Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

server+runtime: add cert refreshing #4107

Merged
merged 8 commits into from Dec 9, 2021
Merged

server+runtime: add cert refreshing #4107

merged 8 commits into from Dec 9, 2021

Commits on Dec 9, 2021

  1. server: spin out s.cert into s.getCertificate() 

    Signed-off-by: Stephan Renatus <stephan.renatus@gmail.com>
    @srenatus
    srenatus committed Dec 9, 2021
    Configuration menu
    Copy the full SHA
    cdafbe6 View commit details
    Browse the repository at this point in the history

  2. server+runtime: record cert file paths, use atommic.Value 

    Signed-off-by: Stephan Renatus <stephan.renatus@gmail.com>
    @srenatus
    srenatus committed Dec 9, 2021
    Configuration menu
    Copy the full SHA
    49b30aa View commit details
    Browse the repository at this point in the history

  3. server: wire up cert refresh loop w/ configurable period 

    Signed-off-by: Stephan Renatus <stephan.renatus@gmail.com>
    @srenatus
    srenatus committed Dec 9, 2021
    Configuration menu
    Copy the full SHA
    5fcef66 View commit details
    Browse the repository at this point in the history

  4. test/e2e: add certrefresh test 

    Signed-off-by: Stephan Renatus <stephan.renatus@gmail.com>
    @srenatus
    srenatus committed Dec 9, 2021
    Configuration menu
    Copy the full SHA
    aa6dbf2 View commit details
    Browse the repository at this point in the history

  5. test/e2e/tls: add params that would be there when called through cmd/… 

    …run.go

Signed-off-by: Stephan Renatus <stephan.renatus@gmail.com>
    @srenatus
    srenatus committed Dec 9, 2021
    Configuration menu
    Copy the full SHA
    28ae06f View commit details
    Browse the repository at this point in the history

  6. server: track shasums of cert and key file for cert refresh 

    Signed-off-by: Stephan Renatus <stephan.renatus@gmail.com>
    @srenatus
    srenatus committed Dec 9, 2021
    Configuration menu
    Copy the full SHA
    e3b425b View commit details
    Browse the repository at this point in the history

  7. cmd/run: add cert-refresh opt-in arg, and cleanup args 

    With two flags, one for enable/disable and one for the period of
refreshes, we can avoid overloading the period flag with something
like "0" disables.

There's no need to use the VarP etc variants if the flag has no
shorthand. So, cleaned up a few of those.

Signed-off-by: Stephan Renatus <stephan.renatus@gmail.com>
    @srenatus
    srenatus committed Dec 9, 2021
    Configuration menu
    Copy the full SHA
    75ac802 View commit details
    Browse the repository at this point in the history

  8. docs/security: mention new flags, use info box for curl note 

    Signed-off-by: Stephan Renatus <stephan.renatus@gmail.com>
    @srenatus
    srenatus committed Dec 9, 2021
    Configuration menu
    Copy the full SHA
    6a8d482 View commit details
    Browse the repository at this point in the history