Cert manager v1.3 - Approval Condition

guilhem / freeipa-issuer

A cert-manager external issuer for FreeIPA

Apache License 2.0

31 stars 14 forks source link

Cert manager v1.3 - Approval Condition #11

Closed JoshVanL closed 3 years ago

JoshVanL commented 3 years ago

In cert-manager v1.3, we introduced the approval mechanism. This PR adds an optional check, which is enabled by default, to wait for the presence of this Approval condition before signing.

This PR also adds RBAC which enables the internal cert-manager approver to approve all FreeIPA CertificateRequests.

Once this is merged and released we can move this issuer to the list of approval honoured issuers here.

/assign @guilhem

guilhem commented 3 years ago

@JoshVanL Thankyou for this PR. I don't see nothing bad.

Maybe I'm thinking about future issuers, can it be better to wrap all this ckecks in a single function in cmutil ?

JoshVanL commented 3 years ago

Thanks @guilhem :slightly_smiling_face:

Maybe I'm thinking about future issuers, can it be better to wrap all this ckecks in a single function in cmutil ?

This has also been brought up here. We can look at adding that in a future cert-manager release.