├── .bazelignore ├── test ├── fixtures │ ├── pebble-values.yaml │ ├── vault-values.yaml │ ├── example-webhook-values.yaml │ ├── upgrade │ │ └── overlay │ │ │ ├── values.yaml │ │ │ ├── webhook-ops.yaml │ │ │ ├── controller-ops.yaml │ │ │ └── cainjector-ops.yaml │ └── cert-manager-values.yaml ├── framework │ ├── addon │ │ ├── README.md │ │ └── venafi │ │ │ └── doc.go │ ├── config │ │ ├── ginkgo.go │ │ └── helm.go │ ├── util │ │ └── errors │ │ │ └── errors.go │ └── helper │ │ └── helper.go ├── OWNERS ├── integration │ ├── versionchecker │ │ └── testdata │ │ │ └── .gitignore │ ├── rfc2136_dns01 │ │ └── testdata │ │ │ ├── config.json │ │ │ └── rfc2136-tsig-secret.yaml │ ├── ctl │ │ └── testdata │ │ │ ├── convert │ │ │ ├── output │ │ │ │ ├── no_output_error.yaml │ │ │ │ ├── resource1_v1.yaml │ │ │ │ ├── resource1_v1alpha2.yaml │ │ │ │ ├── resource1_v1alpha3.yaml │ │ │ │ ├── resource_with_organization_v1.yaml │ │ │ │ ├── resource_with_organization_v1beta1.yaml │ │ │ │ ├── resource_with_organization_v1alpha3.yaml │ │ │ │ ├── resources_as_list_v1.yaml │ │ │ │ ├── resource2_v1.yaml │ │ │ │ ├── resources_as_list_v1beta1.yaml │ │ │ │ ├── resources_as_list_v1alpha2.yaml │ │ │ │ ├── resources_as_list_v1alpha3.yaml │ │ │ │ ├── resource2_v1alpha2.yaml │ │ │ │ └── resource2_v1alpha3.yaml │ │ │ └── input │ │ │ │ ├── resource3.yaml │ │ │ │ ├── resource1.yaml │ │ │ │ ├── resource_with_organization_v1alpha2.yaml │ │ │ │ ├── resource2.yaml │ │ │ │ └── resources_as_list_v1alpha2.yaml │ │ │ ├── create_cr_issuer.yaml │ │ │ ├── create_cr_cert_with_ns1.yaml │ │ │ └── create_cr_v1alpha3_cert_with_ns1.yaml │ └── internal │ │ └── util │ │ └── paths.go ├── unit │ └── gen │ │ └── doc.go ├── e2e │ └── suite │ │ ├── certificatesigningrequests │ │ └── doc.go │ │ ├── issuers │ │ ├── venafi │ │ │ ├── import.go │ │ │ └── tpp │ │ │ │ └── doc.go │ │ ├── acme │ │ │ └── doc.go │ │ ├── vault │ │ │ └── import.go │ │ └── doc.go │ │ ├── certificaterequests │ │ └── doc.go │ │ ├── conformance │ │ └── rbac │ │ │ └── doc.go │ │ └── doc.go └── acme │ └── server │ └── doc.go ├── deploy ├── OWNERS ├── charts │ └── cert-manager │ │ ├── .gitignore │ │ ├── signkey_annotation.txt │ │ ├── .helmignore │ │ ├── templates │ │ ├── NOTES.txt │ │ ├── webhook-psp-clusterrole.yaml │ │ ├── psp-clusterrole.yaml │ │ ├── cainjector-psp-clusterrole.yaml │ │ ├── webhook-psp-clusterrolebinding.yaml │ │ ├── networkpolicy-egress.yaml │ │ ├── psp-clusterrolebinding.yaml │ │ ├── networkpolicy-webhooks.yaml │ │ ├── cainjector-psp-clusterrolebinding.yaml │ │ ├── startupapicheck-psp-clusterrole.yaml │ │ ├── webhook-config.yaml │ │ ├── serviceaccount.yaml │ │ ├── poddisruptionbudget.yaml │ │ ├── webhook-poddisruptionbudget.yaml │ │ ├── webhook-serviceaccount.yaml │ │ ├── cainjector-poddisruptionbudget.yaml │ │ ├── startupapicheck-psp-clusterrolebinding.yaml │ │ ├── cainjector-serviceaccount.yaml │ │ ├── webhook-service.yaml │ │ ├── service.yaml │ │ └── startupapicheck-serviceaccount.yaml │ │ └── Chart.template.yaml ├── manifests │ ├── namespace.yaml │ ├── 01-namespace.yaml │ ├── helm-values.yaml │ └── README.md └── crds │ └── README.md ├── design ├── OWNERS └── images │ └── 20221205-memory-management │ ├── createsecrets.png │ ├── labelsecret.png │ ├── partiallabels.png │ ├── partialonly.png │ ├── partialnolabels.png │ ├── mastercertmanager.png │ ├── transformwithlimit.png │ ├── latestmastersecrets.png │ ├── masterkubeapiserver.png │ ├── masterissuanceterminal.png │ ├── partialmetadatagrafana.png │ ├── partialmetadatasecrets.png │ ├── partialmetadataterminal.png │ ├── partialonlycertmanager.png │ ├── partialonlykubeapiserver.png │ ├── transformfunctionsgrafana.png │ ├── partialnolabelscertmanager.png │ └── partialnolabelskubeapiserver.png ├── pkg ├── acme │ ├── OWNERS │ └── webhook │ │ └── apis │ │ └── acme │ │ ├── v1alpha1 │ │ └── doc.go │ │ └── doc.go ├── issuer │ ├── ca │ │ └── OWNERS │ ├── acme │ │ ├── OWNERS │ │ ├── dns │ │ │ ├── OWNERS │ │ │ ├── route53 │ │ │ │ ├── OWNERS │ │ │ │ └── LICENSE │ │ │ ├── util │ │ │ │ ├── testdata │ │ │ │ │ └── resolv.conf.1 │ │ │ │ └── LICENSE │ │ │ ├── azuredns │ │ │ │ └── LICENSE │ │ │ ├── clouddns │ │ │ │ └── LICENSE │ │ │ └── cloudflare │ │ │ │ └── LICENSE │ │ └── http │ │ │ ├── OWNERS │ │ │ └── solver │ │ │ └── constants.go │ ├── selfsigned │ │ ├── OWNERS │ │ └── setup.go │ ├── vault │ │ └── OWNERS │ ├── venafi │ │ └── client │ │ │ └── api │ │ │ └── customfield.go │ └── fake │ │ ├── factory.go │ │ └── helper.go ├── metrics │ ├── OWNERS │ ├── venafi.go │ └── acme.go ├── controller │ ├── acmeorders │ │ └── OWNERS │ ├── acmechallenges │ │ ├── OWNERS │ │ └── checks.go │ ├── test │ │ ├── doc.go │ │ └── util.go │ ├── certificatesigningrequests │ │ └── fake │ │ │ └── fake.go │ └── globals │ │ └── timeout.go ├── apis │ ├── OWNERS │ ├── doc.go │ ├── acme │ │ ├── v1 │ │ │ ├── const.go │ │ │ └── doc.go │ │ └── doc.go │ ├── meta │ │ ├── doc.go │ │ └── v1 │ │ │ └── doc.go │ ├── certmanager │ │ ├── v1 │ │ │ └── doc.go │ │ └── doc.go │ ├── config │ │ └── webhook │ │ │ ├── v1alpha1 │ │ │ └── doc.go │ │ │ └── doc.go │ └── experimental │ │ └── doc.go ├── webhook │ ├── handlers │ │ └── testdata │ │ │ └── apis │ │ │ └── testgroup │ │ │ ├── crds │ │ │ └── README.md │ │ │ ├── doc.go │ │ │ ├── v1 │ │ │ ├── doc.go │ │ │ └── defaults.go │ │ │ ├── v2 │ │ │ ├── doc.go │ │ │ ├── defaults.go │ │ │ └── validation.go │ │ │ └── install │ │ │ └── roundtrip_test.go │ ├── authority │ │ └── authority_test.go │ └── admission │ │ └── handler.go ├── client │ └── clientset │ │ └── versioned │ │ ├── fake │ │ └── doc.go │ │ ├── typed │ │ ├── acme │ │ │ └── v1 │ │ │ │ ├── doc.go │ │ │ │ ├── fake │ │ │ │ └── doc.go │ │ │ │ └── generated_expansion.go │ │ └── certmanager │ │ │ └── v1 │ │ │ ├── doc.go │ │ │ ├── fake │ │ │ └── doc.go │ │ │ └── generated_expansion.go │ │ └── scheme │ │ └── doc.go ├── util │ └── errors │ │ └── errors.go ├── api │ └── util │ │ └── duration.go └── scheduler │ └── test │ └── fake.go ├── cmd └── acmesolver │ └── OWNERS ├── make └── config │ ├── samplewebhook │ ├── chart │ │ ├── templates │ │ │ ├── NOTES.txt │ │ │ ├── service.yaml │ │ │ └── apiservice.yaml │ │ ├── Chart.yaml │ │ └── .helmignore │ └── Containerfile.samplewebhook │ ├── pebble │ ├── chart │ │ ├── Chart.yaml │ │ ├── values.yaml │ │ ├── .helmignore │ │ └── templates │ │ │ ├── service.yaml │ │ │ └── _helpers.tpl │ └── Containerfile.pebble │ ├── bind │ └── service.yaml │ ├── projectcontour │ └── gateway.yaml │ └── kyverno │ └── kustomization.yaml ├── logo ├── logo.png ├── logo-small.png ├── LICENSE └── README.md ├── internal ├── controller │ ├── issuers │ │ └── OWNERS │ ├── orders │ │ └── OWNERS │ ├── certificates │ │ └── OWNERS │ ├── challenges │ │ └── OWNERS │ └── certificaterequests │ │ └── OWNERS ├── apis │ ├── config │ │ └── webhook │ │ │ ├── v1alpha1 │ │ │ ├── conversion.go │ │ │ └── doc.go │ │ │ ├── doc.go │ │ │ └── install │ │ │ └── roundtrip_test.go │ ├── acme │ │ ├── v1alpha2 │ │ │ ├── const.go │ │ │ ├── defaults.go │ │ │ ├── doc.go │ │ │ └── zz_generated.defaults.go │ │ ├── v1alpha3 │ │ │ ├── const.go │ │ │ ├── defaults.go │ │ │ ├── doc.go │ │ │ └── zz_generated.defaults.go │ │ ├── v1beta1 │ │ │ ├── const.go │ │ │ ├── defaults.go │ │ │ ├── doc.go │ │ │ └── zz_generated.defaults.go │ │ ├── doc.go │ │ ├── v1 │ │ │ ├── defaults.go │ │ │ ├── doc.go │ │ │ └── zz_generated.defaults.go │ │ └── install │ │ │ └── roundtrip_test.go │ ├── meta │ │ ├── doc.go │ │ ├── v1 │ │ │ ├── defaults.go │ │ │ ├── doc.go │ │ │ └── zz_generated.defaults.go │ │ ├── fuzzer │ │ │ └── fuzzer.go │ │ └── install │ │ │ └── roundtrip_test.go │ └── certmanager │ │ ├── doc.go │ │ ├── v1 │ │ ├── defaults.go │ │ ├── doc.go │ │ └── zz_generated.defaults.go │ │ ├── v1alpha2 │ │ ├── defaults.go │ │ ├── doc.go │ │ └── zz_generated.defaults.go │ │ ├── v1alpha3 │ │ ├── defaults.go │ │ ├── doc.go │ │ └── zz_generated.defaults.go │ │ ├── v1beta1 │ │ ├── defaults.go │ │ ├── doc.go │ │ └── zz_generated.defaults.go │ │ ├── install │ │ └── roundtrip_test.go │ │ └── validation │ │ ├── util │ │ └── conditions.go │ │ └── warnings.go └── cmd │ └── util │ ├── signal_windows.go │ ├── signal_posix.go │ ├── exit.go │ ├── defaults.go │ └── context.go ├── CONTRIBUTING.md ├── hack ├── artifact-metadata.template.json ├── build │ └── .kazelcfg.json ├── boilerplate-go.txt ├── boilerplate-yaml.txt ├── update-all.sh ├── util │ ├── hash.sh │ └── checkhash.sh ├── verify-crds.sh ├── verify-codegen.sh ├── verify-gofmt.sh ├── containers │ ├── Containerfile.ctl │ ├── Containerfile.webhook │ ├── Containerfile.acmesolver │ ├── Containerfile.cainjector │ └── Containerfile.controller ├── update-crds.sh ├── update-codegen.sh ├── sha256-of-plugin-tar.sh ├── update-deps-licenses.sh └── verify-deps-licenses.sh ├── .bazelrc ├── tools ├── README.md └── setup-integration-test-dependencies.sh ├── .trivyignore ├── OWNERS ├── .gitignore ├── docs └── README.md ├── SECURITY_CONTACTS.md └── .github └── ISSUE_TEMPLATE ├── feature-request.md └── bug.md /.bazelignore: -------------------------------------------------------------------------------- 1 | bin 2 | _bin 3 | -------------------------------------------------------------------------------- /test/fixtures/pebble-values.yaml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /test/fixtures/vault-values.yaml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /test/framework/addon/README.md: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /deploy/OWNERS: -------------------------------------------------------------------------------- 1 | labels: 2 | - area/deploy 3 | -------------------------------------------------------------------------------- /design/OWNERS: -------------------------------------------------------------------------------- 1 | labels: 2 | - kind/design 3 | -------------------------------------------------------------------------------- /pkg/acme/OWNERS: -------------------------------------------------------------------------------- 1 | labels: 2 | - area/acme 3 | -------------------------------------------------------------------------------- /test/OWNERS: -------------------------------------------------------------------------------- 1 | labels: 2 | - area/testing 3 | -------------------------------------------------------------------------------- /pkg/issuer/ca/OWNERS: -------------------------------------------------------------------------------- 1 | labels: 2 | - area/ca 3 | -------------------------------------------------------------------------------- /cmd/acmesolver/OWNERS: -------------------------------------------------------------------------------- 1 | labels: 2 | - area/acme 3 | -------------------------------------------------------------------------------- /make/config/samplewebhook/chart/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /pkg/issuer/acme/OWNERS: -------------------------------------------------------------------------------- 1 | labels: 2 | - area/acme 3 | -------------------------------------------------------------------------------- /pkg/metrics/OWNERS: -------------------------------------------------------------------------------- 1 | labels: 2 | - area/monitoring 3 | -------------------------------------------------------------------------------- /test/integration/versionchecker/testdata/.gitignore: -------------------------------------------------------------------------------- 1 | *.tar -------------------------------------------------------------------------------- /pkg/controller/acmeorders/OWNERS: -------------------------------------------------------------------------------- 1 | labels: 2 | - area/acme 3 | -------------------------------------------------------------------------------- /pkg/issuer/acme/dns/OWNERS: -------------------------------------------------------------------------------- 1 | labels: 2 | - area/acme/dns01 3 | -------------------------------------------------------------------------------- /pkg/issuer/acme/http/OWNERS: -------------------------------------------------------------------------------- 1 | labels: 2 | - area/acme/http01 3 | -------------------------------------------------------------------------------- /pkg/issuer/selfsigned/OWNERS: -------------------------------------------------------------------------------- 1 | labels: 2 | - area/selfsigned 3 | -------------------------------------------------------------------------------- /test/integration/rfc2136_dns01/testdata/config.json: -------------------------------------------------------------------------------- 1 | { 2 | } 3 | -------------------------------------------------------------------------------- /pkg/controller/acmechallenges/OWNERS: -------------------------------------------------------------------------------- 1 | labels: 2 | - area/acme 3 | -------------------------------------------------------------------------------- /test/integration/ctl/testdata/convert/output/no_output_error.yaml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /deploy/charts/cert-manager/.gitignore: -------------------------------------------------------------------------------- 1 | *.tgz 2 | charts/* 3 | requirements.lock 4 | -------------------------------------------------------------------------------- /pkg/apis/OWNERS: -------------------------------------------------------------------------------- 1 | required_reviewers: 2 | - munnerz 3 | labels: 4 | - area/api 5 | -------------------------------------------------------------------------------- /logo/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/schnatterer/cert-manager/master/logo/logo.png -------------------------------------------------------------------------------- /logo/logo-small.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/schnatterer/cert-manager/master/logo/logo-small.png -------------------------------------------------------------------------------- /deploy/manifests/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: cert-manager 5 | -------------------------------------------------------------------------------- /pkg/issuer/acme/dns/route53/OWNERS: -------------------------------------------------------------------------------- 1 | approvers: 2 | - munnerz 3 | - euank 4 | reviewers: 5 | - munnerz 6 | - euank 7 | -------------------------------------------------------------------------------- /deploy/manifests/01-namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: cert-manager 6 | -------------------------------------------------------------------------------- /internal/controller/issuers/OWNERS: -------------------------------------------------------------------------------- 1 | filters: 2 | "apply(_test)?\\.go$": 3 | required_reviewers: 4 | - joshvanl 5 | -------------------------------------------------------------------------------- /internal/controller/orders/OWNERS: -------------------------------------------------------------------------------- 1 | filters: 2 | "apply(_test)?\\.go$": 3 | required_reviewers: 4 | - joshvanl 5 | -------------------------------------------------------------------------------- /internal/controller/certificates/OWNERS: -------------------------------------------------------------------------------- 1 | filters: 2 | "apply(_test)?\\.go$": 3 | required_reviewers: 4 | - joshvanl 5 | -------------------------------------------------------------------------------- /internal/controller/challenges/OWNERS: -------------------------------------------------------------------------------- 1 | filters: 2 | "apply(_test)?\\.go$": 3 | required_reviewers: 4 | - joshvanl 5 | -------------------------------------------------------------------------------- /pkg/issuer/vault/OWNERS: -------------------------------------------------------------------------------- 1 | approvers: 2 | - munnerz 3 | reviewers: 4 | - munnerz 5 | - vdesjardins 6 | labels: 7 | - area/vault 8 | -------------------------------------------------------------------------------- /internal/controller/certificaterequests/OWNERS: -------------------------------------------------------------------------------- 1 | filters: 2 | "apply(_test)?\\.go$": 3 | required_reviewers: 4 | - joshvanl 5 | -------------------------------------------------------------------------------- /make/config/pebble/chart/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: A Helm chart for Kubernetes 3 | name: pebble 4 | version: 0.1.1 5 | -------------------------------------------------------------------------------- /pkg/webhook/handlers/testdata/apis/testgroup/crds/README.md: -------------------------------------------------------------------------------- 1 | # README 2 | 3 | These CRDs are auto generated by `hack/update-crds.sh`. 4 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing 2 | 3 | Please refer to the [cert-manager Contributing guide](https://cert-manager.io/docs/contributing/). 4 | -------------------------------------------------------------------------------- /hack/artifact-metadata.template.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "TODO", 3 | "sha256": "TODO", 4 | "os": "TODO", 5 | "architecture": "TODO" 6 | } 7 | -------------------------------------------------------------------------------- /hack/build/.kazelcfg.json: -------------------------------------------------------------------------------- 1 | { 2 | "GoPrefix": "github.com/cert-manager/cert-manager", 3 | "AddSourcesRules": true, 4 | "SkippedPaths": ["_bin"] 5 | } 6 | -------------------------------------------------------------------------------- /test/fixtures/example-webhook-values.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | requests: 3 | cpu: 50m 4 | memory: 50Mi 5 | limits: 6 | cpu: 100m 7 | memory: 200Mi 8 | -------------------------------------------------------------------------------- /make/config/samplewebhook/chart/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: A Helm chart for Kubernetes 4 | name: example-webhook 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /design/images/20221205-memory-management/createsecrets.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/schnatterer/cert-manager/master/design/images/20221205-memory-management/createsecrets.png -------------------------------------------------------------------------------- /design/images/20221205-memory-management/labelsecret.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/schnatterer/cert-manager/master/design/images/20221205-memory-management/labelsecret.png -------------------------------------------------------------------------------- /design/images/20221205-memory-management/partiallabels.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/schnatterer/cert-manager/master/design/images/20221205-memory-management/partiallabels.png -------------------------------------------------------------------------------- /design/images/20221205-memory-management/partialonly.