Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Always return PKI configs for CRLs, URLs #15470

Merged
merged 3 commits into from May 17, 2022
Merged

Always return PKI configs for CRLs, URLs #15470

merged 3 commits into from May 17, 2022

Conversation

cipherboy
Copy link
Contributor

Vault currently returns a nil response when the default CRL and URL configuration is being used. This doesn't really make sense, especially in the CRL case, as this default CRL config actually has 72h expiration (and isn't disabled).

Instead, always return config structs for both of these two configs. This matches the behavior introduced in the multi-issuer changes where config/issuers and config/keys always returns structs (even if empty of values).

@cipherboy
Always return non-nil CRL configuration
5eef048 
When using the default CRL configuration (as none has been set), return
the default configuration rather than inferring it in buildCRL. This
additionally allows us to return the default configuration on GET
operations to /config/crl.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
@cipherboy cipherboy added this to the 1.11.0-rc1 milestone May 17, 2022
@cipherboy cipherboy requested a review from a team May 17, 2022 14:31
@cipherboy cipherboy marked this pull request as ready for review May 17, 2022 14:33
@cipherboy
Always return non-nil URL configuration
da4b37f 
When using the default (empty) URL configuration as none has been set,
return the default configuration rather than inferring it inside of
fetchCAInfoByIssuerId or generateCert. This additionally allows us to
return the default configuration on GET operations to /config/urls.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
@cipherboy
Add changelog
52feae1 
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
@cipherboy cipherboy force-pushed the cipherboy-always-return-configs branch from 54e72ae to 52feae1 Compare May 17, 2022 14:52
@cipherboy cipherboy merged commit 7df89ee into main May 17, 2022
@cipherboy
Copy link
Contributor Author

Thanks @stevendpclark!

Gabrielopesantos pushed a commit to Gabrielopesantos/vault that referenced this pull request Jun 6, 2022
@cipherboy @Gabrielopesantos
Always return PKI configs for CRLs, URLs (hashicorp#15470)
feff731 
* Always return non-nil CRL configuration

When using the default CRL configuration (as none has been set), return
the default configuration rather than inferring it in buildCRL. This
additionally allows us to return the default configuration on GET
operations to /config/crl.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Always return non-nil URL configuration

When using the default (empty) URL configuration as none has been set,
return the default configuration rather than inferring it inside of
fetchCAInfoByIssuerId or generateCert. This additionally allows us to
return the default configuration on GET operations to /config/urls.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
@cipherboy cipherboy deleted the cipherboy-always-return-configs branch June 16, 2022 15:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stevendpclark stevendpclark stevendpclark approved these changes

Assignees
No one assigned
Labels
secret/pki
Projects
None yet
Milestone
1.11.0-rc1
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@cipherboy @stevendpclark