open-consul/agent/connect/ca
Dhia Ayachi 53b45a8441
check expiry date of the root/intermediate before using it to sign a leaf (#10500)
* ca: move provider creation into CAManager

This further decouples the CAManager from Server. It reduces the interface between them and
removes the need for the SetLogger method on providers.

* ca: move SignCertificate to CAManager

To reduce the scope of Server, and keep all the CA logic together

* ca: move SignCertificate to the file where it is used

* auto-config: move autoConfigBackend impl off of Server

Most of these methods are used exclusively for the AutoConfig RPC
endpoint. This PR uses a pattern that we've used in other places as an
incremental step to reducing the scope of Server.

* fix linter issues

* check error when `raftApplyMsgpack`

* ca: move SignCertificate to CAManager

To reduce the scope of Server, and keep all the CA logic together

* check expiry date of the intermediate before using it to sign a leaf

* fix typo in comment

Co-authored-by: Kyle Havlovitz <kylehav@gmail.com>

* Fix test name

* do not check cert start date

* wrap error to mention it is the intermediate expired

* Fix failing test

* update comment

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* use shim to avoid sleep in test

* add root cert validation

* remove duplicate code

* Revert "fix linter issues"

This reverts commit 6356302b54f06c8f2dee8e59740409d49e84ef24.

* fix import issue

* gofmt leader_connect_ca

* add changelog entry

* update error message

Co-authored-by: Freddy <freddygv@users.noreply.github.com>

* fix error message in test

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
Co-authored-by: Kyle Havlovitz <kylehav@gmail.com>
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2021-07-13 12:15:06 -04:00
..
common.go
mock_Provider.go
provider.go ca: move provider creation into CAManager 2021-07-12 09:32:33 -04:00
provider_aws.go check expiry date of the root/intermediate before using it to sign a leaf (#10500) 2021-07-13 12:15:06 -04:00
provider_aws_test.go ca: use provider constructors to be more consistent 2021-07-12 14:04:34 -04:00
provider_consul.go connect/ca: ensure edits to the key type/bits for the connect builtin CA will regenerate the roots (#10330) 2021-07-13 11:12:07 -05:00
provider_consul_config.go
provider_consul_test.go connect/ca: ensure edits to the key type/bits for the connect builtin CA will regenerate the roots (#10330) 2021-07-13 11:12:07 -05:00
provider_test.go
provider_vault.go connect/ca: require new vault mount points when updating the key type/bits for the vault connect CA provider (#10331) 2021-07-13 11:11:46 -05:00
provider_vault_test.go ca: move provider creation into CAManager 2021-07-12 09:32:33 -04:00
testing.go ca: use provider constructors to be more consistent 2021-07-12 14:04:34 -04:00