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/schnatterer/cert-manager/master/design/images/20221205-memory-management/partialonly.png -------------------------------------------------------------------------------- /design/images/20221205-memory-management/partialnolabels.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/schnatterer/cert-manager/master/design/images/20221205-memory-management/partialnolabels.png -------------------------------------------------------------------------------- /design/images/20221205-memory-management/mastercertmanager.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/schnatterer/cert-manager/master/design/images/20221205-memory-management/mastercertmanager.png -------------------------------------------------------------------------------- /design/images/20221205-memory-management/transformwithlimit.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/schnatterer/cert-manager/master/design/images/20221205-memory-management/transformwithlimit.png -------------------------------------------------------------------------------- /test/integration/rfc2136_dns01/testdata/rfc2136-tsig-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: testkey 5 | stringData: 6 | value: IwBTJx9wrDp4Y1RyC3H0gA== 7 | -------------------------------------------------------------------------------- /design/images/20221205-memory-management/latestmastersecrets.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/schnatterer/cert-manager/master/design/images/20221205-memory-management/latestmastersecrets.png -------------------------------------------------------------------------------- /design/images/20221205-memory-management/masterkubeapiserver.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/schnatterer/cert-manager/master/design/images/20221205-memory-management/masterkubeapiserver.png -------------------------------------------------------------------------------- /pkg/issuer/acme/dns/util/testdata/resolv.conf.1: -------------------------------------------------------------------------------- 1 | domain company.com 2 | nameserver 10.200.3.249 3 | nameserver 10.200.3.250:5353 4 | nameserver 2001:4860:4860::8844 5 | nameserver [10.0.0.1]:5353 -------------------------------------------------------------------------------- /design/images/20221205-memory-management/masterissuanceterminal.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/schnatterer/cert-manager/master/design/images/20221205-memory-management/masterissuanceterminal.png -------------------------------------------------------------------------------- /design/images/20221205-memory-management/partialmetadatagrafana.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/schnatterer/cert-manager/master/design/images/20221205-memory-management/partialmetadatagrafana.png -------------------------------------------------------------------------------- /design/images/20221205-memory-management/partialmetadatasecrets.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/schnatterer/cert-manager/master/design/images/20221205-memory-management/partialmetadatasecrets.png -------------------------------------------------------------------------------- /design/images/20221205-memory-management/partialmetadataterminal.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/schnatterer/cert-manager/master/design/images/20221205-memory-management/partialmetadataterminal.png -------------------------------------------------------------------------------- /design/images/20221205-memory-management/partialonlycertmanager.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/schnatterer/cert-manager/master/design/images/20221205-memory-management/partialonlycertmanager.png -------------------------------------------------------------------------------- /design/images/20221205-memory-management/partialonlykubeapiserver.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/schnatterer/cert-manager/master/design/images/20221205-memory-management/partialonlykubeapiserver.png -------------------------------------------------------------------------------- /design/images/20221205-memory-management/transformfunctionsgrafana.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/schnatterer/cert-manager/master/design/images/20221205-memory-management/transformfunctionsgrafana.png -------------------------------------------------------------------------------- /design/images/20221205-memory-management/partialnolabelscertmanager.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/schnatterer/cert-manager/master/design/images/20221205-memory-management/partialnolabelscertmanager.png -------------------------------------------------------------------------------- /design/images/20221205-memory-management/partialnolabelskubeapiserver.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/schnatterer/cert-manager/master/design/images/20221205-memory-management/partialnolabelskubeapiserver.png -------------------------------------------------------------------------------- /test/integration/ctl/testdata/create_cr_issuer.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1alpha2 2 | kind: Issuer 3 | metadata: 4 | name: ca-issuer 5 | namespace: testns-1 6 | spec: 7 | ca: 8 | secretName: ca-key-pair 9 | -------------------------------------------------------------------------------- /deploy/charts/cert-manager/signkey_annotation.txt: -------------------------------------------------------------------------------- 1 | fingerprint: 1020CF3C033D4F35BAE1C19E1226061C665DF13E 2 | url: https://cert-manager.io/public-keys/cert-manager-keyring-2021-09-20-1020CF3C033D4F35BAE1C19E1226061C665DF13E.gpg 3 | -------------------------------------------------------------------------------- /make/config/pebble/Containerfile.pebble: -------------------------------------------------------------------------------- 1 | # +skip_license_check 2 | 3 | ARG BASE_IMAGE 4 | 5 | FROM $BASE_IMAGE 6 | 7 | USER 1000 8 | 9 | COPY pebble /app/pebble 10 | 11 | ENTRYPOINT ["/app/pebble"] 12 | 13 | # vim: syntax=dockerfile 14 | -------------------------------------------------------------------------------- /.bazelrc: -------------------------------------------------------------------------------- 1 | # Include git version info 2 | build --workspace_status_command hack/build/print-workspace-status.sh 3 | # Show timestamps with each bazel message 4 | build --show_timestamps 5 | 6 | # import per-user options 7 | try-import %workspace%/user.bazelrc 8 | -------------------------------------------------------------------------------- /tools/README.md: -------------------------------------------------------------------------------- 1 | This directory used to contain a Golang script which stopped being used. 2 | 3 | We've left the other script in this directory in case it's being used in a script somewhere, but it's just a wrapper 4 | and we might remove this whole directory in the future. 5 | -------------------------------------------------------------------------------- /deploy/manifests/helm-values.yaml: -------------------------------------------------------------------------------- 1 | fullnameOverride: cert-manager 2 | 3 | resources: 4 | requests: 5 | cpu: 10m 6 | memory: 32Mi 7 | 8 | ingressShim: 9 | resources: 10 | requests: 11 | cpu: 10m 12 | memory: 32Mi 13 | 14 | webhook: 15 | enabled: true 16 | -------------------------------------------------------------------------------- /test/integration/ctl/testdata/convert/input/resource3.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: sandbox 5 | --- 6 | apiVersion: cert-manager.io/v1alpha2 7 | kind: Issuer 8 | metadata: 9 | name: selfsigned-issuer 10 | namespace: sandbox 11 | spec: 12 | selfSigned: {} 13 | -------------------------------------------------------------------------------- /logo/LICENSE: -------------------------------------------------------------------------------- 1 | cert-manager project logo (c) by Jetstack Ltd. 2 | 3 | cert-manager project logo is licensed under a 4 | Creative Commons Attribution 4.0 International License. 5 | 6 | You should have received a copy of the license along with this 7 | work. If not, see . 8 | -------------------------------------------------------------------------------- /make/config/pebble/chart/values.yaml: -------------------------------------------------------------------------------- 1 | replicaCount: 1 2 | image: 3 | repository: local/pebble 4 | tag: local 5 | pullPolicy: Never 6 | service: 7 | type: ClusterIP 8 | resources: 9 | requests: 10 | cpu: 10m 11 | memory: 10Mi 12 | limits: 13 | cpu: 100m 14 | memory: 100Mi 15 | 16 | strict: "false" 17 | -------------------------------------------------------------------------------- /.trivyignore: -------------------------------------------------------------------------------- 1 | # These vulns relate to issues with v1 of the AWS Golang SDK 2 | # These issues relate to S3 encryption issues which cert-manager is unlikely to hit 3 | # Fixing them requires upgrading to v2 of the AWS Golang SDK which is a potentially large task 4 | CVE-2020-8911 5 | CVE-2020-8912 6 | GHSA-7f33-f4f5-xwgw 7 | GHSA-f5pg-7wfw-84q9 8 | -------------------------------------------------------------------------------- /OWNERS: -------------------------------------------------------------------------------- 1 | approvers: 2 | - munnerz 3 | - joshvanl 4 | - meyskens 5 | - wallrj 6 | - jakexks 7 | - maelvls 8 | - irbekrm 9 | - sgtcodfish 10 | - jahrlin 11 | - inteon 12 | reviewers: 13 | - munnerz 14 | - joshvanl 15 | - meyskens 16 | - wallrj 17 | - jakexks 18 | - maelvls 19 | - irbekrm 20 | - sgtcodfish 21 | - jahrlin 22 | - inteon 23 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | .idea 3 | *.iml 4 | /acmesolver 5 | /controller 6 | /ingress-shim 7 | /ctl 8 | /hack/build/dockerfiles/cert-manager-*_*_* 9 | .vscode 10 | .venv 11 | bazel-* 12 | /.settings/ 13 | /.project 14 | _artifacts/ 15 | /vendor/ 16 | bin/ 17 | _bin/ 18 | .bin/ 19 | user.bazelrc 20 | *.bak 21 | /go.work.sum 22 | **/go.work 23 | -------------------------------------------------------------------------------- /test/integration/ctl/testdata/convert/input/resource1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1alpha2 2 | kind: Certificate 3 | metadata: 4 | name: ca-issuer 5 | namespace: sandbox 6 | spec: 7 | isCA: true 8 | secretName: ca-key-pair 9 | commonName: my-csi-app 10 | issuerRef: 11 | name: selfsigned-issuer 12 | kind: Issuer 13 | group: cert-manager.io 14 | -------------------------------------------------------------------------------- /docs/README.md: -------------------------------------------------------------------------------- 1 | # Documentation 2 | 3 | The cert-manager documentation can be found on [cert-manager.io](https://cert-manager.io/docs). 4 | 5 | ## Contributing 6 | 7 | If you'd like to make changes or contribute to the documentation, you can find 8 | the source code for the website in the [cert-manager/website](https://github.com/cert-manager/website) 9 | repository. 10 | -------------------------------------------------------------------------------- /test/integration/ctl/testdata/create_cr_cert_with_ns1.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: cert-manager.io/v1alpha2 3 | kind: Certificate 4 | metadata: 5 | name: testcert-1 6 | namespace: testns-1 7 | spec: 8 | isCA: true 9 | secretName: ca-key-pair 10 | commonName: my-csi-app 11 | issuerRef: 12 | name: selfsigned-issuer 13 | kind: Issuer 14 | group: cert-manager.io 15 | -------------------------------------------------------------------------------- /make/config/bind/service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: bind 6 | labels: 7 | name: bind 8 | spec: 9 | type: ClusterIP 10 | # hardcoded to make this service easily accessible via IP only 11 | clusterIP: {SERVICE_IP_PREFIX}.16 12 | ports: 13 | - port: 53 14 | targetPort: 53 15 | protocol: UDP 16 | selector: 17 | app: bind 18 | -------------------------------------------------------------------------------- /test/integration/ctl/testdata/convert/output/resource1_v1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: Certificate 3 | metadata: 4 | creationTimestamp: null 5 | name: ca-issuer 6 | namespace: sandbox 7 | spec: 8 | commonName: my-csi-app 9 | isCA: true 10 | issuerRef: 11 | group: cert-manager.io 12 | kind: Issuer 13 | name: selfsigned-issuer 14 | secretName: ca-key-pair 15 | status: {} 16 | -------------------------------------------------------------------------------- /test/integration/ctl/testdata/convert/output/resource1_v1alpha2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1alpha2 2 | kind: Certificate 3 | metadata: 4 | creationTimestamp: null 5 | name: ca-issuer 6 | namespace: sandbox 7 | spec: 8 | commonName: my-csi-app 9 | isCA: true 10 | issuerRef: 11 | group: cert-manager.io 12 | kind: Issuer 13 | name: selfsigned-issuer 14 | secretName: ca-key-pair 15 | status: {} 16 | -------------------------------------------------------------------------------- /test/integration/ctl/testdata/convert/output/resource1_v1alpha3.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1alpha3 2 | kind: Certificate 3 | metadata: 4 | creationTimestamp: null 5 | name: ca-issuer 6 | namespace: sandbox 7 | spec: 8 | commonName: my-csi-app 9 | isCA: true 10 | issuerRef: 11 | group: cert-manager.io 12 | kind: Issuer 13 | name: selfsigned-issuer 14 | secretName: ca-key-pair 15 | status: {} 16 | -------------------------------------------------------------------------------- /test/integration/ctl/testdata/convert/input/resource_with_organization_v1alpha2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1alpha2 2 | kind: Certificate 3 | metadata: 4 | name: ca-issuer 5 | namespace: sandbox 6 | spec: 7 | isCA: true 8 | secretName: ca-key-pair 9 | organization: 10 | - "hello world" 11 | commonName: my-csi-app 12 | issuerRef: 13 | name: selfsigned-issuer 14 | kind: Issuer 15 | group: cert-manager.io 16 | -------------------------------------------------------------------------------- /make/config/pebble/chart/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /test/integration/ctl/testdata/create_cr_v1alpha3_cert_with_ns1.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: cert-manager.io/v1alpha3 3 | kind: Certificate 4 | metadata: 5 | name: testcert-v1alpha3 6 | namespace: testns-1 7 | spec: 8 | isCA: true 9 | secretName: ca-key-pair 10 | commonName: my-csi-app 11 | issuerRef: 12 | name: selfsigned-issuer 13 | kind: Issuer 14 | group: cert-manager.io 15 | subject: 16 | organizations: 17 | - hello world 18 | -------------------------------------------------------------------------------- /make/config/samplewebhook/chart/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /logo/README.md: -------------------------------------------------------------------------------- 1 | # Project Logo 2 | 3 | Files for the cert-manager logo. 4 | 5 | Note that the cert-manager logos in this repo are referred to in other README files in the cert-manager org; 6 | if you change locations or names, you'll need to update several other repos too! 7 | 8 | The logo was originally created by [Zoe Paterson](https://www.zoepatersonmedia.com/). 9 | 10 | ## Licensing 11 | 12 | Please see the [LICENSE](./LICENSE) file for information on using the logo. 13 | -------------------------------------------------------------------------------- /test/integration/ctl/testdata/convert/output/resource_with_organization_v1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: Certificate 3 | metadata: 4 | creationTimestamp: null 5 | name: ca-issuer 6 | namespace: sandbox 7 | spec: 8 | commonName: my-csi-app 9 | isCA: true 10 | issuerRef: 11 | group: cert-manager.io 12 | kind: Issuer 13 | name: selfsigned-issuer 14 | secretName: ca-key-pair 15 | subject: 16 | organizations: 17 | - hello world 18 | status: {} 19 | -------------------------------------------------------------------------------- /test/integration/ctl/testdata/convert/output/resource_with_organization_v1beta1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1beta1 2 | kind: Certificate 3 | metadata: 4 | creationTimestamp: null 5 | name: ca-issuer 6 | namespace: sandbox 7 | spec: 8 | commonName: my-csi-app 9 | isCA: true 10 | issuerRef: 11 | group: cert-manager.io 12 | kind: Issuer 13 | name: selfsigned-issuer 14 | secretName: ca-key-pair 15 | subject: 16 | organizations: 17 | - hello world 18 | status: {} 19 | -------------------------------------------------------------------------------- /test/integration/ctl/testdata/convert/output/resource_with_organization_v1alpha3.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1alpha3 2 | kind: Certificate 3 | metadata: 4 | creationTimestamp: null 5 | name: ca-issuer 6 | namespace: sandbox 7 | spec: 8 | commonName: my-csi-app 9 | isCA: true 10 | issuerRef: 11 | group: cert-manager.io 12 | kind: Issuer 13 | name: selfsigned-issuer 14 | secretName: ca-key-pair 15 | subject: 16 | organizations: 17 | - hello world 18 | status: {} 19 | -------------------------------------------------------------------------------- /deploy/charts/cert-manager/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | 23 | BUILD.bazel 24 | Chart.template.yaml 25 | README.template.md 26 | OWNERS 27 | cert-manager*.tgz 28 | -------------------------------------------------------------------------------- /make/config/pebble/chart/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: pebble 5 | labels: 6 | app: {{ template "name" . }} 7 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 8 | release: {{ .Release.Name }} 9 | heritage: {{ .Release.Service }} 10 | spec: 11 | type: {{ .Values.service.type }} 12 | ports: 13 | - port: 443 14 | targetPort: 14000 15 | protocol: TCP 16 | name: https 17 | selector: 18 | app: {{ template "name" . }} 19 | release: {{ .Release.Name }} 20 | -------------------------------------------------------------------------------- /make/config/projectcontour/gateway.yaml: -------------------------------------------------------------------------------- 1 | kind: GatewayClass 2 | apiVersion: gateway.networking.k8s.io/v1beta1 3 | metadata: 4 | name: acmesolver 5 | spec: 6 | controllerName: projectcontour.io/projectcontour/contour 7 | 8 | --- 9 | kind: Gateway 10 | apiVersion: gateway.networking.k8s.io/v1beta1 11 | metadata: 12 | name: acmesolver 13 | namespace: projectcontour 14 | spec: 15 | gatewayClassName: acmesolver 16 | listeners: 17 | - name: http 18 | protocol: HTTP 19 | port: 80 20 | allowedRoutes: 21 | namespaces: 22 | from: All 23 | -------------------------------------------------------------------------------- /make/config/pebble/chart/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | */}} 13 | {{- define "fullname" -}} 14 | {{- $name := default .Chart.Name .Values.nameOverride -}} 15 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 16 | {{- end -}} 17 | -------------------------------------------------------------------------------- /make/config/samplewebhook/chart/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "example-webhook.fullname" . }} 5 | labels: 6 | app: {{ include "example-webhook.name" . }} 7 | chart: {{ include "example-webhook.chart" . }} 8 | release: {{ .Release.Name }} 9 | heritage: {{ .Release.Service }} 10 | spec: 11 | type: {{ .Values.service.type }} 12 | ports: 13 | - port: {{ .Values.service.port }} 14 | targetPort: https 15 | protocol: TCP 16 | name: https 17 | selector: 18 | app: {{ include "example-webhook.name" . }} 19 | release: {{ .Release.Name }} 20 | -------------------------------------------------------------------------------- /deploy/manifests/README.md: -------------------------------------------------------------------------------- 1 | # Deployment files 2 | 3 | This directory previously contained the Kubernetes manifests needed to deploy cert-manager. 