mirror of
https://github.com/hashicorp/vault.git
synced 2025-12-24 10:51:55 +01:00
32f7e8ba28
* Fix RevocationSigAlg provisioning in GCP GCP restricts keys to a certain type of signature, including hash algorithm, so we must provision our RevocationSigAlg from the root itself unconditionally in order for GCP to work. This does change the default, but only for newly created certificates. Additionally, we clarify that CRL building is not fatal to the import process. Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add inverse mapping for SignatureAlgorithm By default we'd use .String() on x509.SignatureAlgorithm, but this doesn't round-trip. Switch to a custom map that is round-trippable and matches the constant name as there is no other way to get this info presently. Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add test to ensure root creation sets rev_sig_alg Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Test round-tripping of SigAlgoNames, InvSigAlgoNames Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Fix failing Default Update test Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>