Commit Graph

120 Commits (d0578c6dfc2709ce1e21d4443a1f4498762b78ef)

Author SHA1 Message Date
Daniel Nephin 4116a143e0 fix misleading errors on vault shutdown
3 years ago
Daniel Nephin 214dcf8d0d ca: use the real FSM operation in tests
3 years ago
Daniel Nephin d795a73f78 testing: use the new freeport interfaces
3 years ago
Daniel Nephin b92084b8e8 ca: reduce consul provider backend interface a bit
3 years ago
Iryna Shustava 0ee456649f
connect: Support auth methods for the vault connect CA provider (#11573)
3 years ago
Daniel Nephin b4080bc0dc ca: use the cluster ID passed to the primary
3 years ago
Daniel Nephin b9ab9bae12 ca: accept only the cluster ID to SpiffeIDSigningForCluster
3 years ago
Connor efe4b21287
Support Vault Namespaces explicitly in CA config (#11477)
3 years ago
FFMMM 61bd417a82
plumb thru root cert tll to the aws ca provider (#11449)
3 years ago
FFMMM 6004a21f35
fix aws pca certs (#11470)
3 years ago
FFMMM 4ddf973a31
add root_cert_ttl option for consul connect, vault ca providers (#11428)
3 years ago
Daniel Nephin b2f49279e2 ca: split Primary/Secondary Provider
3 years ago
Dhia Ayachi 58bd817336
check expiry date of the root/intermediate before using it to sign a leaf (#10500)
3 years ago
R.B. Boyer 6c47efd532
connect/ca: ensure edits to the key type/bits for the connect builtin CA will regenerate the roots (#10330)
3 years ago
R.B. Boyer 7bf9ea55cf
connect/ca: require new vault mount points when updating the key type/bits for the vault connect CA provider (#10331)
3 years ago
Daniel Nephin 0ccad1d6f7
Merge pull request #10479 from hashicorp/dnephin/ca-provider-explore-2
3 years ago
Daniel Nephin bf292cbae4 ca: use provider constructors to be more consistent
3 years ago
Dhia Ayachi 5ed56fc786 check error when `raftApplyMsgpack`
3 years ago
Daniel Nephin 6228c4a53c ca: fix mockCAServerDelegate to work with the new interface
3 years ago
Daniel Nephin fc14f5ab14 ca: move provider creation into CAManager
3 years ago
Daniel Nephin 3a045cca8d ca: remove unused RotationPeriod field
3 years ago
Dhia Ayachi 9b45107c1e
Format certificates properly (rfc7468) with a trailing new line (#10411)
3 years ago
R.B. Boyer a2876453a5
connect/ca: cease including the common name field in generated certs (#10424)
3 years ago
Daniel Nephin f52d76f096 ca: replace ca.PrimaryIntermediateProviders
3 years ago
R.B. Boyer a0d26430cc
connect: if the token given to the vault provider returns no data avoid a panic (#9806)
4 years ago
Matt Keeler d9d4c492ab
Ensure that CA initialization does not block leader election.
4 years ago
Daniel Nephin b9e60c0775 testing: skip slow tests with -short
4 years ago
Kyle Havlovitz 0bfda4481f Add CA server delegate interface for testing
4 years ago
Kyle Havlovitz 6fba82a4fa connect: Add CAManager for synchronizing CA operations
4 years ago
Daniel Nephin 3dfb7c224b stream: Use a no-op event publisher if streaming is disabled
4 years ago
Kyle Havlovitz f700a5707b connect: Use the lookup-self endpoint for Vault token
4 years ago
Kyle Havlovitz 01ce9f5b18 Update CI for leader renew CA test using Vault
4 years ago
Kyle Havlovitz e13f4af06b connect: Check for expired root cert when cross-signing
4 years ago
Kyle Havlovitz 2ec94b027e connect: Enable renewing the intermediate cert in the primary DC
4 years ago
Hans Hasselberg d4877f03e7
fix TestLeader_SecondaryCA_IntermediateRenew (#8702)
4 years ago
Kyle Havlovitz b1b21139ca Merge branch 'master' into vault-ca-renew-token
4 years ago
Kyle Havlovitz 1cd7c43544 Update vault CA for latest api client
4 years ago
Kyle Havlovitz 7ffef62ed7 Clean up CA shutdown logic and error
4 years ago
Kyle Havlovitz 49056fe70f Clean up Vault renew tests and shutdown
4 years ago
Kyle Havlovitz f40fb577fe Use mapstructure for decoding vault data
4 years ago
Kyle Havlovitz aa97366020 Add a stop function to make sure the renewer is shut down on leader change
4 years ago
Kyle Havlovitz 2f7210bde2 Move IntermediateCertTTL to common CA config
4 years ago
Kyle Havlovitz 411b6537ef Add a test for token renewal
4 years ago
Kyle Havlovitz 97f1f341d6 Automatically renew the token used by the Vault CA provider
4 years ago
Daniel Nephin f65e21e6dc Remove unused return values
4 years ago
Paul Banks f6ac08be04 state: track changes so that they may be used to produce change events
5 years ago
Hans Hasselberg 5281cb74db
Setup intermediate_pki_path on secondary when using vault (#8001)
5 years ago
Daniel Nephin 61ec7aa5c9 ci: Run all connect/ca tests from the integration suite
5 years ago
Daniel Nephin f4a35dfd84 ci: Do not skip tests because of missing binaries on CI
5 years ago
Hans Hasselberg 6739fe6e83
connect: add validations around intermediate cert ttl (#7213)
5 years ago