Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Detect Vault 1.11+ import, update default issuer (#15253) #15437

Merged
merged 4 commits into from Nov 18, 2022
Merged

Detect Vault 1.11+ import, update default issuer (#15253) #15437

merged 4 commits into from Nov 18, 2022

Conversation

kisunji
Copy link
Contributor

@kisunji kisunji commented Nov 17, 2022

Consul used to rely on implicit issuer selection when calling Vault endpoints to issue new CSRs. Vault 1.11+ changed that behavior, which caused Consul to check the wrong (previous) issuer when renewing its Intermediate CA. This patch allows Consul to explicitly set a default issuer when it detects that the response from Vault is 1.11+.

Signed-off-by: Alexander Scheel alex.scheel@hashicorp.com
Co-authored-by: Chris S. Kim ckim@hashicorp.com

@cipherboy @kisunji
Detect Vault 1.11+ import, update default issuer (#15253)
ebe4102 
Consul used to rely on implicit issuer selection when calling Vault endpoints to issue new CSRs. Vault 1.11+ changed that behavior, which caused Consul to check the wrong (previous) issuer when renewing its Intermediate CA. This patch allows Consul to explicitly set a default issuer when it detects that the response from Vault is 1.11+.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
@kisunji kisunji mentioned this pull request Nov 17, 2022
Closed
3 tasks
@github-actions github-actions bot added the theme/connect Anything related to Consul Connect, Service Mesh, Side Car Proxies label Nov 17, 2022
@kisunji kisunji mentioned this pull request Nov 17, 2022
Merged
3 tasks
@kisunji kisunji merged commit 84838e5 into release/1.14.x Nov 18, 2022
@kisunji kisunji deleted the kisunji/1.14.x-backport branch November 18, 2022 15:24
hashi-derek added a commit that referenced this pull request Nov 21, 2022
@hashi-derek
Revert "Detect Vault 1.11+ import, update default issuer (#15253) (#1…
e297e3e 
…5437)"

This reverts commit 84838e5.

It will not be part of the 1.14.1 patch release.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
theme/connect Anything related to Consul Connect, Service Mesh, Side Car Proxies
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@kisunji @cipherboy