Search Options

Results per page
Sort
Preferred Languages
Advance

Results 11 - 20 of 193 for cpsr (0.05 sec)

  2. github.com/istio/istio

    releasenotes/notes/limit-csr-clusterrole.yaml 

    apiVersion: release-notes/v2
kind: feature
area: installation
releaseNotes:
  - |
    **Added** check to limit the clusterrole for k8s CSR permissions for
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Tue Mar 21 19:34:22 UTC 2023
    - 272 bytes
    - Viewed (0)
  3. github.com/istio/istio

    security/pkg/k8s/chiron/utils.go 

    	// 1. Submit the CSR
	csr, err := submitCSR(client, csrData, signerName, usages, requestedLifetime)
	if err != nil {
		return nil, nil, err
	}
	log.Debugf("CSR (%v) has been created", csr.Name)

	// clean up certificate request after deletion
	defer func() {
		_ = cleanupCSR(client, csr)
	}()

	// 2. Approve the CSR
	if approveCsr {
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Fri Apr 05 18:11:22 UTC 2024
    - 9.2K bytes
    - Viewed (0)
  4. github.com/kubernetes/kubernetes

    pkg/controller/certificates/cleaner/cleaner.go 

    		if err := ccc.csrClient.Delete(ctx, csr.Name, metav1.DeleteOptions{}); err != nil {
			return fmt.Errorf("unable to delete CSR %q: %v", csr.Name, err)
		}
	}
	return nil
}

// isIssuedExpired checks if the CSR has been issued a certificate and if the
// expiration of the certificate (the NotAfter value) has passed.
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Wed Mar 15 03:26:08 UTC 2023
    - 8K bytes
    - Viewed (0)
  5. github.com/kubernetes/kubernetes

    pkg/controller/certificates/certificate_controller.go 

    	defer func() {
		logger.V(4).Info("Finished syncing certificate request", "csr", key, "elapsedTime", time.Since(startTime))
	}()
	csr, err := cc.csrLister.Get(key)
	if errors.IsNotFound(err) {
		logger.V(3).Info("csr has been deleted", "csr", key)
		return nil
	}
	if err != nil {
		return err
	}

	if len(csr.Status.Certificate) > 0 {
		// no need to do anything because it already has a cert
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Sat May 04 18:33:12 UTC 2024
    - 6.4K bytes
    - Viewed (0)
  6. github.com/kubernetes/kubernetes

    pkg/controller/certificates/approver/sarapprove.go 

    }

func (a *sarApprover) handle(ctx context.Context, csr *capi.CertificateSigningRequest) error {
	if len(csr.Status.Certificate) != 0 {
		return nil
	}
	if approved, denied := certificates.GetCertApprovalCondition(&csr.Status); approved || denied {
		return nil
	}
	x509cr, err := capihelper.ParseCSR(csr.Spec.Request)
	if err != nil {
		return fmt.Errorf("unable to parse csr %q: %v", csr.Name, err)
	}

	tried := []string{}
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Wed Jun 21 16:03:42 UTC 2023
    - 5.3K bytes
    - Viewed (0)
  7. github.com/istio/istio

    pkg/test/csrctrl/controllers/csr_controller.go 

    	switch {
	case !csr.DeletionTimestamp.IsZero():
		log.Info("CSR has been deleted. Ignoring.")
	case csr.Spec.SignerName == "":
		log.Info("CSR does not have a signer name. Ignoring.")
	case !exist:
		log.Infof("CSR signer name does not match. Ignoring. signer-name: %s, have %v", csr.Spec.SignerName, strings.Join(maps.Keys(s.signers), ","))
	case csr.Status.Certificate != nil:
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Wed May 24 17:36:41 UTC 2023
    - 3.9K bytes
    - Viewed (0)
  8. github.com/istio/istio

    security/pkg/nodeagent/test/mock/caserver.go 

    	s.faultInjectLock.Unlock()
	return empty
}

// CreateCertificate handles CSR.
func (s *CAServer) CreateCertificate(ctx context.Context, request *pb.IstioCertificateRequest) (
	*pb.IstioCertificateResponse, error,
) {
	caServerLog.Infof("received CSR request")
	if s.shouldReject() {
		caServerLog.Info("force rejecting CSR request")
		return nil, status.Error(codes.Unavailable, "CA server is not available")
	}
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Thu May 23 21:07:03 UTC 2024
    - 5.9K bytes
    - Viewed (0)
  9. github.com/kubernetes/kubernetes

    staging/src/k8s.io/apiserver/pkg/util/webhook/gencerts.sh 

    openssl x509 -req -in caCertInter.csr -CA caCert.pem -CAkey caKey.pem -CAcreateserial -out caCertInter.pem -days 100000 -extensions v3_ca -extfile intermediate_ca.conf

# Create an intermediate certificate authority with sha1 signature
openssl req -new -nodes -key caKeyInter.pem -days 100000 -out caCertInterSHA1.csr -subj "/CN=${CN_BASE}_intermediate_ca"
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Fri Mar 25 15:57:40 UTC 2022
    - 5.7K bytes
    - Viewed (0)
  10. github.com/kubernetes/kubernetes

    pkg/registry/certificates/certificates/strategy.go 

    	csr := obj.(*certificates.CertificateSigningRequest)

	// Clear any user-specified info
	csr.Spec.Username = ""
	csr.Spec.UID = ""
	csr.Spec.Groups = nil
	csr.Spec.Extra = nil
	// Inject user.Info from request context
	if user, ok := genericapirequest.UserFrom(ctx); ok {
		csr.Spec.Username = user.GetName()
		csr.Spec.UID = user.GetUID()
		csr.Spec.Groups = user.GetGroups()
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Fri Mar 18 21:41:43 UTC 2022
    - 11.4K bytes
    - Viewed (0)
  11. github.com/istio/istio

    security/pkg/pki/util/generate_csr_test.go 

    			} else {
				t.Errorf("%s: failed to gen CSR", id)
			}
		}

		pemBlock, _ := pem.Decode(csrPem)
		if pemBlock == nil {
			t.Fatalf("%s: failed to decode csr", id)
		}
		csr, err := x509.ParseCertificateRequest(pemBlock.Bytes)
		if err != nil {
			t.Fatalf("%s: failed to parse csr", id)
		}
		if err = csr.CheckSignature(); err != nil {
			t.Errorf("%s: csr signature is invalid", id)
		}
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Fri Feb 25 09:40:13 UTC 2022
    - 5.5K bytes
    - Viewed (0)
Back to top