Commit Graph

38 Commits (f6df5c9b3b4c192c88b39417b34be254c040fc51)

Author SHA1 Message Date
Paul Banks ef9f27cbc8
connect: tame thundering herd of CSRs on CA rotation (#5228)
6 years ago
Matt Keeler 1ec5f2a27f
Store leaf cert indexes in raft and use for the ModifyIndex on the returned certs (#5211)
6 years ago
Paul Banks 0638e09b6e
connect: agent leaf cert caching improvements (#5091)
6 years ago
Hans Hasselberg 067027230b
connect: add tls config for vault connect ca provider (#5125)
6 years ago
Paul Banks 54c2ff6aca
connect: remove additional trust-domain validation (#4934)
6 years ago
Kyle Havlovitz c617326470 re-add Connect multi-dc config changes
6 years ago
Jack Pearkes 8bcfbaffb6 Revert "Connect multi-dc config" (#4784)
6 years ago
Kyle Havlovitz 98d95cfa80 connect: add ExternalTrustDomain to CARoot fields
6 years ago
Kyle Havlovitz d515d25856
Merge pull request #4644 from hashicorp/ca-refactor
6 years ago
Paul Banks 74f2a80a42
Fix CA pruning when CA config uses string durations. (#4669)
6 years ago
Kyle Havlovitz c112a72880
connect/ca: some cleanup and reorganizing of the new methods
6 years ago
Kyle Havlovitz 546bdf8663
connect/ca: add Configure/GenerateRoot to provider interface
6 years ago
Kyle Havlovitz ce10de036e
connect/ca: check LeafCertTTL when rotating expired roots
6 years ago
Kyle Havlovitz d6ca015a42
connect/ca: add configurable leaf cert TTL
6 years ago
Kyle Havlovitz 401b206a2e
Store the time CARoot is rotated out instead of when to prune
6 years ago
Kyle Havlovitz 1492243e0a
connect/ca: add logic for pruning old stale RootCA entries
7 years ago
Kyle Havlovitz 1a8ac686b2 connect/ca: add the Vault CA provider
7 years ago
Paul Banks c1f2025d96
Return TrustDomain from CARoots RPC
7 years ago
Kyle Havlovitz 6e9f1f8acb
Add more metadata to structs.CARoot
7 years ago
Kyle Havlovitz 627aa80d5a
Use provider state table for a global serial index
7 years ago
Kyle Havlovitz edcfdb37af
Fix some inconsistencies around the CA provider code
7 years ago
Kyle Havlovitz 32d1eae28b
Move ConsulCAProviderConfig into structs package
7 years ago
Kyle Havlovitz c6e1b72ccb
Simplify the CA provider interface by moving some logic out
7 years ago
Kyle Havlovitz a325388939
Clarify some comments and names around CA bootstrapping
7 years ago
Kyle Havlovitz 33418afd3c
Add cross-signing mechanism to root rotation
7 years ago
Kyle Havlovitz d83fbfc766
Add the root rotation mechanism to the CA config endpoint
7 years ago
Kyle Havlovitz f9d92d795e
Have the built in CA store its state in raft
7 years ago
Kyle Havlovitz ab737ef0f8
Hook the CA RPC endpoint into the provider interface
7 years ago
Mitchell Hashimoto a54d1af421
agent/consul: encode issued cert serial number as hex encoded
7 years ago
Mitchell Hashimoto 4210003c86
agent/structs: hide some fields from JSON
7 years ago
Mitchell Hashimoto 63d674d07d
agent: /v1/connect/ca/configuration PUT for setting configuration
7 years ago
Mitchell Hashimoto c2588262b7
agent: /v1/connect/ca/leaf/:service_id
7 years ago
Mitchell Hashimoto e40afd6a73
agent/consul: CAS operations for setting the CA root
7 years ago
Mitchell Hashimoto 891cd22ad9
agent/consul: key the public key of the CSR, verify in test
7 years ago
Mitchell Hashimoto d768d5e9a7
agent/consul: test for ConnectCA.Sign
7 years ago
Mitchell Hashimoto f4ec28bfe3
agent/consul: basic sign endpoint not tested yet
7 years ago
Mitchell Hashimoto 6d294b6bb4
agent/structs: json omit QueryMeta
7 years ago
Mitchell Hashimoto 130098b7b5
agent/consul/state: CARoot structs and initial state store
7 years ago