mirror of
https://github.com/hashicorp/vault.git
synced 2026-04-29 02:01:35 -04:00
476bec104e
* Add ACME health checks to pki health-check CLI
- Verify we have the required header values listed within allowed_response_headers: 'Replay-Nonce', 'Link', 'Location'
- Make sure the local cluster config path variable contains an URL with an https scheme
* Split ACME health checks into two separate verifications
- Promote ACME usage through the enable_acme_issuance check, if ACME is disabled currently
- If ACME is enabled verify that we have a valid
'path' field within local cluster configuration as well as the proper response headers allowed.
- Factor out response header verifications into a separate check mainly to work around possible permission issues.
* Only recommend enabling ACME on mounts with intermediate issuers
* Attempt to connect to the ACME directory based on the cluster path variable
- Final health check is to attempt to connect to the ACME directory based on the cluster local 'path' value. Only if we successfully connect do we say ACME is healthy.
* Fix broken unit test
|
||
|---|---|---|
| .. | ||
| healthcheck.go | ||
| pki.go | ||
| pki_allow_acme_headers.go | ||
| pki_allow_if_modified_since.go | ||
| pki_audit_visibility.go | ||
| pki_ca_validity_period.go | ||
| pki_crl_validity_period.go | ||
| pki_enable_acme_issuance.go | ||
| pki_enable_auto_tidy.go | ||
| pki_hardware_backed_root.go | ||
| pki_role_allows_glob_wildcards.go | ||
| pki_role_allows_localhost.go | ||
| pki_role_no_store_false.go | ||
| pki_root_issued_leaves.go | ||
| pki_tidy_last_run.go | ||
| pki_too_many_certs.go | ||
| shared.go | ||
| util.go | ||