Tom Lebreux
02e46989f2
dynamiclistener: add PruneExistingCN to Config ( #301 )
...
Add PruneExistingCN bool to Config (alongside the existing FilterCN).
When true, FilterCN is also applied to the set of CNs already recorded
on the secret via its listener.cattle.io/cn-* annotations at every
operation that reads or merges that set: AddCN, Merge, Renew,
Regenerate, and certificate generation.
Any existing CN that FilterCN would reject is dropped from the
certificate the next time it is written. This gives callers a way to
keep the stored CN set trimmed to a known-valid subset — for example,
pruning IP addresses that are no longer valid endpoints after a rolling
restart — without requiring an explicit delete-and-regenerate cycle.
false (the default) preserves all existing CNs as before (backwards
compatible). No separate filter callback is needed: the same FilterCN
that gates new additions also governs what is kept when
PruneExistingCN is true.
Merge is updated to call generateCert instead of returning an existing
cert unchanged when the cert contains CNs that FilterCN would remove,
ensuring stale entries are pruned on the next storage sync rather than
silently propagated.
The pruneAnnotations call inside generateCert is moved to after
populateCN so the cert and its annotation set stay in sync.
PruneExistingCN is wired through NewListenerWithChain; SANs pre-seeded
in Config.SANs are always preserved via allowDefaultSANs regardless of
the filter.
Add unit tests covering hasStaleCNs, pruneAnnotations, Merge (stale in
target, stale in additional, no stale, PruneExistingCN=false, static
target), Renew, Regenerate, and AddCN.
v0.9.0-rc.2
2026-06-19 15:07:13 -04:00
renovate-rancher[bot]
1c353f118e
Update rancher/renovate-config digest to af4fff4 ( #294 )
...
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
2026-06-18 10:53:29 -04:00
renovate-rancher[bot]
9ce3c785c5
Update module golang.org/x/crypto to v0.53.0 ( #300 )
...
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
2026-06-16 08:39:14 -04:00
renovate-rancher[bot]
ca253e24fd
Update actions/checkout digest to df4cb1c ( #290 )
...
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
2026-06-11 14:28:14 -04:00
renovate-rancher[bot]
c5697ecf96
Update rancher/renovate-config digest to a473c74 ( #283 )
...
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
2026-06-01 11:13:14 -04:00
Eshaan Lumba
416cd9c2af
Add support for wildcard SANs ( #272 )
...
* factory: relax cnRegexp to accept RFC 6125 single-label wildcards
* factory: escape '*' in getAnnotationKey to satisfy K8s annotation key rules
* factory: NeedsUpdate honors existing wildcard SANs (RFC 6125 match)
* factory: tests for cert-lifecycle paths with wildcard SANs
* listener: filter wildcards from runtime sources (TLS SNI, TCP, HTTP)
---------
Co-authored-by: Eshaan Lumba <lumbaeshaan@microsoft.com >
2026-05-28 12:53:54 -04:00
renovate-rancher[bot]
cc139f559e
Update module golang.org/x/crypto to v0.52.0 [SECURITY] ( #279 )
...
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
2026-05-27 12:30:01 -04:00
renovate-rancher[bot]
75afb8320b
Update rancher/renovate-config digest to ca9c958 ( #281 )
...
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
2026-05-27 11:21:21 -04:00
renovate-rancher[bot]
b9188411b8
Update module golang.org/x/crypto to v0.51.0 ( #263 )
...
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
2026-05-19 09:31:05 -04:00
renovate-rancher[bot]
bdaa69c7cf
Update rancher/renovate-config digest to 45f7159 ( #277 )
...
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
2026-05-15 07:39:43 -04:00
Chad Roberts
3c309ae472
Update VERSION.md for v0.9 main and new release/v0.8 branch ( #275 )
...
