consul/agent/structs
Mark Anderson c6ff4ba7d8
Support vault namespaces in connect CA (#12904)
* Support vault namespaces in connect CA

Follow on to some missed items from #12655

From an internal ticket "Support standard "Vault namespace in the
path" semantics for Connect Vault CA Provider"

Vault allows the namespace to be specified as a prefix in the path of
a PKI definition, but our usage of the Vault API includes calls that
don't support a namespaced key. In particular the sys.* family of
calls simply appends the key, instead of prefixing the namespace in
front of the path.

Unfortunately it is difficult to reliably parse a path with a
namespace; only vault knows what namespaces are present, and the '/'
separator can be inside a key name, as well as separating path
elements. This is in use in the wild; for example
'dc1/intermediate-key' is a relatively common naming schema.

Instead we add two new fields: RootPKINamespace and
IntermediatePKINamespace, which are the absolute namespace paths
'prefixed' in front of the respective PKI Paths.

Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-05-04 19:41:55 -07:00
..
acl.go acl: gRPC login and logout endpoints (#12935) 2022-05-04 17:38:45 +01:00
acl_cache.go acl: gRPC login and logout endpoints (#12935) 2022-05-04 17:38:45 +01:00
acl_cache_test.go acl: gRPC login and logout endpoints (#12935) 2022-05-04 17:38:45 +01:00
acl_oss.go Manual Structs fixup 2022-04-05 14:51:10 -07:00
acl_test.go acl: gRPC login and logout endpoints (#12935) 2022-05-04 17:38:45 +01:00
auto_encrypt.go tls: auto_encrypt enables automatic RPC cert provisioning for consul clients (#5597) 2019-06-27 22:22:07 +02:00
autopilot.go Switch to using the external autopilot module 2020-11-09 09:22:11 -05:00
autopilot_oss.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
catalog.go Manual Structs fixup 2022-04-05 14:51:10 -07:00
catalog_oss.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
check_definition.go Merge pull request #12685 from hashicorp/http-check-redirect-option 2022-04-07 11:29:27 -07:00
check_definition_test.go add http2 ping health checks (#8431) 2021-04-09 15:12:10 -04:00
check_type.go Add a field to disable following redirects on http checks 2022-04-05 16:12:18 -07:00
config_entry.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
config_entry_discoverychain.go Manual Structs fixup 2022-04-05 14:51:10 -07:00
config_entry_discoverychain_oss.go Manual Structs fixup 2022-04-05 14:51:10 -07:00
config_entry_discoverychain_test.go Remove support for failover to partition 2021-12-06 12:32:24 -07:00
config_entry_export_oss_test.go peering: initial sync (#12842) 2022-04-21 17:34:40 -05:00
config_entry_exports.go structs: ensure exported-services PeerName field can be addressed as peer_name (#12862) 2022-04-27 10:27:21 -05:00
config_entry_exports_test.go peering: initial sync (#12842) 2022-04-21 17:34:40 -05:00
config_entry_gateways.go Manual Structs fixup 2022-04-05 14:51:10 -07:00
config_entry_gateways_test.go Fix some more Enterprise Normalization issues affecting tests 2021-09-23 10:12:37 +01:00
config_entry_intentions.go Manual Structs fixup 2022-04-05 14:51:10 -07:00
config_entry_intentions_oss.go Manual Structs fixup 2022-04-05 14:51:10 -07:00
config_entry_intentions_test.go Sync enterprise changes to oss (#10994) 2021-09-08 11:59:30 -04:00
config_entry_mesh.go Docs and changelog edits 2022-05-04 08:50:59 -07:00
config_entry_mesh_oss.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
config_entry_oss.go peering: initial sync (#12842) 2022-04-21 17:34:40 -05:00
config_entry_oss_test.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
config_entry_test.go Update mesh config tests 2022-05-04 08:50:59 -07:00
connect.go Manual Structs fixup 2022-04-05 14:51:10 -07:00
connect_ca.go Support vault namespaces in connect CA (#12904) 2022-05-04 19:41:55 -07:00
connect_ca_test.go add root_cert_ttl option for consul connect, vault ca providers (#11428) 2021-11-02 11:02:10 -07:00
connect_oss.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
connect_proxy_config.go peering: Make Upstream peer-aware (#12900) 2022-04-29 18:12:51 -04:00
connect_proxy_config_oss.go Manual Structs fixup 2022-04-05 14:51:10 -07:00
connect_proxy_config_test.go bulk rewrite using this script 2022-01-20 10:46:23 -06:00
discovery_chain.go xds: ensure that all connect timeout configs can apply equally to tproxy direct dial connections (#12711) 2022-04-07 16:58:21 -05:00
discovery_chain_oss.go Manual Structs fixup 2022-04-05 14:51:10 -07:00
errors.go Special case the error returned when we have a Raft leader but are not tracking it in the ServerLookup (#9487) 2021-01-04 14:05:23 -05:00
federation_state.go wan federation via mesh gateways (#6884) 2020-03-09 15:59:02 -05:00
identity.go Manual Structs fixup 2022-04-05 14:51:10 -07:00
intention.go Manual Structs fixup 2022-04-05 14:51:10 -07:00
intention_oss.go Manual Structs fixup 2022-04-05 14:51:10 -07:00
intention_test.go bulk rewrite using this script 2022-01-20 10:46:23 -06:00
operator.go Switch to using the external autopilot module 2020-11-09 09:22:11 -05:00
peering.go peering: initial sync (#12842) 2022-04-21 17:34:40 -05:00
prepared_query.go peering: initial sync (#12842) 2022-04-21 17:34:40 -05:00
prepared_query_test.go structs: add two cache completeness tests types that implement cache.Request 2021-05-31 16:54:41 -04:00
protobuf_compat.go remove the rest of gogo 2022-03-28 17:34:41 -04:00
sanitize_oss.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
service_definition.go peering: Make Upstream peer-aware (#12900) 2022-04-29 18:12:51 -04:00
service_definition_test.go bulk rewrite using this script 2022-01-20 10:46:23 -06:00
snapshot.go agent: move agent/consul/structs to agent/structs 2017-08-09 14:32:12 +02:00
structs.go acl: gRPC login and logout endpoints (#12935) 2022-05-04 17:38:45 +01:00
structs_filtering_test.go peering: Make Upstream peer-aware (#12900) 2022-04-29 18:12:51 -04:00
structs_oss.go add new entmeta stuff. 2022-04-05 14:49:31 -07:00
structs_oss_test.go add new entmeta stuff. 2022-04-05 14:49:31 -07:00
structs_test.go peering: Make Upstream peer-aware (#12900) 2022-04-29 18:12:51 -04:00
system_metadata.go Add virtual IP generation for term gateway backed services 2022-01-12 12:08:49 -08:00
testing.go Vendor in rpc mono repo for net/rpc fork, go-msgpack, msgpackrpc. (#12311) 2022-02-14 09:45:45 -08:00
testing_catalog.go xds: prefer fed state gateway definitions if they're fresher (#11522) 2021-11-09 16:45:36 +00:00
testing_connect_proxy_config.go Manual Structs fixup 2022-04-05 14:51:10 -07:00
testing_intention.go Cleanup unnecessary normalizing method (#11169) 2021-09-28 15:31:12 -04:00
testing_service_definition.go Add Proxy Upstreams to Service Definition (#4639) 2018-10-10 16:55:34 +01:00
txn.go connect: intentions are now managed as a new config entry kind "service-intentions" (#8834) 2020-10-06 13:24:05 -05:00