Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: cert-manager/cert-manager
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v1.10.2
Choose a base ref
...
head repository: cert-manager/cert-manager
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v1.11.0
Choose a head ref
23 contributors

Commits on Sep 16, 2022

  1. Add Scorecard Action yml 

    Enable the scorecard github action to run

Signed-off-by: Joyce <joycebrumu.u@gmail.com>
    @joycebrum
    joycebrum authored Sep 16, 2022
    Copy the full SHA
    a60fc17 View commit details

  2. Add scorecard badge to README 

    Signed-off-by: Joyce <joycebrumu.u@gmail.com>
    @joycebrum
    joycebrum authored Sep 16, 2022
    Copy the full SHA
    4f9c392 View commit details

Commits on Oct 8, 2022

  1. use Vault Helm Chart provied by Hashicorp 

    Signed-off-by: Martin Schimandl <martin.schimandl@gmail.com>
    @Git-Jiro
    Git-Jiro committed Oct 8, 2022
    Copy the full SHA
    9071eac View commit details

Commits on Oct 12, 2022

  1. [NIT] Changing variable name to denote right type 

    Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>
    Sathyanarayanan Saravanamuthu committed Oct 12, 2022
    Copy the full SHA
    204fa78 View commit details

  2. [NIT] Changing variable name to denote right type 

    Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>
    Sathyanarayanan Saravanamuthu committed Oct 12, 2022
    Copy the full SHA
    1bc773c View commit details

Commits on Oct 14, 2022

  1. Merge pull request #5504 from sathyanarays/nit_fix 

    [NIT] Changing variable name to denote right type
    @jetstack-bot
    jetstack-bot authored Oct 14, 2022
    Copy the full SHA
    277bcfc View commit details

Commits on Oct 16, 2022

  1. Remove the old Helm chart for Vault 

    Signed-off-by: Martin Schimandl <martin.schimandl@gmail.com>
    @Git-Jiro
    Git-Jiro committed Oct 16, 2022
    Copy the full SHA
    a003060 View commit details

Commits on Oct 20, 2022

  1. minor language tweaks to README and ROADMAP 

    Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
    @SgtCoDFish
    SgtCoDFish committed Oct 20, 2022
    Copy the full SHA
    546a833 View commit details

Commits on Oct 21, 2022

  1. Merge pull request #5522 from SgtCoDFish/tweakroadmap 

    minor language tweaks to README and ROADMAP
    @jetstack-bot
    jetstack-bot authored Oct 21, 2022
    Copy the full SHA
    f5a1108 View commit details

  2. final update to old devel kind images 

    Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
    @SgtCoDFish
    SgtCoDFish committed Oct 21, 2022
    Copy the full SHA
    3d551f7 View commit details

  3. don't write to devel folder when updating kind images 

    Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
    @SgtCoDFish
    SgtCoDFish committed Oct 21, 2022
    Copy the full SHA
    3c3afa6 View commit details

  4. update base and kind images 

    involves running:

- `./hack/latest-kind-images.sh` and
- `./hack/latest-base-images.sh`

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
    @SgtCoDFish
    SgtCoDFish committed Oct 21, 2022
    Copy the full SHA
    21b9b65 View commit details

  5. Merge pull request #5529 from SgtCoDFish/bumpimages 

    Bump base and kind images / improve update script
    @jetstack-bot
    jetstack-bot authored Oct 21, 2022
    Copy the full SHA
    759e460 View commit details

Commits on Oct 22, 2022

  1. remove devel folder 

    In #5473 we saw a user being confused by devel's continued existance.
No bazel stuff will work any more and there's value in having just one
place where our e2e setup scripts are located, and that's now in `make`.

It was considered that we might keep some of these scripts but
converting them to call make commands, but that might be a lot of work
for minimal reward.

Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
    @SgtCoDFish
    SgtCoDFish committed Oct 22, 2022
    Copy the full SHA
    13c3507 View commit details

Commits on Oct 23, 2022

  1. Fire event for informational purposes when the CertificateRequest has… 

    … not yet been approved.