4 | 5 | For full information on deploying cert-manager, see the [getting started guide](https://cert-manager.io/docs/installation/kubernetes/). 6 | 7 | ## Where are the manifests now? 8 | 9 | From v0.8 onwards, the 'static deployment manifests' are generated 10 | automatically from the [official helm chart](../charts/cert-manager). 11 | 12 | When a new release of cert-manager is cut, these manifests will be 13 | automatically generated and published as an asset **attached to the GitHub release**. 14 | -------------------------------------------------------------------------------- /hack/boilerplate-go.txt: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | -------------------------------------------------------------------------------- /hack/boilerplate-yaml.txt: -------------------------------------------------------------------------------- 1 | # Copyright YEAR The cert-manager Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | -------------------------------------------------------------------------------- /deploy/charts/cert-manager/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | cert-manager {{ .Chart.AppVersion }} has been deployed successfully! 2 | 3 | In order to begin issuing certificates, you will need to set up a ClusterIssuer 4 | or Issuer resource (for example, by creating a 'letsencrypt-staging' issuer). 5 | 6 | More information on the different types of issuers and how to configure them 7 | can be found in our documentation: 8 | 9 | https://cert-manager.io/docs/configuration/ 10 | 11 | For information on how to configure cert-manager to automatically provision 12 | Certificates for Ingress resources, take a look at the `ingress-shim` 13 | documentation: 14 | 15 | https://cert-manager.io/docs/usage/ingress/ 16 | -------------------------------------------------------------------------------- /deploy/charts/cert-manager/templates/webhook-psp-clusterrole.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.global.podSecurityPolicy.enabled }} 2 | kind: ClusterRole 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | metadata: 5 | name: {{ template "webhook.fullname" . }}-psp 6 | labels: 7 | app: {{ include "webhook.name" . }} 8 | app.kubernetes.io/name: {{ include "webhook.name" . }} 9 | app.kubernetes.io/instance: {{ .Release.Name }} 10 | app.kubernetes.io/component: "webhook" 11 | {{- include "labels" . | nindent 4 }} 12 | rules: 13 | - apiGroups: ['policy'] 14 | resources: ['podsecuritypolicies'] 15 | verbs: ['use'] 16 | resourceNames: 17 | - {{ template "webhook.fullname" . }} 18 | {{- end }} 19 | -------------------------------------------------------------------------------- /internal/apis/config/webhook/v1alpha1/conversion.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package v1alpha1 18 | -------------------------------------------------------------------------------- /pkg/apis/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // 18 | // +domain=cert-manager.io 19 | 20 | package apis 21 | -------------------------------------------------------------------------------- /deploy/charts/cert-manager/templates/psp-clusterrole.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.global.podSecurityPolicy.enabled }} 2 | kind: ClusterRole 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | metadata: 5 | name: {{ template "cert-manager.fullname" . }}-psp 6 | labels: 7 | app: {{ include "cert-manager.name" . }} 8 | app.kubernetes.io/name: {{ include "cert-manager.name" . }} 9 | app.kubernetes.io/instance: {{ .Release.Name }} 10 | app.kubernetes.io/component: "controller" 11 | {{- include "labels" . | nindent 4 }} 12 | rules: 13 | - apiGroups: ['policy'] 14 | resources: ['podsecuritypolicies'] 15 | verbs: ['use'] 16 | resourceNames: 17 | - {{ template "cert-manager.fullname" . }} 18 | {{- end }} 19 | -------------------------------------------------------------------------------- /test/fixtures/upgrade/overlay/values.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 The cert-manager Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | #@data/values 16 | --- 17 | app_version: 18 | -------------------------------------------------------------------------------- /SECURITY_CONTACTS.md: -------------------------------------------------------------------------------- 1 | # Security Contacts 2 | 3 | This file lists people who (should) have access to read security reports 4 | made via the cert-manager vulnerability reporting process. 5 | 6 | If you think you've found a security issue in cert-manager, don't reach 7 | out to any of these people individually - follow the details in 8 | SECURITY.md and report your vulnerability via e-mail. 9 | 10 | - [irbekrm](https://github.com/irbekrm) 11 | - [SgtCoDFish](https://github.com/SgtCoDFish) 12 | - [jakexks](https://github.com/jakexks) 13 | - [JoshVanL](https://github.com/JoshVanL) 14 | - [maelvls](https://github.com/maelvls) 15 | - [wallrj](https://github.com/wallrj) 16 | - [munnerz](https://github.com/munnerz) 17 | - [inteon](https://github.com/inteon) 18 | -------------------------------------------------------------------------------- /pkg/apis/acme/v1/const.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package v1 18 | 19 | const ( 20 | ACMEFinalizer = "finalizer.acme.cert-manager.io" 21 | ) 22 | -------------------------------------------------------------------------------- /make/config/samplewebhook/chart/templates/apiservice.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiregistration.k8s.io/v1 2 | kind: APIService 3 | metadata: 4 | name: v1alpha1.{{ .Values.groupName }} 5 | labels: 6 | app: {{ include "example-webhook.name" . }} 7 | chart: {{ include "example-webhook.chart" . }} 8 | release: {{ .Release.Name }} 9 | heritage: {{ .Release.Service }} 10 | annotations: 11 | cert-manager.io/inject-ca-from: "{{ .Release.Namespace }}/{{ include "example-webhook.servingCertificate" . }}" 12 | spec: 13 | group: {{ .Values.groupName }} 14 | groupPriorityMinimum: 1000 15 | versionPriority: 15 16 | service: 17 | name: {{ include "example-webhook.fullname" . }} 18 | namespace: {{ .Release.Namespace }} 19 | version: v1alpha1 20 | -------------------------------------------------------------------------------- /pkg/controller/acmechallenges/checks.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package acmechallenges 18 | 19 | // no checks for the acme orders controller yet 20 | -------------------------------------------------------------------------------- /test/unit/gen/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // package gen implements helper functions to construct API resource test fixtures. 18 | package gen 19 | -------------------------------------------------------------------------------- /internal/apis/acme/v1alpha2/const.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package v1alpha2 18 | 19 | const ( 20 | ACMEFinalizer = "finalizer.acme.cert-manager.io" 21 | ) 22 | -------------------------------------------------------------------------------- /internal/apis/acme/v1alpha3/const.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package v1alpha3 18 | 19 | const ( 20 | ACMEFinalizer = "finalizer.acme.cert-manager.io" 21 | ) 22 | -------------------------------------------------------------------------------- /internal/apis/acme/v1beta1/const.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package v1beta1 18 | 19 | const ( 20 | ACMEFinalizer = "finalizer.acme.cert-manager.io" 21 | ) 22 | -------------------------------------------------------------------------------- /deploy/charts/cert-manager/templates/cainjector-psp-clusterrole.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.cainjector.enabled }} 2 | {{- if .Values.global.podSecurityPolicy.enabled }} 3 | kind: ClusterRole 4 | apiVersion: rbac.authorization.k8s.io/v1 5 | metadata: 6 | name: {{ template "cainjector.fullname" . }}-psp 7 | labels: 8 | app: {{ include "cainjector.name" . }} 9 | app.kubernetes.io/name: {{ include "cainjector.name" . }} 10 | app.kubernetes.io/instance: {{ .Release.Name }} 11 | app.kubernetes.io/component: "cainjector" 12 | {{- include "labels" . | nindent 4 }} 13 | rules: 14 | - apiGroups: ['policy'] 15 | resources: ['podsecuritypolicies'] 16 | verbs: ['use'] 17 | resourceNames: 18 | - {{ template "cainjector.fullname" . }} 19 | {{- end }} 20 | {{- end }} 21 | -------------------------------------------------------------------------------- /internal/cmd/util/signal_windows.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package util 18 | 19 | import ( 20 | "os" 21 | ) 22 | 23 | var shutdownSignals = []os.Signal{os.Interrupt} 24 | -------------------------------------------------------------------------------- /pkg/apis/acme/v1/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Package v1 is the v1 version of the API. 18 | // +k8s:deepcopy-gen=package,register 19 | // +groupName=acme.cert-manager.io 20 | package v1 21 | -------------------------------------------------------------------------------- /pkg/client/clientset/versioned/fake/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | // This package has the automatically generated fake clientset. 20 | package fake 21 | -------------------------------------------------------------------------------- /pkg/webhook/authority/authority_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package authority 18 | 19 | // Integration tests for the authority can be found in `test/integration/webhook/dynamic_authority_test.go`. 20 | -------------------------------------------------------------------------------- /internal/apis/acme/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // +k8s:deepcopy-gen=package,register 18 | 19 | // Package acme is the internal version of the API. 20 | // +groupName=acme.cert-manager.io 21 | package acme 22 | -------------------------------------------------------------------------------- /internal/apis/meta/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // +k8s:deepcopy-gen=package,register 18 | 19 | // Package meta is the internal version of the API. 20 | // +groupName=meta.cert-manager.io 21 | package meta 22 | -------------------------------------------------------------------------------- /pkg/client/clientset/versioned/typed/acme/v1/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | // This package has the automatically generated typed clients. 20 | package v1 21 | -------------------------------------------------------------------------------- /pkg/client/clientset/versioned/typed/acme/v1/fake/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | // Package fake has the automatically generated clients. 20 | package fake 21 | -------------------------------------------------------------------------------- /pkg/client/clientset/versioned/typed/certmanager/v1/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | // This package has the automatically generated typed clients. 20 | package v1 21 | -------------------------------------------------------------------------------- /pkg/apis/meta/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // +groupName=meta.cert-manager.io 18 | 19 | // Package meta contains meta types for cert-manager APIs 20 | package meta 21 | 22 | const GroupName = "meta.cert-manager.io" 23 | -------------------------------------------------------------------------------- /pkg/client/clientset/versioned/scheme/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | // This package contains the scheme of the automatically generated clientset. 20 | package scheme 21 | -------------------------------------------------------------------------------- /pkg/client/clientset/versioned/typed/certmanager/v1/fake/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | // Package fake has the automatically generated clients. 20 | package fake 21 | -------------------------------------------------------------------------------- /pkg/apis/meta/v1/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Package v1 contains meta types for cert-manager APIs 18 | // +k8s:deepcopy-gen=package 19 | // +gencrdrefdocs:force 20 | // +groupName=meta.cert-manager.io 21 | package v1 22 | -------------------------------------------------------------------------------- /test/framework/addon/venafi/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Package venafi implements an addon for the Venafi platform. 18 | // It provides a means for e2e tests to consume credentials for Venafi TPP. 19 | package venafi 20 | -------------------------------------------------------------------------------- /internal/apis/certmanager/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // +k8s:deepcopy-gen=package,register 18 | 19 | // Package certmanager is the internal version of the API. 20 | // +groupName=cert-manager.io 21 | package certmanager 22 | -------------------------------------------------------------------------------- /pkg/apis/acme/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // +groupName=acme.cert-manager.io 18 | 19 | // Package acme contains types in the acme cert-manager API group 20 | package acme 21 | 22 | const GroupName = "acme.cert-manager.io" 23 | -------------------------------------------------------------------------------- /pkg/apis/certmanager/v1/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Package v1 is the v1 version of the API. 18 | // +k8s:deepcopy-gen=package,register 19 | // +groupName=cert-manager.io 20 | // +groupGoName=Certmanager 21 | package v1 22 | -------------------------------------------------------------------------------- /deploy/charts/cert-manager/templates/webhook-psp-clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.global.podSecurityPolicy.enabled }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | name: {{ template "webhook.fullname" . }}-psp 6 | labels: 7 | app: {{ include "webhook.name" . }} 8 | app.kubernetes.io/name: {{ include "webhook.name" . }} 9 | app.kubernetes.io/instance: {{ .Release.Name }} 10 | app.kubernetes.io/component: "webhook" 11 | {{- include "labels" . | nindent 4 }} 12 | roleRef: 13 | apiGroup: rbac.authorization.k8s.io 14 | kind: ClusterRole 15 | name: {{ template "webhook.fullname" . }}-psp 16 | subjects: 17 | - kind: ServiceAccount 18 | name: {{ template "webhook.serviceAccountName" . }} 19 | namespace: {{ include "cert-manager.namespace" . }} 20 | {{- end }} 21 | -------------------------------------------------------------------------------- /internal/cmd/util/signal_posix.go: -------------------------------------------------------------------------------- 1 | //go:build !windows 2 | 3 | /* 4 | Copyright 2020 The cert-manager Authors. 5 | 6 | Licensed under the Apache License, Version 2.0 (the "License"); 7 | you may not use this file except in compliance with the License. 8 | You may obtain a copy of the License at 9 | 10 | http://www.apache.org/licenses/LICENSE-2.0 11 | 12 | Unless required by applicable law or agreed to in writing, software 13 | distributed under the License is distributed on an "AS IS" BASIS, 14 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | See the License for the specific language governing permissions and 16 | limitations under the License. 17 | */ 18 | 19 | package util 20 | 21 | import ( 22 | "os" 23 | "syscall" 24 | ) 25 | 26 | var shutdownSignals = []os.Signal{os.Interrupt, syscall.SIGTERM} 27 | -------------------------------------------------------------------------------- /deploy/charts/cert-manager/Chart.template.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: cert-manager 3 | # The version and appVersion fields are set automatically by the release tool 4 | version: v0.1.0 5 | appVersion: v0.1.0 6 | kubeVersion: ">= 1.22.0-0" 7 | description: A Helm chart for cert-manager 8 | home: https://github.com/cert-manager/cert-manager 9 | icon: https://raw.githubusercontent.com/cert-manager/cert-manager/d53c0b9270f8cd90d908460d69502694e1838f5f/logo/logo-small.png 10 | keywords: 11 | - cert-manager 12 | - kube-lego 13 | - letsencrypt 14 | - tls 15 | sources: 16 | - https://github.com/cert-manager/cert-manager 17 | maintainers: 18 | - name: cert-manager-maintainers 19 | email: cert-manager-maintainers@googlegroups.com 20 | url: https://cert-manager.io 21 | annotations: 22 | artifacthub.io/prerelease: "{{IS_PRERELEASE}}" 23 | -------------------------------------------------------------------------------- /test/e2e/suite/certificatesigningrequests/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2022 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package certificatesigningrequests 18 | 19 | import ( 20 | _ "github.com/cert-manager/cert-manager/e2e-tests/suite/certificatesigningrequests/selfsigned" 21 | ) 22 | -------------------------------------------------------------------------------- /pkg/issuer/acme/http/solver/constants.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package solver 18 | 19 | const ( 20 | // HTTPChallengePath is the path prefix used for http-01 challenge requests 21 | HTTPChallengePath = "/.well-known/acme-challenge" 22 | ) 23 | -------------------------------------------------------------------------------- /internal/apis/acme/v1/defaults.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package v1 18 | 19 | import ( 20 | "k8s.io/apimachinery/pkg/runtime" 21 | ) 22 | 23 | func addDefaultingFuncs(scheme *runtime.Scheme) error { 24 | return RegisterDefaults(scheme) 25 | } 26 | -------------------------------------------------------------------------------- /internal/apis/meta/v1/defaults.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package v1 18 | 19 | import ( 20 | "k8s.io/apimachinery/pkg/runtime" 21 | ) 22 | 23 | func addDefaultingFuncs(scheme *runtime.Scheme) error { 24 | return RegisterDefaults(scheme) 25 | } 26 | -------------------------------------------------------------------------------- /pkg/client/clientset/versioned/typed/acme/v1/generated_expansion.