18193f2916
* Support vault namespaces in connect CA Follow on to some missed items from #12655 From an internal ticket "Support standard "Vault namespace in the path" semantics for Connect Vault CA Provider" Vault allows the namespace to be specified as a prefix in the path of a PKI definition, but our usage of the Vault API includes calls that don't support a namespaced key. In particular the sys.* family of calls simply appends the key, instead of prefixing the namespace in front of the path. Unfortunately it is difficult to reliably parse a path with a namespace; only vault knows what namespaces are present, and the '/' separator can be inside a key name, as well as separating path elements. This is in use in the wild; for example 'dc1/intermediate-key' is a relatively common naming schema. Instead we add two new fields: RootPKINamespace and IntermediatePKINamespace, which are the absolute namespace paths 'prefixed' in front of the respective PKI Paths. Signed-off-by: Mark Anderson <manderson@hashicorp.com> |
||
|---|---|---|
| .. | ||
| ca | ||
| authz.go | ||
| authz_test.go | ||
| common_names.go | ||
| csr.go | ||
| generate.go | ||
| generate_test.go | ||
| parsing.go | ||
| sni.go | ||
| sni_test.go | ||
| testing_ca.go | ||
| testing_ca_test.go | ||
| testing_spiffe.go | ||
| uri.go | ||
| uri_agent.go | ||
| uri_agent_oss.go | ||
| uri_agent_oss_test.go | ||
| uri_service.go | ||
| uri_service_oss.go | ||
| uri_service_oss_test.go | ||
| uri_signing.go | ||
| uri_signing_test.go | ||
| uri_test.go | ||
| x509_patch.go | ||
| x509_patch_test.go | ||