Alexander Scheel 3d794050ff Allow templating cluster-local AIA URIs (#18199) ... * Allow templating of cluster-local AIA URIs This adds a new configuration path, /config/cluster, which retains cluster-local configuration. By extending /config/urls and its issuer counterpart to include an enable_templating parameter, we can allow operators to correctly identify the particular cluster a cert was issued on, and tie its AIA information to this (cluster, issuer) pair dynamically. Notably, this does not solve all usage issues around AIA URIs: the CRL and OCSP responder remain local, meaning that some merge capability is required prior to passing it to other systems if they use CRL files and must validate requests with certs from any arbitrary PR cluster. Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add documentation about templated AIAs Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add changelog entry Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add tests Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * AIA URIs -> AIA URLs Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * issuer.AIAURIs might be nil Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Allow non-nil response to config/urls Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Always validate URLs on config update Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Ensure URLs lack templating parameters Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Review feedback Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>		2022-12-05 10:38:26 -05:00
..
cmd/pki	Update to api 1.0.1 and sdk 0.1.8	2019-04-15 14:10:07 -04:00
backend_test.go	Allow templating cluster-local AIA URIs (#18199)	2022-12-05 10:38:26 -05:00
backend.go	Allow templating cluster-local AIA URIs (#18199)	2022-12-05 10:38:26 -05:00
ca_test.go	Make PKI tests run in parallel (#16514)	2022-08-01 16:43:38 -04:00
ca_util.go	Add PSS support to PKI Secrets Engine (#16519)	2022-08-03 12:42:24 -04:00
cert_util_test.go	Move pki docker tests to pkiext (#17928)	2022-11-14 18:26:26 -05:00
cert_util.go	Allow templating cluster-local AIA URIs (#18199)	2022-12-05 10:38:26 -05:00
chain_test.go	Move pki docker tests to pkiext (#17928)	2022-11-14 18:26:26 -05:00
chain_util.go	PKI - Fix order of chain building writes (#17772)	2022-11-03 11:50:03 -04:00
config_util.go	Handle removed default issuers (#17930)	2022-11-14 15:13:39 -05:00
crl_test.go	Move pki docker tests to pkiext (#17928)	2022-11-14 18:26:26 -05:00
crl_util.go	Move from %v->%w for errs (#17860)	2022-11-09 15:40:26 -05:00
fields.go	Add automatic tidy of expired issuers (#17823)	2022-11-10 10:53:26 -05:00
integration_test.go	Add pki nginx/wget/curl/Go integration tests (#17320)	2022-11-23 15:00:18 -05:00
key_util.go	Refactor PKI storage calls to take a shared struct (#16019)	2022-06-29 12:00:44 -04:00
managed_key_util.go	secret/pki: Return correct algorithm type from key fetch API for managed keys (#15468)	2022-05-17 11:36:14 -04:00
ocsp_test.go	Add cached OCSP client support to Cert Auth (#17093)	2022-11-21 10:39:24 -06:00
ocsp.go	Do not use possibly nil HttpRequest object in default OCSP handler (#18190)	2022-12-01 13:23:41 -05:00
path_config_ca.go	Move from %v->%w for errs (#17860)	2022-11-09 15:40:26 -05:00
path_config_cluster.go	Allow templating cluster-local AIA URIs (#18199)	2022-12-05 10:38:26 -05:00
path_config_crl.go	Fix various trivial warnings from staticcheck in the PKI plugin (#16946)	2022-08-31 16:25:14 -04:00
path_config_urls.go	Allow templating cluster-local AIA URIs (#18199)	2022-12-05 10:38:26 -05:00
path_fetch_issuers.go	Allow templating cluster-local AIA URIs (#18199)	2022-12-05 10:38:26 -05:00
path_fetch_keys.go	Refactor PKI storage calls to take a shared struct (#16019)	2022-06-29 12:00:44 -04:00
path_fetch.go	Return revocation info within existing certs/<serial> api (#17774)	2022-11-02 13:06:04 -04:00
path_intermediate.go	PKI: Add support for signature_bits param to the intermediate/generate api (#17388)	2022-10-03 12:39:54 -04:00
path_issue_sign.go	Basics of Cert-Count Non-Locking Telemetry (#16676)	2022-09-20 10:32:20 -07:00
path_manage_issuers.go	Move from %v->%w for errs (#17860)	2022-11-09 15:40:26 -05:00
path_manage_keys_test.go	Move pki docker tests to pkiext (#17928)	2022-11-14 18:26:26 -05:00
path_manage_keys.go	Refactor PKI storage calls to take a shared struct (#16019)	2022-06-29 12:00:44 -04:00
path_resign_crls_test.go	New PKI API to generate and sign a CRL based on input data (#18040)	2022-11-22 11:41:04 -05:00
path_resign_crls.go	New PKI API to generate and sign a CRL based on input data (#18040)	2022-11-22 11:41:04 -05:00
path_revoke.go	Move from %v->%w for errs (#17860)	2022-11-09 15:40:26 -05:00
path_roles_test.go	Move pki docker tests to pkiext (#17928)	2022-11-14 18:26:26 -05:00
path_roles.go	Fix various trivial warnings from staticcheck in the PKI plugin (#16946)	2022-08-31 16:25:14 -04:00
path_root.go	Move from %v->%w for errs (#17860)	2022-11-09 15:40:26 -05:00
path_sign_issuers.go	Add PSS support to PKI Secrets Engine (#16519)	2022-08-03 12:42:24 -04:00
path_tidy_test.go	Move pki docker tests to pkiext (#17928)	2022-11-14 18:26:26 -05:00
path_tidy.go	Add automatic tidy of expired issuers (#17823)	2022-11-10 10:53:26 -05:00
secret_certs.go	Allow Multiple Issuers in PKI Secret Engine Mounts - PKI Pod (#15277)	2022-05-11 12:42:28 -04:00
storage_migrations_test.go	Allow templating cluster-local AIA URIs (#18199)	2022-12-05 10:38:26 -05:00
storage_migrations.go	PKI - Fix order of chain building writes (#17772)	2022-11-03 11:50:03 -04:00
storage_test.go	Move pki docker tests to pkiext (#17928)	2022-11-14 18:26:26 -05:00
storage.go	Allow templating cluster-local AIA URIs (#18199)	2022-12-05 10:38:26 -05:00
test_helpers.go	Add new PKI api to combine and sign different CRLs from the same issuer (#17813)	2022-11-17 16:53:05 -05:00
util.go	Move from %v->%w for errs (#17860)	2022-11-09 15:40:26 -05:00