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | package v1 20 | 21 | type ChallengeExpansion interface{} 22 | 23 | type OrderExpansion interface{} 24 | -------------------------------------------------------------------------------- /deploy/charts/cert-manager/templates/networkpolicy-egress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.webhook.networkPolicy.enabled }} 2 | apiVersion: networking.k8s.io/v1 3 | kind: NetworkPolicy 4 | metadata: 5 | name: {{ template "webhook.fullname" . }}-allow-egress 6 | namespace: {{ include "cert-manager.namespace" . }} 7 | spec: 8 | egress: 9 | {{- with .Values.webhook.networkPolicy.egress }} 10 | {{- toYaml . | nindent 2 }} 11 | {{- end }} 12 | podSelector: 13 | matchLabels: 14 | app: {{ include "webhook.name" . }} 15 | app.kubernetes.io/name: {{ include "webhook.name" . }} 16 | app.kubernetes.io/instance: {{ .Release.Name }} 17 | app.kubernetes.io/component: "webhook" 18 | {{- with .Values.webhook.podLabels }} 19 | {{- toYaml . | nindent 6 }} 20 | {{- end }} 21 | policyTypes: 22 | - Egress 23 | {{- end }} 24 | -------------------------------------------------------------------------------- /deploy/charts/cert-manager/templates/psp-clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.global.podSecurityPolicy.enabled }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | name: {{ template "cert-manager.fullname" . }}-psp 6 | labels: 7 | app: {{ include "cert-manager.name" . }} 8 | app.kubernetes.io/name: {{ include "cert-manager.name" . }} 9 | app.kubernetes.io/instance: {{ .Release.Name }} 10 | app.kubernetes.io/component: "controller" 11 | {{- include "labels" . | nindent 4 }} 12 | roleRef: 13 | apiGroup: rbac.authorization.k8s.io 14 | kind: ClusterRole 15 | name: {{ template "cert-manager.fullname" . }}-psp 16 | subjects: 17 | - kind: ServiceAccount 18 | name: {{ template "cert-manager.serviceAccountName" . }} 19 | namespace: {{ include "cert-manager.namespace" . }} 20 | {{- end }} 21 | -------------------------------------------------------------------------------- /internal/apis/config/webhook/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // +k8s:deepcopy-gen=package,register 18 | 19 | // Package webhook is the internal version of the webhook config API. 20 | // +groupName=webhook.config.cert-manager.io 21 | package webhook 22 | -------------------------------------------------------------------------------- /pkg/apis/config/webhook/v1alpha1/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Package v1alpha1 is the v1alpha1 version of the webhook config API. 18 | // +k8s:deepcopy-gen=package,register 19 | // +groupName=webhook.config.cert-manager.io 20 | package v1alpha1 21 | -------------------------------------------------------------------------------- /hack/update-all.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2022 The cert-manager Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -o errexit 18 | set -o nounset 19 | set -o pipefail 20 | 21 | # This script is kept only to preserve muscle memory. Prefer using make directly. 22 | 23 | make update-all 24 | -------------------------------------------------------------------------------- /internal/apis/acme/v1beta1/defaults.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package v1beta1 18 | 19 | import ( 20 | "k8s.io/apimachinery/pkg/runtime" 21 | ) 22 | 23 | func addDefaultingFuncs(scheme *runtime.Scheme) error { 24 | return RegisterDefaults(scheme) 25 | } 26 | -------------------------------------------------------------------------------- /internal/apis/certmanager/v1/defaults.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package v1 18 | 19 | import ( 20 | "k8s.io/apimachinery/pkg/runtime" 21 | ) 22 | 23 | func addDefaultingFuncs(scheme *runtime.Scheme) error { 24 | return RegisterDefaults(scheme) 25 | } 26 | -------------------------------------------------------------------------------- /pkg/apis/certmanager/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // +groupName=cert-manager.io 18 | // +groupGoName=Certmanager 19 | 20 | // Package certmanager is the internal version of the API. 21 | package certmanager 22 | 23 | const GroupName = "cert-manager.io" 24 | -------------------------------------------------------------------------------- /pkg/apis/config/webhook/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // +groupName=webhook.config.cert-manager.io 18 | 19 | // Package webhook contains types used to configure the webhook 20 | package webhook 21 | 22 | const GroupName = "webhook.config.cert-manager.io" 23 | -------------------------------------------------------------------------------- /internal/apis/acme/v1alpha2/defaults.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package v1alpha2 18 | 19 | import ( 20 | "k8s.io/apimachinery/pkg/runtime" 21 | ) 22 | 23 | func addDefaultingFuncs(scheme *runtime.Scheme) error { 24 | return RegisterDefaults(scheme) 25 | } 26 | -------------------------------------------------------------------------------- /internal/apis/acme/v1alpha3/defaults.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package v1alpha3 18 | 19 | import ( 20 | "k8s.io/apimachinery/pkg/runtime" 21 | ) 22 | 23 | func addDefaultingFuncs(scheme *runtime.Scheme) error { 24 | return RegisterDefaults(scheme) 25 | } 26 | -------------------------------------------------------------------------------- /pkg/webhook/handlers/testdata/apis/testgroup/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // +k8s:deepcopy-gen=package,register 18 | 19 | // +groupName=testgroup.testing.cert-manager.io 20 | package testgroup 21 | 22 | const GroupName = "testgroup.testing.cert-manager.io" 23 | -------------------------------------------------------------------------------- /hack/util/hash.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2021 The cert-manager Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -eu -o pipefail 18 | 19 | # This script is a wrapper for outputting purely the sha256 hash of the input file, 20 | # ideally in a portable way. 21 | 22 | sha256sum $1 | cut -d" " -f1 23 | -------------------------------------------------------------------------------- /internal/apis/certmanager/v1alpha2/defaults.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package v1alpha2 18 | 19 | import ( 20 | "k8s.io/apimachinery/pkg/runtime" 21 | ) 22 | 23 | func addDefaultingFuncs(scheme *runtime.Scheme) error { 24 | return RegisterDefaults(scheme) 25 | } 26 | -------------------------------------------------------------------------------- /internal/apis/certmanager/v1alpha3/defaults.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package v1alpha3 18 | 19 | import ( 20 | "k8s.io/apimachinery/pkg/runtime" 21 | ) 22 | 23 | func addDefaultingFuncs(scheme *runtime.Scheme) error { 24 | return RegisterDefaults(scheme) 25 | } 26 | -------------------------------------------------------------------------------- /internal/apis/certmanager/v1beta1/defaults.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package v1beta1 18 | 19 | import ( 20 | "k8s.io/apimachinery/pkg/runtime" 21 | ) 22 | 23 | func addDefaultingFuncs(scheme *runtime.Scheme) error { 24 | return RegisterDefaults(scheme) 25 | } 26 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature-request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Suggest an idea to improve cert-manager 4 | 5 | --- 6 | 7 | **Is your feature request related to a problem? Please describe.** 8 | 9 | 10 | **Describe the solution you'd like** 11 | 12 | 13 | **Describe alternatives you've considered** 14 | 15 | 16 | **Additional context** 17 | 18 | 19 | **Environment details (remove if not applicable)**: 20 | - Kubernetes version: 21 | - Cloud-provider/provisioner: 22 | - cert-manager version: 23 | - Install method: e.g. helm/static manifests 24 | 25 | 26 | /kind feature 27 | -------------------------------------------------------------------------------- /test/e2e/suite/issuers/venafi/import.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package venafi 18 | 19 | import ( 20 | _ "github.com/cert-manager/cert-manager/e2e-tests/suite/issuers/venafi/cloud" 21 | _ "github.com/cert-manager/cert-manager/e2e-tests/suite/issuers/venafi/tpp" 22 | ) 23 | -------------------------------------------------------------------------------- /make/config/samplewebhook/Containerfile.samplewebhook: -------------------------------------------------------------------------------- 1 | # Copyright 2023 The cert-manager Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | ARG BASE_IMAGE 16 | 17 | FROM $BASE_IMAGE 18 | 19 | USER 1000 20 | 21 | COPY samplewebhook /app/samplewebhook 22 | 23 | ENTRYPOINT ["/app/samplewebhook"] 24 | 25 | # vim: syntax=dockerfile 26 | -------------------------------------------------------------------------------- /pkg/acme/webhook/apis/acme/v1alpha1/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // +k8s:deepcopy-gen=package,register 18 | // +k8s:defaulter-gen=TypeMeta 19 | 20 | // Package v1alpha1 is the v1alpha1 version of the API. 21 | // +groupName=webhook.acme.cert-manager.io 22 | package v1alpha1 23 | -------------------------------------------------------------------------------- /deploy/charts/cert-manager/templates/networkpolicy-webhooks.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.webhook.networkPolicy.enabled }} 2 | 3 | apiVersion: networking.k8s.io/v1 4 | kind: NetworkPolicy 5 | metadata: 6 | name: {{ template "webhook.fullname" . }}-allow-ingress 7 | namespace: {{ include "cert-manager.namespace" . }} 8 | spec: 9 | ingress: 10 | {{- with .Values.webhook.networkPolicy.ingress }} 11 | {{- toYaml . | nindent 2 }} 12 | {{- end }} 13 | podSelector: 14 | matchLabels: 15 | app: {{ include "webhook.name" . }} 16 | app.kubernetes.io/name: {{ include "webhook.name" . }} 17 | app.kubernetes.io/instance: {{ .Release.Name }} 18 | app.kubernetes.io/component: "webhook" 19 | {{- with .Values.webhook.podLabels }} 20 | {{- toYaml . | nindent 6 }} 21 | {{- end }} 22 | policyTypes: 23 | - Ingress 24 | 25 | {{- end }} 26 | -------------------------------------------------------------------------------- /pkg/acme/webhook/apis/acme/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // +groupName=webhook.acme.cert-manager.io 18 | 19 | // Package acme contains type definitions for ACME ChallengePayload resources 20 | package acme 21 | 22 | const ( 23 | GroupName = "webhook.acme.cert-manager.io" 24 | ) 25 | -------------------------------------------------------------------------------- /test/e2e/suite/issuers/acme/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package acme 18 | 19 | import ( 20 | _ "github.com/cert-manager/cert-manager/e2e-tests/suite/issuers/acme/certificate" 21 | _ "github.com/cert-manager/cert-manager/e2e-tests/suite/issuers/acme/certificaterequest" 22 | ) 23 | -------------------------------------------------------------------------------- /test/acme/server/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Package server implements an extremely basic DNS server that only responds 18 | // to a very limited subset of DNS requests. 19 | // It is suitable for use during testing RFC2136 updates and TXT record lookup. 20 | 21 | package server 22 | -------------------------------------------------------------------------------- /test/e2e/suite/issuers/vault/import.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package vault 18 | 19 | import ( 20 | _ "github.com/cert-manager/cert-manager/e2e-tests/suite/issuers/vault/certificate" 21 | _ "github.com/cert-manager/cert-manager/e2e-tests/suite/issuers/vault/certificaterequest" 22 | ) 23 | -------------------------------------------------------------------------------- /pkg/apis/experimental/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // +groupName=experimental.cert-manager.io 18 | // +groupGoName=Experimental 19 | 20 | // Package experimental contains the group containing experimental APIs. 21 | package experimental 22 | 23 | const GroupName = "experimental.cert-manager.io" 24 | -------------------------------------------------------------------------------- /test/integration/ctl/testdata/convert/input/resource2.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # my comment 3 | apiVersion: cert-manager.io/v1alpha2 4 | kind: Certificate 5 | metadata: 6 | name: ca-issuer 7 | namespace: sandbox 8 | spec: 9 | isCA: true 10 | secretName: ca-key-pair 11 | commonName: my-csi-app 12 | issuerRef: 13 | name: selfsigned-issuer 14 | kind: Issuer 15 | group: cert-manager.io 16 | --- 17 | apiVersion: cert-manager.io/v1alpha2 18 | kind: Issuer 19 | metadata: 20 | name: ca-issuer 21 | namespace: sandbox 22 | spec: 23 | ca: 24 | secretName: ca-key-pair 25 | --- 26 | apiVersion: cert-manager.io/v1alpha2 27 | kind: Certificate 28 | metadata: 29 | name: ca-issuer-2 30 | namespace: sandbox 31 | spec: 32 | isCA: true 33 | secretName: ca-key-pair 34 | commonName: my-csi-app 35 | issuerRef: 36 | name: ca-issuer 37 | kind: Issuer 38 | group: cert-manager.io 39 | --- 40 | -------------------------------------------------------------------------------- /tools/setup-integration-test-dependencies.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2022 The cert-manager Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -o errexit 18 | set -o nounset 19 | set -o pipefail 20 | 21 | # This script is maintained for preserving muscle memory. Prefer using make directly. 22 | 23 | make setup-integration-tests 24 | -------------------------------------------------------------------------------- /test/e2e/suite/certificaterequests/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package certificaterequests 18 | 19 | import ( 20 | _ "github.com/cert-manager/cert-manager/e2e-tests/suite/certificaterequests/approval" 21 | _ "github.com/cert-manager/cert-manager/e2e-tests/suite/certificaterequests/selfsigned" 22 | ) 23 | -------------------------------------------------------------------------------- /deploy/charts/cert-manager/templates/cainjector-psp-clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.cainjector.enabled }} 2 | {{- if .Values.global.podSecurityPolicy.enabled }} 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: ClusterRoleBinding 5 | metadata: 6 | name: {{ template "cainjector.fullname" . }}-psp 7 | labels: 8 | app: {{ include "cainjector.name" . }} 9 | app.kubernetes.io/name: {{ include "cainjector.name" . }} 10 | app.kubernetes.io/instance: {{ .Release.Name }} 11 | app.kubernetes.io/component: "cainjector" 12 | {{- include "labels" . | nindent 4 }} 13 | roleRef: 14 | apiGroup: rbac.authorization.k8s.io 15 | kind: ClusterRole 16 | name: {{ template "cainjector.fullname" . }}-psp 17 | subjects: 18 | - kind: ServiceAccount 19 | name: {{ template "cainjector.serviceAccountName" . }} 20 | namespace: {{ include "cert-manager.namespace" . }} 21 | {{- end }} 22 | {{- end }} 23 | -------------------------------------------------------------------------------- /pkg/controller/test/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Package test contains testing utilities used for constructing fake Contexts 18 | // which can be used during tests. 19 | // 20 | // It should be used for all unit tests that require a set of fake clientsets etc 21 | // in order to provide test consistency. 22 | package test 23 | -------------------------------------------------------------------------------- /deploy/charts/cert-manager/templates/startupapicheck-psp-clusterrole.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.startupapicheck.enabled }} 2 | {{- if .Values.global.podSecurityPolicy.enabled }} 3 | kind: ClusterRole 4 | apiVersion: rbac.authorization.k8s.io/v1 5 | metadata: 6 | name: {{ template "startupapicheck.fullname" . }}-psp 7 | labels: 8 | app: {{ include "startupapicheck.name" . }} 9 | app.kubernetes.io/name: {{ include "startupapicheck.name" . }} 10 | app.kubernetes.io/instance: {{ .Release.Name }} 11 | app.kubernetes.io/component: "startupapicheck" 12 | {{- include "labels" . | nindent 4 }} 13 | {{- with .Values.startupapicheck.rbac.annotations }} 14 | annotations: 15 | {{- toYaml . | nindent 4 }} 16 | {{- end }} 17 | rules: 18 | - apiGroups: ['policy'] 19 | resources: ['podsecuritypolicies'] 20 | verbs: ['use'] 21 | resourceNames: 22 | - {{ template "startupapicheck.fullname" . }} 23 | {{- end }} 24 | {{- end }} 25 | -------------------------------------------------------------------------------- /deploy/charts/cert-manager/templates/webhook-config.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.webhook.config -}} 2 | {{- if not .Values.webhook.config.apiVersion -}} 3 | {{- fail "webhook.config.apiVersion must be set" -}} 4 | {{- end -}} 5 | 6 | {{- if not .Values.webhook.config.kind -}} 7 | {{- fail "webhook.config.kind must be set" -}} 8 | {{- end -}} 9 | {{- end -}} 10 | apiVersion: v1 11 | kind: ConfigMap 12 | metadata: 13 | name: {{ include "webhook.fullname" . }} 14 | namespace: {{ include "cert-manager.namespace" . }} 15 | labels: 16 | app: {{ include "webhook.name" . }} 17 | app.kubernetes.io/name: {{ include "webhook.name" . }} 18 | app.kubernetes.io/instance: {{ .Release.Name }} 19 | app.kubernetes.io/component: "webhook" 20 | {{- include "labels" . | nindent 4 }} 21 | data: 22 | {{- if .Values.webhook.config }} 23 | config.yaml: | 24 | {{ .Values.webhook.config | toYaml | nindent 4 }} 25 | {{- end }} 26 | -------------------------------------------------------------------------------- /make/config/kyverno/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # This Kustomization is used to adapt the upstream Pod security policy for use 2 | # specifically in the cert-manager namespace. 3 | # * Changes ClusterPolicy resources to namespaced Policy. 4 | # * Changes the failure action of the restrict_automount_sa_token policy from Audit to Enforce. 5 | # 6 | # Use as follows: 7 | # kustomize build . > policy.yaml 8 | bases: 9 | - https://github.com/kyverno/policies/pod-security/enforce 10 | - https://raw.githubusercontent.com/kyverno/policies/main/other/restrict_automount_sa_token/restrict_automount_sa_token.yaml 11 | patches: 12 | - patch: |- 13 | - op: replace 14 | path: /kind 15 | value: Policy 16 | - op: add 17 | path: /metadata/namespace 18 | value: cert-manager 19 | - op: replace 20 | path: /spec/validationFailureAction 21 | value: enforce 22 | target: 23 | kind: ClusterPolicy 24 | -------------------------------------------------------------------------------- /pkg/webhook/handlers/testdata/apis/testgroup/v1/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // +k8s:conversion-gen=github.com/cert-manager/cert-manager/pkg/webhook/handlers/testdata/apis/testgroup 18 | // +k8s:deepcopy-gen=package,register 19 | // +k8s:defaulter-gen=TypeMeta 20 | 21 | // +groupName=testgroup.testing.cert-manager.io 22 | package v1 23 | -------------------------------------------------------------------------------- /pkg/webhook/handlers/testdata/apis/testgroup/v2/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // +k8s:conversion-gen=github.com/cert-manager/cert-manager/pkg/webhook/handlers/testdata/apis/testgroup 18 | // +k8s:deepcopy-gen=package,register 19 | // +k8s:defaulter-gen=TypeMeta 20 | 21 | // +groupName=testgroup.testing.cert-manager.io 22 | package v2 23 | -------------------------------------------------------------------------------- /test/e2e/suite/issuers/venafi/tpp/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Package tpp implements tests for the Venafi TPP issuer 18 | package tpp 19 | 20 | import ( 21 | "github.com/cert-manager/cert-manager/test/framework" 22 | ) 23 | 24 | func TPPDescribe(name string, body func()) bool { 25 | return framework.CertManagerDescribe(name, body) 26 | } 27 | -------------------------------------------------------------------------------- /internal/apis/meta/fuzzer/fuzzer.