Signed-off-by: joshvanl <me@joshvanl.dev>
    @JoshVanL
    JoshVanL committed Oct 23, 2022
    Copy the full SHA
    e804431 View commit details

Commits on Oct 24, 2022

  1. Merge pull request #5523 from SgtCoDFish/nodevel 

    Remove devel folder
    @jetstack-bot
    jetstack-bot authored Oct 24, 2022
    Copy the full SHA
    e7ed5c4 View commit details

Commits on Oct 25, 2022

  1. Merge pull request #5535 from JoshVanL/controller-certifiicate-reques… 

    …ts-not-approved-event

Fire event on CertificateRequest when it has not been Approved yet.
    @jetstack-bot
    jetstack-bot authored Oct 25, 2022
    Copy the full SHA
    afd7781 View commit details

Commits on Oct 28, 2022

  1. Merge pull request #5441 from joycebrum/joycebrum-add-scorecaed-githu… 

    …b-action

Enable OpenSSF Scorecard Github Action and Badge
    @jetstack-bot
    jetstack-bot authored Oct 28, 2022
    Copy the full SHA
    b335bc8 View commit details

  2. fix: update scorecard not running 

    Signed-off-by: Joyce Brum <joycebrumu.u@gmail.com>
    @joycebrum
    joycebrum committed Oct 28, 2022
    Copy the full SHA
    41f3129 View commit details

Commits on Oct 29, 2022

  1. Merge pull request #5544 from joycebrum/master 

    Fix Scorecard Github Action not running
    @jetstack-bot
    jetstack-bot authored Oct 29, 2022
    Copy the full SHA
    29bb00b View commit details

  2. feat(Azure): add support for workload identity 

    Signed-off-by: Igor Beliakov <demtis.register@gmail.com>
    @weisdd
    weisdd committed Oct 29, 2022
    Copy the full SHA
    741fa3c View commit details

Commits on Nov 3, 2022

  1. Fixing CA flag in basic constraints extension 

    Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>
    Sathyanarayanan Saravanamuthu committed Nov 3, 2022
    Copy the full SHA
    bb39c5c View commit details

Commits on Nov 4, 2022

  1. feat: add commonLabels to webhook configmap 

    Signed-off-by: Mary Thibault <mary.thibault2@gmail.com>
    @thib-mary
    thib-mary committed Nov 4, 2022
    Copy the full SHA
    7bb6667 View commit details

  2. re-order Helm parameters & move some values to constants 

    Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
    @inteon
    inteon committed Nov 4, 2022
    Copy the full SHA
    fd6032f View commit details

  3. Merge pull request #5478 from Git-Jiro/use_hashicorp_vault_helmchart 

    Migrate Vault helm chart in e2e tests from ad-hoc version to official chart from hashicorp
    @jetstack-bot
    jetstack-bot authored Nov 4, 2022
    Copy the full SHA
    1137f99 View commit details

  4. bump base / kind images 

    Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
    @SgtCoDFish
    SgtCoDFish committed Nov 4, 2022
    Copy the full SHA
    40b4bd8 View commit details

  5. add make target for updating base images 

    Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
    @SgtCoDFish
    SgtCoDFish committed Nov 4, 2022
    Copy the full SHA
    cdcfd55 View commit details

Commits on Nov 6, 2022

  1. Adding unit tests 

    Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>
    Sathyanarayanan Saravanamuthu committed Nov 6, 2022
    Copy the full SHA
    d4de98d View commit details

Commits on Nov 7, 2022

  1. Merge pull request #5556 from SgtCoDFish/bump 

    Bump base / kind images
    @jetstack-bot
    jetstack-bot authored Nov 7, 2022
    Copy the full SHA
    2ba4f23 View commit details

  2. bump to latest go minor version to fix vulns 

    Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
    @SgtCoDFish
    SgtCoDFish committed Nov 7, 2022
    Copy the full SHA
    96e500f View commit details

  3. fix x/text vuln and ignore AWS vuln 

    Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
    @SgtCoDFish
    SgtCoDFish committed Nov 7, 2022
    Copy the full SHA
    b8e51bc View commit details

