luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity
open-consul/agent/consul
History
Hans Hasselberg 315ba7d6ad
connect: check if intermediate cert needs to be renewed. (#6835) 
Currently when using the built-in CA provider for Connect, root certificates are valid for 10 years, however secondary DCs get intermediates that are valid for only 1 year. There is no mechanism currently short of rotating the root in the primary that will cause the secondary DCs to renew their intermediates.
This PR adds a check that renews the cert if it is half way through its validity period.

In order to be able to test these changes, a new configuration option was added: IntermediateCertTTL which is set extremely low in the tests.
 		2020-01-17 23:27:13 +01:00
..
authmethod AuthMethod updates to support alternate namespace logins (#7029) 2020-01-14 10:09:29 -05:00
autopilot autopilot: fix dead server removal condition to use correct failure tolerance (#4017) 2019-12-16 23:35:13 +01:00
discoverychain
fsm connect: check if intermediate cert needs to be renewed. (#6835) 2020-01-17 23:27:13 +01:00
prepared_query Sync of OSS changes to support namespaces (#6909) 2019-12-09 21:26:41 -05:00
state AuthMethod updates to support alternate namespace logins (#7029) 2020-01-14 10:09:29 -05:00
testdata Fix support for RSA CA keys in Connect. (#6638) 2019-11-01 13:20:26 +00:00
acl.go Intentions ACL enforcement updates (#7028) 2020-01-13 15:51:40 -05:00
acl_authmethod.go AuthMethod updates to support alternate namespace logins (#7029) 2020-01-14 10:09:29 -05:00
acl_authmethod_test.go
acl_client.go OSS changes for implementing token based namespace inferencing 2019-12-18 14:07:08 -05:00
acl_endpoint.go AuthMethod updates to support alternate namespace logins (#7029) 2020-01-14 10:09:29 -05:00
acl_endpoint_legacy.go AuthMethod updates to support alternate namespace logins (#7029) 2020-01-14 10:09:29 -05:00
acl_endpoint_test.go Unflake the TestACLEndpoint_TokenList test 2019-12-18 14:07:07 -05:00
acl_oss.go Intentions ACL enforcement updates (#7028) 2020-01-13 15:51:40 -05:00
acl_oss_test.go Update the ACL Resolver to allow for Consul Enterprise specific hooks. (#6687) 2019-10-25 11:06:16 -04:00
acl_replication.go Sync of OSS changes to support namespaces (#6909) 2019-12-09 21:26:41 -05:00
acl_replication_legacy.go AuthMethod updates to support alternate namespace logins (#7029) 2020-01-14 10:09:29 -05:00
acl_replication_legacy_test.go AuthMethod updates to support alternate namespace logins (#7029) 2020-01-14 10:09:29 -05:00
acl_replication_test.go AuthMethod updates to support alternate namespace logins (#7029) 2020-01-14 10:09:29 -05:00
acl_replication_types.go AuthMethod updates to support alternate namespace logins (#7029) 2020-01-14 10:09:29 -05:00
acl_server.go OSS changes for implementing token based namespace inferencing 2019-12-18 14:07:08 -05:00
acl_test.go Sync of OSS changes to support namespaces (#6909) 2019-12-09 21:26:41 -05:00
acl_token_exp.go Ensure that cache entries for tokens are prefixed “token-secret… (#6688) 2019-10-25 13:05:43 -04:00
acl_token_exp_test.go
auto_encrypt.go auto_encrypt: set dns and ip san for k8s and provide configuration (#6944) 2020-01-17 23:25:26 +01:00
auto_encrypt_endpoint.go
auto_encrypt_endpoint_test.go auto_encrypt: set dns and ip san for k8s and provide configuration (#6944) 2020-01-17 23:25:26 +01:00
auto_encrypt_test.go
autopilot.go
autopilot_oss.go
autopilot_test.go autopilot: fix dead server removal condition to use correct failure tolerance (#4017) 2019-12-16 23:35:13 +01:00
catalog_endpoint.go OSS changes for implementing token based namespace inferencing 2019-12-18 14:07:08 -05:00
catalog_endpoint_test.go
client.go Intentions ACL enforcement updates (#7028) 2020-01-13 15:51:40 -05:00
client_serf.go
client_test.go
config.go connect: check if intermediate cert needs to be renewed. (#6835) 2020-01-17 23:27:13 +01:00
config_endpoint.go ACL Authorizer overhaul (#6620) 2019-10-15 16:58:50 -04:00
config_endpoint_test.go
config_replication.go
config_replication_test.go
connect_ca_endpoint.go connect: Add AWS PCA provider (#6795) 2019-11-21 17:40:29 +00:00
