Commit Graph

226 Commits

Author SHA1 Message Date
renovate-rancher[bot]
277ec3ea0d Update GitHub Actions (#302)
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
2026-06-29 06:48:22 -04:00
Tom Lebreux
02e46989f2 dynamiclistener: add PruneExistingCN to Config (#301)
Add PruneExistingCN bool to Config (alongside the existing FilterCN).
When true, FilterCN is also applied to the set of CNs already recorded
on the secret via its listener.cattle.io/cn-* annotations at every
operation that reads or merges that set: AddCN, Merge, Renew,
Regenerate, and certificate generation.

Any existing CN that FilterCN would reject is dropped from the
certificate the next time it is written. This gives callers a way to
keep the stored CN set trimmed to a known-valid subset — for example,
pruning IP addresses that are no longer valid endpoints after a rolling
restart — without requiring an explicit delete-and-regenerate cycle.

false (the default) preserves all existing CNs as before (backwards
compatible). No separate filter callback is needed: the same FilterCN
that gates new additions also governs what is kept when
PruneExistingCN is true.

Merge is updated to call generateCert instead of returning an existing
cert unchanged when the cert contains CNs that FilterCN would remove,
ensuring stale entries are pruned on the next storage sync rather than
silently propagated.

The pruneAnnotations call inside generateCert is moved to after
populateCN so the cert and its annotation set stay in sync.

PruneExistingCN is wired through NewListenerWithChain; SANs pre-seeded
in Config.SANs are always preserved via allowDefaultSANs regardless of
the filter.

Add unit tests covering hasStaleCNs, pruneAnnotations, Merge (stale in
target, stale in additional, no stale, PruneExistingCN=false, static
target), Renew, Regenerate, and AddCN.
v0.9.0-rc.2
2026-06-19 15:07:13 -04:00
renovate-rancher[bot]
1c353f118e Update rancher/renovate-config digest to af4fff4 (#294)
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
2026-06-18 10:53:29 -04:00
renovate-rancher[bot]
9ce3c785c5 Update module golang.org/x/crypto to v0.53.0 (#300)
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
2026-06-16 08:39:14 -04:00
renovate-rancher[bot]
ca253e24fd Update actions/checkout digest to df4cb1c (#290)
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
2026-06-11 14:28:14 -04:00
renovate-rancher[bot]
c5697ecf96 Update rancher/renovate-config digest to a473c74 (#283)
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
2026-06-01 11:13:14 -04:00
Eshaan Lumba
416cd9c2af Add support for wildcard SANs (#272)
* factory: relax cnRegexp to accept RFC 6125 single-label wildcards

* factory: escape '*' in getAnnotationKey to satisfy K8s annotation key rules

* factory: NeedsUpdate honors existing wildcard SANs (RFC 6125 match)

* factory: tests for cert-lifecycle paths with wildcard SANs

* listener: filter wildcards from runtime sources (TLS SNI, TCP, HTTP)

---------

Co-authored-by: Eshaan Lumba <lumbaeshaan@microsoft.com>
2026-05-28 12:53:54 -04:00
renovate-rancher[bot]
cc139f559e Update module golang.org/x/crypto to v0.52.0 [SECURITY] (#279)
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
2026-05-27 12:30:01 -04:00
renovate-rancher[bot]
75afb8320b Update rancher/renovate-config digest to ca9c958 (#281)
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
2026-05-27 11:21:21 -04:00
renovate-rancher[bot]
b9188411b8 Update module golang.org/x/crypto to v0.51.0 (#263)
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
2026-05-19 09:31:05 -04:00
renovate-rancher[bot]
bdaa69c7cf Update rancher/renovate-config digest to 45f7159 (#277)
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
2026-05-15 07:39:43 -04:00
Chad Roberts
3c309ae472 Update VERSION.md for v0.9 main and new release/v0.8 branch (#275)
- main branch now tracks v0.9 (v1.27+)
- Add release/v0.8 entry for v0.8 (v1.27 - v1.35)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-05-13 10:06:12 -04:00
teja
54ec826442 bump k8s v1.36 (#261)
bump k8s v1.36

Delete .github/.DS_Store

Co-authored-by: Teja78906 <alluteja@Allus-MacBook-Air.local>
v0.9.0-rc.1
2026-05-13 05:39:50 -04:00
Sakala Venkata Krishna Rohit
3c06476a78 Bump wrangler to v3.6.0 (#274)
Bumps github.com/rancher/wrangler/v3 from v3.5.1 to v3.6.0
for Kubernetes v1.35 support in Rancher v2.14.2.
v0.8.2
2026-05-12 15:27:14 -07:00
renovate-rancher[bot]
ecad3b6409 Update rancher/renovate-config digest to 7478101 (#267)
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
2026-05-07 06:28:58 -04:00
renovate-rancher[bot]
3d4e436885 Update rancher/renovate-config digest to c2602b5 (#262)
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
2026-05-06 06:39:14 -04:00
Chad Roberts
a69fd783af Reduce renovate PR noise (#260) 2026-05-05 10:13:35 -04:00
renovate-rancher[bot]
41d3898380 Update fossas/fossa-action action to v1.9.0 (#259)
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
2026-04-29 06:47:29 -04:00
renovate-rancher[bot]
1d24fa2e70 Update rancher/renovate-config digest to 9d3c102 (#257)
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
2026-04-28 10:58:47 -04:00
renovate-rancher[bot]
7cd84d3776 Update rancher/renovate-config digest to e1355a7 (#254)
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
2026-04-17 06:33:04 -04:00
Felipe Gehrke
197ecdc656 unRC Wrangler v3.5.1 (#255) v0.8.1 2026-04-14 15:46:49 -03:00
Felipe Gehrke
267e429129 [main] Bump wrangler to v3.5.1-rc.1 (#253)
Bumped:
- github.com/rancher/wrangler/v3 to v3.5.1-rc.1
v0.8.1-rc.2
2026-04-10 15:31:11 -03:00
renovate-rancher[bot]
893c58179c Update rancher/renovate-config digest to 240174f (#249)
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
2026-04-09 08:27:38 -04:00
renovate-rancher[bot]
a6f4fcc269 Update GitHub Actions (#248)
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
v0.8.1-rc.1
2026-04-01 10:04:27 -04:00
Josh Meranda
ad373f082c Pin GH Actions to commit sha (#241)
Co-authored-by: joshmeranda <joshua.meranda@gmail.com>
2026-03-31 15:00:00 -04:00
renovate-rancher[bot]
25a90ebf06 Update actions/setup-go action to v6.3.0 (#239)
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
2026-03-27 11:29:13 -04:00
Josh Meranda
7925347724 [main] Bump wrangler (#240)
* go get github.com/rancher/wrangler/v3@v3.5.0

