Commit Graph

72 Commits (f0a9b301742ed88f92d7760457eb4e8fff9f45fe)

Author SHA1 Message Date
Mark Anderson c6ff4ba7d8
Support vault namespaces in connect CA (#12904)
3 years ago
Mark Anderson 05eded4f1d Manual Structs fixup
3 years ago
Dhia Ayachi 16b19dd82d
auto-reload configuration when config files change (#12329)
3 years ago
Daniel Nephin 42ec34d101 ca: examine the full chain in newCARoot
3 years ago
Daniel Nephin 7121c78d34 ca: update godoc
3 years ago
Daniel Nephin 2e4e8bd791 ca: improve RenewIntermediate tests
3 years ago
Daniel Nephin a5d9b1d322 ca: Add CARoots.Active method
3 years ago
Daniel Nephin 28a8a64019 ca: make getLeafSigningCertFromRoot safer
3 years ago
Daniel Nephin b29faa3e50 ca: fix stored CARoot representation with Vault provider
3 years ago
Daniel Nephin 32ef9c5d5c ca: add some godoc and func for finding leaf signing cert
3 years ago
Iryna Shustava 0ee456649f
connect: Support auth methods for the vault connect CA provider (#11573)
3 years ago
Connor efe4b21287
Support Vault Namespaces explicitly in CA config (#11477)
3 years ago
FFMMM 4ddf973a31
add root_cert_ttl option for consul connect, vault ca providers (#11428)
3 years ago
Daniel Nephin 3a045cca8d ca: remove unused RotationPeriod field
3 years ago
Kyle Havlovitz 0bfda4481f Add CA server delegate interface for testing
4 years ago
Kyle Havlovitz 9be7c6401c connect: update some function comments in CA manager
4 years ago
Kyle Havlovitz 2f7210bde2 Move IntermediateCertTTL to common CA config
4 years ago
Matt Keeler 2ee9fe0a4d
Move generation of the CA Configuration from the agent code into a method on the RuntimeConfig (#8363)
4 years ago
Daniel Nephin 600645b5f9 Add unconvert linter
5 years ago
Hans Hasselberg 6739fe6e83
connect: add validations around intermediate cert ttl (#7213)
5 years ago
R.B. Boyer 8c596953b0
agent: ensure that we always use the same settings for msgpack (#7245)
5 years ago
Matt Keeler dfb0177dbc
Testing updates to support namespaced testing of the agent/xds… (#7185)
5 years ago
Hans Hasselberg 804eb17094
connect: check if intermediate cert needs to be renewed. (#6835)
5 years ago
R.B. Boyer 10f04a8c4a connect: derive connect certificate serial numbers from a memdb index instead of the provider table max index (#7011)
5 years ago
Matt Keeler a704ebe639
Add Namespace support to the API module and the CLI commands (#6874)
5 years ago
Paul Banks cd1b613352
connect: Add AWS PCA provider (#6795)
5 years ago
Paul Banks b621910618
Support Connect CAs that can't cross sign (#6726)
5 years ago
Paul Banks 45d57ca601
connect: Allow CA Providers to store small amount of state (#6751)
5 years ago
Paul Banks 87699eca2f
Fix support for RSA CA keys in Connect. (#6638)
5 years ago
R.B. Boyer c4b92d5534
connect: connect CA Roots in secondary datacenters should use a SigningKeyID derived from their local intermediate (#6513)
5 years ago
Paul Banks e87cef2bb8 Revert "connect: support AWS PCA as a CA provider" (#6251)
5 years ago
Todd Radel 3497b7c00d
connect: support AWS PCA as a CA provider (#6189)
5 years ago
Todd Radel 2552f4a11a
connect: Support RSA keys in addition to ECDSA (#6055)
5 years ago
Hans Hasselberg 33a7df3330
tls: auto_encrypt enables automatic RPC cert provisioning for consul clients (#5597)
5 years ago
Paul Banks ef9f27cbc8
connect: tame thundering herd of CSRs on CA rotation (#5228)
6 years ago
Matt Keeler 1ec5f2a27f
Store leaf cert indexes in raft and use for the ModifyIndex on the returned certs (#5211)
6 years ago
Paul Banks 0638e09b6e
connect: agent leaf cert caching improvements (#5091)
6 years ago
Hans Hasselberg 067027230b
connect: add tls config for vault connect ca provider (#5125)
6 years ago
Paul Banks 54c2ff6aca
connect: remove additional trust-domain validation (#4934)
6 years ago
Kyle Havlovitz c617326470 re-add Connect multi-dc config changes
6 years ago
Jack Pearkes 8bcfbaffb6 Revert "Connect multi-dc config" (#4784)
6 years ago
Kyle Havlovitz 98d95cfa80 connect: add ExternalTrustDomain to CARoot fields
6 years ago
Kyle Havlovitz d515d25856
Merge pull request #4644 from hashicorp/ca-refactor
6 years ago
Paul Banks 74f2a80a42
Fix CA pruning when CA config uses string durations. (#4669)
6 years ago
Kyle Havlovitz c112a72880
connect/ca: some cleanup and reorganizing of the new methods
6 years ago
Kyle Havlovitz 546bdf8663
connect/ca: add Configure/GenerateRoot to provider interface
6 years ago
Kyle Havlovitz ce10de036e
connect/ca: check LeafCertTTL when rotating expired roots
6 years ago
Kyle Havlovitz d6ca015a42
connect/ca: add configurable leaf cert TTL
6 years ago
Kyle Havlovitz 401b206a2e
Store the time CARoot is rotated out instead of when to prune
6 years ago
Kyle Havlovitz 1492243e0a
connect/ca: add logic for pruning old stale RootCA entries
6 years ago