consul/agent/consul
Dhia Ayachi 58bd817336
check expiry date of the root/intermediate before using it to sign a leaf (#10500)
* ca: move provider creation into CAManager

This further decouples the CAManager from Server. It reduces the interface between them and
removes the need for the SetLogger method on providers.

* ca: move SignCertificate to CAManager

To reduce the scope of Server, and keep all the CA logic together

* ca: move SignCertificate to the file where it is used

* auto-config: move autoConfigBackend impl off of Server

Most of these methods are used exclusively for the AutoConfig RPC
endpoint. This PR uses a pattern that we've used in other places as an
incremental step to reducing the scope of Server.

* fix linter issues

* check error when `raftApplyMsgpack`

* ca: move SignCertificate to CAManager

To reduce the scope of Server, and keep all the CA logic together

* check expiry date of the intermediate before using it to sign a leaf

* fix typo in comment

Co-authored-by: Kyle Havlovitz <kylehav@gmail.com>

* Fix test name

* do not check cert start date

* wrap error to mention it is the intermediate expired

* Fix failing test

* update comment

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* use shim to avoid sleep in test

* add root cert validation

* remove duplicate code

* Revert "fix linter issues"

This reverts commit 6356302b54.

* fix import issue

* gofmt leader_connect_ca

* add changelog entry

* update error message

Co-authored-by: Freddy <freddygv@users.noreply.github.com>

* fix error message in test

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
Co-authored-by: Kyle Havlovitz <kylehav@gmail.com>
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2021-07-13 12:15:06 -04:00
..
authmethod Replace use of 'sane' where appropriate 2021-07-02 12:18:46 -04:00
discoverychain Replace use of 'sane' where appropriate 2021-07-02 12:18:46 -04:00
fsm ca: move SignCertificate to CAManager 2021-07-12 13:42:39 -04:00
prepared_query
state ca: remove unused RotationPeriod field 2021-07-05 19:15:44 -04:00
stream stream: remove bufferItem.NextLink 2021-06-07 17:04:46 -04:00
testdata
usagemetrics usagemetrics: add cluster members to metrics API (#10340) 2021-06-03 08:25:53 -07:00
wanfed lint: fix warning by removing reference to deprecated interface 2021-05-04 14:09:14 -04:00
acl.go Add support for returning ACL secret IDs for accessors with acl:write (#10546) 2021-07-08 15:13:08 -07:00
acl_authmethod.go
acl_authmethod_oss.go
acl_authmethod_test.go
acl_client.go Remove two unused delegate methods 2020-11-17 18:16:26 -05:00
acl_endpoint.go rpc: remove unnecessary arg to ForwardRPC 2021-05-06 13:30:07 -04:00
acl_endpoint_legacy.go rpc: remove unnecessary arg to ForwardRPC 2021-05-06 13:30:07 -04:00
acl_endpoint_oss.go
acl_endpoint_test.go Add support for returning ACL secret IDs for accessors with acl:write (#10546) 2021-07-08 15:13:08 -07:00
acl_oss.go Move static token resolution into the ACLResolver (#10013) 2021-04-14 12:39:35 -04:00
acl_oss_test.go
acl_replication.go Replace use of 'sane' where appropriate 2021-07-02 12:18:46 -04:00
acl_replication_legacy.go
acl_replication_legacy_test.go testing: skip slow tests with -short 2020-12-07 13:42:55 -05:00
acl_replication_test.go Merge pull request #9340 from hashicorp/dnephin/skip-slow-tests-with-short 2020-12-11 13:33:44 -05:00
acl_replication_types.go Handle FSM.Apply errors in raftApply 2021-04-20 13:29:29 -04:00
