Commit Graph

137 Commits (26440d9e1f9d9cfb8dbab6473a10d8525c6152dd)

Author SHA1 Message Date
freddygv 31e757de2a Replace CertURI.Authorize() calls.
4 years ago
R.B. Boyer a0d26430cc
connect: if the token given to the vault provider returns no data avoid a panic (#9806)
4 years ago
Matt Keeler d9d4c492ab
Ensure that CA initialization does not block leader election.
4 years ago
Daniel Nephin b9e60c0775 testing: skip slow tests with -short
4 years ago
Kyle Havlovitz 0bfda4481f Add CA server delegate interface for testing
4 years ago
Kyle Havlovitz 6fba82a4fa connect: Add CAManager for synchronizing CA operations
4 years ago
Kyle Havlovitz af34b26221 connect: Add logic for updating secondary DC intermediate on config set
4 years ago
Daniel Nephin 3dfb7c224b stream: Use a no-op event publisher if streaming is disabled
4 years ago
Kyle Havlovitz f700a5707b connect: Use the lookup-self endpoint for Vault token
4 years ago
Kyle Havlovitz 01ce9f5b18 Update CI for leader renew CA test using Vault
4 years ago
Kyle Havlovitz e13f4af06b connect: Check for expired root cert when cross-signing
4 years ago
Kyle Havlovitz 2ec94b027e connect: Enable renewing the intermediate cert in the primary DC
4 years ago
Hans Hasselberg d4877f03e7
fix TestLeader_SecondaryCA_IntermediateRenew (#8702)
4 years ago
Kyle Havlovitz b1b21139ca Merge branch 'master' into vault-ca-renew-token
4 years ago
Kyle Havlovitz 1cd7c43544 Update vault CA for latest api client
4 years ago
Kyle Havlovitz 7ffef62ed7 Clean up CA shutdown logic and error
4 years ago
Kyle Havlovitz 49056fe70f Clean up Vault renew tests and shutdown
4 years ago
Kyle Havlovitz f40fb577fe Use mapstructure for decoding vault data
4 years ago
Kyle Havlovitz aa97366020 Add a stop function to make sure the renewer is shut down on leader change
4 years ago
Kyle Havlovitz 2f7210bde2 Move IntermediateCertTTL to common CA config
4 years ago
Kyle Havlovitz 411b6537ef Add a test for token renewal
4 years ago
Kyle Havlovitz 97f1f341d6 Automatically renew the token used by the Vault CA provider
4 years ago
Matt Keeler 9da8c51ac5
Fix issue with changing the agent token causing failure to renew the auto-encrypt certificate
4 years ago
Daniel Nephin f65e21e6dc Remove unused return values
4 years ago
Daniel Nephin a9851e1812
Merge pull request #8070 from hashicorp/dnephin/add-gofmt-simplify
5 years ago
Daniel Nephin 068b43df90 Enable gofmt simplify
5 years ago
Paul Banks f6ac08be04 state: track changes so that they may be used to produce change events
5 years ago
Hans Hasselberg 5281cb74db
Setup intermediate_pki_path on secondary when using vault (#8001)
5 years ago
Jono Sosulska c554ba9e10
Replace whitelist/blacklist terminology with allowlist/denylist (#7971)
5 years ago
Daniel Nephin 61ec7aa5c9 ci: Run all connect/ca tests from the integration suite
5 years ago
Daniel Nephin f4a35dfd84 ci: Do not skip tests because of missing binaries on CI
5 years ago
Hans Hasselberg 6739fe6e83
connect: add validations around intermediate cert ttl (#7213)
5 years ago
R.B. Boyer 8c596953b0
agent: ensure that we always use the same settings for msgpack (#7245)
5 years ago
Matt Keeler dfb0177dbc
Testing updates to support namespaced testing of the agent/xds… (#7185)
5 years ago
Matt Keeler bfc03ec587
Fix a couple bugs regarding intentions with namespaces (#7169)
5 years ago
Chris Piraino 401221de58
Allow users to configure either unstructured or JSON logging (#7130)
5 years ago
Matt Keeler c09693e545
Updates to Config Entries and Connect for Namespaces (#7116)
5 years ago
Hans Hasselberg 82c556d1be
connect: use correct subject key id for leaf certificates. (#7091)
5 years ago
R.B. Boyer e2eb9f0585
test: ensure we don't ask vault to sign a leaf that outlives its CA when acting as a secondary (#7100)
5 years ago
Hans Hasselberg 804eb17094
connect: check if intermediate cert needs to be renewed. (#6835)
5 years ago
Hans Hasselberg 87f32c8ba6
auto_encrypt: set dns and ip san for k8s and provide configuration (#6944)
5 years ago
Matt Keeler 8bd34e126f
Intentions ACL enforcement updates (#7028)
5 years ago
R.B. Boyer 10f04a8c4a connect: derive connect certificate serial numbers from a memdb index instead of the provider table max index (#7011)
5 years ago
Paul Banks cd1b613352
connect: Add AWS PCA provider (#6795)
5 years ago
Paul Banks d7329097b2
Change CA Configure struct to pass Datacenter through (#6775)
5 years ago
Paul Banks b621910618
Support Connect CAs that can't cross sign (#6726)
5 years ago
Paul Banks 45d57ca601
connect: Allow CA Providers to store small amount of state (#6751)
5 years ago
Todd Radel 29b5253154 connect: Implement NeedsLogger interface for CA providers (#6556)
5 years ago
Todd Radel 54f92e2924 Make all Connect Cert Common Names valid FQDNs (#6423)
5 years ago
Paul Banks 87699eca2f
Fix support for RSA CA keys in Connect. (#6638)
5 years ago