consul/agent/connect
Hans Hasselberg 804eb17094
connect: check if intermediate cert needs to be renewed. (#6835)
Currently when using the built-in CA provider for Connect, root certificates are valid for 10 years, however secondary DCs get intermediates that are valid for only 1 year. There is no mechanism currently short of rotating the root in the primary that will cause the secondary DCs to renew their intermediates.
This PR adds a check that renews the cert if it is half way through its validity period.

In order to be able to test these changes, a new configuration option was added: IntermediateCertTTL which is set extremely low in the tests.
2020-01-17 23:27:13 +01:00
..
ca connect: check if intermediate cert needs to be renewed. (#6835) 2020-01-17 23:27:13 +01:00
common_names.go connect: Add AWS PCA provider (#6795) 2019-11-21 17:40:29 +00:00
csr.go auto_encrypt: set dns and ip san for k8s and provide configuration (#6944) 2020-01-17 23:25:26 +01:00
generate.go connect: Support RSA keys in addition to ECDSA (#6055) 2019-07-30 17:47:39 -04:00
generate_test.go Fix support for RSA CA keys in Connect. (#6638) 2019-11-01 13:20:26 +00:00
parsing.go Fix support for RSA CA keys in Connect. (#6638) 2019-11-01 13:20:26 +00:00
sni.go connect: generate the full SNI names for discovery targets in the compiler rather than in the xds package (#6340) 2019-08-19 13:03:03 -05:00
sni_test.go connect: generate the full SNI names for discovery targets in the compiler rather than in the xds package (#6340) 2019-08-19 13:03:03 -05:00
testing_ca.go connect: check if intermediate cert needs to be renewed. (#6835) 2020-01-17 23:27:13 +01:00
testing_ca_test.go Fix support for RSA CA keys in Connect. (#6638) 2019-11-01 13:20:26 +00:00
testing_spiffe.go Fixed many tests after rebase. Some still failing and seem unrelated to any connect changes. 2018-06-14 09:42:16 -07:00
uri.go tls: auto_encrypt enables automatic RPC cert provisioning for consul clients (#5597) 2019-06-27 22:22:07 +02:00
uri_agent.go tls: auto_encrypt enables automatic RPC cert provisioning for consul clients (#5597) 2019-06-27 22:22:07 +02:00
uri_agent_test.go tls: auto_encrypt enables automatic RPC cert provisioning for consul clients (#5597) 2019-06-27 22:22:07 +02:00
uri_service.go Intentions ACL enforcement updates (#7028) 2020-01-13 15:51:40 -05:00
uri_service_test.go Intentions ACL enforcement updates (#7028) 2020-01-13 15:51:40 -05:00
uri_signing.go fix typos reported by golangci-lint:misspell (#5434) 2019-03-06 11:13:28 -06:00
uri_signing_test.go Fixed many tests after rebase. Some still failing and seem unrelated to any connect changes. 2018-06-14 09:42:16 -07:00
uri_test.go tls: auto_encrypt enables automatic RPC cert provisioning for consul clients (#5597) 2019-06-27 22:22:07 +02:00