Merge 3493b50 into 916c228

.github/workflows/keyfactor-workflow.yml

@@ -11,11 +11,12 @@ on:
 
 jobs:
   call-starter-workflow:
-    uses: keyfactor/actions/.github/workflows/starter.yml@ejbca-readme-updates
+    uses: keyfactor/actions/.github/workflows/starter.yml@d75ddd58537af8e5b6961b6e571a09ecd751c5b5 # v3.0
     secrets:
       token: ${{ secrets.V2BUILDTOKEN}}
       APPROVE_README_PUSH: ${{ secrets.APPROVE_README_PUSH}}
       gpg_key: ${{ secrets.KF_GPG_PRIVATE_KEY }}
       gpg_pass: ${{ secrets.KF_GPG_PASSPHRASE }}
+      scan_token: ${{ secrets.SAST_TOKEN }}
       docker-user: ${{ secrets.DOCKER_USER }}
       docker-token:  ${{ secrets.DOCKER_PWD }}

.github/workflows/test.yml

@@ -30,7 +30,7 @@ jobs:
       - name: Run linters
         uses: golangci/golangci-lint-action@3a919529898de77ec3da873e3063ca4b10e7f5cc # v3.7.0
         with:
-          version: latest
+          version: v1.64.5
 
   test:
     name: Go Test

.golangci.yml

@@ -2,11 +2,11 @@ run:
   # timeout for analysis, e.g. 30s, 5m, default is 1m
   timeout: 12m
 
-  skip-dirs:
+issues:
+  exclude-dirs:
     - testdata$
     - test/mock
-
-  skip-files:
+  exclude-files:
     - ".*\\.pb\\.go"
 
 linters:

Makefile

@@ -169,7 +169,7 @@ GOLANGCI_LINT = $(LOCALBIN)/golangci-lint-$(GOLANGCI_LINT_VERSION)
 KUSTOMIZE_VERSION ?= v5.3.0
 CONTROLLER_TOOLS_VERSION ?= v0.15.0
 ENVTEST_VERSION ?= latest
-GOLANGCI_LINT_VERSION ?= v1.54.2
+GOLANGCI_LINT_VERSION ?= v1.64.5
 
 .PHONY: kustomize
 kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary.

api/v1alpha1/issuer_types.go

@@ -35,12 +35,19 @@ type IssuerSpec struct {
 	// namespace that the controller runs in).
 	EjbcaSecretName string `json:"ejbcaSecretName"`
 
-	// The name of the secret containing the CA bundle to use when verifying
+	// The name of a Secret containing the CA bundle to use when verifying
 	// EJBCA's server certificate. If specified, the CA bundle will be added to
 	// the client trust roots for the EJBCA issuer.
 	// +optional
 	CaBundleSecretName string `json:"caBundleSecretName"`
 
+	// The name of a ConfigMap containing the CA bundle to use when verifying
+	// EJBCA's server certificate. If specified, the CA bundle will be added to
+	// the client trust roots for the EJBCA issuer. Takes precedence over CaBundleSecretName
+	// if specified.
+	// +optional
+	CaBundleConfigMapName string `json:"caBundleConfigMapName"`
+
 	// Optional field that overrides the default for how the EJBCA issuer should determine the
 	// name of the end entity to reference or create when signing certificates.
 	// The options are:

config/crd/bases/ejbca-issuer.keyfactor.com_clusterissuers.yaml

@@ -39,9 +39,16 @@ spec:
           spec:
             description: IssuerSpec defines the desired state of Issuer
             properties:
+              caBundleConfigMapName:
+                description: |-
+                  The name of a ConfigMap containing the CA bundle to use when verifying
+                  EJBCA's server certificate. If specified, the CA bundle will be added to
+                  the client trust roots for the EJBCA issuer. Takes precedence over CaBundleSecretName
+                  if specified.
+                type: string
               caBundleSecretName:
                 description: |-
-                  The name of the secret containing the CA bundle to use when verifying
+                  The name of a Secret containing the CA bundle to use when verifying
                   EJBCA's server certificate. If specified, the CA bundle will be added to
                   the client trust roots for the EJBCA issuer.
                 type: string

config/crd/bases/ejbca-issuer.keyfactor.com_issuers.yaml

@@ -39,9 +39,16 @@ spec:
           spec:
             description: IssuerSpec defines the desired state of Issuer
             properties:
+              caBundleConfigMapName:
+                description: |-
+                  The name of a ConfigMap containing the CA bundle to use when verifying
+                  EJBCA's server certificate. If specified, the CA bundle will be added to
+                  the client trust roots for the EJBCA issuer. Takes precedence over CaBundleSecretName
+                  if specified.
+                type: string
               caBundleSecretName:
                 description: |-
-                  The name of the secret containing the CA bundle to use when verifying
+                  The name of a Secret containing the CA bundle to use when verifying
                   EJBCA's server certificate. If specified, the CA bundle will be added to
                   the client trust roots for the EJBCA issuer.
                 type: string

docs/endentitynamecustomization.md

@@ -7,7 +7,7 @@
 [![Go Report Card](https://goreportcard.com/badge/github.com/Keyfactor/ejbca-cert-manager-issuer)](https://goreportcard.com/report/github.com/Keyfactor/ejbca-cert-manager-issuer)
 [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://img.shields.io/badge/License-Apache%202.0-blue.svg)
 
-The `defaultEndEntityName` field in the Issuer and ClusterIssuer resource spec allows you to configure how the End Entity Name is selected when issuing certificates through EJBCA. This field offers flexibility by allowing you to select different components from the Certificate Signing Request (CSR) or other contextual data as the End Entity Name.
+The `endEntityName` field in the Issuer and ClusterIssuer resource spec allows you to configure how the End Entity Name is selected when issuing certificates through EJBCA. This field offers flexibility by allowing you to select different components from the Certificate Signing Request (CSR) or other contextual data as the End Entity Name.
 
 ## EJBCA End Entity Name Configuration
 The endEntityName field in the Issuer and ClusterIssuer resource spec allows you to configure how the End Entity Name is selected when issuing certificates through EJBCA. This field offers flexibility by allowing you to select different components from the Certificate Signing Request (CSR) or other contextual data as the End Entity Name.