mirror of https://github.com/hashicorp/consul
c6ff4ba7d8
* Support vault namespaces in connect CA Follow on to some missed items from #12655 From an internal ticket "Support standard "Vault namespace in the path" semantics for Connect Vault CA Provider" Vault allows the namespace to be specified as a prefix in the path of a PKI definition, but our usage of the Vault API includes calls that don't support a namespaced key. In particular the sys.* family of calls simply appends the key, instead of prefixing the namespace in front of the path. Unfortunately it is difficult to reliably parse a path with a namespace; only vault knows what namespaces are present, and the '/' separator can be inside a key name, as well as separating path elements. This is in use in the wild; for example 'dc1/intermediate-key' is a relatively common naming schema. Instead we add two new fields: RootPKINamespace and IntermediatePKINamespace, which are the absolute namespace paths 'prefixed' in front of the respective PKI Paths. Signed-off-by: Mark Anderson <manderson@hashicorp.com> |
||
---|---|---|
.. | ||
agent | ||
api-gateway | ||
architecture | ||
connect | ||
discovery | ||
dynamic-app-config | ||
ecs | ||
enterprise | ||
guides | ||
install | ||
integrate | ||
internals | ||
intro | ||
k8s | ||
nia | ||
release-notes | ||
security | ||
troubleshoot | ||
upgrading | ||
download-tools.mdx | ||
index.mdx |