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package fuzzer 18 | 19 | import ( 20 | runtimeserializer "k8s.io/apimachinery/pkg/runtime/serializer" 21 | ) 22 | 23 | // Funcs returns the fuzzer functions for the apps api group. 24 | var Funcs = func(codecs runtimeserializer.CodecFactory) []interface{} { 25 | return []interface{}{} 26 | } 27 | -------------------------------------------------------------------------------- /test/fixtures/cert-manager-values.yaml: -------------------------------------------------------------------------------- 1 | replicaCount: 1 2 | 3 | global: 4 | logLevel: "4" 5 | podSecurityPolicy: 6 | enabled: true 7 | 8 | image: 9 | tag: build 10 | pullPolicy: Never 11 | 12 | resources: 13 | requests: 14 | cpu: 500m 15 | memory: 200Mi 16 | limits: 17 | cpu: 1 18 | memory: 200Mi 19 | 20 | extraArgs: 21 | - --leader-election-lease-duration=10s 22 | - --leader-election-renew-deadline=3s 23 | - --leader-election-retry-period=2s 24 | 25 | webhook: 26 | enabled: true 27 | image: 28 | tag: build 29 | pullPolicy: Never 30 | resources: 31 | requests: 32 | cpu: 100m 33 | memory: 40Mi 34 | limits: 35 | cpu: 200m 36 | memory: 256Mi 37 | 38 | cainjector: 39 | enabled: true 40 | image: 41 | tag: build 42 | pullPolicy: Never 43 | resources: 44 | requests: 45 | cpu: 100m 46 | memory: 40Mi 47 | limits: 48 | cpu: 200m 49 | memory: 256Mi 50 | -------------------------------------------------------------------------------- /pkg/client/clientset/versioned/typed/certmanager/v1/generated_expansion.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | package v1 20 | 21 | type CertificateExpansion interface{} 22 | 23 | type CertificateRequestExpansion interface{} 24 | 25 | type ClusterIssuerExpansion interface{} 26 | 27 | type IssuerExpansion interface{} 28 | -------------------------------------------------------------------------------- /test/e2e/suite/conformance/rbac/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package rbac 18 | 19 | import ( 20 | "github.com/cert-manager/cert-manager/test/framework" 21 | ) 22 | 23 | // RBACDescribe wraps ConformanceDescribe with namespacing for RBAC tests 24 | func RBACDescribe(text string, body func()) bool { 25 | return framework.ConformanceDescribe("[RBAC] "+text, body) 26 | } 27 | -------------------------------------------------------------------------------- /internal/apis/acme/v1alpha2/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // +k8s:conversion-gen=github.com/cert-manager/cert-manager/internal/apis/acme 18 | // +k8s:conversion-gen-external-types=github.com/cert-manager/cert-manager/internal/apis/acme/v1alpha2 19 | // +k8s:defaulter-gen=TypeMeta 20 | // +k8s:deepcopy-gen=package,register 21 | 22 | // +groupName=acme.cert-manager.io 23 | package v1alpha2 24 | -------------------------------------------------------------------------------- /internal/apis/acme/v1alpha3/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // +k8s:conversion-gen=github.com/cert-manager/cert-manager/internal/apis/acme 18 | // +k8s:conversion-gen-external-types=github.com/cert-manager/cert-manager/internal/apis/acme/v1alpha3 19 | // +k8s:defaulter-gen=TypeMeta 20 | // +k8s:deepcopy-gen=package,register 21 | 22 | // +groupName=acme.cert-manager.io 23 | package v1alpha3 24 | -------------------------------------------------------------------------------- /internal/apis/acme/v1beta1/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // +k8s:conversion-gen=github.com/cert-manager/cert-manager/internal/apis/acme 18 | // +k8s:conversion-gen-external-types=github.com/cert-manager/cert-manager/internal/apis/acme/v1beta1 19 | // +k8s:defaulter-gen=TypeMeta 20 | // +k8s:deepcopy-gen=package,register 21 | 22 | // +groupName=acme.cert-manager.io 23 | package v1beta1 24 | -------------------------------------------------------------------------------- /internal/cmd/util/exit.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package util 18 | 19 | import ( 20 | "context" 21 | "errors" 22 | ) 23 | 24 | // SetExitCode sets the exit code to 1 if the error is not a context.Canceled error. 25 | func SetExitCode(err error) { 26 | if (err != nil) && !errors.Is(err, context.Canceled) { 27 | errorExitCodeChannel <- 1 // Indicate that there was an error 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /internal/apis/acme/install/roundtrip_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package install 18 | 19 | import ( 20 | "testing" 21 | 22 | "k8s.io/apimachinery/pkg/api/apitesting/roundtrip" 23 | 24 | acmefuzzer "github.com/cert-manager/cert-manager/internal/apis/acme/fuzzer" 25 | ) 26 | 27 | func TestRoundTripTypes(t *testing.T) { 28 | roundtrip.RoundTripTestForAPIGroup(t, Install, acmefuzzer.Funcs) 29 | } 30 | -------------------------------------------------------------------------------- /internal/apis/certmanager/v1alpha2/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // +k8s:conversion-gen=github.com/cert-manager/cert-manager/internal/apis/certmanager 18 | // +k8s:conversion-gen-external-types=github.com/cert-manager/cert-manager/internal/apis/certmanager/v1alpha2 19 | // +k8s:defaulter-gen=TypeMeta 20 | // +k8s:deepcopy-gen=package,register 21 | 22 | // +groupName=cert-manager.io 23 | package v1alpha2 24 | -------------------------------------------------------------------------------- /internal/apis/certmanager/v1alpha3/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // +k8s:conversion-gen=github.com/cert-manager/cert-manager/internal/apis/certmanager 18 | // +k8s:conversion-gen-external-types=github.com/cert-manager/cert-manager/internal/apis/certmanager/v1alpha3 19 | // +k8s:defaulter-gen=TypeMeta 20 | // +k8s:deepcopy-gen=package,register 21 | 22 | // +groupName=cert-manager.io 23 | package v1alpha3 24 | -------------------------------------------------------------------------------- /internal/apis/certmanager/v1beta1/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // +k8s:conversion-gen=github.com/cert-manager/cert-manager/internal/apis/certmanager 18 | // +k8s:conversion-gen-external-types=github.com/cert-manager/cert-manager/internal/apis/certmanager/v1beta1 19 | // +k8s:defaulter-gen=TypeMeta 20 | // +k8s:deepcopy-gen=package,register 21 | 22 | // +groupName=cert-manager.io 23 | package v1beta1 24 | -------------------------------------------------------------------------------- /internal/apis/meta/install/roundtrip_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package install 18 | 19 | import ( 20 | "testing" 21 | 22 | "k8s.io/apimachinery/pkg/api/apitesting/roundtrip" 23 | 24 | metafuzzer "github.com/cert-manager/cert-manager/internal/apis/meta/fuzzer" 25 | ) 26 | 27 | func TestRoundTripTypes(t *testing.T) { 28 | roundtrip.RoundTripTestForAPIGroup(t, Install, metafuzzer.Funcs) 29 | } 30 | -------------------------------------------------------------------------------- /pkg/metrics/venafi.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2022 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package metrics 18 | 19 | import ( 20 | "time" 21 | ) 22 | 23 | // ObserveVenafiRequestDuration increases bucket counters for that Venafi client duration. 24 | func (m *Metrics) ObserveVenafiRequestDuration(duration time.Duration, labels ...string) { 25 | m.venafiClientRequestDurationSeconds.WithLabelValues(labels...).Observe(duration.Seconds()) 26 | } 27 | -------------------------------------------------------------------------------- /test/integration/ctl/testdata/convert/input/resources_as_list_v1alpha2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: List 3 | items: 4 | - apiVersion: cert-manager.io/v1alpha2 5 | kind: Certificate 6 | metadata: 7 | name: list-test-1 8 | namespace: default 9 | spec: 10 | dnsNames: 11 | - example.cert-manager.1 12 | duration: 24h 13 | issuerRef: 14 | name: cert-manager-test-1 15 | secretName: cert-manager-test-1 16 | - apiVersion: cert-manager.io/v1alpha2 17 | kind: Certificate 18 | metadata: 19 | name: list-test-1 20 | namespace: default 21 | spec: 22 | dnsNames: 23 | - example.cert-manager.2 24 | duration: 24h 25 | issuerRef: 26 | name: cert-manager-test-2 27 | secretName: cert-manager-test-2 28 | - apiVersion: cert-manager.io/v1alpha2 29 | kind: Issuer 30 | metadata: 31 | name: ca-issuer 32 | namespace: sandbox 33 | spec: 34 | ca: 35 | secretName: ca-key-pair 36 | -------------------------------------------------------------------------------- /deploy/charts/cert-manager/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | {{- with .Values.global.imagePullSecrets }} 5 | imagePullSecrets: 6 | {{- toYaml . | nindent 2 }} 7 | {{- end }} 8 | automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} 9 | metadata: 10 | name: {{ template "cert-manager.serviceAccountName" . }} 11 | namespace: {{ include "cert-manager.namespace" . }} 12 | {{- with .Values.serviceAccount.annotations }} 13 | annotations: 14 | {{- toYaml . | nindent 4 }} 15 | {{- end }} 16 | labels: 17 | app: {{ include "cert-manager.name" . }} 18 | app.kubernetes.io/name: {{ include "cert-manager.name" . }} 19 | app.kubernetes.io/instance: {{ .Release.Name }} 20 | app.kubernetes.io/component: "controller" 21 | {{- include "labels" . | nindent 4 }} 22 | {{- with .Values.serviceAccount.labels }} 23 | {{ toYaml . | nindent 4 }} 24 | {{- end }} 25 | {{- end }} 26 | -------------------------------------------------------------------------------- /deploy/crds/README.md: -------------------------------------------------------------------------------- 1 | # CRDs source directory 2 | 3 | > **WARNING**: if you are an end-user, you do NOT need to use the files in this 4 | > directory. These files are for **development purposes only**. 5 | 6 | This directory contains 'source code' used to build our CustomResourceDefinition 7 | resources in a way that can be consumed by all our different deployment methods. 8 | 9 | This package exposes a number of different Bazel targets: 10 | 11 | * `templates`: the Helm templates for the CRD manifests 12 | * `crds`: the templated CRD manifests (after running `helm template`) 13 | * `crd.templated`: for each CRD type, the one CRD after running `helm template` 14 | * `templated_files`: a filegroup containing all of the individual templated CRD files 15 | 16 | Most users should never utilise the files in this directory directly. Instead, Bazel 17 | build targets in other packages (i.e. `//deploy/manifests`, `//deploy/charts` etc) 18 | will be configured to automatically consume the appropriate artifact listed above. 19 | -------------------------------------------------------------------------------- /internal/apis/acme/v1/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // +k8s:conversion-gen=github.com/cert-manager/cert-manager/internal/apis/acme 18 | // +k8s:conversion-gen-external-types=github.com/cert-manager/cert-manager/pkg/apis/acme/v1 19 | // +k8s:defaulter-gen=TypeMeta 20 | // +k8s:defaulter-gen-input=github.com/cert-manager/cert-manager/pkg/apis/acme/v1 21 | 22 | // +groupName=acme.cert-manager.io 23 | package v1 24 | -------------------------------------------------------------------------------- /internal/apis/meta/v1/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // +k8s:conversion-gen=github.com/cert-manager/cert-manager/internal/apis/meta 18 | // +k8s:conversion-gen-external-types=github.com/cert-manager/cert-manager/pkg/apis/meta/v1 19 | // +k8s:defaulter-gen=TypeMeta 20 | // +k8s:defaulter-gen-input=github.com/cert-manager/cert-manager/pkg/apis/meta/v1 21 | 22 | // +groupName=meta.cert-manager.io 23 | package v1 24 | -------------------------------------------------------------------------------- /internal/apis/certmanager/install/roundtrip_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package install 18 | 19 | import ( 20 | "testing" 21 | 22 | "k8s.io/apimachinery/pkg/api/apitesting/roundtrip" 23 | 24 | cmfuzzer "github.com/cert-manager/cert-manager/internal/apis/certmanager/fuzzer" 25 | ) 26 | 27 | func TestRoundTripTypes(t *testing.T) { 28 | roundtrip.RoundTripTestForAPIGroup(t, Install, cmfuzzer.Funcs) 29 | } 30 | -------------------------------------------------------------------------------- /hack/util/checkhash.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2021 The cert-manager Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -eu -o pipefail 18 | 19 | # This script takes the hash of its first argument and verifies it against the 20 | # hex hash given in its second argument 21 | 22 | SHASUM=$(./hack/util/hash.sh "$1") 23 | 24 | if [ $SHASUM != "$2" ]; then 25 | echo "invalid checksum for \"$1\": wanted \"$2\" but got \"$SHASUM\"" 26 | exit 1 27 | fi 28 | -------------------------------------------------------------------------------- /deploy/charts/cert-manager/templates/poddisruptionbudget.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.podDisruptionBudget.enabled }} 2 | apiVersion: policy/v1 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: {{ include "cert-manager.fullname" . }} 6 | namespace: {{ include "cert-manager.namespace" . }} 7 | labels: 8 | app: {{ include "cert-manager.name" . }} 9 | app.kubernetes.io/name: {{ include "cert-manager.name" . }} 10 | app.kubernetes.io/instance: {{ .Release.Name }} 11 | app.kubernetes.io/component: "controller" 12 | {{- include "labels" . | nindent 4 }} 13 | spec: 14 | selector: 15 | matchLabels: 16 | app.kubernetes.io/name: {{ include "cert-manager.name" . }} 17 | app.kubernetes.io/instance: {{ .Release.Name }} 18 | app.kubernetes.io/component: "controller" 19 | 20 | {{- with .Values.podDisruptionBudget.minAvailable }} 21 | minAvailable: {{ . }} 22 | {{- end }} 23 | {{- with .Values.podDisruptionBudget.maxUnavailable }} 24 | maxUnavailable: {{ . }} 25 | {{- end }} 26 | {{- end }} 27 | -------------------------------------------------------------------------------- /pkg/util/errors/errors.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package errors 18 | 19 | import "fmt" 20 | 21 | type invalidDataError struct{ error } 22 | 23 | func NewInvalidData(str string, obj ...interface{}) error { 24 | return &invalidDataError{error: fmt.Errorf(str, obj...)} 25 | } 26 | 27 | func IsInvalidData(err error) bool { 28 | if _, ok := err.(*invalidDataError); !ok { 29 | return false 30 | } 31 | return true 32 | } 33 | -------------------------------------------------------------------------------- /deploy/charts/cert-manager/templates/webhook-poddisruptionbudget.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.webhook.podDisruptionBudget.enabled }} 2 | apiVersion: policy/v1 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: {{ include "webhook.fullname" . }} 6 | namespace: {{ include "cert-manager.namespace" . }} 7 | labels: 8 | app: {{ include "webhook.name" . }} 9 | app.kubernetes.io/name: {{ include "webhook.name" . }} 10 | app.kubernetes.io/instance: {{ .Release.Name }} 11 | app.kubernetes.io/component: "webhook" 12 | {{- include "labels" . | nindent 4 }} 13 | spec: 14 | selector: 15 | matchLabels: 16 | app.kubernetes.io/name: {{ include "webhook.name" . }} 17 | app.kubernetes.io/instance: {{ .Release.Name }} 18 | app.kubernetes.io/component: "webhook" 19 | 20 | {{- with .Values.webhook.podDisruptionBudget.minAvailable }} 21 | minAvailable: {{ . }} 22 | {{- end }} 23 | {{- with .Values.webhook.podDisruptionBudget.maxUnavailable }} 24 | maxUnavailable: {{ . }} 25 | {{- end }} 26 | {{- end }} 27 | -------------------------------------------------------------------------------- /deploy/charts/cert-manager/templates/webhook-serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.webhook.serviceAccount.create }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | automountServiceAccountToken: {{ .Values.webhook.serviceAccount.automountServiceAccountToken }} 5 | metadata: 6 | name: {{ template "webhook.serviceAccountName" . }} 7 | namespace: {{ include "cert-manager.namespace" . }} 8 | {{- with .Values.webhook.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | labels: 13 | app: {{ include "webhook.name" . }} 14 | app.kubernetes.io/name: {{ include "webhook.name" . }} 15 | app.kubernetes.io/instance: {{ .Release.Name }} 16 | app.kubernetes.io/component: "webhook" 17 | {{- include "labels" . | nindent 4 }} 18 | {{- with .Values.webhook.serviceAccount.labels }} 19 | {{ toYaml . | nindent 4 }} 20 | {{- end }} 21 | {{- with .Values.global.imagePullSecrets }} 22 | imagePullSecrets: 23 | {{- toYaml . | nindent 2 }} 24 | {{- end }} 25 | {{- end }} 26 | -------------------------------------------------------------------------------- /internal/apis/config/webhook/install/roundtrip_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package install 18 | 19 | import ( 20 | "testing" 21 | 22 | "k8s.io/apimachinery/pkg/api/apitesting/roundtrip" 23 | 24 | configfuzzer "github.com/cert-manager/cert-manager/internal/apis/config/webhook/fuzzer" 25 | ) 26 | 27 | func TestRoundTripTypes(t *testing.T) { 28 | roundtrip.RoundTripTestForAPIGroup(t, Install, configfuzzer.Funcs) 29 | } 30 | -------------------------------------------------------------------------------- /hack/verify-crds.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2022 The cert-manager Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -o nounset 18 | set -o errexit 19 | set -o pipefail 20 | 21 | # This file is kept as backwards-compatibility for people with muscle memory who 22 | # type "./hack/verify-crds.sh" and expect it to work, or for third party CI pipelines. 23 | 24 | # This script may be removed in the future. Prefer using `make` directly. 25 | 26 | make verify-crds 27 | -------------------------------------------------------------------------------- /internal/apis/certmanager/v1/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // +k8s:conversion-gen=github.com/cert-manager/cert-manager/internal/apis/certmanager 18 | // +k8s:conversion-gen-external-types=github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1 19 | // +k8s:defaulter-gen=TypeMeta 20 | // +k8s:defaulter-gen-input=github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1 21 | 22 | // +groupName=cert-manager.io 23 | package v1 24 | -------------------------------------------------------------------------------- /hack/verify-codegen.