18193f2916
* Support vault namespaces in connect CA Follow on to some missed items from #12655 From an internal ticket "Support standard "Vault namespace in the path" semantics for Connect Vault CA Provider" Vault allows the namespace to be specified as a prefix in the path of a PKI definition, but our usage of the Vault API includes calls that don't support a namespaced key. In particular the sys.* family of calls simply appends the key, instead of prefixing the namespace in front of the path. Unfortunately it is difficult to reliably parse a path with a namespace; only vault knows what namespaces are present, and the '/' separator can be inside a key name, as well as separating path elements. This is in use in the wild; for example 'dc1/intermediate-key' is a relatively common naming schema. Instead we add two new fields: RootPKINamespace and IntermediatePKINamespace, which are the absolute namespace paths 'prefixed' in front of the respective PKI Paths. Signed-off-by: Mark Anderson <manderson@hashicorp.com> |
||
|---|---|---|
| .. | ||
| common.go | ||
| mock_Provider.go | ||
| provider.go | ||
| provider_aws.go | ||
| provider_aws_test.go | ||
| provider_consul.go | ||
| provider_consul_config.go | ||
| provider_consul_test.go | ||
| provider_test.go | ||
| provider_vault.go | ||
| provider_vault_test.go | ||
| testing.go | ||