  4. Merge pull request #5559 from SgtCoDFish/bumpgo 

    Bump to latest go minor version to fix vulns
    @jetstack-bot
    jetstack-bot authored Nov 7, 2022
    Copy the full SHA
    77530ce View commit details

Commits on Nov 8, 2022

  1. Merge pull request #5562 from SgtCoDFish/trivyaws 

    Fix x/text vuln and ignore AWS vuln
    @jetstack-bot
    jetstack-bot authored Nov 8, 2022
    Copy the full SHA
    ff273ec View commit details

  2. Merge pull request #5555 from thib-mary/feat/add-label-webhook-config 

    feat: add commonLabels on webhook configmap
    @jetstack-bot
    jetstack-bot authored Nov 8, 2022
    Copy the full SHA
    d06ebdf View commit details

Commits on Nov 9, 2022

  1. chore(Azure): improve naming, add comments 

    Signed-off-by: Igor Beliakov <demtis.register@gmail.com>
    @weisdd
    weisdd committed Nov 9, 2022
    Copy the full SHA
    efae037 View commit details

  2. Use RenegotiateOnceAsClient and explain why 

    Signed-off-by: Richard Wall <richard.wall@jetstack.io>
    @wallrj
    wallrj committed Nov 9, 2022
    Copy the full SHA
    218cdb7 View commit details

  3. Always initialize tlsClientConfig if the default is nil 

    Signed-off-by: Richard Wall <richard.wall@jetstack.io>
    @wallrj
    wallrj committed Nov 9, 2022
    Copy the full SHA
    1f1ed47 View commit details

  4. Fix typos in explanatory comment 

    Signed-off-by: Richard Wall <richard.wall@jetstack.io>
    @wallrj
    wallrj committed Nov 9, 2022
    Copy the full SHA
    df42b81 View commit details

Commits on Nov 10, 2022

  1. Merge pull request #5568 from wallrj/renegotiate-once 

    Use RenegotiateOnceAsClient in the Venafi Issuer client and explain why
    @jetstack-bot
    jetstack-bot authored Nov 10, 2022
    Copy the full SHA
    766f25f View commit details

  2. improve gen.CSR and use it everywhere 

    Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
    @inteon
    inteon committed Nov 10, 2022
    Copy the full SHA
    b999749 View commit details

  3. Addressing review comments 

    Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>
    Sathyanarayanan Saravanamuthu committed Nov 10, 2022
    Copy the full SHA
    860ba84 View commit details

  4. Merge pull request #5552 from sathyanarays/isCaFix 

    Fixing CA flag in basic constraints extension
    @jetstack-bot
    jetstack-bot authored Nov 10, 2022
    Copy the full SHA
    4ffd621 View commit details

  5. enable basicConstraints feature in e2e environments by default 

    Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
    @SgtCoDFish
    SgtCoDFish committed Nov 10, 2022
    Copy the full SHA
    d2aab5f View commit details

  6. Merge pull request #5573 from SgtCoDFish/basicConstraintsExt 

    Enable basicConstraints feature in e2e environments by default
    @jetstack-bot
    jetstack-bot authored Nov 10, 2022
    Copy the full SHA
    6c5189c View commit details

Commits on Nov 14, 2022

  1. fail in case of invalid IP address 

    Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
    @inteon
    inteon committed Nov 14, 2022
    Copy the full SHA
    c0dc705 View commit details

Commits on Nov 15, 2022

  1. Merge pull request #5571 from inteon/cleanup_csr_generation 

    Improve gen.CSR and use it in all tests
    @jetstack-bot
    jetstack-bot authored Nov 15, 2022
    Copy the full SHA
    95dc198 View commit details

Commits on Nov 16, 2022

  1. updating to match feedback and adjust the RunAsNonRoot options for ht… 

    …tp01 solver to be more descriptive

Signed-off-by: Corey McGalliard <cmcgalliard@redventures.com>
    @cmcga1125
    cmcga1125 committed Nov 16, 2022
    Copy the full SHA
    7e6e094 View commit details

  2. Merge pull request #5546 from cmcga1125/5295 

    Adding support to elevate acme-solver pod to root during testing
    @jetstack-bot
    jetstack-bot authored Nov 16, 2022
    Copy the full SHA
    7df63ae View commit details

Commits on Nov 17, 2022

  1. fix: featureGates add webhook deployment in chart yaml 

    Signed-off-by: lvyanru <1113706590@qq.com>
    @lvyanru8200
    lvyanru8200 committed Nov 17, 2022
    Copy the full SHA
    bf2db73 View commit details

  2. Merge pull request #5584 from lvyanru8200/chartchange 

    fix: featureGates add webhook deployment in chart yaml
    @jetstack-bot
    jetstack-bot authored Nov 17, 2022
    Copy the full SHA
    2884bee View commit details
Showing with 3,357 additions and 9,880 deletions.
  1. +54 −0 .github/workflows/scorecards.yml
  2. +7 −0 .trivyignore
  3. +70 −67 LICENSES
  4. +1 −0 Makefile
  5. +13 −9 README.md
  6. +9 −9 ROADMAP.md
  7. +18 −0 SECURITY.md
  8. +2 −2 cmd/cainjector/app/start.go
  9. +2 −0 cmd/controller/app/controller.go
  10. +5 −0 cmd/controller/app/options/options.go
  11. +1 −1 deploy/charts/cert-manager/Chart.template.yaml
  12. +4 −0 deploy/charts/cert-manager/README.template.md
  13. +6 −0 deploy/charts/cert-manager/templates/deployment.yaml
  14. +1 −0 deploy/charts/cert-manager/templates/webhook-config.yaml
  15. +3 −0 deploy/charts/cert-manager/templates/webhook-deployment.yaml
  16. +19 −2 deploy/charts/cert-manager/values.yaml
  17. +2 −2 deploy/crds/crd-certificates.yaml
  18. +4 −4 deploy/crds/crd-challenges.yaml
  19. +12 −8 deploy/crds/crd-clusterissuers.yaml
  20. +12 −8 deploy/crds/crd-issuers.yaml
  21. +0 −7 devel/README.md
  22. +0 −11 devel/addon/README.md
  23. +0 −45 devel/addon/bind/install.sh
  24. +0 −55 devel/addon/bind/manifests/configmap.yaml
  25. +0 −51 devel/addon/bind/manifests/deployment.yaml
  26. +0 −17 devel/addon/bind/manifests/service.yaml
  27. +0 −104 devel/addon/certmanager/install.sh
  28. +0 −22 devel/addon/gatewayapi/install.sh
  29. +0 −85 devel/addon/ingressnginx/install.sh
  30. +0 −58 devel/addon/kyverno/install.sh
  31. +0 −17 devel/addon/kyverno/kustomization.yaml
  32. +0 −813 devel/addon/kyverno/policy.yaml
  33. +0 −21 devel/addon/pebble/chart/.helmignore
  34. +0 −4 devel/addon/pebble/chart/Chart.yaml
  35. +0 −16 devel/addon/pebble/chart/templates/_helpers.tpl
  36. +0 −74 devel/addon/pebble/chart/templates/configmap.yaml
  37. +0 −55 devel/addon/pebble/chart/templates/deployment.yaml
  38. +0 −19 devel/addon/pebble/chart/templates/service.yaml
  39. +0 −16 devel/addon/pebble/chart/values.yaml
  40. +0 −50 devel/addon/pebble/install.sh
  41. +0 −5,278 devel/addon/projectcontour/contour-gateway.yaml
  42. +0 −21 devel/addon/projectcontour/gateway-resources.yaml
  43. +0 −36 devel/addon/projectcontour/install.sh
  44. +0 −31 devel/addon/sample-external-issuer/install.sh
  45. +0 −21 devel/addon/samplewebhook/chart/.helmignore
  46. +0 −5 devel/addon/samplewebhook/chart/Chart.yaml
  47. 0 devel/addon/samplewebhook/chart/templates/NOTES.txt
  48. +0 −48 devel/addon/samplewebhook/chart/templates/_helpers.tpl
  49. +0 −19 devel/addon/samplewebhook/chart/templates/apiservice.yaml
  50. +0 −73 devel/addon/samplewebhook/chart/templates/deployment.yaml
  51. +0 −76 devel/addon/samplewebhook/chart/templates/pki.yaml
  52. +0 −111 devel/addon/samplewebhook/chart/templates/rbac.yaml
  53. +0 −19 devel/addon/samplewebhook/chart/templates/service.yaml
  54. +0 −43 devel/addon/samplewebhook/chart/values.yaml
  55. +0 −49 devel/addon/samplewebhook/install.sh
  56. +0 −162 devel/addon/samplewebhook/sample/main.go
  57. +0 −39 devel/addon/vault/install.sh
  58. +0 −31 devel/bin/ginkgo
  59. +0 −31 devel/bin/helm
  60. +0 −31 devel/bin/kind
  61. +0 −31 devel/bin/kubectl
  62. +0 −31 devel/bin/kubectl-cert_manager
  63. +0 −73 devel/ci-cluster.sh
  64. +0 −42 devel/ci-run-e2e.sh
  65. +0 −20 devel/cluster/config/kind.yaml
  66. +0 −192 devel/cluster/config/openshift-coredns.yaml
  67. +0 −83 devel/cluster/create-kind.sh
  68. +0 −90 devel/cluster/create-openshift3.sh
  69. +0 −29 devel/cluster/create.sh
  70. +0 −36 devel/cluster/export-logs.sh
  71. +0 −50 devel/cluster/kind_cluster_node_versions.sh
  72. +0 −140 devel/lib/lib.sh
  73. +0 −67 devel/run-e2e.sh
  74. +0 −66 devel/setup-e2e-deps.sh
  75. +75 −88 go.mod
  76. +164 −147 go.sum
  77. +1 −1 hack/check-crds.sh
  78. +2 −0 hack/latest-base-images.sh
  79. +17 −1 hack/latest-kind-images.sh
  80. +16 −6 internal/apis/acme/types_issuer.go
  81. +5 −3 internal/apis/acme/v1/zz_generated.conversion.go
  82. +17 −6 internal/apis/acme/v1alpha2/types_issuer.go
  83. +5 −3 internal/apis/acme/v1alpha2/zz_generated.conversion.go
  84. +7 −2 internal/apis/acme/v1alpha2/zz_generated.deepcopy.go
  85. +17 −6 internal/apis/acme/v1alpha3/types_issuer.go
  86. +5 −3 internal/apis/acme/v1alpha3/zz_generated.conversion.go
  87. +7 −2 internal/apis/acme/v1alpha3/zz_generated.deepcopy.go
  88. +17 −6 internal/apis/acme/v1beta1/types_issuer.go
  89. +5 −3 internal/apis/acme/v1beta1/zz_generated.conversion.go
  90. +7 −2 internal/apis/acme/v1beta1/zz_generated.deepcopy.go
  91. +7 −2 internal/apis/acme/zz_generated.deepcopy.go
  92. +15 −16 internal/apis/certmanager/types_issuer.go
  93. +15 −16 internal/apis/certmanager/v1alpha2/types_issuer.go
  94. +15 −16 internal/apis/certmanager/v1alpha3/types_issuer.go
  95. +15 −16 internal/apis/certmanager/v1beta1/types_issuer.go
  96. +12 −0 internal/apis/certmanager/validation/certificate_test.go
  97. +46 −9 internal/apis/certmanager/validation/issuer.go
  98. +48 −4 internal/apis/certmanager/validation/issuer_test.go
  99. +85 −0 internal/controller/certificates/policies/checks.go
  100. +5 −0 internal/controller/certificates/policies/constants.go
  101. +2 −0 internal/controller/certificates/policies/policies.go
  102. +7 −0 internal/controller/feature/features.go
  103. +0 −4 internal/vault/fake/client.go
  104. +0 −6 internal/vault/fake/vault.go
  105. +34 −31 internal/vault/vault.go
  106. +191 −17 internal/vault/vault_test.go
  107. +10 −10 make/base_images.mk
  108. +4 −1 make/ci.mk
  109. +2 −1 make/cluster.sh
  110. +12 −1 make/config/lib.sh
  111. +2 −2 make/config/projectcontour/gateway.yaml
  112. +9 −1 make/e2e-ci.sh
  113. +19 −14 make/e2e-setup.mk
  114. +23 −26 make/e2e.sh
  115. +31 −21 make/kind_images.sh
  116. +74 −0 make/ko.mk
  117. +19 −16 make/manifests.mk
  118. +35 −14 make/tools.mk
  119. +33 −10 pkg/acme/accounts/client.go
  120. +9 −5 pkg/acme/accounts/registry.go
  121. +18 −7 pkg/apis/acme/v1/types_issuer.go
  122. +7 −2 pkg/apis/acme/v1/zz_generated.deepcopy.go
  123. +23 −1 pkg/apis/certmanager/v1/types.go
  124. +2 −2 pkg/apis/certmanager/v1/types_certificate.go
  125. +15 −16 pkg/apis/certmanager/v1/types_issuer.go
  126. +1 −2 pkg/client/clientset/versioned/clientset.go
  127. +75 −4 pkg/client/informers/externalversions/factory.go
  128. +1 −1 pkg/controller/acmechallenges/controller.go
  129. +9 −1 pkg/controller/cainjector/controller.go
  130. +14 −8 pkg/controller/cainjector/setup.go
  131. +22 −6 pkg/controller/cainjector/sources.go
  132. +6 −6 pkg/controller/certificate-shim/gateways/controller.go
  133. +6 −6 pkg/controller/certificate-shim/gateways/controller_test.go
  134. +2 −2 pkg/controller/certificate-shim/ingresses/controller.go
  135. +8 −3 pkg/controller/certificate-shim/sync.go
  136. +73 −2 pkg/controller/certificate-shim/sync_test.go
  137. +12 −35 pkg/controller/certificaterequests/acme/acme_test.go
  138. +9 −16 pkg/controller/certificaterequests/ca/ca_test.go
  139. +6 −0 pkg/controller/certificaterequests/selfsigned/checks.go
  140. +14 −0 pkg/controller/certificaterequests/selfsigned/checks_test.go
  141. +11 −21 pkg/controller/certificaterequests/selfsigned/selfsigned_test.go
  142. +2 −0 pkg/controller/certificaterequests/sync.go
  143. +15 −23 pkg/controller/certificaterequests/sync_test.go
  144. +7 −15 pkg/controller/certificaterequests/vault/vault_test.go
  145. +9 −17 pkg/controller/certificaterequests/venafi/venafi_test.go
  146. +0 −14 pkg/controller/certificates/issuing/internal/keystore.go
  147. +6 −4 pkg/controller/certificates/issuing/internal/secret.go
  148. +75 −19 pkg/controller/certificates/issuing/internal/secret_test.go
  149. +507 −11 pkg/controller/certificates/issuing/secret_manager_test.go
  150. +3 −2 pkg/controller/certificates/keymanager/keymanager_controller.go
  151. +5 −4 pkg/controller/certificates/keymanager/keymanager_controller_test.go
  152. +6 −13 pkg/controller/certificatesigningrequests/ca/ca_test.go
  153. +1 −12 pkg/controller/certificatesigningrequests/selfsigned/selfsigned_test.go
  154. +4 −1 pkg/controller/context.go
  155. +107 −1 pkg/issuer/acme/dns/azuredns/azuredns.go
  156. +122 −0 pkg/issuer/acme/dns/azuredns/azuredns_test.go
  157. +2 −1 pkg/issuer/acme/dns/dns.go
  158. +27 −12 pkg/issuer/acme/dns/rfc2136/provider.go
  159. +2 −2 pkg/issuer/acme/http/http.go
  160. +5 −5 pkg/issuer/acme/http/httproute.go
  161. +1 −1 pkg/issuer/acme/http/pod.go
  162. +3 −1 pkg/issuer/acme/setup.go
  163. +7 −17 pkg/issuer/venafi/client/request_test.go
  164. +92 −11 pkg/issuer/venafi/client/venaficlient.go
  165. +29 −0 pkg/util/pki/csr.go
  166. +84 −0 pkg/util/pki/csr_test.go
  167. +1 −0 pkg/util/pki/keyusage.go
  168. +7 −0 pkg/util/pki/parse.go
  169. +1 −1 pkg/webhook/handlers/testdata/apis/testgroup/crds/testgroup.testing.cert-manager.io_testtypes.yaml
  170. +26 −2 test/acme/dns/fixture.go
  171. +2 −4 test/acme/dns/options.go
  172. +0 −4 test/e2e/charts/vault/Chart.yaml
  173. +0 −16 test/e2e/charts/vault/templates/_helpers.tpl
  174. +0 −9 test/e2e/charts/vault/templates/vault-config.yaml
  175. +0 −62 test/e2e/charts/vault/templates/vault-deployment.yaml
  176. +0 −8 test/e2e/charts/vault/templates/vault-secret.yaml
  177. +0 −12 test/e2e/charts/vault/templates/vault-service.yaml
  178. +0 −18 test/e2e/charts/vault/values.yaml
  179. +26 −0 test/e2e/framework/addon/chart/addon.go
  180. +31 −27 test/e2e/framework/addon/vault/setup.go
  181. +143 −22 test/e2e/framework/addon/vault/vault.go
  182. +127 −0 test/e2e/suite/certificates/literalsubjectrdns.go
  183. +1 −1 test/e2e/suite/conformance/certificates/acme/acme.go
  184. +1 −1 test/e2e/suite/conformance/certificates/tests.go
  185. +11 −10 test/e2e/suite/conformance/certificatesigningrequests/vault/kubernetes.go
  186. +11 −41 test/e2e/suite/issuers/selfsigned/fixtures.go
  187. +3 −4 test/e2e/suite/issuers/vault/issuer.go
  188. +17 −17 test/e2e/util/util.go
  189. +3 −14 test/integration/ctl/ctl_status_certificate_test.go
  190. +2 −2 test/integration/rfc2136_dns01/provider_test.go
  191. +6 −0 test/unit/discovery/discovery.go
  192. +92 −14 test/unit/gen/csr.go
54 changes: 54 additions & 0 deletions .github/workflows/scorecards.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
name: Scorecards supply-chain security
on:
# Only the default branch is supported.
branch_protection_rule:
schedule:
- cron: '43 13 * * 6'
push:
branches: [ "master" ]

# Declare default permissions as read only.
permissions: read-all

jobs:
analysis:
name: Scorecards analysis
runs-on: ubuntu-latest
permissions:
# Needed to upload the results to code-scanning dashboard.
security-events: write
# Used to receive a badge.
id-token: write

steps:
- name: "Checkout code"
uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # tag=v3.0.0
with:
persist-credentials: false

- name: "Run analysis"
uses: ossf/scorecard-action@99c53751e09b9529366343771cc321ec74e9bd3d # tag=v2.0.6
with:
results_file: results.sarif
results_format: sarif

# Publish the results for public repositories to enable scorecard badges. For more details, see
# https://github.com/ossf/scorecard-action#publishing-results.
# For private repositories, `publish_results` will automatically be set to `false`, regardless
# of the value entered here.
publish_results: true

# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload artifact"
uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # tag=v3.0.0
with:
name: SARIF file
path: results.sarif
retention-days: 5

# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@5f532563584d71fdef14ee64d17bafb34f751ce5 # tag=v1.0.26
with:
sarif_file: results.sarif
7 changes: 7 additions & 0 deletions .trivyignore
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
# These vulns relate to issues with v1 of the AWS Golang SDK
# These issues relate to S3 encryption issues which cert-manager is unlikely to hit
# Fixing them requires upgrading to v2 of the AWS Golang SDK which is a potentially large task
CVE-2020-8911
CVE-2020-8912
GHSA-7f33-f4f5-xwgw
GHSA-f5pg-7wfw-84q9
Loading