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2022 The cert-manager Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -o nounset 18 | set -o errexit 19 | set -o pipefail 20 | 21 | # This file is kept as backwards-compatibility for people with muscle memory who 22 | # type "./hack/verify-codegen.sh" and expect it to work, or for third party CI pipelines. 23 | 24 | # This script may be removed in the future. Prefer using `make` directly. 25 | 26 | make verify-codegen 27 | -------------------------------------------------------------------------------- /hack/verify-gofmt.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2022 The cert-manager Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -o errexit 18 | set -o nounset 19 | set -o pipefail 20 | 21 | # This file is kept as backwards-compatibility for people with muscle memory who 22 | # type "./hack/verify-gofmt.sh" and expect it to work, or for third party CI pipelines. 23 | 24 | # This script may be removed in the future. Prefer using `make` directly. 25 | 26 | make verify-imports 27 | -------------------------------------------------------------------------------- /hack/containers/Containerfile.ctl: -------------------------------------------------------------------------------- 1 | # Copyright 2023 The cert-manager Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | ARG BASE_IMAGE 16 | 17 | FROM $BASE_IMAGE 18 | 19 | LABEL org.opencontainers.image.source="https://github.com/cert-manager/cert-manager" 20 | 21 | USER 1000 22 | 23 | COPY ctl /app/cmd/ctl/ctl 24 | COPY cert-manager.license /licenses/LICENSE 25 | COPY cert-manager.licenses_notice /licenses/LICENSES 26 | 27 | ENTRYPOINT ["/app/cmd/ctl/ctl"] 28 | 29 | # vim: syntax=dockerfile 30 | -------------------------------------------------------------------------------- /hack/update-crds.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2022 The cert-manager Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -o errexit 18 | set -o nounset 19 | set -o pipefail 20 | 21 | # This file is kept as backwards-compatibility for people with muscle memory who 22 | # type "./hack/update-crds.sh" and expect it to work, or for third party CI pipelines. 23 | 24 | # This script may be removed in the future. Prefer using `make update-crds` directly. 25 | 26 | make update-crds 27 | -------------------------------------------------------------------------------- /pkg/issuer/venafi/client/api/customfield.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package api 18 | 19 | type CustomFieldType string 20 | 21 | const ( 22 | CustomFieldTypePlain CustomFieldType = "Plain" 23 | ) 24 | 25 | // CustomField defines a custom field to be passed to Venafi 26 | type CustomField struct { 27 | Type CustomFieldType `json:"type,omitempty"` 28 | Name string `json:"name"` 29 | Value string `json:"value"` 30 | } 31 | -------------------------------------------------------------------------------- /pkg/webhook/handlers/testdata/apis/testgroup/install/roundtrip_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package install 18 | 19 | import ( 20 | "testing" 21 | 22 | "k8s.io/apimachinery/pkg/api/apitesting/roundtrip" 23 | 24 | "github.com/cert-manager/cert-manager/pkg/webhook/handlers/testdata/apis/testgroup/fuzzer" 25 | ) 26 | 27 | func TestRoundTripTypes(t *testing.T) { 28 | roundtrip.RoundTripTestForAPIGroup(t, Install, fuzzer.Funcs) 29 | } 30 | -------------------------------------------------------------------------------- /hack/update-codegen.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2022 The cert-manager Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -o errexit 18 | set -o nounset 19 | set -o pipefail 20 | 21 | # This file is kept as backwards-compatibility for people with muscle memory who 22 | # type "./hack/update-codegen.sh" and expect it to work, or for third party CI pipelines. 23 | 24 | # This script may be removed in the future. Prefer using `make update-codegen` directly. 25 | 26 | make update-codegen 27 | -------------------------------------------------------------------------------- /deploy/charts/cert-manager/templates/cainjector-poddisruptionbudget.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.cainjector.podDisruptionBudget.enabled }} 2 | apiVersion: policy/v1 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: {{ include "cainjector.fullname" . }} 6 | namespace: {{ include "cert-manager.namespace" . }} 7 | labels: 8 | app: {{ include "cainjector.name" . }} 9 | app.kubernetes.io/name: {{ include "cainjector.name" . }} 10 | app.kubernetes.io/instance: {{ .Release.Name }} 11 | app.kubernetes.io/component: "cainjector" 12 | {{- include "labels" . | nindent 4 }} 13 | spec: 14 | selector: 15 | matchLabels: 16 | app.kubernetes.io/name: {{ include "cainjector.name" . }} 17 | app.kubernetes.io/instance: {{ .Release.Name }} 18 | app.kubernetes.io/component: "cainjector" 19 | 20 | {{- with .Values.cainjector.podDisruptionBudget.minAvailable }} 21 | minAvailable: {{ . }} 22 | {{- end }} 23 | {{- with .Values.cainjector.podDisruptionBudget.maxUnavailable }} 24 | maxUnavailable: {{ . }} 25 | {{- end }} 26 | {{- end }} 27 | -------------------------------------------------------------------------------- /test/framework/config/ginkgo.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package config 18 | 19 | import ( 20 | "flag" 21 | ) 22 | 23 | type Ginkgo struct { 24 | ReportDirectory string 25 | } 26 | 27 | func (g *Ginkgo) AddFlags(fs *flag.FlagSet) { 28 | fs.StringVar(&g.ReportDirectory, "report-dir", "", "Optional directory to store junit output in. If not specified, no junit file will be output") 29 | } 30 | 31 | func (c *Ginkgo) Validate() []error { 32 | return nil 33 | } 34 | -------------------------------------------------------------------------------- /hack/containers/Containerfile.webhook: -------------------------------------------------------------------------------- 1 | # Copyright 2023 The cert-manager Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | ARG BASE_IMAGE 16 | 17 | FROM $BASE_IMAGE 18 | 19 | LABEL org.opencontainers.image.source="https://github.com/cert-manager/cert-manager" 20 | 21 | USER 1000 22 | 23 | COPY webhook /app/cmd/webhook/webhook 24 | COPY cert-manager.license /licenses/LICENSE 25 | COPY cert-manager.licenses_notice /licenses/LICENSES 26 | 27 | ENTRYPOINT ["/app/cmd/webhook/webhook"] 28 | 29 | # vim: syntax=dockerfile 30 | -------------------------------------------------------------------------------- /test/e2e/suite/issuers/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package suite 18 | 19 | import ( 20 | _ "github.com/cert-manager/cert-manager/e2e-tests/suite/issuers/acme" 21 | _ "github.com/cert-manager/cert-manager/e2e-tests/suite/issuers/ca" 22 | _ "github.com/cert-manager/cert-manager/e2e-tests/suite/issuers/selfsigned" 23 | _ "github.com/cert-manager/cert-manager/e2e-tests/suite/issuers/vault" 24 | _ "github.com/cert-manager/cert-manager/e2e-tests/suite/issuers/venafi" 25 | ) 26 | -------------------------------------------------------------------------------- /deploy/charts/cert-manager/templates/startupapicheck-psp-clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.startupapicheck.enabled }} 2 | {{- if .Values.global.podSecurityPolicy.enabled }} 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: ClusterRoleBinding 5 | metadata: 6 | name: {{ template "startupapicheck.fullname" . }}-psp 7 | labels: 8 | app: {{ include "startupapicheck.name" . }} 9 | app.kubernetes.io/name: {{ include "startupapicheck.name" . }} 10 | app.kubernetes.io/instance: {{ .Release.Name }} 11 | app.kubernetes.io/component: "startupapicheck" 12 | {{- include "labels" . | nindent 4 }} 13 | {{- with .Values.startupapicheck.rbac.annotations }} 14 | annotations: 15 | {{- toYaml . | nindent 4 }} 16 | {{- end }} 17 | roleRef: 18 | apiGroup: rbac.authorization.k8s.io 19 | kind: ClusterRole 20 | name: {{ template "startupapicheck.fullname" . }}-psp 21 | subjects: 22 | - kind: ServiceAccount 23 | name: {{ template "startupapicheck.serviceAccountName" . }} 24 | namespace: {{ include "cert-manager.namespace" . }} 25 | {{- end }} 26 | {{- end }} 27 | -------------------------------------------------------------------------------- /internal/apis/config/webhook/v1alpha1/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // +k8s:conversion-gen=github.com/cert-manager/cert-manager/internal/apis/config/webhook 18 | // +k8s:conversion-gen-external-types=github.com/cert-manager/cert-manager/pkg/apis/config/webhook/v1alpha1 19 | // +k8s:defaulter-gen=TypeMeta 20 | // +k8s:defaulter-gen-input=github.com/cert-manager/cert-manager/pkg/apis/config/webhook/v1alpha1 21 | 22 | // +groupName=webhook.config.cert-manager.io 23 | package v1alpha1 24 | -------------------------------------------------------------------------------- /hack/containers/Containerfile.acmesolver: -------------------------------------------------------------------------------- 1 | # Copyright 2023 The cert-manager Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | ARG BASE_IMAGE 16 | 17 | FROM $BASE_IMAGE 18 | 19 | LABEL org.opencontainers.image.source="https://github.com/cert-manager/cert-manager" 20 | 21 | USER 1000 22 | 23 | COPY acmesolver /app/cmd/acmesolver/acmesolver 24 | COPY cert-manager.license /licenses/LICENSE 25 | COPY cert-manager.licenses_notice /licenses/LICENSES 26 | 27 | ENTRYPOINT ["/app/cmd/acmesolver/acmesolver"] 28 | 29 | # vim: syntax=dockerfile 30 | -------------------------------------------------------------------------------- /hack/containers/Containerfile.cainjector: -------------------------------------------------------------------------------- 1 | # Copyright 2023 The cert-manager Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | ARG BASE_IMAGE 16 | 17 | FROM $BASE_IMAGE 18 | 19 | LABEL org.opencontainers.image.source="https://github.com/cert-manager/cert-manager" 20 | 21 | USER 1000 22 | 23 | COPY cainjector /app/cmd/cainjector/cainjector 24 | COPY cert-manager.license /licenses/LICENSE 25 | COPY cert-manager.licenses_notice /licenses/LICENSES 26 | 27 | ENTRYPOINT ["/app/cmd/cainjector/cainjector"] 28 | 29 | # vim: syntax=dockerfile 30 | -------------------------------------------------------------------------------- /hack/containers/Containerfile.controller: -------------------------------------------------------------------------------- 1 | # Copyright 2023 The cert-manager Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | ARG BASE_IMAGE 16 | 17 | FROM $BASE_IMAGE 18 | 19 | LABEL org.opencontainers.image.source="https://github.com/cert-manager/cert-manager" 20 | 21 | USER 1000 22 | 23 | COPY controller /app/cmd/controller/controller 24 | COPY cert-manager.license /licenses/LICENSE 25 | COPY cert-manager.licenses_notice /licenses/LICENSES 26 | 27 | ENTRYPOINT ["/app/cmd/controller/controller"] 28 | 29 | # vim: syntax=dockerfile 30 | -------------------------------------------------------------------------------- /test/integration/ctl/testdata/convert/output/resources_as_list_v1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | items: 3 | - apiVersion: cert-manager.io/v1 4 | kind: Certificate 5 | metadata: 6 | creationTimestamp: null 7 | name: list-test-1 8 | namespace: default 9 | spec: 10 | dnsNames: 11 | - example.cert-manager.1 12 | duration: 24h0m0s 13 | issuerRef: 14 | name: cert-manager-test-1 15 | secretName: cert-manager-test-1 16 | status: {} 17 | - apiVersion: cert-manager.io/v1 18 | kind: Certificate 19 | metadata: 20 | creationTimestamp: null 21 | name: list-test-1 22 | namespace: default 23 | spec: 24 | dnsNames: 25 | - example.cert-manager.2 26 | duration: 24h0m0s 27 | issuerRef: 28 | name: cert-manager-test-2 29 | secretName: cert-manager-test-2 30 | status: {} 31 | - apiVersion: cert-manager.io/v1 32 | kind: Issuer 33 | metadata: 34 | creationTimestamp: null 35 | name: ca-issuer 36 | namespace: sandbox 37 | spec: 38 | ca: 39 | secretName: ca-key-pair 40 | status: {} 41 | kind: List 42 | metadata: {} 43 | -------------------------------------------------------------------------------- /internal/cmd/util/defaults.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package util 18 | 19 | import ( 20 | "time" 21 | ) 22 | 23 | const ( 24 | DefaultLeaderElect = true 25 | DefaultLeaderElectionNamespace = "kube-system" 26 | DefaultLeaderElectionLeaseDuration = 60 * time.Second 27 | DefaultLeaderElectionRenewDeadline = 40 * time.Second 28 | DefaultLeaderElectionRetryPeriod = 15 * time.Second 29 | 30 | DefaultEnableProfiling = false 31 | DefaultProfilerAddr = "localhost:6060" 32 | ) 33 | -------------------------------------------------------------------------------- /internal/apis/certmanager/validation/util/conditions.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package util 18 | 19 | import ( 20 | cmapi "github.com/cert-manager/cert-manager/internal/apis/certmanager" 21 | ) 22 | 23 | func GetCertificateRequestCondition(conds []cmapi.CertificateRequestCondition, conditionType cmapi.CertificateRequestConditionType) *cmapi.CertificateRequestCondition { 24 | for _, cond := range conds { 25 | if cond.Type == conditionType { 26 | return &cond 27 | } 28 | } 29 | return nil 30 | } 31 | -------------------------------------------------------------------------------- /test/framework/util/errors/errors.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Package errors contains shared error types that tests and addons can depend 18 | // upon to communicate information about why something has failed 19 | package errors 20 | 21 | type errSkipTest struct { 22 | error 23 | } 24 | 25 | func IsSkip(err error) bool { 26 | if _, ok := err.(errSkipTest); ok { 27 | return true 28 | } 29 | return false 30 | } 31 | 32 | func NewSkip(err error) error { 33 | return errSkipTest{error: err} 34 | } 35 | -------------------------------------------------------------------------------- /deploy/charts/cert-manager/templates/cainjector-serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.cainjector.enabled }} 2 | {{- if .Values.cainjector.serviceAccount.create }} 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | automountServiceAccountToken: {{ .Values.cainjector.serviceAccount.automountServiceAccountToken }} 6 | metadata: 7 | name: {{ template "cainjector.serviceAccountName" . }} 8 | namespace: {{ include "cert-manager.namespace" . }} 9 | {{- with .Values.cainjector.serviceAccount.annotations }} 10 | annotations: 11 | {{- toYaml . | nindent 4 }} 12 | {{- end }} 13 | labels: 14 | app: {{ include "cainjector.name" . }} 15 | app.kubernetes.io/name: {{ include "cainjector.name" . }} 16 | app.kubernetes.io/instance: {{ .Release.Name }} 17 | app.kubernetes.io/component: "cainjector" 18 | {{- include "labels" . | nindent 4 }} 19 | {{- with .Values.cainjector.serviceAccount.labels }} 20 | {{ toYaml . | nindent 4 }} 21 | {{- end }} 22 | {{- with .Values.global.imagePullSecrets }} 23 | imagePullSecrets: 24 | {{- toYaml . | nindent 2 }} 25 | {{- end }} 26 | {{- end }} 27 | {{- end }} 28 | -------------------------------------------------------------------------------- /test/fixtures/upgrade/overlay/webhook-ops.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 The cert-manager Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | #@ load("@ytt:overlay", "overlay") 16 | #@ load("@ytt:data", "data") 17 | 18 | #@overlay/match by=overlay.subset({"kind":"Deployment","metadata":{"name":"cert-manager-webhook"}}) 19 | --- 20 | spec: 21 | template: 22 | spec: 23 | containers: 24 | #@overlay/match by=overlay.subset({"name": "cert-manager-webhook"}) 25 | - image: #@ "docker.io/library/cert-manager-webhook-amd64:{}".format(data.values.app_version) 26 | -------------------------------------------------------------------------------- /test/integration/ctl/testdata/convert/output/resource2_v1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | items: 3 | - apiVersion: cert-manager.io/v1 4 | kind: Certificate 5 | metadata: 6 | creationTimestamp: null 7 | name: ca-issuer 8 | namespace: sandbox 9 | spec: 10 | commonName: my-csi-app 11 | isCA: true 12 | issuerRef: 13 | group: cert-manager.io 14 | kind: Issuer 15 | name: selfsigned-issuer 16 | secretName: ca-key-pair 17 | status: {} 18 | - apiVersion: cert-manager.io/v1 19 | kind: Issuer 20 | metadata: 21 | creationTimestamp: null 22 | name: ca-issuer 23 | namespace: sandbox 24 | spec: 25 | ca: 26 | secretName: ca-key-pair 27 | status: {} 28 | - apiVersion: cert-manager.io/v1 29 | kind: Certificate 30 | metadata: 31 | creationTimestamp: null 32 | name: ca-issuer-2 33 | namespace: sandbox 34 | spec: 35 | commonName: my-csi-app 36 | isCA: true 37 | issuerRef: 38 | group: cert-manager.io 39 | kind: Issuer 40 | name: ca-issuer 41 | secretName: ca-key-pair 42 | status: {} 43 | kind: List 44 | metadata: {} 45 | -------------------------------------------------------------------------------- /test/integration/ctl/testdata/convert/output/resources_as_list_v1beta1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | items: 3 | - apiVersion: cert-manager.io/v1beta1 4 | kind: Certificate 5 | metadata: 6 | creationTimestamp: null 7 | name: list-test-1 8 | namespace: default 9 | spec: 10 | dnsNames: 11 | - example.cert-manager.1 12 | duration: 24h0m0s 13 | issuerRef: 14 | name: cert-manager-test-1 15 | secretName: cert-manager-test-1 16 | status: {} 17 | - apiVersion: cert-manager.io/v1beta1 18 | kind: Certificate 19 | metadata: 20 | creationTimestamp: null 21 | name: list-test-1 22 | namespace: default 23 | spec: 24 | dnsNames: 25 | - example.cert-manager.2 26 | duration: 24h0m0s 27 | issuerRef: 28 | name: cert-manager-test-2 29 | secretName: cert-manager-test-2 30 | status: {} 31 | - apiVersion: cert-manager.io/v1beta1 32 | kind: Issuer 33 | metadata: 34 | creationTimestamp: null 35 | name: ca-issuer 36 | namespace: sandbox 37 | spec: 38 | ca: 39 | secretName: ca-key-pair 40 | status: {} 41 | kind: List 42 | metadata: {} 43 | -------------------------------------------------------------------------------- /test/fixtures/upgrade/overlay/controller-ops.