 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2024-01-30 18:03:05 +00:00
Tim Ramlot
b9dd4903ad
improve error message logging 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-30 16:55:37 +01:00
Richard Wall
420d3114df Remove unnecessary Azure workload identity setting: DisableInstanceDiscovery: true 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2024-01-30 15:50:05 +00:00
Tim Ramlot
90cbbc9d87
replace the azcore.ResponseError error message to make it stable across retries 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-30 16:20:52 +01:00
Richard Wall
ee5cba487a Stop using the deprecated SingleInflight field of miekg/dns 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2024-01-26 17:53:50 +00:00
Tim Ramlot
9a049532d0
Update Azure SDK and remove deprecated autorest dependency 
Co-authored-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
Signed-off-by: Philip Laine <philip.laine@gmail.com>
 2024-01-12 12:06:34 +01:00
jetstack-bot
4edb4b0ad0
Merge pull request #6619 from ThatsMrTalbot/feat/http-max-body-size 
feat: limit the size of the body read back from http requests
 2024-01-08 20:41:08 +00:00
Adam Talbot
d0ec66237c feat: limit the size of the body read back from http requests 
Signed-off-by: Adam Talbot <adam.talbot@venafi.com>
 2024-01-08 20:28:01 +00:00
Richard Wall
7bda41c282 Use io instead of deprecated ioutil 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2024-01-04 15:05:24 +00:00
Tim Ramlot
950948e465
start using the new 'slices' library and deprecate old util functions 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2024-01-04 09:32:17 +01:00
Richard Wall
865063594d Fix gosec 501 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2024-01-02 11:20:16 +00:00
Richard Wall
0ea258327d Fix gosec G505 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2024-01-02 10:10:11 +00:00
jetstack-bot
c7714e65f0
Merge pull request #6551 from wallrj/gosec-601 
Fix gosec G601: Implicit memory aliasing of items from a range statement
 2023-12-20 18:21:37 +00:00
Richard Wall
4de9e956e5 Fix gosec G601: Implicit memory aliasing of items from a range statement 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2023-12-20 17:25:41 +00:00
Adam Talbot
247a034116 feat: update gateway api to v1 
Signed-off-by: Adam Talbot <adam.talbot@venafi.com>
 2023-12-18 21:00:42 +00:00
Richard Wall
8bed166858 Add ReadHeaderTimeout to all http.Server where that setting is missing 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2023-12-07 11:42:22 +00:00
jetstack-bot
6fddbe538f
Merge pull request #6433 from vinny-sabatini/issue-5782 
fix error message when setting up vault issuer
 2023-11-14 16:30:01 +01:00
Richard Wall
9b5dd86084 Configure HTTP01 solver Pod with readOnlyRootFilesystem 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
 2023-10-31 14:47:24 +00:00
Vinny Sabatini
d15e55a16c
Update pkg/issuer/vault/setup.go 
Co-authored-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
Signed-off-by: Vinny Sabatini <vincent.sabatini@gmail.com>
 2023-10-24 09:52:52 -05:00
Vinny Sabatini
ef6ef1f0db additional improvements to vault issuer error messages 
When initializing a Vault issuer:

* Create different error messages depending on if Vault is sealed or not initialized
* Do not explicitly parse the Vault server URL (this is covered when trying to access health endpoint)

Signed-off-by: Vinny Sabatini <vincent.sabatini@kohls.com>
 2023-10-20 16:36:11 -05:00
Vincent Sabatini
298ceb3b2a fix error message when setting up vault issuer 
* Ensure Vault URL can be parsed
* Separate generic http errors from vault specific errors when checking
health endpoint

Signed-off-by: Vincent Sabatini <vincent.sabatini@gmail.com>
 2023-10-19 08:23:04 -05:00
Maël Valais
d1d92b6398 venafi: ResetCertificate wasn't working 
Signed-off-by: Maël Valais <mael@vls.dev>
 2023-10-06 16:24:15 +02:00
Tim Ramlot
ef3bd7d3b2
upgrade all dependencies 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-09-28 12:07:27 +02:00
Josh Soref
05117f5f75 Add cluster-autoscaler.kubernetes.io/safe-to-evict 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2023-09-14 12:47:04 -04:00
Eng Zer Jun
c274d7e929
refactor: remove redundant nil check 
From the Go specification:

  "3. If the map is nil, the number of iterations is 0." [1]

Therefore, an additional nil check for before the loop is unnecessary.

