Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Perform validation when issuing or signing certificates #28921

Merged
merged 1 commit into from
Nov 27, 2024
Merged

Perform validation when issuing or signing certificates #28921

merged 1 commit into from
Nov 27, 2024

Conversation

victorr
Copy link
Contributor

@victorr victorr commented Nov 15, 2024
edited
Loading

Description

Perform validation when issuing or signing certificates.

TODO only if you're a HashiCorp employee

  • Backport Labels: If this fix needs to be backported, use the appropriate backport/ label that matches the desired release branch. Note that in the CE repo, the latest release branch will look like backport/x.x.x, but older release branches will be backport/ent/x.x.x+ent.
    • LTS: If this fixes a critical security vulnerability or severity 1 bug, it will also need to be backported to the current LTS versions of Vault. To ensure this, use all available enterprise labels.
  • ENT Breakage: If this PR either 1) removes a public function OR 2) changes the signature
    of a public function, even if that change is in a CE file, double check that
    applying the patch for this PR to the ENT repo and running tests doesn't
    break any tests. Sometimes ENT only tests rely on public functions in CE
    files.
  • Jira: If this change has an associated Jira, it's referenced either
    in the PR description, commit message, or branch name.
  • RFC: If this change has an associated RFC, please link it in the description.
  • ENT PR: If this change has an associated ENT PR, please link it in the
    description. Also, make sure the changelog is in this PR, not in your ENT PR.

@victorr victorr added this to the 1.19.0-rc milestone Nov 15, 2024
@victorr victorr self-assigned this Nov 15, 2024
@victorr victorr requested a review from a team as a code owner November 15, 2024 15:05
@victorr victorr requested a review from kitography November 15, 2024 15:05
@github-actions github-actions bot added the hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed label Nov 15, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 15, 2024
edited
Loading

Build Results:
All builds succeeded! ✅

@victorr victorr force-pushed the victorr/vault-22013-pki-verify-certificates branch from bc46a87 to dbcf6a5 Compare November 15, 2024 15:15
@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 15, 2024
edited
Loading

CI Results:
All Go tests succeeded! ✅

kitography
kitography approved these changes Nov 15, 2024
View reviewed changes
Copy link
Contributor

@kitography kitography left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks great!

@victorr victorr force-pushed the victorr/vault-22013-pki-verify-certificates branch from dbcf6a5 to 193d3cb Compare November 15, 2024 15:42
kitography
kitography approved these changes Nov 15, 2024
View reviewed changes
Copy link
Contributor

@kitography kitography left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great!

@victorr victorr force-pushed the victorr/vault-22013-pki-verify-certificates branch 4 times, most recently from 2afbf98 to 19b3f66 Compare November 15, 2024 20:44
@victorr victorr added backport/ent/1.16.x+ent Changes are backported to 1.16.x+ent backport/1.18.x backport/ent/1.17.x+ent Changes are backported to 1.17.x+ent labels Nov 15, 2024
@victorr victorr requested a review from kitography November 15, 2024 21:15
@victorr victorr force-pushed the victorr/vault-22013-pki-verify-certificates branch from 19b3f66 to 4f833b1 Compare November 25, 2024 15:51
@victorr victorr requested a review from a team as a code owner November 25, 2024 15:51
@victorr victorr modified the milestones: 1.19.0-rc, 1.18.3 Nov 26, 2024
@victorr victorr force-pushed the victorr/vault-22013-pki-verify-certificates branch from 4f833b1 to f03a5c2 Compare November 26, 2024 16:02
@victorr victorr force-pushed the victorr/vault-22013-pki-verify-certificates branch from f03a5c2 to c047789 Compare November 26, 2024 16:14
kitography
kitography approved these changes Nov 26, 2024
View reviewed changes
Copy link
Contributor

@kitography kitography left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks Great!

