Commit Graph

86 Commits (b95ab0d33cbc649d6fddcae08819b88963aeea35)

Author SHA1 Message Date
Hans Hasselberg d4877f03e7
fix TestLeader_SecondaryCA_IntermediateRenew (#8702)
4 years ago
Kyle Havlovitz b1b21139ca Merge branch 'master' into vault-ca-renew-token
4 years ago
Kyle Havlovitz 1cd7c43544 Update vault CA for latest api client
4 years ago
Kyle Havlovitz 7ffef62ed7 Clean up CA shutdown logic and error
4 years ago
Kyle Havlovitz 49056fe70f Clean up Vault renew tests and shutdown
4 years ago
Kyle Havlovitz f40fb577fe Use mapstructure for decoding vault data
4 years ago
Kyle Havlovitz aa97366020 Add a stop function to make sure the renewer is shut down on leader change
4 years ago
Kyle Havlovitz 2f7210bde2 Move IntermediateCertTTL to common CA config
4 years ago
Kyle Havlovitz 411b6537ef Add a test for token renewal
4 years ago
Kyle Havlovitz 97f1f341d6 Automatically renew the token used by the Vault CA provider
4 years ago
Daniel Nephin f65e21e6dc Remove unused return values
5 years ago
Paul Banks f6ac08be04 state: track changes so that they may be used to produce change events
5 years ago
Hans Hasselberg 5281cb74db
Setup intermediate_pki_path on secondary when using vault (#8001)
5 years ago
Daniel Nephin 61ec7aa5c9 ci: Run all connect/ca tests from the integration suite
5 years ago
Daniel Nephin f4a35dfd84 ci: Do not skip tests because of missing binaries on CI
5 years ago
Hans Hasselberg 6739fe6e83
connect: add validations around intermediate cert ttl (#7213)
5 years ago
R.B. Boyer 8c596953b0
agent: ensure that we always use the same settings for msgpack (#7245)
5 years ago
Chris Piraino 401221de58
Allow users to configure either unstructured or JSON logging (#7130)
5 years ago
Matt Keeler c09693e545
Updates to Config Entries and Connect for Namespaces (#7116)
5 years ago
Hans Hasselberg 82c556d1be
connect: use correct subject key id for leaf certificates. (#7091)
5 years ago
R.B. Boyer e2eb9f0585
test: ensure we don't ask vault to sign a leaf that outlives its CA when acting as a secondary (#7100)
5 years ago
Hans Hasselberg 804eb17094
connect: check if intermediate cert needs to be renewed. (#6835)
5 years ago
Hans Hasselberg 87f32c8ba6
auto_encrypt: set dns and ip san for k8s and provide configuration (#6944)
5 years ago
R.B. Boyer 10f04a8c4a connect: derive connect certificate serial numbers from a memdb index instead of the provider table max index (#7011)
5 years ago
Paul Banks cd1b613352
connect: Add AWS PCA provider (#6795)
5 years ago
Paul Banks d7329097b2
Change CA Configure struct to pass Datacenter through (#6775)
5 years ago
Paul Banks b621910618
Support Connect CAs that can't cross sign (#6726)
5 years ago
Paul Banks 45d57ca601
connect: Allow CA Providers to store small amount of state (#6751)
5 years ago
Todd Radel 29b5253154 connect: Implement NeedsLogger interface for CA providers (#6556)
5 years ago
Todd Radel 54f92e2924 Make all Connect Cert Common Names valid FQDNs (#6423)
5 years ago
Paul Banks 87699eca2f
Fix support for RSA CA keys in Connect. (#6638)
5 years ago
Matt Keeler 28221f66f2
Use encoding/json instead of jsonpb even for protobuf types (#6572)
5 years ago
Matt Keeler abed91d069
Generate JSON and Binary Marshalers for Protobuf Types (#6564)
5 years ago
R.B. Boyer af01d397a5
connect: don't colon-hex-encode the AuthorityKeyId and SubjectKeyId fields in connect certs (#6492)
5 years ago
R.B. Boyer 796de297c8
connect: intermediate CA certs generated with the vault provider lack URI SANs (#6491)
5 years ago
Matt Keeler 51dcd126b7
Add support for implementing new requests with protobufs instea… (#6502)
5 years ago
Alvin Huang c516fabfac
revert commits on master (#6413)
5 years ago
tradel 9b1ac4e7ef add subject names to issued certs
5 years ago
tradel 82ae7caf3e Added DC and domain args to Configure method
5 years ago
R.B. Boyer 561b2fe606
connect: generate the full SNI names for discovery targets in the compiler rather than in the xds package (#6340)
5 years ago
Paul Banks e87cef2bb8 Revert "connect: support AWS PCA as a CA provider" (#6251)
5 years ago
Todd Radel 3497b7c00d
connect: support AWS PCA as a CA provider (#6189)
5 years ago
Todd Radel 2552f4a11a
connect: Support RSA keys in addition to ECDSA (#6055)
5 years ago
Christian Muehlhaeuser 7753b97cc7 Simplified code in various places (#6176)
5 years ago
Hans Hasselberg 33a7df3330
tls: auto_encrypt enables automatic RPC cert provisioning for consul clients (#5597)
6 years ago
R.B. Boyer f4a3b9d518
fix typos reported by golangci-lint:misspell (#5434)
6 years ago
R.B. Boyer 409c901f8e test: fix concurrent map access when setting up test vault
6 years ago
R.B. Boyer c7067645dd fix a few leap-year related clock math inaccuracies and failing tests
6 years ago
Kyle Havlovitz 29e4c17b07
connect/ca: fix a potential panic in the Consul provider
6 years ago
Kyle Havlovitz a28ba4687d
connect/ca: return a better error message if the CA isn't fully initialized when signing
6 years ago