Kyle Havlovitz
|
e184a18e4b
|
connect/ca: add Configure/GenerateRoot to provider interface
|
2018-09-06 19:18:59 -07:00 |
|
Kyle Havlovitz
|
a125735d76
|
connect/ca: check LeafCertTTL when rotating expired roots
|
2018-07-20 16:04:04 -07:00 |
|
Kyle Havlovitz
|
45ec8849f3
|
connect/ca: add configurable leaf cert TTL
|
2018-07-16 13:33:37 -07:00 |
|
Kyle Havlovitz
|
883b2a518a
|
Store the time CARoot is rotated out instead of when to prune
|
2018-07-06 16:05:25 -07:00 |
|
Kyle Havlovitz
|
3c520019e9
|
connect/ca: add logic for pruning old stale RootCA entries
|
2018-07-02 10:35:05 -07:00 |
|
Kyle Havlovitz
|
a98b85b25c
|
connect/ca: add the Vault CA provider
|
2018-06-25 12:25:41 -07:00 |
|
Paul Banks
|
c808833a78
|
Return TrustDomain from CARoots RPC
|
2018-06-14 09:42:15 -07:00 |
|
Kyle Havlovitz
|
1660f9ebab
|
Add more metadata to structs.CARoot
|
2018-06-14 09:42:15 -07:00 |
|
Kyle Havlovitz
|
baf4db1c72
|
Use provider state table for a global serial index
|
2018-06-14 09:42:15 -07:00 |
|
Kyle Havlovitz
|
a29f3c6b96
|
Fix some inconsistencies around the CA provider code
|
2018-06-14 09:42:06 -07:00 |
|
Kyle Havlovitz
|
02fef5f9a2
|
Move ConsulCAProviderConfig into structs package
|
2018-06-14 09:42:04 -07:00 |
|
Kyle Havlovitz
|
44b30476cb
|
Simplify the CA provider interface by moving some logic out
|
2018-06-14 09:42:04 -07:00 |
|
Kyle Havlovitz
|
aa10fb2f48
|
Clarify some comments and names around CA bootstrapping
|
2018-06-14 09:42:04 -07:00 |
|
Kyle Havlovitz
|
43f13d5a0b
|
Add cross-signing mechanism to root rotation
|
2018-06-14 09:42:00 -07:00 |
|
Kyle Havlovitz
|
bbfcb278e1
|
Add the root rotation mechanism to the CA config endpoint
|
2018-06-14 09:41:59 -07:00 |
|
Kyle Havlovitz
|
a585a0ba10
|
Have the built in CA store its state in raft
|
2018-06-14 09:41:59 -07:00 |
|
Kyle Havlovitz
|
fc9ef9741b
|
Hook the CA RPC endpoint into the provider interface
|
2018-06-14 09:41:59 -07:00 |
|
Mitchell Hashimoto
|
2026cf3753
|
agent/consul: encode issued cert serial number as hex encoded
|
2018-06-14 09:41:53 -07:00 |
|
Mitchell Hashimoto
|
deb55c436d
|
agent/structs: hide some fields from JSON
|
2018-06-14 09:41:52 -07:00 |
|
Mitchell Hashimoto
|
746f80639a
|
agent: /v1/connect/ca/configuration PUT for setting configuration
|
2018-06-14 09:41:52 -07:00 |
|
Mitchell Hashimoto
|
58b6f476e8
|
agent: /v1/connect/ca/leaf/:service_id
|
2018-06-14 09:41:52 -07:00 |
|
Mitchell Hashimoto
|
80a058a573
|
agent/consul: CAS operations for setting the CA root
|
2018-06-14 09:41:51 -07:00 |
|
Mitchell Hashimoto
|
1928c07d0c
|
agent/consul: key the public key of the CSR, verify in test
|
2018-06-14 09:41:51 -07:00 |
|
Mitchell Hashimoto
|
9a8653f45e
|
agent/consul: test for ConnectCA.Sign
|
2018-06-14 09:41:51 -07:00 |
|
Mitchell Hashimoto
|
a360c5cca4
|
agent/consul: basic sign endpoint not tested yet
|
2018-06-14 09:41:51 -07:00 |
|
Mitchell Hashimoto
|
f433f61fdf
|
agent/structs: json omit QueryMeta
|
2018-06-14 09:41:50 -07:00 |
|
Mitchell Hashimoto
|
cfb62677c0
|
agent/consul/state: CARoot structs and initial state store
|
2018-06-14 09:41:49 -07:00 |
|