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 The cert-manager Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | #@ load("@ytt:overlay", "overlay") 16 | #@ load("@ytt:data", "data") 17 | 18 | #@overlay/match by=overlay.subset({"kind":"Deployment","metadata":{"name":"cert-manager"}}) 19 | --- 20 | spec: 21 | template: 22 | spec: 23 | containers: 24 | #@overlay/match by=overlay.subset({"name": "cert-manager-controller"}) 25 | - image: #@ "docker.io/library/cert-manager-controller-amd64:{}".format(data.values.app_version) 26 | 27 | -------------------------------------------------------------------------------- /test/integration/ctl/testdata/convert/output/resources_as_list_v1alpha2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | items: 3 | - apiVersion: cert-manager.io/v1alpha2 4 | kind: Certificate 5 | metadata: 6 | creationTimestamp: null 7 | name: list-test-1 8 | namespace: default 9 | spec: 10 | dnsNames: 11 | - example.cert-manager.1 12 | duration: 24h0m0s 13 | issuerRef: 14 | name: cert-manager-test-1 15 | secretName: cert-manager-test-1 16 | status: {} 17 | - apiVersion: cert-manager.io/v1alpha2 18 | kind: Certificate 19 | metadata: 20 | creationTimestamp: null 21 | name: list-test-1 22 | namespace: default 23 | spec: 24 | dnsNames: 25 | - example.cert-manager.2 26 | duration: 24h0m0s 27 | issuerRef: 28 | name: cert-manager-test-2 29 | secretName: cert-manager-test-2 30 | status: {} 31 | - apiVersion: cert-manager.io/v1alpha2 32 | kind: Issuer 33 | metadata: 34 | creationTimestamp: null 35 | name: ca-issuer 36 | namespace: sandbox 37 | spec: 38 | ca: 39 | secretName: ca-key-pair 40 | status: {} 41 | kind: List 42 | metadata: {} 43 | -------------------------------------------------------------------------------- /test/integration/ctl/testdata/convert/output/resources_as_list_v1alpha3.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | items: 3 | - apiVersion: cert-manager.io/v1alpha3 4 | kind: Certificate 5 | metadata: 6 | creationTimestamp: null 7 | name: list-test-1 8 | namespace: default 9 | spec: 10 | dnsNames: 11 | - example.cert-manager.1 12 | duration: 24h0m0s 13 | issuerRef: 14 | name: cert-manager-test-1 15 | secretName: cert-manager-test-1 16 | status: {} 17 | - apiVersion: cert-manager.io/v1alpha3 18 | kind: Certificate 19 | metadata: 20 | creationTimestamp: null 21 | name: list-test-1 22 | namespace: default 23 | spec: 24 | dnsNames: 25 | - example.cert-manager.2 26 | duration: 24h0m0s 27 | issuerRef: 28 | name: cert-manager-test-2 29 | secretName: cert-manager-test-2 30 | status: {} 31 | - apiVersion: cert-manager.io/v1alpha3 32 | kind: Issuer 33 | metadata: 34 | creationTimestamp: null 35 | name: ca-issuer 36 | namespace: sandbox 37 | spec: 38 | ca: 39 | secretName: ca-key-pair 40 | status: {} 41 | kind: List 42 | metadata: {} 43 | -------------------------------------------------------------------------------- /pkg/issuer/fake/factory.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package fake 18 | 19 | import ( 20 | v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" 21 | issuerpkg "github.com/cert-manager/cert-manager/pkg/issuer" 22 | ) 23 | 24 | type Factory struct { 25 | IssuerForFunc func(iss v1.GenericIssuer) (issuerpkg.Interface, error) 26 | } 27 | 28 | var _ issuerpkg.Factory = &Factory{} 29 | 30 | func (f *Factory) IssuerFor(iss v1.GenericIssuer) (issuerpkg.Interface, error) { 31 | return f.IssuerForFunc(iss) 32 | } 33 | -------------------------------------------------------------------------------- /test/fixtures/upgrade/overlay/cainjector-ops.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 The cert-manager Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | #@ load("@ytt:overlay", "overlay") 16 | #@ load("@ytt:data", "data") 17 | 18 | #@overlay/match by=overlay.subset({"kind":"Deployment","metadata":{"name":"cert-manager-cainjector"}}) 19 | --- 20 | spec: 21 | template: 22 | spec: 23 | containers: 24 | #@overlay/match by=overlay.subset({"name": "cert-manager-cainjector"}) 25 | - image: #@ "docker.io/library/cert-manager-cainjector-amd64:{}".format(data.values.app_version) 26 | -------------------------------------------------------------------------------- /deploy/charts/cert-manager/templates/webhook-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "webhook.fullname" . }} 5 | namespace: {{ include "cert-manager.namespace" . }} 6 | {{- with .Values.webhook.serviceAnnotations }} 7 | annotations: 8 | {{ toYaml . | indent 4 }} 9 | {{- end }} 10 | labels: 11 | app: {{ include "webhook.name" . }} 12 | app.kubernetes.io/name: {{ include "webhook.name" . }} 13 | app.kubernetes.io/instance: {{ .Release.Name }} 14 | app.kubernetes.io/component: "webhook" 15 | {{- include "labels" . | nindent 4 }} 16 | {{- with .Values.webhook.serviceLabels }} 17 | {{- toYaml . | nindent 4 }} 18 | {{- end }} 19 | spec: 20 | type: {{ .Values.webhook.serviceType }} 21 | {{- with .Values.webhook.loadBalancerIP }} 22 | loadBalancerIP: {{ . }} 23 | {{- end }} 24 | ports: 25 | - name: https 26 | port: 443 27 | protocol: TCP 28 | targetPort: "https" 29 | selector: 30 | app.kubernetes.io/name: {{ include "webhook.name" . }} 31 | app.kubernetes.io/instance: {{ .Release.Name }} 32 | app.kubernetes.io/component: "webhook" 33 | -------------------------------------------------------------------------------- /deploy/charts/cert-manager/templates/service.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.prometheus.enabled }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ template "cert-manager.fullname" . }} 6 | namespace: {{ include "cert-manager.namespace" . }} 7 | {{- with .Values.serviceAnnotations }} 8 | annotations: 9 | {{ toYaml . | indent 4 }} 10 | {{- end }} 11 | labels: 12 | app: {{ include "cert-manager.name" . }} 13 | app.kubernetes.io/name: {{ include "cert-manager.name" . }} 14 | app.kubernetes.io/instance: {{ .Release.Name }} 15 | app.kubernetes.io/component: "controller" 16 | {{- include "labels" . | nindent 4 }} 17 | {{- with .Values.serviceLabels }} 18 | {{- toYaml . | nindent 4 }} 19 | {{- end }} 20 | spec: 21 | type: ClusterIP 22 | ports: 23 | - protocol: TCP 24 | port: 9402 25 | name: tcp-prometheus-servicemonitor 26 | targetPort: {{ .Values.prometheus.servicemonitor.targetPort }} 27 | selector: 28 | app.kubernetes.io/name: {{ include "cert-manager.name" . }} 29 | app.kubernetes.io/instance: {{ .Release.Name }} 30 | app.kubernetes.io/component: "controller" 31 | {{- end }} 32 | -------------------------------------------------------------------------------- /hack/sha256-of-plugin-tar.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # Copyright 2020 The cert-manager Authors. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | set -o errexit 17 | set -o nounset 18 | set -o pipefail 19 | 20 | version="$1" 21 | platforms='darwin-amd64 linux-amd64 linux-arm linux-arm64 windows-amd64' 22 | for platform in $platforms 23 | do 24 | curl -sSL -O $"https://github.com/cert-manager/cert-manager/releases/download/${version}/kubectl-cert_manager-${platform}.tar.gz" 25 | sha256sum "kubectl-cert_manager-${platform}.tar.gz" 26 | rm "kubectl-cert_manager-${platform}.tar.gz" 27 | done 28 | -------------------------------------------------------------------------------- /test/integration/ctl/testdata/convert/output/resource2_v1alpha2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | items: 3 | - apiVersion: cert-manager.io/v1alpha2 4 | kind: Certificate 5 | metadata: 6 | creationTimestamp: null 7 | name: ca-issuer 8 | namespace: sandbox 9 | spec: 10 | commonName: my-csi-app 11 | isCA: true 12 | issuerRef: 13 | group: cert-manager.io 14 | kind: Issuer 15 | name: selfsigned-issuer 16 | secretName: ca-key-pair 17 | status: {} 18 | - apiVersion: cert-manager.io/v1alpha2 19 | kind: Issuer 20 | metadata: 21 | creationTimestamp: null 22 | name: ca-issuer 23 | namespace: sandbox 24 | spec: 25 | ca: 26 | secretName: ca-key-pair 27 | status: {} 28 | - apiVersion: cert-manager.io/v1alpha2 29 | kind: Certificate 30 | metadata: 31 | creationTimestamp: null 32 | name: ca-issuer-2 33 | namespace: sandbox 34 | spec: 35 | commonName: my-csi-app 36 | isCA: true 37 | issuerRef: 38 | group: cert-manager.io 39 | kind: Issuer 40 | name: ca-issuer 41 | secretName: ca-key-pair 42 | status: {} 43 | kind: List 44 | metadata: {} 45 | -------------------------------------------------------------------------------- /test/integration/ctl/testdata/convert/output/resource2_v1alpha3.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | items: 3 | - apiVersion: cert-manager.io/v1alpha3 4 | kind: Certificate 5 | metadata: 6 | creationTimestamp: null 7 | name: ca-issuer 8 | namespace: sandbox 9 | spec: 10 | commonName: my-csi-app 11 | isCA: true 12 | issuerRef: 13 | group: cert-manager.io 14 | kind: Issuer 15 | name: selfsigned-issuer 16 | secretName: ca-key-pair 17 | status: {} 18 | - apiVersion: cert-manager.io/v1alpha3 19 | kind: Issuer 20 | metadata: 21 | creationTimestamp: null 22 | name: ca-issuer 23 | namespace: sandbox 24 | spec: 25 | ca: 26 | secretName: ca-key-pair 27 | status: {} 28 | - apiVersion: cert-manager.io/v1alpha3 29 | kind: Certificate 30 | metadata: 31 | creationTimestamp: null 32 | name: ca-issuer-2 33 | namespace: sandbox 34 | spec: 35 | commonName: my-csi-app 36 | isCA: true 37 | issuerRef: 38 | group: cert-manager.io 39 | kind: Issuer 40 | name: ca-issuer 41 | secretName: ca-key-pair 42 | status: {} 43 | kind: List 44 | metadata: {} 45 | -------------------------------------------------------------------------------- /test/e2e/suite/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package suite 18 | 19 | import ( 20 | _ "github.com/cert-manager/cert-manager/e2e-tests/suite/certificaterequests" 21 | _ "github.com/cert-manager/cert-manager/e2e-tests/suite/certificates" 22 | _ "github.com/cert-manager/cert-manager/e2e-tests/suite/certificatesigningrequests" 23 | _ "github.com/cert-manager/cert-manager/e2e-tests/suite/conformance" 24 | _ "github.com/cert-manager/cert-manager/e2e-tests/suite/issuers" 25 | _ "github.com/cert-manager/cert-manager/e2e-tests/suite/serving" 26 | ) 27 | -------------------------------------------------------------------------------- /pkg/webhook/handlers/testdata/apis/testgroup/v1/defaults.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package v1 18 | 19 | import ( 20 | "k8s.io/apimachinery/pkg/runtime" 21 | "k8s.io/utils/pointer" 22 | ) 23 | 24 | func addDefaultingFuncs(scheme *runtime.Scheme) error { 25 | return RegisterDefaults(scheme) 26 | } 27 | 28 | func SetDefaults_TestType(obj *TestType) { 29 | if obj.TestFieldPtr == nil { 30 | obj.TestFieldPtr = pointer.StringPtr("teststr") 31 | } 32 | if obj.TestDefaultingField == "" { 33 | obj.TestDefaultingField = "set-in-v1" 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /pkg/webhook/handlers/testdata/apis/testgroup/v2/defaults.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package v2 18 | 19 | import ( 20 | "k8s.io/apimachinery/pkg/runtime" 21 | "k8s.io/utils/pointer" 22 | ) 23 | 24 | func addDefaultingFuncs(scheme *runtime.Scheme) error { 25 | return RegisterDefaults(scheme) 26 | } 27 | 28 | func SetDefaults_TestType(obj *TestType) { 29 | if obj.TestFieldPtrAlt == nil { 30 | obj.TestFieldPtrAlt = pointer.StringPtr("teststr") 31 | } 32 | if obj.TestDefaultingField == "" { 33 | obj.TestDefaultingField = "set-in-v2" 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /deploy/charts/cert-manager/templates/startupapicheck-serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.startupapicheck.enabled }} 2 | {{- if .Values.startupapicheck.serviceAccount.create }} 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | automountServiceAccountToken: {{ .Values.startupapicheck.serviceAccount.automountServiceAccountToken }} 6 | metadata: 7 | name: {{ template "startupapicheck.serviceAccountName" . }} 8 | namespace: {{ include "cert-manager.namespace" . }} 9 | {{- with .Values.startupapicheck.serviceAccount.annotations }} 10 | annotations: 11 | {{- toYaml . | nindent 4 }} 12 | {{- end }} 13 | labels: 14 | app: {{ include "startupapicheck.name" . }} 15 | app.kubernetes.io/name: {{ include "startupapicheck.name" . }} 16 | app.kubernetes.io/instance: {{ .Release.Name }} 17 | app.kubernetes.io/component: "startupapicheck" 18 | {{- include "labels" . | nindent 4 }} 19 | {{- with .Values.startupapicheck.serviceAccount.labels }} 20 | {{ toYaml . | nindent 4 }} 21 | {{- end }} 22 | {{- with .Values.global.imagePullSecrets }} 23 | imagePullSecrets: 24 | {{- toYaml . | nindent 2 }} 25 | {{- end }} 26 | {{- end }} 27 | {{- end }} 28 | -------------------------------------------------------------------------------- /hack/update-deps-licenses.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2022 The cert-manager Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -o errexit 18 | set -o nounset 19 | set -o pipefail 20 | 21 | # This file is kept as backwards-compatibility for people with muscle memory who 22 | # type "./hack/update-deps-licenses.sh" and expect it to work, or for third party CI pipelines. 23 | 24 | # The replacement make target handles only licenses and doesn't touch anything relating to bazel 25 | 26 | # This script may be removed in the future. Prefer using `make` directly. 27 | 28 | make update-licenses 29 | -------------------------------------------------------------------------------- /hack/verify-deps-licenses.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2022 The cert-manager Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -o errexit 18 | set -o nounset 19 | set -o pipefail 20 | 21 | # This file is kept as backwards-compatibility for people with muscle memory who 22 | # type "./hack/verify-deps-licenses.sh" and expect it to work, or for third party CI pipelines. 23 | 24 | # The replacement make target handles only licenses and doesn't verify anything relating to bazel 25 | 26 | # This script may be removed in the future. Prefer using `make` directly. 27 | 28 | make verify-licenses 29 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Report a bug to help us improve cert-manager 4 | 5 | --- 6 | 7 | 13 | 14 | **Describe the bug**: 15 | 23 | 24 | **Expected behaviour**: 25 | 26 | 27 | **Steps to reproduce the bug**: 28 | 30 | 31 | **Anything else we need to know?**: 32 | 33 | **Environment details:**: 34 | - Kubernetes version: 35 | - Cloud-provider/provisioner: 36 | - cert-manager version: 37 | - Install method: e.g. helm/static manifests 38 | 39 | /kind bug 40 | -------------------------------------------------------------------------------- /internal/apis/certmanager/validation/warnings.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package validation 18 | 19 | // Warning values thrown by validating webhook 20 | // https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/ 21 | const ( 22 | // deprecatedACMEEABKeyAlgorithmField is raised when the deprecated keyAlgorithm field for an ACME issuer's external account binding (EAB) is set. 23 | deprecatedACMEEABKeyAlgorithmField = "ACME issuer spec field 'externalAccount.keyAlgorithm' is deprecated. The value of this field will be ignored." 24 | ) 25 | -------------------------------------------------------------------------------- /pkg/controller/test/util.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package test 18 | 19 | import ( 20 | "math/rand" 21 | "time" 22 | ) 23 | 24 | func init() { 25 | rand.Seed(time.Now().UnixNano()) 26 | } 27 | 28 | type StringGenerator func(n int) string 29 | 30 | const letterBytes = "abcdefghijklmnopqrstuvwxyz0123456789" 31 | 32 | // RandStringBytes generates a pseudo-random string of length `n`. 33 | func RandStringBytes(n int) string { 34 | b := make([]byte, n) 35 | for i := range b { 36 | b[i] = letterBytes[rand.Intn(len(letterBytes))] 37 | } 38 | return string(b) 39 | } 40 | -------------------------------------------------------------------------------- /test/integration/internal/util/paths.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package util 18 | 19 | import ( 20 | "os" 21 | "path/filepath" 22 | ) 23 | 24 | // GetTestPath returns the path for bazel golang test dependencies 25 | // These dependencies are set in the go_test data attribute in the BUILD.bazel file 26 | // see: https://github.com/bazelbuild/rules_go/blob/master/go/core.rst#go_test -> data attribute 27 | func GetTestPath(path ...string) string { 28 | return filepath.Join(append([]string{os.Getenv("RUNFILES_DIR"), "com_github_jetstack_cert_manager"}, path...)...) 29 | } 30 | -------------------------------------------------------------------------------- /internal/apis/acme/v1/zz_generated.defaults.go: -------------------------------------------------------------------------------- 1 | //go:build !ignore_autogenerated 2 | // +build !ignore_autogenerated 3 | 4 | /* 5 | Copyright The cert-manager Authors. 6 | 7 | Licensed under the Apache License, Version 2.0 (the "License"); 8 | you may not use this file except in compliance with the License. 9 | You may obtain a copy of the License at 10 | 11 | http://www.apache.org/licenses/LICENSE-2.0 12 | 13 | Unless required by applicable law or agreed to in writing, software 14 | distributed under the License is distributed on an "AS IS" BASIS, 15 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | See the License for the specific language governing permissions and 17 | limitations under the License. 18 | */ 19 | 20 | // Code generated by defaulter-gen. DO NOT EDIT. 21 | 22 | package v1 23 | 24 | import ( 25 | runtime "k8s.io/apimachinery/pkg/runtime" 26 | ) 27 | 28 | // RegisterDefaults adds defaulters functions to the given scheme. 29 | // Public to allow building arbitrary schemes. 30 | // All generated defaulters are covering - they call all nested defaulters. 31 | func RegisterDefaults(scheme *runtime.Scheme) error { 32 | return nil 33 | } 34 | -------------------------------------------------------------------------------- /internal/apis/meta/v1/zz_generated.defaults.go: -------------------------------------------------------------------------------- 1 | //go:build !ignore_autogenerated 2 | // +build !ignore_autogenerated 3 | 4 | /* 5 | Copyright The cert-manager Authors. 6 | 7 | Licensed under the Apache License, Version 2.0 (the "License"); 8 | you may not use this file except in compliance with the License. 9 | You may obtain a copy of the License at 10 | 11 | http://www.apache.org/licenses/LICENSE-2.0 12 | 13 | Unless required by applicable law or agreed to in writing, software 14 | distributed under the License is distributed on an "AS IS" BASIS, 15 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | See the License for the specific language governing permissions and 17 | limitations under the License. 18 | */ 19 | 20 | // Code generated by defaulter-gen. DO NOT EDIT. 21 | 22 | package v1 23 | 24 | import ( 25 | runtime "k8s.io/apimachinery/pkg/runtime" 26 | ) 27 | 28 | // RegisterDefaults adds defaulters functions to the given scheme. 29 | // Public to allow building arbitrary schemes. 30 | // All generated defaulters are covering - they call all nested defaulters. 31 | func RegisterDefaults(scheme *runtime.Scheme) error { 32 | return nil 33 | } 34 | -------------------------------------------------------------------------------- /internal/apis/certmanager/v1/zz_generated.defaults.go: -------------------------------------------------------------------------------- 1 | //go:build !ignore_autogenerated 2 | // +build !ignore_autogenerated 3 | 4 | /* 5 | Copyright The cert-manager Authors. 