Commit Graph

115 Commits (d72f72dcd5534e466df31dddf712274cee919551)

Author SHA1 Message Date
Matt Keeler 9da8c51ac5
Fix issue with changing the agent token causing failure to renew the auto-encrypt certificate
4 years ago
Daniel Nephin f65e21e6dc Remove unused return values
4 years ago
Daniel Nephin a9851e1812
Merge pull request #8070 from hashicorp/dnephin/add-gofmt-simplify
5 years ago
Daniel Nephin 068b43df90 Enable gofmt simplify
5 years ago
Paul Banks f6ac08be04 state: track changes so that they may be used to produce change events
5 years ago
Hans Hasselberg 5281cb74db
Setup intermediate_pki_path on secondary when using vault (#8001)
5 years ago
Jono Sosulska c554ba9e10
Replace whitelist/blacklist terminology with allowlist/denylist (#7971)
5 years ago
Daniel Nephin 61ec7aa5c9 ci: Run all connect/ca tests from the integration suite
5 years ago
Daniel Nephin f4a35dfd84 ci: Do not skip tests because of missing binaries on CI
5 years ago
Hans Hasselberg 6739fe6e83
connect: add validations around intermediate cert ttl (#7213)
5 years ago
R.B. Boyer 8c596953b0
agent: ensure that we always use the same settings for msgpack (#7245)
5 years ago
Matt Keeler dfb0177dbc
Testing updates to support namespaced testing of the agent/xds… (#7185)
5 years ago
Matt Keeler bfc03ec587
Fix a couple bugs regarding intentions with namespaces (#7169)
5 years ago
Chris Piraino 401221de58
Allow users to configure either unstructured or JSON logging (#7130)
5 years ago
Matt Keeler c09693e545
Updates to Config Entries and Connect for Namespaces (#7116)
5 years ago
Hans Hasselberg 82c556d1be
connect: use correct subject key id for leaf certificates. (#7091)
5 years ago
R.B. Boyer e2eb9f0585
test: ensure we don't ask vault to sign a leaf that outlives its CA when acting as a secondary (#7100)
5 years ago
Hans Hasselberg 804eb17094
connect: check if intermediate cert needs to be renewed. (#6835)
5 years ago
Hans Hasselberg 87f32c8ba6
auto_encrypt: set dns and ip san for k8s and provide configuration (#6944)
5 years ago
Matt Keeler 8bd34e126f
Intentions ACL enforcement updates (#7028)
5 years ago
R.B. Boyer 10f04a8c4a connect: derive connect certificate serial numbers from a memdb index instead of the provider table max index (#7011)
5 years ago
Paul Banks cd1b613352
connect: Add AWS PCA provider (#6795)
5 years ago
Paul Banks d7329097b2
Change CA Configure struct to pass Datacenter through (#6775)
5 years ago
Paul Banks b621910618
Support Connect CAs that can't cross sign (#6726)
5 years ago
Paul Banks 45d57ca601
connect: Allow CA Providers to store small amount of state (#6751)
5 years ago
Todd Radel 29b5253154 connect: Implement NeedsLogger interface for CA providers (#6556)
5 years ago
Todd Radel 54f92e2924 Make all Connect Cert Common Names valid FQDNs (#6423)
5 years ago
Paul Banks 87699eca2f
Fix support for RSA CA keys in Connect. (#6638)
5 years ago
Matt Keeler 28221f66f2
Use encoding/json instead of jsonpb even for protobuf types (#6572)
5 years ago
Matt Keeler abed91d069
Generate JSON and Binary Marshalers for Protobuf Types (#6564)
5 years ago
R.B. Boyer c4b92d5534
connect: connect CA Roots in secondary datacenters should use a SigningKeyID derived from their local intermediate (#6513)
5 years ago
R.B. Boyer af01d397a5
connect: don't colon-hex-encode the AuthorityKeyId and SubjectKeyId fields in connect certs (#6492)
5 years ago
R.B. Boyer 796de297c8
connect: intermediate CA certs generated with the vault provider lack URI SANs (#6491)
5 years ago
Matt Keeler 51dcd126b7
Add support for implementing new requests with protobufs instea… (#6502)
5 years ago
R.B. Boyer 7ccaa13514 fix typo of 'unknown' in log messages
5 years ago
Alvin Huang c516fabfac
revert commits on master (#6413)
5 years ago
tradel 9b1ac4e7ef add subject names to issued certs
5 years ago
tradel 82ae7caf3e Added DC and domain args to Configure method
5 years ago
R.B. Boyer 561b2fe606
connect: generate the full SNI names for discovery targets in the compiler rather than in the xds package (#6340)
5 years ago
Paul Banks e87cef2bb8 Revert "connect: support AWS PCA as a CA provider" (#6251)
5 years ago
Todd Radel 3497b7c00d
connect: support AWS PCA as a CA provider (#6189)
5 years ago
Todd Radel 2552f4a11a
connect: Support RSA keys in addition to ECDSA (#6055)
5 years ago
Christian Muehlhaeuser 7753b97cc7 Simplified code in various places (#6176)
5 years ago
Hans Hasselberg 33a7df3330
tls: auto_encrypt enables automatic RPC cert provisioning for consul clients (#5597)
6 years ago
R.B. Boyer f4a3b9d518
fix typos reported by golangci-lint:misspell (#5434)
6 years ago
R.B. Boyer 409c901f8e test: fix concurrent map access when setting up test vault
6 years ago
R.B. Boyer c7067645dd fix a few leap-year related clock math inaccuracies and failing tests
6 years ago
Kyle Havlovitz 29e4c17b07
connect/ca: fix a potential panic in the Consul provider
6 years ago
Kyle Havlovitz a28ba4687d
connect/ca: return a better error message if the CA isn't fully initialized when signing
6 years ago
Paul Banks 0638e09b6e
connect: agent leaf cert caching improvements (#5091)
6 years ago