Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add hardware_backed_root, root_issued_leaves health checks #17865

Merged
merged 6 commits into from
Nov 16, 2022
Merged

Add hardware_backed_root, root_issued_leaves health checks #17865

merged 6 commits into from
Nov 16, 2022

Conversation

cipherboy
Copy link
Contributor

@cipherboy cipherboy commented Nov 9, 2022
edited
Loading

This is based on top of #17750; will be rebased once that merges.

We add two new health checks in this one:

  • hardware_backed_root, defaulting to disabled, which checks whether Root CAs are backed by the Managed Key subsystem.
  • root_issued_leaves, which checks whether the root has directly issued leaf certificates.

We also update the list to also show the configuration for that health check, and fix table listing to be in a static order.

@cipherboy cipherboy mentioned this pull request Nov 10, 2022
Merged
@cipherboy cipherboy force-pushed the cipherboy-add-root-health-checks branch from 089188f to 699a303 Compare November 16, 2022 14:43
@cipherboy
Fix %v->%w
c3ff023 
Signed-off-by: Alexander Scheel <[email protected]>
@cipherboy cipherboy marked this pull request as ready for review November 16, 2022 14:44
@cipherboy cipherboy requested review from kitography, stevendpclark and a team November 16, 2022 14:44
@cipherboy cipherboy added this to the 1.13.0-rc1 milestone Nov 16, 2022
stevendpclark
stevendpclark approved these changes Nov 16, 2022
View reviewed changes
Copy link
Contributor

@stevendpclark stevendpclark left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@cipherboy
Copy link
Contributor Author

Thanks! Merging, I'll address the semgrep problem in a subsequent PR.

@cipherboy cipherboy merged commit 1362848 into main Nov 16, 2022
@cipherboy cipherboy deleted the cipherboy-add-root-health-checks branch December 1, 2022 14:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stevendpclark stevendpclark stevendpclark approved these changes

@kitography kitography Awaiting requested review from kitography

Assignees
No one assigned
Labels
enhancement pr/no-changelog secret/pki
Projects
None yet
Milestone
1.13.0-rc1
Development

Successfully merging this pull request may close these issues.
2 participants
@cipherboy @stevendpclark