Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add acme challenge validation engine #20221

Merged
merged 7 commits into from
Apr 19, 2023
Merged

Add acme challenge validation engine #20221

merged 7 commits into from
Apr 19, 2023

Conversation

cipherboy
Copy link
Contributor

This adds the core validation engine portion to the Vault PKI ACME server, allowing us to trigger and validate challenges, with automatic server-driven retries.

This is triggered by the ACME client posting to the desired challenge URL to validate and currently only supports HTTP-01 challenges.

@cipherboy cipherboy added this to the 1.14 milestone Apr 18, 2023
@cipherboy cipherboy requested review from kitography, stevendpclark and a team April 18, 2023 12:34
@cipherboy cipherboy force-pushed the cipherboy-add-acme-challenge-engine branch 2 times, most recently from 4acf543 to 925cd5d Compare April 18, 2023 13:30
stevendpclark
stevendpclark approved these changes Apr 18, 2023
View reviewed changes
Copy link
Contributor

@stevendpclark stevendpclark left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good to me!

I was expecting to see this changing the order status to ready when the last authorization was completed? Did we want to do that somewhere else instead?

builtin/logical/pki/acme_challenge_engine.go Outdated Show resolved Hide resolved
@cipherboy cipherboy force-pushed the cipherboy-add-acme-challenge-engine branch from 925cd5d to fc3b2fa Compare April 18, 2023 16:05
@cipherboy
Allow creating storageContext with timeout
abb89d5 
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
@cipherboy
Add challenge validation engine to ACME
cc4f1fd 
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
@cipherboy
Initialize the ACME challenge validation engine
4fcd2d5 
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
@cipherboy
Trigger challenge validation on endpoint submission
67f5e1a 
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
@cipherboy
Fix GetKeyThumbprint to use raw base64
26edb5a 
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
@cipherboy
Point at localhost for testing
678feb7 
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
@cipherboy
Add cleanup of validation engine
7ed53ea 
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
@cipherboy cipherboy force-pushed the cipherboy-add-acme-challenge-engine branch from fc3b2fa to 7ed53ea Compare April 18, 2023 19:12
@cipherboy cipherboy merged commit dae04a8 into main Apr 19, 2023
@cipherboy cipherboy deleted the cipherboy-add-acme-challenge-engine branch April 21, 2023 13:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stevendpclark stevendpclark stevendpclark approved these changes

@kitography kitography Awaiting requested review from kitography

Assignees
No one assigned
Labels
enhancement pr/no-changelog secret/pki
Projects
None yet
Milestone
1.14
Development

Successfully merging this pull request may close these issues.
2 participants
@cipherboy @stevendpclark