Skip to content

Commit

Permalink
Merge a0de65a into 2607c9c
Browse files Browse the repository at this point in the history
  • Loading branch information
m8rmclaren authored Aug 26, 2024
2 parents 2607c9c + a0de65a commit 1951cf9
Show file tree
Hide file tree
Showing 32 changed files with 2,763 additions and 2,273 deletions.
16 changes: 16 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
version: 2
updates:
- package-ecosystem: 'gomod'
# Raise pull requests for version updates
# against the `main` branch
target-branch: "main"
directory: '/'
schedule:
interval: 'weekly'
- package-ecosystem: 'github-actions'
# Raise pull requests for version updates
# against the `main` branch
target-branch: "main"
directory: '/'
schedule:
interval: 'weekly'
84 changes: 84 additions & 0 deletions .github/workflows/keyfactor-bootstrap-workflow.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,84 @@
name: Keyfactor Bootstrap Workflow

on:
workflow_dispatch:
pull_request:
types: [opened, closed, synchronize, edited, reopened]
push:
create:
branches:
- 'release-*.*'

jobs:
build:
name: Build, Lint, and Test
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
# Checkout code
# https://github.com/actions/checkout
- name: Checkout code
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0

# Setup GoLang build environment
# https://github.com/actions/setup-go
- name: Set up Go 1.x
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
go-version-file: 'go.mod'
cache: true

# Download dependencies
- run: go mod download

# Build Go binary
- run: go build -v .

# Run Go linters
# https://github.com/golangci/golangci-lint-action
- name: Run linters
uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0
with:
version: latest

# Run Go tests
- name: Run go test
run: go test -v ./...

integrationtest:
name: Integration Test
needs: build
runs-on: ubuntu-latest
timeout-minutes: 20
steps:
# Checkout code
# https://github.com/actions/checkout
- name: Checkout code
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0

# Create a single-node K8s cluster with Kind
# Then, deploy an ephemeral EJBCA and SignServer
- uses: m8rmclaren/ejbca-signserver-k8s@main
with:
deploy-k8s: 'true'
deploy-nginx-ingress: 'true'
deploy-signserver: 'false'

# Run integration test
- name: Run integration test
run: |
chmod +x test/integrationtest.sh
./test/integrationtest.sh
call-starter-workflow:
uses: keyfactor/actions/.github/workflows/starter.yml@v3
needs: integrationtest
secrets:
token: ${{ secrets.V2BUILDTOKEN}}
APPROVE_README_PUSH: ${{ secrets.APPROVE_README_PUSH}}
gpg_key: ${{ secrets.KF_GPG_PRIVATE_KEY }}
gpg_pass: ${{ secrets.KF_GPG_PASSPHRASE }}
scan_token: ${{ secrets.SAST_TOKEN }}
docker-user: ${{ secrets.DOCKER_USER }}
docker-token: ${{ secrets.DOCKER_PWD }}

20 changes: 0 additions & 20 deletions .github/workflows/keyfactor-workflow.yml

This file was deleted.

76 changes: 0 additions & 76 deletions .github/workflows/test.yml

This file was deleted.

32 changes: 32 additions & 0 deletions .golangci.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
run:
# timeout for analysis, e.g. 30s, 5m, default is 1m
timeout: 12m

skip-dirs:
- testdata$
- test/mock

skip-files:
- ".*\\.pb\\.go"

linters:
enable:
- bodyclose
- durationcheck
- errorlint
- goimports
- revive
- gosec
- misspell
- nakedret
- unconvert
- unparam
- whitespace
- gocritic
- nolintlint
- govet

linters-settings:
revive:
# minimal confidence for issues, default is 0.8
confidence: 0.0
9 changes: 9 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,12 @@
# 2.2.0
## Features

### Auth
- Implement OAuth 2.0 Client Credentials grant as supported auth mechanism

### Testing
- Refactor unit tests to use fake interfaces and extract integration tests to a shell script that interacts with K8s directly

# v2.1.0
## Features

Expand Down
3 changes: 1 addition & 2 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# Build the manager binary
FROM golang:1.20 as builder
FROM golang:1.22.3 as builder
ARG TARGETOS
ARG TARGETARCH

Expand All @@ -13,7 +13,6 @@ RUN go mod download

# Copy the go source
COPY main.go main.go
COPY pkg/ pkg/
COPY internal/ internal/

# Build
Expand Down
71 changes: 38 additions & 33 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,27 +1,3 @@

# ejbca-k8s-csr-signer

An implementation of the Kubernetes CSR signing API that routes Certificate Signing Requests from the cluster to the EJBCA Enrollment API

#### Integration status: Production - Ready for use in production environments.

## About the Keyfactor API Client

This API client allows for programmatic management of Keyfactor resources.

## Support for ejbca-k8s-csr-signer

ejbca-k8s-csr-signer is open source and supported on best effort level for this tool/library/client. This means customers can report Bugs, Feature Requests, Documentation amendment or questions as well as requests for customer information required for setup that needs Keyfactor access to obtain. Such requests do not follow normal SLA commitments for response or resolution. If you have a support issue, please open a support ticket via the Keyfactor Support Portal at https://support.keyfactor.com/

###### To report a problem or suggest a new feature, use the **[Issues](../../issues)** tab. If you want to contribute actual bug fixes or proposed enhancements, use the **[Pull requests](../../pulls)** tab.