[1]: https://go.dev/ref/spec#For_range

Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
 2023-09-05 19:05:59 +08:00
Tim Ramlot
cf8e37291a
replace k8s.io/utils/pointer with k8s.io/utils/ptr 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-08-28 09:33:10 +02:00
jetstack-bot
15b2643abf
Merge pull request #6253 from fayvori/master 
Fix messageAppRoleAuthKeyRequired error message
 2023-08-17 19:01:31 +02:00
guiyong.ou
3d76c20f51 cleanup: some redundant code clean up 
Signed-off-by: guiyong.ou <guiyong.ou@daocloud.io>
 2023-08-14 17:36:25 +08:00
Ignat Belousov
17c34eaafa
Returned time to each function 
Signed-off-by: Ignat Belousov <ignat.belousov2000@yahoo.com>
 2023-08-10 10:05:37 +02:00
Ignat Belousov
88f1500843
Fix messageAppRoleAuthKeyRequired error message 
Signed-off-by: Ignat Belousov <ignatbelousov@Ignats-MacBook-Pro.local>
 2023-08-10 10:05:37 +02:00
Ashley Davis
a53bec25e7
Update nameserver lookup test to use upstream targets 
In the long term I don't think this test should be run as a unit test
because it can randomly break due to changes in DNS config we don't
control, which is a pretty poor user experience for someone trying to
change unrelated code.

If we're going to run this kind of check, we should probably run it as a
periodic rather than a presubmit, perhaps with the test being run on
presubmit when the DNS util code is changed.

But that's all more work than I can really do now. Instead, I'll copy
what the upstream go-lego is doing, which should unblock us for now:

07c4daeff3/challenge/dns01/nameserver_test.go

Signed-off-by: Ashley Davis <ashley.davis@venafi.com>
 2023-08-09 09:27:30 +01:00
Tim Ramlot
90f84b9c40
remove VCert fork dependency replace statement 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-07-10 11:26:16 +02:00
Tim Ramlot
5ba29272c0
add validation to pki CertificateTemplate function 
and add support for add DontAllowInsecureCSRUsageDefinition featuregate
to use old behavior in controller

Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-07-05 13:04:21 +02:00
Richard Boldiš
2b2ada9491 fix: handle multiple cloudflare dns-01 challenges for the same FQDN 
Signed-off-by: Richard Boldiš <richard@boldis.dev>
 2023-06-27 18:13:35 +02:00
Florian Liebhart
b47c5a1361 update documentation on the DNSQuery function 
Signed-off-by: Florian Liebhart <flo.liebhart@gmail.com>
 2023-06-20 10:36:27 +02:00
Florian Liebhart
ae27bfb0d6 write some unit tests for CAA Validation 
Signed-off-by: Florian Liebhart <flo.liebhart@gmail.com>
 2023-06-19 16:27:00 +02:00
Florian Liebhart
9ddf2bab90 remove HTTPS endpoint for default nameservers; remove DNS-over-TLS 
Signed-off-by: Florian Liebhart <flo.liebhart@gmail.com>
 2023-06-19 16:06:39 +02:00
Tim Ramlot
3a29635c66
add support for DoH and DoT 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-06-19 15:59:40 +02:00
Florian Liebhart
894e1f99d6 fix error for dns endpoint propagation 
Signed-off-by: Florian Liebhart <flo.liebhart@gmail.com>
 2023-06-19 15:32:01 +02:00
Florian Liebhart
a934bbf462 Make the DNS-Over-HTTPS Json endpoint configurable 
Signed-off-by: Florian Liebhart <flo.liebhart@gmail.com>
 2023-06-19 15:32:01 +02:00
Florian Liebhart
857d0aef9e Add logging for the DNS over HTTPS selfcheck 
Signed-off-by: Florian Liebhart <flo.liebhart@gmail.com>
 2023-06-19 15:32:01 +02:00
Florian Liebhart
fa2f063c28 rebase master 
Signed-off-by: Florian Liebhart <flo.liebhart@gmail.com>
 2023-06-19 15:32:01 +02:00
schrodit
53a5a95d9f Add enableServiceLink to test pod definition 
Signed-off-by: schrodit <mail@timschrodi.tech>
 2023-06-12 09:54:37 +02:00