open-consul/agent/structs
Hans Hasselberg 315ba7d6ad
connect: check if intermediate cert needs to be renewed. (#6835)
Currently when using the built-in CA provider for Connect, root certificates are valid for 10 years, however secondary DCs get intermediates that are valid for only 1 year. There is no mechanism currently short of rotating the root in the primary that will cause the secondary DCs to renew their intermediates.
This PR adds a check that renews the cert if it is half way through its validity period.

In order to be able to test these changes, a new configuration option was added: IntermediateCertTTL which is set extremely low in the tests.
2020-01-17 23:27:13 +01:00
..
acl.go AuthMethod updates to support alternate namespace logins (#7029) 2020-01-14 10:09:29 -05:00
acl_cache.go acl: adding support for kubernetes auth provider login (#5600) 2019-04-26 14:49:25 -05:00
acl_cache_test.go acl: adding support for kubernetes auth provider login (#5600) 2019-04-26 14:49:25 -05:00
acl_legacy.go acl: ACL Tokens can now be assigned an optional set of service identities (#5390) 2019-04-26 14:48:04 -05:00
acl_legacy_test.go New ACLs (#4791) 2018-10-19 12:04:07 -04:00
acl_oss.go AuthMethod updates to support alternate namespace logins (#7029) 2020-01-14 10:09:29 -05:00
acl_test.go Fix the Synthetic Policy Tests (#6715) 2019-10-30 15:15:14 -04:00
auto_encrypt.go tls: auto_encrypt enables automatic RPC cert provisioning for consul clients (#5597) 2019-06-27 22:22:07 +02:00
catalog.go Sync of OSS changes to support namespaces (#6909) 2019-12-09 21:26:41 -05:00
check_definition.go Sync of OSS changes to support namespaces (#6909) 2019-12-09 21:26:41 -05:00
check_definition_test.go Sync of OSS changes to support namespaces (#6909) 2019-12-09 21:26:41 -05:00
check_type.go Add Namespace support to the API module and the CLI commands (#6874) 2019-12-06 11:14:56 -05:00
config_entry.go Sync of OSS changes to support namespaces (#6909) 2019-12-09 21:26:41 -05:00
config_entry_discoverychain.go Add Namespace support to the API module and the CLI commands (#6874) 2019-12-06 11:14:56 -05:00
config_entry_discoverychain_test.go Updates to allow for Namespacing ACL resources in Consul Enterp… (#6675) 2019-10-24 14:38:09 -04:00
config_entry_test.go connect: introduce ExternalSNI field on service-defaults (#6324) 2019-08-19 12:19:44 -05:00
connect.go Intentions ACL enforcement updates (#7028) 2020-01-13 15:51:40 -05:00
connect_ca.go connect: check if intermediate cert needs to be renewed. (#6835) 2020-01-17 23:27:13 +01:00
connect_ca_test.go connect: tame thundering herd of CSRs on CA rotation (#5228) 2019-01-22 17:19:36 +00:00
connect_oss.go Intentions ACL enforcement updates (#7028) 2020-01-13 15:51:40 -05:00
connect_proxy_config.go Add Namespace support to the API module and the CLI commands (#6874) 2019-12-06 11:14:56 -05:00
connect_proxy_config_test.go connect: reconcile how upstream configuration works with discovery chains (#6225) 2019-08-01 22:03:34 -05:00
discovery_chain.go Add Namespace support to the API module and the CLI commands (#6874) 2019-12-06 11:14:56 -05:00
errors.go Distinguish between DC not existing and not being available (#6399) 2019-09-03 09:46:24 -06:00
intention.go Intentions ACL enforcement updates (#7028) 2020-01-13 15:51:40 -05:00
intention_oss.go Intentions ACL enforcement updates (#7028) 2020-01-13 15:51:40 -05:00
intention_test.go Intentions ACL enforcement updates (#7028) 2020-01-13 15:51:40 -05:00
operator.go Move autopilot to a standalone package 2017-12-11 16:45:33 -08:00
prepared_query.go Sync of OSS changes to support namespaces (#6909) 2019-12-09 21:26:41 -05:00
prepared_query_test.go
protobuf_compat.go Expand the QueryOptions and QueryMeta interfaces (#6545) 2019-09-26 09:55:02 -04:00
sanitize_oss.go Update to use a consulent build tag instead of just ent (#5759) 2019-05-01 11:11:27 -04:00
service_definition.go Sync of OSS changes to support namespaces (#6909) 2019-12-09 21:26:41 -05:00
service_definition_test.go connect: remove managed proxies (#6220) 2019-08-09 15:19:30 -04:00
snapshot.go
structs.go Add support for dual stack IPv4/IPv6 network (#6640) 2020-01-17 09:54:17 -05:00
structs_filtering_test.go Store check type in catalog (#6561) 2019-10-17 20:33:11 +02:00
structs_oss.go Move Session.CheckIDs into OSS only code. (#6993) 2020-01-03 15:51:19 -05:00
structs_test.go Expose HTTP-based paths through Connect proxy (#6446) 2019-09-25 20:55:52 -06:00
testing_catalog.go Add support for dual stack IPv4/IPv6 network (#6640) 2020-01-17 09:54:17 -05:00
testing_connect_proxy_config.go Add -sidecar-for and new /agent/service/:service_id endpoint (#4691) 2018-10-10 16:55:34 +01:00
testing_intention.go agent: use testing intention to get valid intentions 2018-06-14 09:41:43 -07:00
testing_service_definition.go Add Proxy Upstreams to Service Definition (#4639) 2018-10-10 16:55:34 +01:00
txn.go OSS KV Modifications to Support Namespaces 2019-11-25 12:57:35 -05:00