open-consul/agent
Mark Anderson 18193f2916
Support vault namespaces in connect CA (#12904)
* Support vault namespaces in connect CA

Follow on to some missed items from #12655

From an internal ticket "Support standard "Vault namespace in the
path" semantics for Connect Vault CA Provider"

Vault allows the namespace to be specified as a prefix in the path of
a PKI definition, but our usage of the Vault API includes calls that
don't support a namespaced key. In particular the sys.* family of
calls simply appends the key, instead of prefixing the namespace in
front of the path.

Unfortunately it is difficult to reliably parse a path with a
namespace; only vault knows what namespaces are present, and the '/'
separator can be inside a key name, as well as separating path
elements. This is in use in the wild; for example
'dc1/intermediate-key' is a relatively common naming schema.

Instead we add two new fields: RootPKINamespace and
IntermediatePKINamespace, which are the absolute namespace paths
'prefixed' in front of the respective PKI Paths.

Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-05-04 19:41:55 -07:00
..
ae sdk: add TestLogLevel for setting log level in tests 2022-02-03 13:42:28 -05:00
auto-config peering: initial sync (#12842) 2022-04-21 17:34:40 -05:00
cache peering: initial sync (#12842) 2022-04-21 17:34:40 -05:00
cache-types peering: initial sync (#12842) 2022-04-21 17:34:40 -05:00
checks Merge pull request #12685 from hashicorp/http-check-redirect-option 2022-04-07 11:29:27 -07:00
config Support vault namespaces in connect CA (#12904) 2022-05-04 19:41:55 -07:00
configentry Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
connect Support vault namespaces in connect CA (#12904) 2022-05-04 19:41:55 -07:00
consul acl: gRPC login and logout endpoints (#12935) 2022-05-04 17:38:45 +01:00
debug bulk rewrite using this script 2022-01-20 10:46:23 -06:00
dns lib: add validation package + DNS label validation (#12535) 2022-03-17 18:31:28 -07:00
exec re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
grpc acl: gRPC login and logout endpoints (#12935) 2022-05-04 17:38:45 +01:00
local Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
metadata partitions: various refactors to support partitioning the serf LAN pool (#11568) 2021-11-15 09:51:14 -06:00
mock
pool Add timeout to Client RPC calls (#11500) 2022-04-21 16:21:35 -04:00
proxycfg Default discovery chain when upstream targets a DestinationPeer (#12942) 2022-05-04 16:25:25 -04:00
router sdk: add TestLogLevel for setting log level in tests 2022-02-03 13:42:28 -05:00
routine-leak-checker Remove references to "master" ACL tokens in tests (#11751) 2021-12-07 12:48:50 +00:00
rpc peering: initial sync (#12842) 2022-04-21 17:34:40 -05:00
rpcclient/health health: ensure /v1/health/service/:service endpoint returns the most recent results when a filter is used with streaming (#12640) 2022-04-27 10:39:45 -05:00
structs Support vault namespaces in connect CA (#12904) 2022-05-04 19:41:55 -07:00
submatview peering: initial sync (#12842) 2022-04-21 17:34:40 -05:00
systemd
token agent/token: rename `agent_master` to `agent_recovery` (internally) (#11744) 2021-12-07 12:12:47 +00:00
uiserver Add an internal env var for managed cluster config in the ui (#12796) 2022-04-15 09:55:52 -07:00
xds Fix tests for APPEND_FORWARD change 2022-05-04 08:50:59 -07:00
acl.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
acl_endpoint.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
acl_endpoint_legacy.go
acl_endpoint_legacy_test.go
acl_endpoint_test.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
acl_oss.go agent: support `X-Consul-Results-Filtered-By-ACLs` header in agent-local endpoints (#11610) 2021-12-03 20:36:28 +00:00
acl_test.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
agent.go update raft to v1.3.8 (#12844) 2022-04-25 10:19:26 -04:00
agent_endpoint.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
agent_endpoint_oss.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
agent_endpoint_test.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
agent_oss.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
agent_test.go Update go version to 1.18.1 2022-04-18 11:41:10 -04:00
apiserver.go
apiserver_test.go
catalog_endpoint.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
catalog_endpoint_oss.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
catalog_endpoint_test.go catalog: compare node names case insensitively in more places (#12444) 2022-02-24 16:54:47 -06:00
check.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
config_endpoint.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
config_endpoint_test.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
