Allow mTLS for mysql secrets engine #9181
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 4 commits
June 10, 2020 10:26
Test must be run manually after removing the skip which is present to make sure CI doesn't explode.
Valarissa
force-pushed
the
allow_mtls_for_mysql_secrets
branch
from
051fe58
to
702e4ed
Compare
pcman312
reviewed
Jun 11, 2020
catsby
reviewed
Jun 12, 2020
|
|
||
| for _, opt := range opts { | ||
| err := opt(&builder) | ||
| if err != nil { |
There was a problem hiding this comment.
Style nit: If we're only evaluating a local variable, it's common to see these statements on one line like so:
if err := opt(&builder); err != nil {
// reference err here
}There was a problem hiding this comment.
Interesting style, noted. Used elsewhere, unsure if I changed this one.
catsby
reviewed
Jun 12, 2020
Valarissa
force-pushed
the
allow_mtls_for_mysql_secrets
branch
from
c638808
to
5acc198
Compare
pcman312
reviewed
Jun 17, 2020
pcman312
approved these changes
Jun 17, 2020
|
catsby
added a commit
that referenced
this pull request
Jun 19, 2020
* master: (31 commits) changelog++ changelog++ Ui/replication status discoverability (#8705) Update CHANGELOG.md Counter that increments on every secret engine lease creation. (#9244) Add password_policy field to Azure docs (#9249) Replaced ClusterMetricSink's cluster name with an atomic.Value. (#9252) Fix database creds rotation panic for nil resp (#9258) changelog++ changelog++ Move sdk/helper/random -> helper/random (#9226) UI: Disallow kv2 with too large 'max versions' value (#9242) Allow mTLS for mysql secrets engine (#9181) docs: add sample revocation for mongodb (#9245) Add new Telemetry config options (#9238) Add a simple sealed gauge, updated when seal status changes (#9177) Test Shamir-to-Transit and Transit-to-Shamir Seal Migration for post-1.4 Vault. (#9214) Configure metrics wrapper with the "global" object, not just the fanout. (#9099) changelog++ Add backend type to audit logs (#9167) ...
andaley
pushed a commit
that referenced
this pull request
Jul 17, 2020
* Extract certificate helpers for use in non-mongodb packages * Created mTLS/X509 test for MySQL secrets engine. * Ensure mysql username and passwords aren't url encoded * Skip mTLS test for circleCI
Valarissa
pushed a commit
that referenced
this pull request
Aug 17, 2020
* Update documentation for MySQL Secrets Engine Update documentation for MySQL Database Secrets Engine to reflect changes introduced with #9181 * Empty Commit to re-trigger tests Co-authored-by: Lauren Voswinkel <lvoswinkel@hashicorp.com>
Valarissa
pushed a commit
that referenced
this pull request
Aug 17, 2020
* Update documentation for MySQL Secrets Engine Update documentation for MySQL Database Secrets Engine to reflect changes introduced with #9181 * Empty Commit to re-trigger tests Co-authored-by: Lauren Voswinkel <lvoswinkel@hashicorp.com>
Valarissa
pushed a commit
that referenced
this pull request
Aug 18, 2020
* Update documentation for MySQL Secrets Engine Update documentation for MySQL Database Secrets Engine to reflect changes introduced with #9181 * Empty Commit to re-trigger tests Co-authored-by: Lauren Voswinkel <lvoswinkel@hashicorp.com> Co-authored-by: arnis <8789226+0x63lv@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This change enables the usage of mTLS with the mysql secrets engine.
It requires the following values to be passed to the MySQLConnectionProducer in order to enable mTLS:
These provide a combined Cert and Key PEM block and the CA PEM block of the CA that signed the server and client certs.
An automated test is provided in the code presented, it is skipped by default due to our CI not being able to create and mount files to a docker image.
Feel free to ask any questions to help review this.
Test output: