Self signed issuer #228

RaphaelVogel · 2024-07-23T14:16:38Z

What this PR does / why we need it:
Creating a self-signed certificate was already possible using a CA issuer. Using this approach you need to manually create a self-signed certificate using openssl, create a secret out of it and reference this secret in your CA issuer.

To simplify this manual process a new issuer of type SelfSigned is created, which creates a self-signed certificate.

In addition, two additional features are added:

~~The certificate resource can now define a duration (lifetime of the certificate). This field may be ignored by the issuer (especially Let's encrypt)~~ 👉 introduced via feat: Introduce certificate duration #354
~~Specifying a csr is now possible with issuers of type SelfSigned and ca~~ 👉 introduced via fix creating certificates with a given csr referencing a ca issuer #234

Which issue(s) this PR fixes:
Fixes #183

Special notes for your reviewer:

Release note:

Introduce the new Issuer type `SelfSigned` for creating self-signed certificates.

gardener-prow · 2024-07-23T14:16:41Z

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

MartinWeindel

Thanks for your contribution.
I have some requests for improvement:

duration should also be handled by CA and ACME issuers
creating a CA certificate with .spec.csr does not yet work correctly

pkg/apis/cert/v1alpha1/types.go

pkg/cert/legobridge/certificate.go

pkg/cert/utils/issuerinfo.go

pkg/controller/issuer/certificate/reconciler.go

pkg/controller/issuer/core/const.go

pkg/apis/cert/crds/zz_generated_crds.go

MartinWeindel · 2024-11-21T13:32:54Z

/kind enhancement

MartinWeindel

Thanks for new tests and bringing the PR in shape!

I've only some suggestions for minor improvements.

pkg/cert/legobridge/certificate_test.go

pkg/cert/legobridge/pki_test.go

pkg/controller/issuer/core/support.go

pkg/cert/legobridge/pki.go

pkg/cert/utils/issuerinfo.go

MartinWeindel

/lgtm

Thanks!

gardener-prow · 2024-11-26T07:50:19Z

LGTM label has been added.

Git tree hash: d055a3adcf409fe425b4ed615983eaaea105fcdb

gardener-prow · 2024-11-26T07:50:23Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: MartinWeindel

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

~~OWNERS~~ [MartinWeindel]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

gardener-prow bot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. do-not-merge/needs-kind Indicates a PR lacks a `kind/foo` label and requires one. labels Jul 23, 2024

gardener-prow bot requested a review from MartinWeindel July 23, 2024 14:16

gardener-prow bot added size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. cla: yes Indicates the PR's author has signed the cla-assistant.io CLA. labels Jul 23, 2024

RaphaelVogel force-pushed the self-signed-issuer branch from f60c915 to 9c51ce4 Compare July 23, 2024 14:59

gardener-prow bot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. labels Jul 23, 2024

gardener-robot-ci-2 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Jul 23, 2024

gardener-robot-ci-1 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Jul 23, 2024

RaphaelVogel force-pushed the self-signed-issuer branch from 9c51ce4 to 4f9cd53 Compare July 23, 2024 15:16

gardener-robot-ci-1 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Jul 23, 2024

gardener-robot-ci-2 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Jul 23, 2024

RaphaelVogel force-pushed the self-signed-issuer branch from 4f9cd53 to b226841 Compare July 23, 2024 15:41

gardener-robot-ci-3 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Jul 23, 2024

MartinWeindel self-assigned this Jul 24, 2024

gardener-prow bot added size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Jul 24, 2024

gardener-robot-ci-1 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Jul 24, 2024

MartinWeindel requested changes Jul 24, 2024

View reviewed changes

gardener-robot-ci-3 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Jul 24, 2024

gardener-robot-ci-1 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Jul 24, 2024

gardener-robot-ci-3 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Jul 24, 2024

marc1404 added 3 commits November 21, 2024 10:37

chore: Add missing license headers

810415a

test: Wrap ACME issuer test in context

e148445

test: Integration test for self-signed certificates

340bdb4

marc1404 force-pushed the self-signed-issuer branch from 97835b5 to 340bdb4 Compare November 21, 2024 09:37

gardener-robot-ci-1 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Nov 21, 2024

gardener-robot-ci-2 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Nov 21, 2024

gardener-robot-ci-3 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Nov 21, 2024

test: Structure self-signed certificate unit test

5a4ff17

gardener-robot-ci-1 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Nov 21, 2024

gardener-prow bot added kind/enhancement Enhancement, improvement, extension and removed do-not-merge/needs-kind Indicates a PR lacks a `kind/foo` label and requires one. labels Nov 21, 2024

MartinWeindel requested changes Nov 22, 2024

View reviewed changes

marc1404 added 6 commits November 25, 2024 15:20

style: Add period after comment (PR review)

b35411a

style: Add period after comment (PR review)

8d17580

style: Add period after comment (PR review)

194500c

test: Fix test name (PR review)

a3dea7a

test: Assert private key size properly (PR review)

3b0504e

test: Assert private key size (PR review)

77904e2

gardener-robot-ci-3 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Nov 25, 2024

MartinWeindel approved these changes Nov 26, 2024

View reviewed changes

gardener-prow bot added the lgtm Indicates that a PR is ready to be merged. label Nov 26, 2024

gardener-prow bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Nov 26, 2024

gardener-robot-ci-2 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Nov 26, 2024

gardener-prow bot merged commit e224d15 into master Nov 26, 2024
11 checks passed

marc1404 deleted the self-signed-issuer branch November 26, 2024 08:22

MartinWeindel mentioned this pull request Nov 29, 2024

Fix panic if target issuer referenced but not allowed #371

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Self signed issuer #228

Self signed issuer #228

RaphaelVogel commented Jul 23, 2024 •

edited by marc1404

Loading

gardener-prow bot commented Jul 23, 2024

MartinWeindel left a comment

MartinWeindel commented Nov 21, 2024

MartinWeindel left a comment

MartinWeindel left a comment

gardener-prow bot commented Nov 26, 2024

gardener-prow bot commented Nov 26, 2024

Self signed issuer #228

Self signed issuer #228

Conversation

RaphaelVogel commented Jul 23, 2024 • edited by marc1404 Loading

gardener-prow bot commented Jul 23, 2024

MartinWeindel left a comment

Choose a reason for hiding this comment

MartinWeindel commented Nov 21, 2024

MartinWeindel left a comment

Choose a reason for hiding this comment

MartinWeindel left a comment

Choose a reason for hiding this comment

gardener-prow bot commented Nov 26, 2024

gardener-prow bot commented Nov 26, 2024

RaphaelVogel commented Jul 23, 2024 •

edited by marc1404

Loading