---


---



<a href="https://kubernetes.io">
<img src="https://kubernetes.io/images/favicon.png" alt="Kubernetes logo" title="K8s" align="left" height="50" />
</a>
Expand All @@ -30,24 +6,32 @@ ejbca-k8s-csr-signer is open source and supported on best effort level for this
<img src="https://helm.sh/img/helm.svg" alt="Helm logo" title="K8s" align="left" height="50" />
</a>

# EJBCA Certificate Signing Request Proxy for K8s

[![Go Report Card](https://goreportcard.com/badge/github.com/Keyfactor/ejbca-k8s-csr-signer)](https://goreportcard.com/report/github.com/Keyfactor/ejbca-k8s-csr-signer) [![GitHub tag (latest SemVer)](https://img.shields.io/github/v/tag/keyfactor/ejbca-k8s-csr-signer?label=release)](https://github.com/keyfactor/ejbca-k8s-csr-signer/releases) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) [![license](https://img.shields.io/github/license/keyfactor/ejbca-k8s-csr-signer.svg)]()

# EJBCA K8s CSR Signer

![Integration Status: production](https://img.shields.io/badge/integration_status-production-3D1973?style=flat-square)
[![Go Report Card](https://goreportcard.com/badge/github.com/Keyfactor/ejbca-k8s-csr-signer)](https://goreportcard.com/report/github.com/Keyfactor/ejbca-k8s-csr-signer)
[![GitHub tag (latest SemVer)](https://img.shields.io/github/v/tag/keyfactor/ejbca-k8s-csr-signer?label=release)](https://github.com/keyfactor/ejbca-k8s-csr-signer/releases)
![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
[![license](https://img.shields.io/github/license/keyfactor/ejbca-k8s-csr-signer.svg)]()



## Overview

The EJBCA Certificate Signing Request Proxy for K8s forwards certificate signing requests generated by Kubernetes to [EJBCA](https://www.primekey.com/products/ejbca-enterprise/) for signing by a trusted enterprise certificate authority. The signer operates within the [K8s CertificateSigningRequests API](https://kubernetes.io/docs/reference/access-authn-authz/certificate-signing-requests/) and implements a Controller that uses the the V1 CertificateSigningRequests informer to handle associated resources. CSRs are only enrolled if they are approved using an [approver](https://github.com/kubernetes/kubernetes/tree/master/pkg/controller/certificates/approver).

## Community supported
We welcome contributions.

The cert-manager external issuer for Keyfactor command is open source and community supported, meaning that there is **no SLA** applicable for these tools.

###### To report a problem or suggest a new feature, use the **[Issues](../../issues)** tab. If you want to contribute actual bug fixes or proposed enhancements, see the [contribution guidelines](https://github.com/Keyfactor/command-k8s-csr-signer/blob/main/CONTRIBUTING.md) and use the **[Pull requests](../../pulls)** tab.
## Requirements

## Migration from EJBCA CSR Signer v1.0 to v2.0
TODO Requirements is a required section

The EJBCA CSR Signer v2.0 has breaking changes from v1.0. To migrate from v1.0 to v2.0, uninstall the v1.0 deployment and install the v2.0 deployment. The v2.0 deployment uses the same configuration as v1.0, but the configuration is now stored in a Kubernetes ConfigMap. See the [Getting Started](docs/getting-started.markdown) to install the v2.0 deployment.

## Documentation

## Getting Started

* [Getting Started](docs/getting-started.markdown)
* Usage
* [Demo usage with Istio](docs/istio-deployment.markdown)
Expand All @@ -56,4 +40,25 @@ The EJBCA CSR Signer v2.0 has breaking changes from v1.0. To migrate from v1.0 t
* [Testing](docs/testing.markdown)
* [License](LICENSE)

### Migration from EJBCA CSR Signer v1.0 to v2.0

The EJBCA CSR Signer v2.0 has breaking changes from v1.0. To migrate from v1.0 to v2.0, uninstall the v1.0 deployment and install the v2.0 deployment. The v2.0 deployment uses the same configuration as v1.0, but the configuration is now stored in a Kubernetes ConfigMap. See the [Getting Started](docs/getting-started.markdown) to install the v2.0 deployment.



## Community Support

In the [Keyfactor Community](https://www.keyfactor.com/community/), we welcome contributions. Keyfactor Community software is open-source and community-supported, meaning that **no SLA** is applicable. Keyfactor will address issues as resources become available.

* To report a problem or suggest a new feature, go to [Issues](../../issues).
* If you want to contribute bug fixes or proposed enhancements, see the [Contributing Guidelines](CONTRIBUTING.md) and create a [Pull request](../../pulls).

## Commercial Support

Commercial support is available for [EJBCA Enterprise](https://www.keyfactor.com/products/ejbca-enterprise/).

## License
For license information, see [LICENSE](LICENSE).

## Related Projects
See all [Keyfactor EJBCA GitHub projects](https://github.com/orgs/Keyfactor/repositories?q=ejbca).
Loading

0 comments on commit 1951cf9

Please sign in to comment.