Commit Graph

58 Commits (c64f3600f0d6cc0856569e6c83f2e1cfeddaf296)

Author SHA1 Message Date
Kyle Havlovitz 0bfda4481f Add CA server delegate interface for testing
4 years ago
Kyle Havlovitz 9be7c6401c connect: update some function comments in CA manager
4 years ago
Kyle Havlovitz 2f7210bde2 Move IntermediateCertTTL to common CA config
4 years ago
Matt Keeler 2ee9fe0a4d
Move generation of the CA Configuration from the agent code into a method on the RuntimeConfig (#8363)
4 years ago
Daniel Nephin 600645b5f9 Add unconvert linter
5 years ago
Hans Hasselberg 6739fe6e83
connect: add validations around intermediate cert ttl (#7213)
5 years ago
R.B. Boyer 8c596953b0
agent: ensure that we always use the same settings for msgpack (#7245)
5 years ago
Matt Keeler dfb0177dbc
Testing updates to support namespaced testing of the agent/xds… (#7185)
5 years ago
Hans Hasselberg 804eb17094
connect: check if intermediate cert needs to be renewed. (#6835)
5 years ago
R.B. Boyer 10f04a8c4a connect: derive connect certificate serial numbers from a memdb index instead of the provider table max index (#7011)
5 years ago
Matt Keeler a704ebe639
Add Namespace support to the API module and the CLI commands (#6874)
5 years ago
Paul Banks cd1b613352
connect: Add AWS PCA provider (#6795)
5 years ago
Paul Banks b621910618
Support Connect CAs that can't cross sign (#6726)
5 years ago
Paul Banks 45d57ca601
connect: Allow CA Providers to store small amount of state (#6751)
5 years ago
Paul Banks 87699eca2f
Fix support for RSA CA keys in Connect. (#6638)
5 years ago
R.B. Boyer c4b92d5534
connect: connect CA Roots in secondary datacenters should use a SigningKeyID derived from their local intermediate (#6513)
5 years ago
Paul Banks e87cef2bb8 Revert "connect: support AWS PCA as a CA provider" (#6251)
5 years ago
Todd Radel 3497b7c00d
connect: support AWS PCA as a CA provider (#6189)
5 years ago
Todd Radel 2552f4a11a
connect: Support RSA keys in addition to ECDSA (#6055)
5 years ago
Hans Hasselberg 33a7df3330
tls: auto_encrypt enables automatic RPC cert provisioning for consul clients (#5597)
5 years ago
Paul Banks ef9f27cbc8
connect: tame thundering herd of CSRs on CA rotation (#5228)
6 years ago
Matt Keeler 1ec5f2a27f
Store leaf cert indexes in raft and use for the ModifyIndex on the returned certs (#5211)
6 years ago
Paul Banks 0638e09b6e
connect: agent leaf cert caching improvements (#5091)
6 years ago
Hans Hasselberg 067027230b
connect: add tls config for vault connect ca provider (#5125)
6 years ago
Paul Banks 54c2ff6aca
connect: remove additional trust-domain validation (#4934)
6 years ago
Kyle Havlovitz c617326470 re-add Connect multi-dc config changes
6 years ago
Jack Pearkes 8bcfbaffb6 Revert "Connect multi-dc config" (#4784)
6 years ago
Kyle Havlovitz 98d95cfa80 connect: add ExternalTrustDomain to CARoot fields
6 years ago
Kyle Havlovitz d515d25856
Merge pull request #4644 from hashicorp/ca-refactor
6 years ago
Paul Banks 74f2a80a42
Fix CA pruning when CA config uses string durations. (#4669)
6 years ago
Kyle Havlovitz c112a72880
connect/ca: some cleanup and reorganizing of the new methods
6 years ago
Kyle Havlovitz 546bdf8663
connect/ca: add Configure/GenerateRoot to provider interface
6 years ago
Kyle Havlovitz ce10de036e
connect/ca: check LeafCertTTL when rotating expired roots
6 years ago
Kyle Havlovitz d6ca015a42
connect/ca: add configurable leaf cert TTL
6 years ago
Kyle Havlovitz 401b206a2e
Store the time CARoot is rotated out instead of when to prune
6 years ago
Kyle Havlovitz 1492243e0a
connect/ca: add logic for pruning old stale RootCA entries
6 years ago
Kyle Havlovitz 1a8ac686b2 connect/ca: add the Vault CA provider
7 years ago
Paul Banks c1f2025d96
Return TrustDomain from CARoots RPC
7 years ago
Kyle Havlovitz 6e9f1f8acb
Add more metadata to structs.CARoot
7 years ago
Kyle Havlovitz 627aa80d5a
Use provider state table for a global serial index
7 years ago
Kyle Havlovitz edcfdb37af
Fix some inconsistencies around the CA provider code
7 years ago
Kyle Havlovitz 32d1eae28b
Move ConsulCAProviderConfig into structs package
7 years ago
Kyle Havlovitz c6e1b72ccb
Simplify the CA provider interface by moving some logic out
7 years ago
Kyle Havlovitz a325388939
Clarify some comments and names around CA bootstrapping
7 years ago
Kyle Havlovitz 33418afd3c
Add cross-signing mechanism to root rotation
7 years ago
Kyle Havlovitz d83fbfc766
Add the root rotation mechanism to the CA config endpoint
7 years ago
Kyle Havlovitz f9d92d795e
Have the built in CA store its state in raft
7 years ago
Kyle Havlovitz ab737ef0f8
Hook the CA RPC endpoint into the provider interface
7 years ago
Mitchell Hashimoto a54d1af421
agent/consul: encode issued cert serial number as hex encoded
7 years ago
Mitchell Hashimoto 4210003c86
agent/structs: hide some fields from JSON
7 years ago