open-consul/agent/connect
Alexander Scheel 8ef3fe3812
Detect Vault 1.11+ import, update default issuer (#15253)
Consul used to rely on implicit issuer selection when calling Vault endpoints to issue new CSRs. Vault 1.11+ changed that behavior, which caused Consul to check the wrong (previous) issuer when renewing its Intermediate CA. This patch allows Consul to explicitly set a default issuer when it detects that the response from Vault is 1.11+.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
2022-11-17 16:29:49 -05:00
..
ca Detect Vault 1.11+ import, update default issuer (#15253) 2022-11-17 16:29:49 -05:00
authz.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
authz_test.go Remove ent checks from oss test 2021-09-16 14:53:28 -06:00
common_names.go Regenerate files according to 1.19.2 formatter 2022-10-24 16:12:08 -04:00
csr.go connect: strip port from DNS SANs for ingress gateway leaf cert (#15320) 2022-11-14 10:27:03 -08:00
csr_test.go connect: strip port from DNS SANs for ingress gateway leaf cert (#15320) 2022-11-14 10:27:03 -08:00
generate.go ca: examine the full chain in newCARoot 2022-02-17 18:21:30 -05:00
generate_test.go bulk rewrite using this script 2022-01-20 10:46:23 -06:00
parsing.go ca: examine the full chain in newCARoot 2022-02-17 18:21:30 -05:00
sni.go peering: replicate expected SNI, SPIFFE, and service protocol to peers (#13218) 2022-05-25 12:37:44 -05:00
sni_test.go Cluster peering failover disco chain changes (#14296) 2022-08-23 09:13:43 -04:00
testing_ca.go Use internal server certificate for peering TLS 2022-10-07 09:05:32 -06:00
testing_ca_test.go removes ioutil usage everywhere which was deprecated in go1.16 (#15297) 2022-11-10 10:26:01 -06:00
testing_spiffe.go connect: Add logic for updating secondary DC intermediate on config set 2020-11-13 14:33:44 -08:00
uri.go Add SpiffeID for Consul server agents (#14485) 2022-09-06 17:58:13 -06:00
uri_agent.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
uri_agent_oss.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
uri_agent_oss_test.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
uri_mesh_gateway.go xds: mesh gateways now have their own leaf certificate when involved in a peering (#13460) 2022-06-15 14:36:18 -05:00
uri_mesh_gateway_oss.go xds: mesh gateways now have their own leaf certificate when involved in a peering (#13460) 2022-06-15 14:36:18 -05:00
uri_mesh_gateway_oss_test.go xds: mesh gateways now have their own leaf certificate when involved in a peering (#13460) 2022-06-15 14:36:18 -05:00
uri_server.go Add handling in agent cache for server leaf certs 2022-09-16 17:54:34 -06:00
uri_service.go Update RBAC to handle imported services (#13404) 2022-06-10 17:15:22 -04:00
uri_service_oss.go Update RBAC to handle imported services (#13404) 2022-06-10 17:15:22 -04:00
uri_service_oss_test.go Update RBAC to handle imported services (#13404) 2022-06-10 17:15:22 -04:00
uri_signing.go Add SpiffeID for Consul server agents (#14485) 2022-09-06 17:58:13 -06:00
uri_signing_test.go Add SpiffeID for Consul server agents (#14485) 2022-09-06 17:58:13 -06:00
uri_test.go Add handling in agent cache for server leaf certs 2022-09-16 17:54:34 -06:00
x509_patch.go connect/ca: cease including the common name field in generated certs (#10424) 2021-06-25 13:00:00 -05:00
x509_patch_test.go connect/ca: cease including the common name field in generated certs (#10424) 2021-06-25 13:00:00 -05:00