Commit Graph

91 Commits (1768215b6b9bfe3196a2d70564c15c70ea6ef658)

Author SHA1 Message Date
Chris S. Kim 9d00b13140
Vault CA bugfixes (#19285)
1 year ago
Chris Thain dcdf2fc6ba
Update Vault CA provider namespace configuration (#19095)
1 year ago
Chris S. Kim 4dfca64ded
Vault CA provider clean up previous default issuers (#18773)
1 year ago
hashicorp-copywrite[bot] 5fb9df1640
[COMPLIANCE] License changes (#18443)
1 year ago
Chris S. Kim 747a4c73c1
Fix bug with Vault CA provider (#18112)
1 year ago
Chris S. Kim a4653de8da
CA provider doc updates and Vault provider minor update (#17831)
1 year ago
John Eikenberry bd76fdeaeb
enable auto-tidy expired issuers in vault (as CA)
2 years ago
Chris S. Kim a5397b1f23
Connect CA Primary Provider refactor (#16749)
2 years ago
Ronald 94ec4eb2f4
copyright headers for agent folder (#16704)
2 years ago
John Eikenberry f5641ffccc
support vault auth config for alicloud ca provider
2 years ago
John Eikenberry 56ffee6d42
add provider ca support for approle auth-method
2 years ago
John Eikenberry e8eec1fa80
add provider ca auth support for kubernetes
2 years ago
John Eikenberry 4211069080
add provider ca support for jwt file base auth
2 years ago
John Eikenberry 4f2d9a91e5
add provider ca auth-method support for azure
2 years ago
John Eikenberry ed7367b6f4
remove redundant vault api retry logic (#16143)
2 years ago
Chris Thain 2f4c8e50f2
Support Vault agent auth config for AWS/GCP CA provider auth (#15970)
2 years ago
R.B. Boyer 900584ca82
connect: ensure all vault connect CA tests use limited privilege tokens (#15669)
2 years ago
R.B. Boyer 4940a728ab
Detect Vault 1.11+ import in secondary datacenters and update default issuer (#15661)
2 years ago
Chris S. Kim c9ec9fa320
Fix Vault managed intermediate PKI bug (#15525)
2 years ago
Alexander Scheel 2b90307f6d
Detect Vault 1.11+ import, update default issuer (#15253)
2 years ago
Kyle Schochenmaier bf0f61a878
removes ioutil usage everywhere which was deprecated in go1.16 (#15297)
2 years ago
Kyle Havlovitz d122108992 Warn instead of returning an error when intermediate mount tune permission is missing
2 years ago
Kyle Havlovitz d67bccd210 Update intermediate pki mount/role when reconfiguring Vault provider
2 years ago
Freddy 74ca6406ea
Configure upstream TLS context with peer root certs (#13321)
3 years ago
Mark Anderson c6ff4ba7d8
Support vault namespaces in connect CA (#12904)
3 years ago
John Murret a1117261df set vault namespaces on vault client prior to logging in with the vault auth method
3 years ago
Mark Anderson 018edc222e
Avoid using sys/mounts to enable namespaces (#12655)
3 years ago
Connor 922619dfc3
Fix leaked Vault LifetimeRenewers (#12607)
3 years ago
Daniel Nephin 6b679aa9d4 Update TODOs to reference an issue with more details
3 years ago
Daniel Nephin 42ec34d101 ca: examine the full chain in newCARoot
3 years ago
Daniel Nephin 86994812ed ca: cleanup validateSetIntermediate
3 years ago
Daniel Nephin c1c1580bf8 ca: only return the leaf cert from Sign in vault provider
3 years ago
Daniel Nephin 51b0f82d0e Make test more readable
3 years ago
Daniel Nephin 608597c7b6 ca: relax and move private key type/bit validation for vault
3 years ago
Daniel Nephin 7839b2d7e0 ca: add a test that uses an intermediate CA as the primary CA
3 years ago
Daniel Nephin 9b7468f99e ca/provider: remove ActiveRoot from Provider
3 years ago
Daniel Nephin b92084b8e8 ca: reduce consul provider backend interface a bit
3 years ago
Iryna Shustava 0ee456649f
connect: Support auth methods for the vault connect CA provider (#11573)
3 years ago
Daniel Nephin b9ab9bae12 ca: accept only the cluster ID to SpiffeIDSigningForCluster
3 years ago
Connor efe4b21287
Support Vault Namespaces explicitly in CA config (#11477)
3 years ago
FFMMM 4ddf973a31
add root_cert_ttl option for consul connect, vault ca providers (#11428)
3 years ago
R.B. Boyer 7bf9ea55cf
connect/ca: require new vault mount points when updating the key type/bits for the vault connect CA provider (#10331)
3 years ago
Daniel Nephin fc14f5ab14 ca: move provider creation into CAManager
3 years ago
Dhia Ayachi 9b45107c1e
Format certificates properly (rfc7468) with a trailing new line (#10411)
3 years ago
R.B. Boyer a2876453a5
connect/ca: cease including the common name field in generated certs (#10424)
3 years ago
Daniel Nephin f52d76f096 ca: replace ca.PrimaryIntermediateProviders
3 years ago
R.B. Boyer a0d26430cc
connect: if the token given to the vault provider returns no data avoid a panic (#9806)
4 years ago
Matt Keeler d9d4c492ab
Ensure that CA initialization does not block leader election.
4 years ago
Kyle Havlovitz 6fba82a4fa connect: Add CAManager for synchronizing CA operations
4 years ago
Kyle Havlovitz f700a5707b connect: Use the lookup-self endpoint for Vault token
4 years ago