* Adding explicit MPL license for sub-package.
This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository.
* Adding explicit MPL license for sub-package.
This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository.
* Updating the license from MPL to Business Source License.
Going forward, this project will be licensed under the Business Source License v1.1. Please see our blog post for more details at https://hashi.co/bsl-blog, FAQ at www.hashicorp.com/licensing-faq, and details of the license at www.hashicorp.com/bsl.
* add missing license headers
* Update copyright file headers to BUS-1.1
* Fix test that expected exact offset on hcl file
---------
Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
Co-authored-by: Sarah Thompson <sthompson@hashicorp.com>
Co-authored-by: Brian Kassouf <bkassouf@hashicorp.com>
* Fix ACME computed order status
* Return validation errors and status updates for authorizations
- We now populate the error field within challenges with the error results from the challenge
- Update the status of the challenge and authorizations to invalid when we give up on the challenge
- Verify that only a single challenge within a given authorization can be accepted to avoid race conditions.
* Fix error handling in ACME
- If we don't match a specific ACME error, use ErrServerInternal instead of the last error type from the internal map
- Logger parameters need two params
* Enforce cluster local path is set when enabling ACME
* Add a warning on ACME config read api if enabled but path not set
- This might help expose that the local path configuration on a secondary cluster was not set which would prevent ACME from running.
* Add the ability to disable ACME through an OS environment variable
- Disable ACME through the VAULT_DISABLE_PUBLIC_ACME environment
variable.
* PR feedback
- Switch to using t.Setenv instead of manually doing it
- Remove t.Parallel from the test not to influence others
* make fmt
* WIP: Implement ACME CSR signing and certificate retrieval
* Add some validations within the ACME finalize API
- Validate that the CSR we were given matches the DNS names
and IP addresses within the order
- Validate that the CSR does not share the same public as the
account
* Gate ACME finalize order validating all authorizations are in valid state
* Move all ACME wrappers into a dedicated go file
- Make it easier to figure out where the various wrappers for
ACME exist by locating them inside a dedicated go file instead
of spread out across the various path_acme_xxx files.
* Add missing copyright headers to PKI files
* Squash pki/acme package down to pki folder
Without refactoring most of PKI to export the storage layer, which we
were initially hesitant about, it would be nearly impossible to have the
ACME layer handle its own storage while being in the acme/ subpackage
under the pki package.
Thus, merge the two packages together again.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Properly format errors for missing parameters
When missing required ACME request parameters, don't return Vault-level
errors, but drop into the PKI package to return properly-formatted ACME
error messages.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Error type clarifications
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Fix GetOk with type conversion calls
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
---------
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