connect_ca_endpoint_test.go Support Connect CAs that can't cross sign (#6726) 2019-11-11 21:36:22 +00:00
consul_ca_delegate.go connect: derive connect certificate serial numbers from a memdb index instead of the provider table max index (#7011) 2020-01-09 16:32:19 +01:00
coordinate_endpoint.go ACL Authorizer overhaul (#6620) 2019-10-15 16:58:50 -04:00
coordinate_endpoint_test.go
discovery_chain_endpoint.go ACL Authorizer overhaul (#6620) 2019-10-15 16:58:50 -04:00
discovery_chain_endpoint_test.go
enterprise_client_oss.go
enterprise_config_oss.go
enterprise_server_oss.go Add hook for validating the enterprise meta attached to a reque… (#6695) 2019-10-30 12:42:39 -04:00
filter.go Rename EnterpriseAuthorizerContext -> AuthorizerContext 2019-12-18 13:43:24 -05:00
filter_test.go OSS KV Modifications to Support Namespaces 2019-11-25 12:57:35 -05:00
flood.go
health_endpoint.go OSS changes for implementing token based namespace inferencing 2019-12-18 14:07:08 -05:00
health_endpoint_test.go
helper_test.go
intention_endpoint.go Intentions ACL enforcement updates (#7028) 2020-01-13 15:51:40 -05:00
intention_endpoint_test.go Intentions ACL enforcement updates (#7028) 2020-01-13 15:51:40 -05:00
internal_endpoint.go Sync of OSS changes to support namespaces (#6909) 2019-12-09 21:26:41 -05:00
internal_endpoint_test.go
issue_test.go Sync of OSS changes to support namespaces (#6909) 2019-12-09 21:26:41 -05:00
kvs_endpoint.go OSS changes for implementing token based namespace inferencing 2019-12-18 14:07:08 -05:00
kvs_endpoint_test.go OSS KV Modifications to Support Namespaces 2019-11-25 12:57:35 -05:00
leader.go Sync of OSS changes to support namespaces (#6909) 2019-12-09 21:26:41 -05:00
leader_connect.go connect: check if intermediate cert needs to be renewed. (#6835) 2020-01-17 23:27:13 +01:00
leader_connect_test.go connect: check if intermediate cert needs to be renewed. (#6835) 2020-01-17 23:27:13 +01:00
leader_routine_manager.go
leader_routine_manager_test.go
leader_test.go Sync of OSS changes to support namespaces (#6909) 2019-12-09 21:26:41 -05:00
merge.go
merge_test.go
operator_autopilot_endpoint.go ACL Authorizer overhaul (#6620) 2019-10-15 16:58:50 -04:00
operator_autopilot_endpoint_test.go Set MinQuorum variable in Autopilot (#6654) 2019-10-29 09:04:41 -05:00
operator_endpoint.go
operator_raft_endpoint.go ACL Authorizer overhaul (#6620) 2019-10-15 16:58:50 -04:00
operator_raft_endpoint_test.go
prepared_query_endpoint.go Sync of OSS changes to support namespaces (#6909) 2019-12-09 21:26:41 -05:00
prepared_query_endpoint_test.go OSS Modifications necessary for sessions namespacing 2019-11-25 12:07:04 -05:00
raft_rpc.go
replication.go More Replication Abstractions (#6689) 2019-10-28 13:49:57 -04:00
replication_test.go More Replication Abstractions (#6689) 2019-10-28 13:49:57 -04:00
rpc.go agent: configurable MaxQueryTime and DefaultQueryTime. (#3777) 2020-01-17 14:20:57 +01:00
rpc_test.go
rtt.go
rtt_test.go
segment_oss.go
serf_test.go
server.go connect: check if intermediate cert needs to be renewed. (#6835) 2020-01-17 23:27:13 +01:00
server_lookup.go
server_lookup_test.go
server_oss.go
server_serf.go
server_test.go connect: check if intermediate cert needs to be renewed. (#6835) 2020-01-17 23:27:13 +01:00
session_endpoint.go OSS changes for implementing token based namespace inferencing 2019-12-18 14:07:08 -05:00
session_endpoint_test.go OSS Modifications necessary for sessions namespacing 2019-11-25 12:07:04 -05:00
session_timers.go
session_timers_test.go
session_ttl.go OSS Modifications necessary for sessions namespacing 2019-11-25 12:07:04 -05:00
session_ttl_test.go OSS Modifications necessary for sessions namespacing 2019-11-25 12:07:04 -05:00
snapshot_endpoint.go ACL Authorizer overhaul (#6620) 2019-10-15 16:58:50 -04:00
snapshot_endpoint_test.go OSS Modifications necessary for sessions namespacing 2019-11-25 12:07:04 -05:00
stats_fetcher.go
stats_fetcher_test.go
status_endpoint.go
status_endpoint_test.go
txn_endpoint.go
txn_endpoint_test.go Sync of OSS changes to support namespaces (#6909) 2019-12-09 21:26:41 -05:00
util.go
util_test.go