stevendpclark
stevendpclark reviewed Nov 26, 2024
View reviewed changes
changelog/28921.txt Outdated
@@ -0,0 +1,3 @@
```release-note:bug
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should probably be called out as a change so it isn't lost in the bugs section of the changelog?

Also the message makes it sound like we never performed any certificate validation which isn't correct.

@victorr victorr force-pushed the victorr/vault-22013-pki-verify-certificates branch from d628c9f to 2e43281 Compare November 26, 2024 18:47
@victorr victorr force-pushed the victorr/vault-22013-pki-verify-certificates branch from 2e43281 to 8389b2e Compare November 26, 2024 19:10
@victorr
Perform validation when issuing or signing certificates.
f54743c 
Add environment variable VAULT_DISABLE_ISSUING_VERIFICATION.

Setting VAULT_DISABLE_ISSUING_VERIFICATION=true will disable the cert
issuance/signing verification.
@victorr victorr force-pushed the victorr/vault-22013-pki-verify-certificates branch from 8389b2e to f54743c Compare November 27, 2024 13:02
@victorr victorr enabled auto-merge (squash) November 27, 2024 13:21
@victorr victorr merged commit 31fc51c into main Nov 27, 2024
93 checks passed
@victorr victorr deleted the victorr/vault-22013-pki-verify-certificates branch November 27, 2024 13:23
Merged
6 tasks
victorr added a commit that referenced this pull request Nov 27, 2024
@victorr
Perform validation when issuing or signing certificates. (#28921)
8c601f7 
Add environment variable VAULT_DISABLE_ISSUING_VERIFICATION.

Setting VAULT_DISABLE_ISSUING_VERIFICATION=true will disable the cert
issuance/signing verification.
victorr added a commit that referenced this pull request Nov 27, 2024
@hc-github-team-secure-vault-core @victorr
Perform validation when issuing or signing certificates. (#28921) (#2…
5989f03 
…9037)

Add environment variable VAULT_DISABLE_ISSUING_VERIFICATION.

Setting VAULT_DISABLE_ISSUING_VERIFICATION=true will disable the cert
issuance/signing verification.

Co-authored-by: Victor Rodriguez <[email protected]>
victorr added a commit that referenced this pull request Nov 27, 2024
@victorr
Revert "Perform validation when issuing or signing certificates. (#28921
d1c5628 
)"

This reverts commit 31fc51c.
victorr added a commit that referenced this pull request Nov 27, 2024
@victorr
Revert "Perform validation when issuing or signing certificates. (#28921
c38edd9 
) (#29037)"

This reverts commit 5989f03.
This was referenced Nov 27, 2024
Merged
Merged
@victorr
Copy link
Contributor Author

victorr commented Nov 27, 2024

This PR is being reverted since it adds an ent function that is only needed on the main branch.

A re-worked PR will be created to remove the function.

victorr added a commit that referenced this pull request Nov 27, 2024
@victorr
Revert "Perform validation when issuing or signing certificates. (#28921
b2886d2 
)" (#29041)

This reverts commit 31fc51c.
victorr added a commit that referenced this pull request Nov 27, 2024
@victorr
Revert "Perform validation when issuing or signing certificates. (#28921
9b39c65 
) (#29037)" (#29042)

This reverts commit 5989f03.
@victorr victorr mentioned this pull request Nov 27, 2024
Merged
6 tasks
Monkeychip pushed a commit that referenced this pull request Nov 27, 2024
@victorr @Monkeychip
Perform validation when issuing or signing certificates. (#28921)
2ee2d83 
Add environment variable VAULT_DISABLE_ISSUING_VERIFICATION.

Setting VAULT_DISABLE_ISSUING_VERIFICATION=true will disable the cert
issuance/signing verification.
Monkeychip pushed a commit that referenced this pull request Nov 27, 2024
@victorr @Monkeychip
Revert "Perform validation when issuing or signing certificates. (#28921
cc3ec8b 
)" (#29041)

This reverts commit 31fc51c.
@victorr
Copy link
Contributor Author

victorr commented Nov 27, 2024

The PR that re-implements this one is #29045.

Merged
6 tasks
@victorr victorr mentioned this pull request Nov 27, 2024
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stevendpclark stevendpclark stevendpclark left review comments

@kitography kitography kitography approved these changes

Assignees

@victorr victorr

Labels
backport/ent/1.16.x+ent Changes are backported to 1.16.x+ent backport/ent/1.17.x+ent Changes are backported to 1.17.x+ent backport/1.18.x hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed
Projects
None yet
Milestone
1.18.3
Development

Successfully merging this pull request may close these issues.
3 participants
@victorr @kitography @stevendpclark