luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity
open-vault/sdk
History
Scott Miller b51b2a7027
Add cached OCSP client support to Cert Auth (#17093) 
* wip

* Add cached OCSP client support to Cert Auth

* ->pointer

* Code cleanup

* Fix unit tests

* Use an LRU cache, and only persist up to 1000 of the most recently used values to stay under the storage entry limit

* Fix caching, add fail open mode parameter to cert auth roles

* reduce logging

* Add the retry client and GET then POST logic

* Drop persisted cache, make cache size configurable, allow for parallel testing of multiple servers

* dead code

* Update builtin/credential/cert/path_certs.go

Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Hook invalidate to reinit the ocsp cache size

* locking

* Conditionally init the ocsp client

* Remove cache size config from cert configs, it's a backend global

* Add field

* Remove strangely complex validity logic

* Address more feedback

* Rework error returning logic

* More edge cases

* MORE edge cases

* Add a test matrix with a builtin responder

* changelog

* Use an atomic for configUpdated

* Actually use ocsp_enabled, and bind to a random port for testing

* Update builtin/credential/cert/path_login.go

Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Refactor unit tests

* Add status to cache

* Make some functions private

* Rename for testing, and attribute

* Up to date gofumpt

* remove hash from key, and disable the vault dependent unit test

* Comment out TestMultiOCSP

* imports

* more imports

* Address semgrep results

* Attempt to pass some sort of logging to test_responder

* fix overzealous search&replace

Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>
 		2022-11-21 10:39:24 -06:00
..
database update protoc version to 3.21.7 oss (#17499) 2022-10-26 16:49:44 -07:00
framework Make request objects required (#17909) 2022-11-11 14:05:12 -08:00
helper Add cached OCSP client support to Cert Auth (#17093) 2022-11-21 10:39:24 -06:00
logical update protoc version to 3.21.7 oss (#17499) 2022-10-26 16:49:44 -07:00
physical VAULT-6938 Remove license from being cache exempt (#17265) 2022-09-26 10:26:07 -04:00
plugin update protoc version to 3.21.7 oss (#17499) 2022-10-26 16:49:44 -07:00
queue sdk/queue: move lock before checking queue length (#13146) 2021-11-29 14:54:00 -05:00
version Bump version in SDK to 1.13 for next major release (#17233) 2022-09-20 15:40:06 -04:00
README.md Create sdk/ and api/ submodules (#6583) 2019-04-12 17:54:35 -04:00
go.mod Add cached OCSP client support to Cert Auth (#17093) 2022-11-21 10:39:24 -06:00
go.sum Add cached OCSP client support to Cert Auth (#17093) 2022-11-21 10:39:24 -06:00

README.md

Vault SDK libs

This package provides the sdk package which contains code useful for developing Vault plugins.

Although we try not to break functionality, we reserve the right to reorganize the code at will and may occasionally cause breaks if they are warranted. As such we expect the tag of this module will stay less than v1.0.0.

For any major changes we will try to give advance notice in the CHANGES section of Vault's CHANGELOG.md.