open-consul/agent/connect
Freddy a7f38384ae
Add SpiffeID for Consul server agents (#14485)
Co-authored-by: Eric Haberkorn <erichaberkorn@gmail.com>

By adding a SpiffeID for server agents, servers can now request a leaf
certificate from the Connect CA.

This new Spiffe ID has a key property: servers are identified by their
datacenter name and trust domain. All servers that share these
attributes will share a ServerURI.

The aim is to use these certificates to verify the server name of ANY
server in a Consul datacenter.
2022-09-06 17:58:13 -06:00
..
ca Configure upstream TLS context with peer root certs (#13321) 2022-06-01 15:53:52 -06:00
authz.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
authz_test.go Remove ent checks from oss test 2021-09-16 14:53:28 -06:00
common_names.go
csr.go ConnectCA.Sign gRPC Endpoint (#12787) 2022-04-14 14:26:14 +01:00
generate.go ca: examine the full chain in newCARoot 2022-02-17 18:21:30 -05:00
generate_test.go bulk rewrite using this script 2022-01-20 10:46:23 -06:00
parsing.go ca: examine the full chain in newCARoot 2022-02-17 18:21:30 -05:00
sni.go peering: replicate expected SNI, SPIFFE, and service protocol to peers (#13218) 2022-05-25 12:37:44 -05:00
sni_test.go Cluster peering failover disco chain changes (#14296) 2022-08-23 09:13:43 -04:00
testing_ca.go xds: mesh gateways now have their own leaf certificate when involved in a peering (#13460) 2022-06-15 14:36:18 -05:00
testing_ca_test.go bulk rewrite using this script 2022-01-20 10:46:23 -06:00
testing_spiffe.go
uri.go Add SpiffeID for Consul server agents (#14485) 2022-09-06 17:58:13 -06:00
uri_agent.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
uri_agent_oss.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
uri_agent_oss_test.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
uri_mesh_gateway.go xds: mesh gateways now have their own leaf certificate when involved in a peering (#13460) 2022-06-15 14:36:18 -05:00
uri_mesh_gateway_oss.go xds: mesh gateways now have their own leaf certificate when involved in a peering (#13460) 2022-06-15 14:36:18 -05:00
uri_mesh_gateway_oss_test.go xds: mesh gateways now have their own leaf certificate when involved in a peering (#13460) 2022-06-15 14:36:18 -05:00
uri_server.go Add SpiffeID for Consul server agents (#14485) 2022-09-06 17:58:13 -06:00
uri_service.go Update RBAC to handle imported services (#13404) 2022-06-10 17:15:22 -04:00
uri_service_oss.go Update RBAC to handle imported services (#13404) 2022-06-10 17:15:22 -04:00
uri_service_oss_test.go Update RBAC to handle imported services (#13404) 2022-06-10 17:15:22 -04:00
uri_signing.go Add SpiffeID for Consul server agents (#14485) 2022-09-06 17:58:13 -06:00
uri_signing_test.go Add SpiffeID for Consul server agents (#14485) 2022-09-06 17:58:13 -06:00
uri_test.go Add SpiffeID for Consul server agents (#14485) 2022-09-06 17:58:13 -06:00
x509_patch.go
x509_patch_test.go