acl_server.go Move static token resolution into the ACLResolver (#10013) 2021-04-14 12:39:35 -04:00
acl_server_oss.go Move static token resolution into the ACLResolver (#10013) 2021-04-14 12:39:35 -04:00
acl_test.go Move static token resolution into the ACLResolver (#10013) 2021-04-14 12:39:35 -04:00
acl_token_exp.go Move some things around to allow for license updating via config reload 2021-05-25 09:57:50 -04:00
acl_token_exp_test.go testing: skip slow tests with -short 2020-12-07 13:42:55 -05:00
auto_config_backend.go auto-config: move autoConfigBackend impl off of Server 2021-07-12 13:42:40 -04:00
auto_config_backend_test.go auto-config: move autoConfigBackend impl off of Server 2021-07-12 13:42:40 -04:00
auto_config_endpoint.go auto-config: move autoConfigBackend impl off of Server 2021-07-12 13:42:40 -04:00
auto_config_endpoint_test.go Merge pull request #10479 from hashicorp/dnephin/ca-provider-explore-2 2021-07-12 19:03:43 -04:00
auto_encrypt_endpoint.go rpc: remove unnecessary arg to ForwardRPC 2021-05-06 13:30:07 -04:00
auto_encrypt_endpoint_test.go config: remove duplicate TLSConfig fields from agent/consul.Config 2021-07-09 18:49:42 -04:00
autopilot.go trim help strings to save a few bytes 2020-11-16 11:02:11 -08:00
autopilot_oss.go Switch to using the external autopilot module 2020-11-09 09:22:11 -05:00
autopilot_test.go testing: skip slow tests with -short 2020-12-07 13:42:55 -05:00
catalog_endpoint.go rpc: remove unnecessary arg to ForwardRPC 2021-05-06 13:30:07 -04:00
catalog_endpoint_test.go RPC Timeout/Retries account for blocking requests (#8978) 2021-05-27 17:29:43 -04:00
client.go RPC Timeout/Retries account for blocking requests (#8978) 2021-05-27 17:29:43 -04:00
client_serf.go Refactor of serf feature flag tags. 2021-05-20 12:57:06 -04:00
client_test.go config: remove duplicate TLSConfig fields from agent/consul.Config 2021-07-09 18:49:42 -04:00
cluster_test.go
config.go config: remove misleading UseTLS field 2021-07-09 19:01:45 -04:00
config_endpoint.go Add flag for transparent proxies to dial individual instances (#10329) 2021-06-09 14:34:17 -06:00
config_endpoint_test.go Add flag for transparent proxies to dial individual instances (#10329) 2021-06-09 14:34:17 -06:00
config_replication.go Handle FSM.Apply errors in raftApply 2021-04-20 13:29:29 -04:00
config_replication_test.go testing: skip slow tests with -short 2020-12-07 13:42:55 -05:00
connect_ca_endpoint.go ca: move SignCertificate to CAManager 2021-07-12 13:42:39 -04:00
connect_ca_endpoint_test.go connect/ca: ensure edits to the key type/bits for the connect builtin CA will regenerate the roots (#10330) 2021-07-13 11:12:07 -05:00
coordinate_endpoint.go rpc: remove unnecessary arg to ForwardRPC 2021-05-06 13:30:07 -04:00
coordinate_endpoint_test.go testing: skip slow tests with -short 2020-12-07 13:42:55 -05:00
discovery_chain_endpoint.go rpc: remove unnecessary arg to ForwardRPC 2021-05-06 13:30:07 -04:00
discovery_chain_endpoint_test.go testing: skip slow tests with -short 2020-12-07 13:42:55 -05:00
enterprise_client_oss.go Preparation for changing where license management is done. 2021-05-24 10:19:31 -04:00
enterprise_config_oss.go
enterprise_server_oss.go Move some things around to allow for license updating via config reload 2021-05-25 09:57:50 -04:00
enterprise_server_oss_test.go Preparation for changing where license management is done. 2021-05-24 10:19:31 -04:00
federation_state_endpoint.go rpc: remove unnecessary arg to ForwardRPC 2021-05-06 13:30:07 -04:00