6 | 7 | Licensed under the Apache License, Version 2.0 (the "License"); 8 | you may not use this file except in compliance with the License. 9 | You may obtain a copy of the License at 10 | 11 | http://www.apache.org/licenses/LICENSE-2.0 12 | 13 | Unless required by applicable law or agreed to in writing, software 14 | distributed under the License is distributed on an "AS IS" BASIS, 15 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | See the License for the specific language governing permissions and 17 | limitations under the License. 18 | */ 19 | 20 | // Code generated by defaulter-gen. DO NOT EDIT. 21 | 22 | package v1 23 | 24 | import ( 25 | runtime "k8s.io/apimachinery/pkg/runtime" 26 | ) 27 | 28 | // RegisterDefaults adds defaulters functions to the given scheme. 29 | // Public to allow building arbitrary schemes. 30 | // All generated defaulters are covering - they call all nested defaulters. 31 | func RegisterDefaults(scheme *runtime.Scheme) error { 32 | return nil 33 | } 34 | -------------------------------------------------------------------------------- /pkg/issuer/acme/dns/util/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2015-2017 Sebastian Erhart 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /internal/apis/acme/v1alpha2/zz_generated.defaults.go: -------------------------------------------------------------------------------- 1 | //go:build !ignore_autogenerated 2 | // +build !ignore_autogenerated 3 | 4 | /* 5 | Copyright The cert-manager Authors. 6 | 7 | Licensed under the Apache License, Version 2.0 (the "License"); 8 | you may not use this file except in compliance with the License. 9 | You may obtain a copy of the License at 10 | 11 | http://www.apache.org/licenses/LICENSE-2.0 12 | 13 | Unless required by applicable law or agreed to in writing, software 14 | distributed under the License is distributed on an "AS IS" BASIS, 15 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | See the License for the specific language governing permissions and 17 | limitations under the License. 18 | */ 19 | 20 | // Code generated by defaulter-gen. DO NOT EDIT. 21 | 22 | package v1alpha2 23 | 24 | import ( 25 | runtime "k8s.io/apimachinery/pkg/runtime" 26 | ) 27 | 28 | // RegisterDefaults adds defaulters functions to the given scheme. 29 | // Public to allow building arbitrary schemes. 30 | // All generated defaulters are covering - they call all nested defaulters. 31 | func RegisterDefaults(scheme *runtime.Scheme) error { 32 | return nil 33 | } 34 | -------------------------------------------------------------------------------- /internal/apis/acme/v1alpha3/zz_generated.defaults.go: -------------------------------------------------------------------------------- 1 | //go:build !ignore_autogenerated 2 | // +build !ignore_autogenerated 3 | 4 | /* 5 | Copyright The cert-manager Authors. 6 | 7 | Licensed under the Apache License, Version 2.0 (the "License"); 8 | you may not use this file except in compliance with the License. 9 | You may obtain a copy of the License at 10 | 11 | http://www.apache.org/licenses/LICENSE-2.0 12 | 13 | Unless required by applicable law or agreed to in writing, software 14 | distributed under the License is distributed on an "AS IS" BASIS, 15 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | See the License for the specific language governing permissions and 17 | limitations under the License. 18 | */ 19 | 20 | // Code generated by defaulter-gen. DO NOT EDIT. 21 | 22 | package v1alpha3 23 | 24 | import ( 25 | runtime "k8s.io/apimachinery/pkg/runtime" 26 | ) 27 | 28 | // RegisterDefaults adds defaulters functions to the given scheme. 29 | // Public to allow building arbitrary schemes. 30 | // All generated defaulters are covering - they call all nested defaulters. 31 | func RegisterDefaults(scheme *runtime.Scheme) error { 32 | return nil 33 | } 34 | -------------------------------------------------------------------------------- /internal/apis/acme/v1beta1/zz_generated.defaults.go: -------------------------------------------------------------------------------- 1 | //go:build !ignore_autogenerated 2 | // +build !ignore_autogenerated 3 | 4 | /* 5 | Copyright The cert-manager Authors. 6 | 7 | Licensed under the Apache License, Version 2.0 (the "License"); 8 | you may not use this file except in compliance with the License. 9 | You may obtain a copy of the License at 10 | 11 | http://www.apache.org/licenses/LICENSE-2.0 12 | 13 | Unless required by applicable law or agreed to in writing, software 14 | distributed under the License is distributed on an "AS IS" BASIS, 15 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | See the License for the specific language governing permissions and 17 | limitations under the License. 18 | */ 19 | 20 | // Code generated by defaulter-gen. DO NOT EDIT. 21 | 22 | package v1beta1 23 | 24 | import ( 25 | runtime "k8s.io/apimachinery/pkg/runtime" 26 | ) 27 | 28 | // RegisterDefaults adds defaulters functions to the given scheme. 29 | // Public to allow building arbitrary schemes. 30 | // All generated defaulters are covering - they call all nested defaulters. 31 | func RegisterDefaults(scheme *runtime.Scheme) error { 32 | return nil 33 | } 34 | -------------------------------------------------------------------------------- /pkg/api/util/duration.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package util 18 | 19 | import ( 20 | "time" 21 | 22 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 23 | 24 | v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" 25 | ) 26 | 27 | // DefaultCertDuration returns d.Duration if set, otherwise returns 28 | // cert-manager's default certificate duration (90 days). 29 | func DefaultCertDuration(d *metav1.Duration) time.Duration { 30 | certDuration := v1.DefaultCertificateDuration 31 | if d != nil { 32 | certDuration = d.Duration 33 | } 34 | 35 | return certDuration 36 | } 37 | -------------------------------------------------------------------------------- /pkg/issuer/acme/dns/azuredns/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2015-2017 Sebastian Erhart 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /pkg/issuer/acme/dns/clouddns/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2015-2017 Sebastian Erhart 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /pkg/issuer/acme/dns/cloudflare/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2015-2017 Sebastian Erhart 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /pkg/issuer/acme/dns/route53/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2015-2017 Sebastian Erhart 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /internal/apis/certmanager/v1beta1/zz_generated.defaults.go: -------------------------------------------------------------------------------- 1 | //go:build !ignore_autogenerated 2 | // +build !ignore_autogenerated 3 | 4 | /* 5 | Copyright The cert-manager Authors. 6 | 7 | Licensed under the Apache License, Version 2.0 (the "License"); 8 | you may not use this file except in compliance with the License. 9 | You may obtain a copy of the License at 10 | 11 | http://www.apache.org/licenses/LICENSE-2.0 12 | 13 | Unless required by applicable law or agreed to in writing, software 14 | distributed under the License is distributed on an "AS IS" BASIS, 15 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | See the License for the specific language governing permissions and 17 | limitations under the License. 18 | */ 19 | 20 | // Code generated by defaulter-gen. DO NOT EDIT. 21 | 22 | package v1beta1 23 | 24 | import ( 25 | runtime "k8s.io/apimachinery/pkg/runtime" 26 | ) 27 | 28 | // RegisterDefaults adds defaulters functions to the given scheme. 29 | // Public to allow building arbitrary schemes. 30 | // All generated defaulters are covering - they call all nested defaulters. 31 | func RegisterDefaults(scheme *runtime.Scheme) error { 32 | return nil 33 | } 34 | -------------------------------------------------------------------------------- /test/framework/config/helm.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package config 18 | 19 | import ( 20 | "fmt" 21 | 22 | "flag" 23 | ) 24 | 25 | type Helm struct { 26 | // Path to the Helm binary to use during tests 27 | Path string 28 | } 29 | 30 | func (n *Helm) AddFlags(fs *flag.FlagSet) { 31 | fs.StringVar(&n.Path, "helm-binary-path", "helm", "path to the helm binary to use in tests") 32 | } 33 | 34 | func (n *Helm) Validate() []error { 35 | var errs []error 36 | if n.Path == "" { 37 | errs = append(errs, fmt.Errorf("--helm-binary-path must be specified")) 38 | } 39 | return errs 40 | } 41 | -------------------------------------------------------------------------------- /internal/apis/certmanager/v1alpha2/zz_generated.defaults.go: -------------------------------------------------------------------------------- 1 | //go:build !ignore_autogenerated 2 | // +build !ignore_autogenerated 3 | 4 | /* 5 | Copyright The cert-manager Authors. 6 | 7 | Licensed under the Apache License, Version 2.0 (the "License"); 8 | you may not use this file except in compliance with the License. 9 | You may obtain a copy of the License at 10 | 11 | http://www.apache.org/licenses/LICENSE-2.0 12 | 13 | Unless required by applicable law or agreed to in writing, software 14 | distributed under the License is distributed on an "AS IS" BASIS, 15 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | See the License for the specific language governing permissions and 17 | limitations under the License. 18 | */ 19 | 20 | // Code generated by defaulter-gen. DO NOT EDIT. 21 | 22 | package v1alpha2 23 | 24 | import ( 25 | runtime "k8s.io/apimachinery/pkg/runtime" 26 | ) 27 | 28 | // RegisterDefaults adds defaulters functions to the given scheme. 29 | // Public to allow building arbitrary schemes. 30 | // All generated defaulters are covering - they call all nested defaulters. 31 | func RegisterDefaults(scheme *runtime.Scheme) error { 32 | return nil 33 | } 34 | -------------------------------------------------------------------------------- /internal/apis/certmanager/v1alpha3/zz_generated.defaults.go: -------------------------------------------------------------------------------- 1 | //go:build !ignore_autogenerated 2 | // +build !ignore_autogenerated 3 | 4 | /* 5 | Copyright The cert-manager Authors. 6 | 7 | Licensed under the Apache License, Version 2.0 (the "License"); 8 | you may not use this file except in compliance with the License. 9 | You may obtain a copy of the License at 10 | 11 | http://www.apache.org/licenses/LICENSE-2.0 12 | 13 | Unless required by applicable law or agreed to in writing, software 14 | distributed under the License is distributed on an "AS IS" BASIS, 15 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | See the License for the specific language governing permissions and 17 | limitations under the License. 18 | */ 19 | 20 | // Code generated by defaulter-gen. DO NOT EDIT. 21 | 22 | package v1alpha3 23 | 24 | import ( 25 | runtime "k8s.io/apimachinery/pkg/runtime" 26 | ) 27 | 28 | // RegisterDefaults adds defaulters functions to the given scheme. 29 | // Public to allow building arbitrary schemes. 30 | // All generated defaulters are covering - they call all nested defaulters. 31 | func RegisterDefaults(scheme *runtime.Scheme) error { 32 | return nil 33 | } 34 | -------------------------------------------------------------------------------- /pkg/controller/certificatesigningrequests/fake/fake.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package fake 18 | 19 | import ( 20 | "context" 21 | 22 | certificatesv1 "k8s.io/api/certificates/v1" 23 | 24 | cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" 25 | ) 26 | 27 | type Signer struct { 28 | FakeSign func(context.Context, *certificatesv1.CertificateSigningRequest, cmapi.GenericIssuer) error 29 | } 30 | 31 | func (s *Signer) Sign(ctx context.Context, csr *certificatesv1.CertificateSigningRequest, issuerObj cmapi.GenericIssuer) error { 32 | return s.FakeSign(ctx, csr, issuerObj) 33 | } 34 | -------------------------------------------------------------------------------- /pkg/issuer/selfsigned/setup.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package selfsigned 18 | 19 | import ( 20 | "context" 21 | 22 | apiutil "github.com/cert-manager/cert-manager/pkg/api/util" 23 | v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" 24 | cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" 25 | ) 26 | 27 | const ( 28 | successReady = "IsReady" 29 | ) 30 | 31 | func (c *SelfSigned) Setup(ctx context.Context) error { 32 | apiutil.SetIssuerCondition(c.issuer, c.issuer.GetGeneration(), v1.IssuerConditionReady, cmmeta.ConditionTrue, successReady, "") 33 | return nil 34 | } 35 | -------------------------------------------------------------------------------- /pkg/metrics/acme.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package metrics 18 | 19 | import ( 20 | "time" 21 | ) 22 | 23 | // ObserveACMERequestDuration increases bucket counters for that ACME client duration. 24 | func (m *Metrics) ObserveACMERequestDuration(duration time.Duration, labels ...string) { 25 | m.acmeClientRequestDurationSeconds.WithLabelValues(labels...).Observe(duration.Seconds()) 26 | } 27 | 28 | // IncrementACMERequestCount increases the acme client request counter. 29 | func (m *Metrics) IncrementACMERequestCount(labels ...string) { 30 | m.acmeClientRequestCount.WithLabelValues(labels...).Inc() 31 | } 32 | -------------------------------------------------------------------------------- /test/framework/helper/helper.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package helper 18 | 19 | import ( 20 | "k8s.io/client-go/kubernetes" 21 | 22 | cmclient "github.com/cert-manager/cert-manager/pkg/client/clientset/versioned" 23 | "github.com/cert-manager/cert-manager/test/framework/config" 24 | ) 25 | 26 | // Helper provides methods for common operations needed during tests. 27 | type Helper struct { 28 | cfg *config.Config 29 | 30 | KubeClient kubernetes.Interface 31 | CMClient cmclient.Interface 32 | } 33 | 34 | func NewHelper(cfg *config.Config) *Helper { 35 | return &Helper{ 36 | cfg: cfg, 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /pkg/webhook/handlers/testdata/apis/testgroup/v2/validation.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package v2 18 | 19 | import ( 20 | admissionv1 "k8s.io/api/admission/v1" 21 | "k8s.io/apimachinery/pkg/runtime" 22 | "k8s.io/apimachinery/pkg/util/validation/field" 23 | ) 24 | 25 | func ValidateTestType(_ *admissionv1.AdmissionRequest, obj runtime.Object) (field.ErrorList, []string) { 26 | el := field.ErrorList{} 27 | tt := obj.(*TestType) 28 | if tt.TestField == DisallowedTestFieldValue { 29 | el = append(el, field.Invalid(field.NewPath("testField"), tt.TestField, "value not allowed")) 30 | } 31 | return el, nil 32 | } 33 | -------------------------------------------------------------------------------- /internal/cmd/util/context.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package util 18 | 19 | import ( 20 | "context" 21 | ) 22 | 23 | // ContextWithStopCh will wrap a context with a stop channel. 24 | // When the provided stopCh closes, the cancel() will be called on the context. 25 | // This provides a convenient way to represent a stop channel as a context. 26 | func ContextWithStopCh(ctx context.Context, stopCh <-chan struct{}) context.Context { 27 | ctx, cancel := context.WithCancel(ctx) 28 | go func() { 29 | defer cancel() 30 | select { 31 | case <-ctx.Done(): 32 | case <-stopCh: 33 | } 34 | }() 35 | return ctx 36 | } 37 | -------------------------------------------------------------------------------- /pkg/controller/globals/timeout.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2022 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package globals 18 | 19 | import "time" 20 | 21 | const ( 22 | // DefaultControllerContextTimeout is the default maximum amount of time which a single synchronize action in some controllers 23 | // may take before the sync will be cancelled by a context timeout. 24 | // This timeout might not be respected on all controllers thanks to backwards compatibility concerns, but it's a goal to have 25 | // all issuers have some default timeout which represents a default upper bound on the time they're permitted to take. 26 | DefaultControllerContextTimeout = 2 * time.Minute 27 | ) 28 | -------------------------------------------------------------------------------- /pkg/issuer/fake/helper.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package fake 18 | 19 | import ( 20 | cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" 21 | cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" 22 | issuerpkg "github.com/cert-manager/cert-manager/pkg/issuer" 23 | ) 24 | 25 | type Helper struct { 26 | GetGenericIssuerFunc func(ref cmmeta.ObjectReference, ns string) (cmapi.GenericIssuer, error) 27 | } 28 | 29 | var _ issuerpkg.Helper = &Helper{} 30 | 31 | func (f *Helper) GetGenericIssuer(ref cmmeta.ObjectReference, ns string) (cmapi.GenericIssuer, error) { 32 | return f.GetGenericIssuerFunc(ref, ns) 33 | } 34 | -------------------------------------------------------------------------------- /pkg/webhook/admission/handler.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package admission 18 | 19 | import ( 20 | admissionv1 "k8s.io/api/admission/v1" 21 | "k8s.io/apimachinery/pkg/util/sets" 22 | ) 23 | 24 | type Handler struct { 25 | operations sets.String 26 | } 27 | 28 | func (h Handler) Handles(operation admissionv1.Operation) bool { 29 | return h.operations.Has(string(operation)) 30 | } 31 | 32 | var _ Interface = &Handler{} 33 | 34 | func NewHandler(ops ...admissionv1.Operation) *Handler { 35 | operations := sets.NewString() 36 | for _, op := range ops { 37 | operations.Insert(string(op)) 38 | } 39 | return &Handler{operations: operations} 40 | } 41 | -------------------------------------------------------------------------------- /pkg/scheduler/test/fake.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The cert-manager Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package test 18 | 19 | import ( 20 | "time" 21 | 22 | "github.com/cert-manager/cert-manager/pkg/scheduler" 23 | ) 24 | 25 | var _ scheduler.ScheduledWorkQueue = &FakeScheduler{} 26 | 27 | // FakeScheduler allows stubbing the methods of scheduler.ScheduledWorkQueue in tests. 28 | type FakeScheduler struct { 29 | AddFunc func(interface{}, time.Duration) 30 | ForgetFunc func(interface{}) 31 | } 32 | 33 | func (f *FakeScheduler) Add(obj interface{}, duration time.Duration) { 34 | f.AddFunc(obj, duration) 35 | } 36 | 37 | func (f *FakeScheduler) Forget(obj interface{}) { 38 | f.ForgetFunc(obj) 39 | } 40 | --------------------------------------------------------------------------------