18193f2916
* Support vault namespaces in connect CA Follow on to some missed items from #12655 From an internal ticket "Support standard "Vault namespace in the path" semantics for Connect Vault CA Provider" Vault allows the namespace to be specified as a prefix in the path of a PKI definition, but our usage of the Vault API includes calls that don't support a namespaced key. In particular the sys.* family of calls simply appends the key, instead of prefixing the namespace in front of the path. Unfortunately it is difficult to reliably parse a path with a namespace; only vault knows what namespaces are present, and the '/' separator can be inside a key name, as well as separating path elements. This is in use in the wild; for example 'dc1/intermediate-key' is a relatively common naming schema. Instead we add two new fields: RootPKINamespace and IntermediatePKINamespace, which are the absolute namespace paths 'prefixed' in front of the respective PKI Paths. Signed-off-by: Mark Anderson <manderson@hashicorp.com> |
||
---|---|---|
.. | ||
ca | ||
config-entries | ||
gateways | ||
l7-traffic | ||
native | ||
observability | ||
proxies | ||
registration | ||
configuration.mdx | ||
connect-internals.mdx | ||
connectivity-tasks.mdx | ||
dev.mdx | ||
distributed-tracing.mdx | ||
index.mdx | ||
intentions-legacy.mdx | ||
intentions.mdx | ||
nomad.mdx | ||
security.mdx | ||
transparent-proxy.mdx |