federation_state_endpoint_test.go testing: skip slow tests with -short 2020-12-07 13:42:55 -05:00
federation_state_replication.go Handle FSM.Apply errors in raftApply 2021-04-20 13:29:29 -04:00
federation_state_replication_test.go testing: skip slow tests with -short 2020-12-07 13:42:55 -05:00
filter.go
filter_test.go
flood.go
gateway_locator.go server: initialize mgw-wanfed to use local gateways more on startup (#9528) 2021-01-25 17:30:38 -06:00
gateway_locator_test.go server: initialize mgw-wanfed to use local gateways more on startup (#9528) 2021-01-25 17:30:38 -06:00
health_endpoint.go rpc: remove unnecessary arg to ForwardRPC 2021-05-06 13:30:07 -04:00
health_endpoint_test.go testing: skip slow tests with -short 2020-12-07 13:42:55 -05:00
helper_test.go Update viz endpoint to include topology from intentions 2021-04-14 10:20:15 -06:00
intention_endpoint.go rpc: remove unnecessary arg to ForwardRPC 2021-05-06 13:30:07 -04:00
intention_endpoint_test.go server: deletions of intentions by name using the intention API is now idempotent (#9278) 2021-01-04 11:27:00 -06:00
internal_endpoint.go rpc: remove unnecessary arg to ForwardRPC 2021-05-06 13:30:07 -04:00
internal_endpoint_test.go Update viz endpoint to include topology from intentions 2021-04-14 10:20:15 -06:00
issue_test.go stream: Use a no-op event publisher if streaming is disabled 2020-10-28 13:54:19 -04:00
kvs_endpoint.go rpc: remove unnecessary arg to ForwardRPC 2021-05-06 13:30:07 -04:00
kvs_endpoint_test.go testing: skip slow tests with -short 2020-12-07 13:42:55 -05:00
leader.go ca-manager: move provider shutdown into CAManager 2021-07-12 09:27:28 -04:00
leader_connect.go ca: move generateCASignRequest to the delegate 2021-07-12 09:32:35 -04:00
leader_connect_ca.go check expiry date of the root/intermediate before using it to sign a leaf (#10500) 2021-07-13 12:15:06 -04:00
leader_connect_ca_test.go check expiry date of the root/intermediate before using it to sign a leaf (#10500) 2021-07-13 12:15:06 -04:00
leader_connect_test.go connect/ca: ensure edits to the key type/bits for the connect builtin CA will regenerate the roots (#10330) 2021-07-13 11:12:07 -05:00
leader_federation_state_ae.go Move some things around to allow for license updating via config reload 2021-05-25 09:57:50 -04:00
leader_federation_state_ae_test.go server: use the presense of stored federation state data as a sign that we already activated the federation state feature flag (#9519) 2021-01-25 13:24:32 -06:00
leader_intentions.go Move some things around to allow for license updating via config reload 2021-05-25 09:57:50 -04:00
leader_intentions_oss.go server: skip deleted and deleting namespaces when migrating intentions to config entries (#9186) 2020-11-13 13:56:41 -06:00
leader_intentions_oss_test.go server: skip deleted and deleting namespaces when migrating intentions to config entries (#9186) 2020-11-13 13:56:41 -06:00
leader_intentions_test.go Handle FSM.Apply errors in raftApply 2021-04-20 13:29:29 -04:00
leader_metrics.go Add ca certificate metrics (#10504) 2021-07-07 09:41:01 -04:00
leader_test.go acl: use the presence of a management policy in the state store as a sign that we already migrated to v2 acls (#9505) 2021-01-05 17:04:27 -06:00
logging.go
logging_test.go
merge.go
merge_test.go
operator_autopilot_endpoint.go rpc: remove unnecessary arg to ForwardRPC 2021-05-06 13:30:07 -04:00
operator_autopilot_endpoint_test.go testing: skip slow tests with -short 2020-12-07 13:42:55 -05:00
