18193f2916
* Support vault namespaces in connect CA Follow on to some missed items from #12655 From an internal ticket "Support standard "Vault namespace in the path" semantics for Connect Vault CA Provider" Vault allows the namespace to be specified as a prefix in the path of a PKI definition, but our usage of the Vault API includes calls that don't support a namespaced key. In particular the sys.* family of calls simply appends the key, instead of prefixing the namespace in front of the path. Unfortunately it is difficult to reliably parse a path with a namespace; only vault knows what namespaces are present, and the '/' separator can be inside a key name, as well as separating path elements. This is in use in the wild; for example 'dc1/intermediate-key' is a relatively common naming schema. Instead we add two new fields: RootPKINamespace and IntermediatePKINamespace, which are the absolute namespace paths 'prefixed' in front of the respective PKI Paths. Signed-off-by: Mark Anderson <manderson@hashicorp.com> |
||
|---|---|---|
| .. | ||
| testdata | ||
| agent_limits.go | ||
| builder.go | ||
| builder_oss.go | ||
| builder_oss_test.go | ||
| builder_test.go | ||
| config.go | ||
| config_oss.go | ||
| default.go | ||
| default_oss.go | ||
| deprecated.go | ||
| deprecated_test.go | ||
| doc.go | ||
| file_watcher.go | ||
| file_watcher_test.go | ||
| flags.go | ||
| flags_test.go | ||
| flagset.go | ||
| golden_test.go | ||
| limits.go | ||
| limits_windows.go | ||
| merge.go | ||
| merge_test.go | ||
| ratelimited_file_watcher.go | ||
| ratelimited_file_watcher_test.go | ||
| runtime.go | ||
| runtime_oss.go | ||
| runtime_oss_test.go | ||
| runtime_test.go | ||
| segment_oss.go | ||
| segment_oss_test.go | ||