Commit Graph

60 Commits (c1c1580bf8110c08e2f82feba26e9eccd4f11e6e)

Author SHA1 Message Date
Daniel Nephin 9b7468f99e ca/provider: remove ActiveRoot from Provider
3 years ago
Daniel Nephin f05bad4a1d ca: update GenerateRoot godoc
3 years ago
Daniel Nephin b92084b8e8 ca: reduce consul provider backend interface a bit
3 years ago
Daniel Nephin b4080bc0dc ca: use the cluster ID passed to the primary
3 years ago
Daniel Nephin b9ab9bae12 ca: accept only the cluster ID to SpiffeIDSigningForCluster
3 years ago
FFMMM 4ddf973a31
add root_cert_ttl option for consul connect, vault ca providers (#11428)
3 years ago
R.B. Boyer 6c47efd532
connect/ca: ensure edits to the key type/bits for the connect builtin CA will regenerate the roots (#10330)
3 years ago
Daniel Nephin bf292cbae4 ca: use provider constructors to be more consistent
3 years ago
Daniel Nephin 6228c4a53c ca: fix mockCAServerDelegate to work with the new interface
3 years ago
Daniel Nephin fc14f5ab14 ca: move provider creation into CAManager
3 years ago
R.B. Boyer a2876453a5
connect/ca: cease including the common name field in generated certs (#10424)
3 years ago
Matt Keeler d9d4c492ab
Ensure that CA initialization does not block leader election.
4 years ago
Kyle Havlovitz e13f4af06b connect: Check for expired root cert when cross-signing
4 years ago
Hans Hasselberg d4877f03e7
fix TestLeader_SecondaryCA_IntermediateRenew (#8702)
4 years ago
Daniel Nephin f65e21e6dc Remove unused return values
5 years ago
Chris Piraino 401221de58
Allow users to configure either unstructured or JSON logging (#7130)
5 years ago
Hans Hasselberg 82c556d1be
connect: use correct subject key id for leaf certificates. (#7091)
5 years ago
Hans Hasselberg 804eb17094
connect: check if intermediate cert needs to be renewed. (#6835)
5 years ago
Hans Hasselberg 87f32c8ba6
auto_encrypt: set dns and ip san for k8s and provide configuration (#6944)
5 years ago
R.B. Boyer 10f04a8c4a connect: derive connect certificate serial numbers from a memdb index instead of the provider table max index (#7011)
5 years ago
Paul Banks cd1b613352
connect: Add AWS PCA provider (#6795)
5 years ago
Paul Banks d7329097b2
Change CA Configure struct to pass Datacenter through (#6775)
5 years ago
Paul Banks b621910618
Support Connect CAs that can't cross sign (#6726)
5 years ago
Paul Banks 45d57ca601
connect: Allow CA Providers to store small amount of state (#6751)
5 years ago
Todd Radel 29b5253154 connect: Implement NeedsLogger interface for CA providers (#6556)
5 years ago
Todd Radel 54f92e2924 Make all Connect Cert Common Names valid FQDNs (#6423)
5 years ago
Paul Banks 87699eca2f
Fix support for RSA CA keys in Connect. (#6638)
5 years ago
R.B. Boyer af01d397a5
connect: don't colon-hex-encode the AuthorityKeyId and SubjectKeyId fields in connect certs (#6492)
5 years ago
R.B. Boyer 796de297c8
connect: intermediate CA certs generated with the vault provider lack URI SANs (#6491)
5 years ago
Alvin Huang c516fabfac
revert commits on master (#6413)
5 years ago
tradel 9b1ac4e7ef add subject names to issued certs
5 years ago
R.B. Boyer 561b2fe606
connect: generate the full SNI names for discovery targets in the compiler rather than in the xds package (#6340)
5 years ago
Paul Banks e87cef2bb8 Revert "connect: support AWS PCA as a CA provider" (#6251)
5 years ago
Todd Radel 3497b7c00d
connect: support AWS PCA as a CA provider (#6189)
5 years ago
Todd Radel 2552f4a11a
connect: Support RSA keys in addition to ECDSA (#6055)
5 years ago
Hans Hasselberg 33a7df3330
tls: auto_encrypt enables automatic RPC cert provisioning for consul clients (#5597)
6 years ago
R.B. Boyer f4a3b9d518
fix typos reported by golangci-lint:misspell (#5434)
6 years ago
R.B. Boyer c7067645dd fix a few leap-year related clock math inaccuracies and failing tests
6 years ago
Kyle Havlovitz 29e4c17b07
connect/ca: fix a potential panic in the Consul provider
6 years ago
Kyle Havlovitz a28ba4687d
connect/ca: return a better error message if the CA isn't fully initialized when signing
6 years ago
Kyle Havlovitz e8dd89359a
agent: fix formatting
6 years ago
Aestek 25f04fbd21 [Security] Add finer control over script checks (#4715)
6 years ago
Kyle Havlovitz 57deb28ade connect/ca: tighten up the intermediate signing verification
6 years ago
Kyle Havlovitz 2919519665 connect/ca: add intermediate functions to Vault ca provider
6 years ago
Kyle Havlovitz 52e8652ac5 connect/ca: add intermediate functions to Consul CA provider
6 years ago
Kyle Havlovitz 5c7fbc284d connect/ca: hash the consul provider ID and include isRoot
6 years ago
Kyle Havlovitz c112a72880
connect/ca: some cleanup and reorganizing of the new methods
6 years ago
Kyle Havlovitz 546bdf8663
connect/ca: add Configure/GenerateRoot to provider interface
6 years ago
Siva Prasad 288d350a73
Revert "CA initialization while boostrapping and TestLeader_ChangeServerID fix." (#4497)
6 years ago
Siva Prasad 589b589b53
CA initialization while boostrapping and TestLeader_ChangeServerID fix. (#4493)
6 years ago