operator_endpoint.go
operator_raft_endpoint.go rpc: remove unnecessary arg to ForwardRPC 2021-05-06 13:30:07 -04:00
operator_raft_endpoint_test.go testing: skip slow tests with -short 2020-12-07 13:42:55 -05:00
options.go Preparation for changing where license management is done. 2021-05-24 10:19:31 -04:00
options_oss.go Preparation for changing where license management is done. 2021-05-24 10:19:31 -04:00
prepared_query_endpoint.go rpc: remove unnecessary arg to ForwardRPC 2021-05-06 13:30:07 -04:00
prepared_query_endpoint_test.go testing: skip slow tests with -short 2020-12-07 13:42:55 -05:00
raft_rpc.go
replication.go Refactor of serf feature flag tags. 2021-05-20 12:57:06 -04:00
replication_test.go Move some things around to allow for license updating via config reload 2021-05-25 09:57:50 -04:00
rpc.go docs: correct some misleading telemetry docs 2021-06-28 12:20:53 -04:00
rpc_test.go config: remove misleading UseTLS field 2021-07-09 19:01:45 -04:00
rtt.go
rtt_test.go testing: skip slow tests with -short 2020-12-07 13:42:55 -05:00
segment_oss.go trim help strings to save a few bytes 2020-11-16 11:02:11 -08:00
serf_test.go
server.go Merge pull request #10479 from hashicorp/dnephin/ca-provider-explore-2 2021-07-12 19:03:43 -04:00
server_connect.go auto-config: move autoConfigBackend impl off of Server 2021-07-12 13:42:40 -04:00
server_lookup.go
server_lookup_test.go
server_oss.go Switch to using the external autopilot module 2020-11-09 09:22:11 -05:00
server_register.go connect: update centralized upstreams representation in service-defaults (#10015) 2021-04-15 14:21:44 -05:00
server_serf.go config: remove misleading UseTLS field 2021-07-09 19:01:45 -04:00
server_test.go Merge pull request #10479 from hashicorp/dnephin/ca-provider-explore-2 2021-07-12 19:03:43 -04:00
session_endpoint.go rpc: remove unnecessary arg to ForwardRPC 2021-05-06 13:30:07 -04:00
session_endpoint_test.go testing: skip slow tests with -short 2020-12-07 13:42:55 -05:00
session_timers.go
session_timers_test.go testing: skip slow tests with -short 2020-12-07 13:42:55 -05:00
session_ttl.go add missing descriptions for metrics 2020-11-23 22:06:30 +01:00
session_ttl_test.go testing: skip slow tests with -short 2020-12-07 13:42:55 -05:00
snapshot_endpoint.go Special case the error returned when we have a Raft leader but are not tracking it in the ServerLookup (#9487) 2021-01-04 14:05:23 -05:00
snapshot_endpoint_test.go Upgrade raft-autopilot and wait for autopilot it to stop when revoking leadership (#9644) 2021-01-27 11:14:52 -05:00
stats_fetcher.go Switch to using the external autopilot module 2020-11-09 09:22:11 -05:00
stats_fetcher_test.go Maybe fix another data race in a test 2020-12-22 18:53:54 -05:00
status_endpoint.go Switch to using the external autopilot module 2020-11-09 09:22:11 -05:00
status_endpoint_test.go testing: skip slow tests with -short 2020-12-07 13:42:55 -05:00
subscribe_backend.go health: create health.Client in Agent.New 2021-04-27 19:03:16 -04:00
subscribe_backend_test.go config: remove duplicate TLSConfig fields from agent/consul.Config 2021-07-09 18:49:42 -04:00
system_metadata.go Handle FSM.Apply errors in raftApply 2021-04-20 13:29:29 -04:00
system_metadata_test.go testing: skip slow tests with -short 2020-12-07 13:42:55 -05:00
txn_endpoint.go rpc: remove unnecessary arg to ForwardRPC 2021-05-06 13:30:07 -04:00
txn_endpoint_test.go testing: skip slow tests with -short 2020-12-07 13:42:55 -05:00
util.go
util_test.go