- main branch now tracks v0.9 (v1.27+)
- Add release/v0.8 entry for v0.8 (v1.27 - v1.35)
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com >
2026-05-13 10:06:12 -04:00
teja
54ec826442
bump k8s v1.36 ( #261 )
...
bump k8s v1.36
Delete .github/.DS_Store
Co-authored-by: Teja78906 <alluteja@Allus-MacBook-Air.local >
v0.9.0-rc.1
2026-05-13 05:39:50 -04:00
Sakala Venkata Krishna Rohit
3c06476a78
Bump wrangler to v3.6.0 ( #274 )
...
Bumps github.com/rancher/wrangler/v3 from v3.5.1 to v3.6.0
for Kubernetes v1.35 support in Rancher v2.14.2.
v0.8.2
2026-05-12 15:27:14 -07:00
renovate-rancher[bot]
ecad3b6409
Update rancher/renovate-config digest to 7478101 ( #267 )
...
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
2026-05-07 06:28:58 -04:00
renovate-rancher[bot]
3d4e436885
Update rancher/renovate-config digest to c2602b5 ( #262 )
...
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
2026-05-06 06:39:14 -04:00
Chad Roberts
a69fd783af
Reduce renovate PR noise ( #260 )
2026-05-05 10:13:35 -04:00
renovate-rancher[bot]
41d3898380
Update fossas/fossa-action action to v1.9.0 ( #259 )
...
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
2026-04-29 06:47:29 -04:00
renovate-rancher[bot]
1d24fa2e70
Update rancher/renovate-config digest to 9d3c102 ( #257 )
...
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
2026-04-28 10:58:47 -04:00
renovate-rancher[bot]
7cd84d3776
Update rancher/renovate-config digest to e1355a7 ( #254 )
...
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
2026-04-17 06:33:04 -04:00
Felipe Gehrke
197ecdc656
unRC Wrangler v3.5.1 ( #255 )
v0.8.1
2026-04-14 15:46:49 -03:00
Felipe Gehrke
267e429129
[main] Bump wrangler to v3.5.1-rc.1 ( #253 )
...
Bumped:
- github.com/rancher/wrangler/v3 to v3.5.1-rc.1
v0.8.1-rc.2
2026-04-10 15:31:11 -03:00
renovate-rancher[bot]
893c58179c
Update rancher/renovate-config digest to 240174f ( #249 )
...
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
2026-04-09 08:27:38 -04:00
renovate-rancher[bot]
a6f4fcc269
Update GitHub Actions ( #248 )
...
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
v0.8.1-rc.1
2026-04-01 10:04:27 -04:00
Josh Meranda
ad373f082c
Pin GH Actions to commit sha ( #241 )
...
Co-authored-by: joshmeranda <joshua.meranda@gmail.com >
2026-03-31 15:00:00 -04:00
renovate-rancher[bot]
25a90ebf06
Update actions/setup-go action to v6.3.0 ( #239 )
...
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
2026-03-27 11:29:13 -04:00
Josh Meranda
7925347724
[main] Bump wrangler ( #240 )
...
* go get github.com/rancher/wrangler/v3@v3.5.0
* go mod tidy
---------
Co-authored-by: joshmeranda <joshua.meranda@gmail.com >
2026-03-17 18:40:12 -04:00
renovate-rancher[bot]
ed5103ed5c
Update module golang.org/x/crypto to v0.49.0 ( #233 )
...
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
2026-03-17 08:17:19 -04:00
Josh Meranda
35c73736ff
[main[ update VERSION.md for new branches ( #235 )
...
* update VERSION.md for new branches
* fix typo
---------
Co-authored-by: joshmeranda <joshua.meranda@gmail.com >
v0.8.0
2026-02-17 17:11:27 -05:00
Josh Meranda
05791abf1d
[main] Bump wrangler ( #234 )
...
* go get github.com/rancher/wrangler/v3@v3.3.4
* go mod tidy
v0.7.4
v0.7.4-rc.3
2026-02-17 14:49:47 -05:00
Chad Roberts
ed2d6e66ca
Bump wrangler to v3.4.0 ( #232 )
v0.7.4-rc.2
2026-02-12 09:16:59 -05:00
renovate-rancher[bot]
d491fa2458
Update actions/checkout digest to de0fac2 ( #229 )
...
