luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
open-vault/builtin/logical/pki
History
Alexander Scheel 1c85d611e2
Write delta WAL entries for unified CRLs (#18785) 
* Write delta WAL entries for unified CRLs

When we'd ordinarily write delta WALs for local CRLs, we also need to
populate the cross-cluster delta WAL. This could cause revocation to
appear to fail if the two clusters are disconnected, but notably regular
cross-cluster revocation would also fail.

Notably, this commit also changes us to not write Delta WALs when Delta
CRLs is disabled (versus previously doing it when auto rebuild is
enabled in case Delta CRLs were later asked for), and instead,
triggering rebuilding a complete CRL so we don't need up-to-date Delta
WAL info.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update IMS test for forced CRL rebuilds

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-01-23 16:56:08 +00:00
..
cmd/pki Update to api 1.0.1 and sdk 0.1.8 2019-04-15 14:10:07 -04:00
backend.go Write delta WAL entries for unified CRLs (#18785) 2023-01-23 16:56:08 +00:00
backend_test.go Write delta WAL entries for unified CRLs (#18785) 2023-01-23 16:56:08 +00:00
ca_test.go Add issuer reference info on JSON endpoint (#18482) 2022-12-19 21:39:01 +00:00
ca_util.go Add missing space in PKI error (#18778) 2023-01-20 11:02:17 -05:00
cert_util.go Refactor PKI to use shared storage context (#18266) 2022-12-08 09:27:02 -05:00
cert_util_test.go Refactor PKI to use shared storage context (#18266) 2022-12-08 09:27:02 -05:00
chain_test.go Move pki docker tests to pkiext (#17928) 2022-11-14 18:26:26 -05:00
chain_util.go PKI - Fix order of chain building writes (#17772) 2022-11-03 11:50:03 -04:00
config_util.go Refactor CRL Building for unified CRLs (#18754) 2023-01-18 15:05:14 -05:00
crl_test.go Refactor CRL Building for unified CRLs (#18754) 2023-01-18 15:05:14 -05:00
crl_util.go Write delta WAL entries for unified CRLs (#18785) 2023-01-23 16:56:08 +00:00
fields.go Add cross-cluster revocation queues for PKI (#18784) 2023-01-23 09:29:27 -05:00
integration_test.go Respond with data to all writes in PKI engine (#18222) 2022-12-05 10:40:39 -05:00
key_util.go Refactor PKI storage calls to take a shared struct (#16019) 2022-06-29 12:00:44 -04:00
managed_key_util.go secret/pki: Return correct algorithm type from key fetch API for managed keys (#15468) 2022-05-17 11:36:14 -04:00
ocsp.go Add unified storage support to OCSP handler (#18788) 2023-01-23 15:49:07 +00:00
ocsp_test.go Respond with data to all writes in PKI engine (#18222) 2022-12-05 10:40:39 -05:00
path_config_ca.go Move from %v->%w for errs (#17860) 2022-11-09 15:40:26 -05:00
path_config_cluster.go Add cluster_aia_path templating variable (#18493) 2023-01-10 09:51:37 -05:00
path_config_crl.go Write delta WAL entries for unified CRLs (#18785) 2023-01-23 16:56:08 +00:00
path_config_urls.go Add cluster_aia_path templating variable (#18493) 2023-01-10 09:51:37 -05:00
path_fetch.go Refactor PKI to use shared storage context (#18266) 2022-12-08 09:27:02 -05:00
path_fetch_issuers.go Correctly distinguish empty issuer names in PKI (#18466) 2023-01-10 10:04:30 -05:00
path_fetch_keys.go Refactor PKI storage calls to take a shared struct (#16019) 2022-06-29 12:00:44 -04:00
path_intermediate.go PKI: Add support for signature_bits param to the intermediate/generate api (#17388) 2022-10-03 12:39:54 -04:00
path_issue_sign.go Basics of Cert-Count Non-Locking Telemetry (#16676) 2022-09-20 10:32:20 -07:00
path_manage_issuers.go Refactor PKI to use shared storage context (#18266) 2022-12-08 09:27:02 -05:00
path_manage_keys.go Refactor PKI storage calls to take a shared struct (#16019) 2022-06-29 12:00:44 -04:00
path_manage_keys_test.go Move pki docker tests to pkiext (#17928) 2022-11-14 18:26:26 -05:00
path_resign_crls.go New PKI API to generate and sign a CRL based on input data (#18040) 2022-11-22 11:41:04 -05:00
path_resign_crls_test.go Respond with data to all writes in PKI engine (#18222) 2022-12-05 10:40:39 -05:00
path_revoke.go Add support for revoke by serial number to update the unified CRL (#18786) 2023-01-23 10:22:10 -05:00
path_roles.go Respond with data to all writes in PKI engine (#18222) 2022-12-05 10:40:39 -05:00
path_roles_test.go Move pki docker tests to pkiext (#17928) 2022-11-14 18:26:26 -05:00
path_root.go Allow tidy to backup legacy CA bundles (#18645) 2023-01-11 12:12:53 -05:00
path_sign_issuers.go Add PSS support to PKI Secrets Engine (#16519) 2022-08-03 12:42:24 -04:00
path_tidy.go More cross cluster queue tweaks (#18789) 2023-01-23 16:52:38 +00:00
path_tidy_test.go Add cross-cluster revocation queues for PKI (#18784) 2023-01-23 09:29:27 -05:00
secret_certs.go Add support for revoke by serial number to update the unified CRL (#18786) 2023-01-23 10:22:10 -05:00
storage.go Add unified storage support to OCSP handler (#18788) 2023-01-23 15:49:07 +00:00
storage_migrations.go PKI - Fix order of chain building writes (#17772) 2022-11-03 11:50:03 -04:00
storage_migrations_test.go Allow tidy to backup legacy CA bundles (#18645) 2023-01-11 12:12:53 -05:00
storage_test.go Move pki docker tests to pkiext (#17928) 2022-11-14 18:26:26 -05:00
storage_unified.go Add support for revoke by serial number to update the unified CRL (#18786) 2023-01-23 10:22:10 -05:00
test_helpers.go Add new PKI api to combine and sign different CRLs from the same issuer (#17813) 2022-11-17 16:53:05 -05:00
util.go Add unified storage support to OCSP handler (#18788) 2023-01-23 15:49:07 +00:00