* go mod tidy

---------

Co-authored-by: joshmeranda <joshua.meranda@gmail.com>
2026-03-17 18:40:12 -04:00
renovate-rancher[bot]
ed5103ed5c Update module golang.org/x/crypto to v0.49.0 (#233)
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
2026-03-17 08:17:19 -04:00
Josh Meranda
35c73736ff [main[ update VERSION.md for new branches (#235)
* update VERSION.md for new branches

* fix typo

---------

Co-authored-by: joshmeranda <joshua.meranda@gmail.com>
v0.8.0
2026-02-17 17:11:27 -05:00
Josh Meranda
05791abf1d [main] Bump wrangler (#234)
* go get github.com/rancher/wrangler/v3@v3.3.4

* go mod tidy
v0.7.4 v0.7.4-rc.3
2026-02-17 14:49:47 -05:00
Chad Roberts
ed2d6e66ca Bump wrangler to v3.4.0 (#232) v0.7.4-rc.2 2026-02-12 09:16:59 -05:00
renovate-rancher[bot]
d491fa2458 Update actions/checkout digest to de0fac2 (#229)
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
v0.7.4-rc.1
2026-02-11 13:18:46 -05:00
renovate-rancher[bot]
f0fba36fbc Update module github.com/rancher/wrangler/v3 to v3.3.2-rc.2 (#230)
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
2026-02-10 06:57:45 -05:00
Vardhaman
851039aa0f bumped go to 1.25 and k8s deps to v0.35.0 (#228) 2026-01-29 17:17:40 +05:30
renovate-rancher[bot]
da6909ef48 Update actions/checkout action to v6 (#215)
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
2026-01-28 14:18:38 -05:00
renovate-rancher[bot]
aabff49256 Update GitHub Actions (#214)
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
2026-01-27 11:16:49 -05:00
renovate-rancher[bot]
4ce2d72461 Update module github.com/sirupsen/logrus to v1.9.4 (#224)
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
2026-01-21 15:16:49 -05:00
Guilherme Macedo
a0b7e9349b Add FOSSA scanning workflow (#221)
Signed-off-by: Guilherme Macedo <guilherme@gmacedo.com>
2026-01-16 13:06:18 -05:00
Tom Lebreux
d1758a051b Bump wrangler to v3.3.1 (#222) 2026-01-14 12:29:45 -05:00
Wesley
3e35acfa52 Avoid creating certs that violate Apple requirements for macOS 10.15 (#208)
* Prevent creating non-standards compliant certs.

Changes generated certificates to have a NotBefore based on either the
CA NotBefore or the current time. This prevents creation of certificates
that are valid for too long making them return errors on platforms like
MacOS.

* Add license header and add test cases
v0.7.3 v0.7.3-rc.1
2025-10-03 13:12:21 -07:00
Eric Promislow
4654f37539 Bump to wrangler v3.3.0-rc.2 (#210) v0.7.2 v0.7.2-rc.3 2025-10-02 13:24:19 -07:00
Swastik Gour
b42a6b8158 Upgraded Wranger (#209)
* [1.34] bumped dependencies

Signed-off-by: swastik959 <Sswastik959@gmail.com>

* upgraded wrangler

Signed-off-by: swastik959 <swastik.gour@suse.com>

---------

Signed-off-by: swastik959 <Sswastik959@gmail.com>
Signed-off-by: swastik959 <swastik.gour@suse.com>
v0.7.2-rc2
2025-10-01 09:49:13 -04:00
Eric Promislow
4d2b3c8d6c Bump to lasso v0.2.5-rc.1. (#207) 2025-09-24 15:42:44 -07:00
Eric Promislow
7465aad706 bump to k8s 1.34 (#206) 2025-09-23 15:40:18 -07:00
renovate-rancher[bot]
9e223bf3d1 Update module github.com/stretchr/testify to v1.11.1 (#198)
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
2025-09-16 12:18:50 -07:00
renovate-rancher[bot]
aa42a0041a Update GitHub Actions (#191)
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
2025-09-16 12:14:44 -07:00
renovate-rancher[bot]
bc271c7b1c Migrate config .github/renovate.json (#187)
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
2025-09-16 12:13:21 -07:00
renovate-rancher[bot]
3ba1247841 Update module github.com/rancher/wrangler/v3 to v3.2.4 (#186)
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
2025-09-16 12:11:56 -07:00
renovate-rancher[bot]
fed04c5a1d Update module golang.org/x/crypto to v0.42.0 (#165)
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
2025-09-16 12:09:36 -07:00
Brad Davidson
7ad41853e0 Do not update memory storage with a nil secret (#205)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
v0.7.2-rc1
2025-09-15 11:19:38 -07:00