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
v0.7.4-rc.1
2026-02-11 13:18:46 -05:00
renovate-rancher[bot]
f0fba36fbc
Update module github.com/rancher/wrangler/v3 to v3.3.2-rc.2 ( #230 )
...
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
2026-02-10 06:57:45 -05:00
Vardhaman
851039aa0f
bumped go to 1.25 and k8s deps to v0.35.0 ( #228 )
2026-01-29 17:17:40 +05:30
renovate-rancher[bot]
da6909ef48
Update actions/checkout action to v6 ( #215 )
...
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
2026-01-28 14:18:38 -05:00
renovate-rancher[bot]
aabff49256
Update GitHub Actions ( #214 )
...
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
2026-01-27 11:16:49 -05:00
renovate-rancher[bot]
4ce2d72461
Update module github.com/sirupsen/logrus to v1.9.4 ( #224 )
...
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
2026-01-21 15:16:49 -05:00
Guilherme Macedo
a0b7e9349b
Add FOSSA scanning workflow ( #221 )
...
Signed-off-by: Guilherme Macedo <guilherme@gmacedo.com >
2026-01-16 13:06:18 -05:00
Tom Lebreux
d1758a051b
Bump wrangler to v3.3.1 ( #222 )
2026-01-14 12:29:45 -05:00
Wesley
3e35acfa52
Avoid creating certs that violate Apple requirements for macOS 10.15 ( #208 )
...
* Prevent creating non-standards compliant certs.
Changes generated certificates to have a NotBefore based on either the
CA NotBefore or the current time. This prevents creation of certificates
that are valid for too long making them return errors on platforms like
MacOS.
* Add license header and add test cases
v0.7.3
v0.7.3-rc.1
2025-10-03 13:12:21 -07:00
Eric Promislow
4654f37539
Bump to wrangler v3.3.0-rc.2 ( #210 )
v0.7.2
v0.7.2-rc.3
2025-10-02 13:24:19 -07:00
Swastik Gour
b42a6b8158
Upgraded Wranger ( #209 )
...
* [1.34] bumped dependencies
Signed-off-by: swastik959 <Sswastik959@gmail.com >
* upgraded wrangler
Signed-off-by: swastik959 <swastik.gour@suse.com >
---------
Signed-off-by: swastik959 <Sswastik959@gmail.com >
Signed-off-by: swastik959 <swastik.gour@suse.com >
v0.7.2-rc2
2025-10-01 09:49:13 -04:00
Eric Promislow
4d2b3c8d6c
Bump to lasso v0.2.5-rc.1. ( #207 )
2025-09-24 15:42:44 -07:00
Eric Promislow
7465aad706
bump to k8s 1.34 ( #206 )
2025-09-23 15:40:18 -07:00
renovate-rancher[bot]
9e223bf3d1
Update module github.com/stretchr/testify to v1.11.1 ( #198 )
...
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
2025-09-16 12:18:50 -07:00
renovate-rancher[bot]
aa42a0041a
Update GitHub Actions ( #191 )
...
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
2025-09-16 12:14:44 -07:00
renovate-rancher[bot]
bc271c7b1c
Migrate config .github/renovate.json ( #187 )
...
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
2025-09-16 12:13:21 -07:00
renovate-rancher[bot]
3ba1247841
Update module github.com/rancher/wrangler/v3 to v3.2.4 ( #186 )
...
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
2025-09-16 12:11:56 -07:00
renovate-rancher[bot]
fed04c5a1d
Update module golang.org/x/crypto to v0.42.0 ( #165 )
...
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
2025-09-16 12:09:36 -07:00
Brad Davidson
7ad41853e0
Do not update memory storage with a nil secret ( #205 )
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com >
v0.7.2-rc1
2025-09-15 11:19:38 -07:00
Brad Davidson
d9174a1f59
Fix panic on nil secret ( #204 )
...
Use configured secret namespace/name in error message, to avoid panicing if the secret is invalid because it is nil
Signed-off-by: Brad Davidson <brad.davidson@rancher.com >
2025-09-12 14:11:40 -07:00