connect_auth.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
connect_ca_endpoint.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
connect_ca_endpoint_test.go Update go version to 1.18.1 2022-04-18 11:41:10 -04:00
coordinate_endpoint.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
coordinate_endpoint_test.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
delegate_mock_test.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
denylist.go
denylist_test.go
discovery_chain_endpoint.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
discovery_chain_endpoint_test.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
dns.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
dns_oss.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
dns_test.go Remove references to "master" ACL tokens in tests (#11751) 2021-12-07 12:48:50 +00:00
enterprise_delegate_oss.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
event_endpoint.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
event_endpoint_test.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
federation_state_endpoint.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
health_endpoint.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
health_endpoint_test.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
http.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
http_decode_test.go
http_oss.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
http_oss_test.go Remove references to "master" ACL tokens in tests (#11751) 2021-12-07 12:48:50 +00:00
http_register.go [sync oss] api: add peering api module (#12911) 2022-05-02 11:49:05 -07:00
http_test.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
intentions_endpoint.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
intentions_endpoint_oss_test.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
intentions_endpoint_test.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
keyring.go Allows keyring operations on client agents 2022-02-24 17:24:57 +00:00
keyring_test.go Remove references to "master" ACL tokens in tests (#11751) 2021-12-07 12:48:50 +00:00
kvs_endpoint.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
kvs_endpoint_test.go
metrics.go
metrics_test.go add more labels to RequestRecorder (#12727) 2022-04-12 10:50:25 -07:00
nodeid.go
nodeid_test.go
notify.go
notify_test.go
operator_endpoint.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
operator_endpoint_oss.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
operator_endpoint_test.go
peering_endpoint.go [sync oss] api: add peering api module (#12911) 2022-05-02 11:49:05 -07:00
peering_endpoint_oss_test.go [sync oss] api: add peering api module (#12911) 2022-05-02 11:49:05 -07:00
peering_endpoint_test.go [sync oss] api: add peering api module (#12911) 2022-05-02 11:49:05 -07:00
prepared_query_endpoint.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
prepared_query_endpoint_test.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
reload.go
remote_exec.go
remote_exec_test.go Remove references to "master" ACL tokens in tests (#11751) 2021-12-07 12:48:50 +00:00
retry_join.go
retry_join_test.go
service_checks_test.go
service_manager.go
service_manager_test.go bulk rewrite using this script 2022-01-20 10:46:23 -06:00
session_endpoint.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
session_endpoint_test.go
setup.go Add timeout to Client RPC calls (#11500) 2022-04-21 16:21:35 -04:00
setup_oss.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
sidecar_service.go
sidecar_service_test.go bulk rewrite using this script 2022-01-20 10:46:23 -06:00
signal_unix.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
signal_windows.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
snapshot_endpoint.go
snapshot_endpoint_test.go
status_endpoint.go
status_endpoint_test.go
streaming_test.go
testagent.go peering: initial sync (#12842) 2022-04-21 17:34:40 -05:00
testagent_test.go
translate_addr.go
txn_endpoint.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
txn_endpoint_test.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
ui_endpoint.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
ui_endpoint_oss_test.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
ui_endpoint_test.go Support for connect native services in topology view. (#12098) 2022-02-16 16:51:54 -05:00
user_event.go Vendor in rpc mono repo for net/rpc fork, go-msgpack, msgpackrpc. (#12311) 2022-02-14 09:45:45 -08:00
user_event_test.go
util.go Remove some usage of md5 from the system (#11491) 2021-11-04 13:07:54 -07:00
util_test.go Remove some usage of md5 from the system (#11491) 2021-11-04 13:07:54 -07:00
watch_handler.go
watch_handler_test.go