Age | Commit message (Collapse) | Author |
|
|
|
|
|
- Add `fast_finish` to travis config
- Specify that Go 1.9 is supported
- Additional error checking which was previously missed
- Make the migrations test better
-
|
|
In retrospect a primary key that has no relation to the certificate is preferred to using the certificate KeyID. The KeyID is also very large for a primary index.
This is a moderately tricky migration, especially for SQLite which has no means of altering the table in this fashion - it involves creating the new table and copying the data.
Order of commands also matters - index names are global in SQLite, so the `idx_expires_at` index needs to be created at the correct stages.
For MySQL migration the necessary steps are run as a single alter statement to minimise the risk of leaving the migration in an incomplete state if anything aborts.
When tested on a table with 250,000 rows (MySQL 5.7) the migration took 3 seconds to complete. As certificates will be requested infrequently the risk of prolonged locking is minimal.
|
|
|
|
|
|
Static content generator finds the root of the git repo and executes from there. Packr will scan subdirs for boxes to be packed.
|
|
|
|
Return an error if the store isn't known, instead of defaulting to a mem store
|
|
|
|
It's currently hard to make changes to the database schema. Use sql-migrate to make incremental changes.
Stop hard-coding the database name (the default is still "certs" for backward-compatibility)
The `automigrate()` function will automatically run pending migrations.
Use a different migration directory per database driver. This carries a cost of duplication, but is easier than creating migrations which will cleanly execute in both SQLite and MySQL.
Migrations are shipped using the packr utility.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Resolves #40
|
|
|
|
|
|
* Allow tests to specify mysql connection info.
User can set MYSQL_TEST_USER, MYSQL_TEST_PASS and MYSQL_TEST_HOST
environment variables for test environments that need that.
* Changes from testing.
Need to set both time fields as '0000-00-00' depends on a feature
deprecated in MySQL 5.7.4.
Go lint wanted snake case for my sql_config var. sqlConfig it is.
* Go go idioms.
Based on feedback from Niall, a cleaner way to do this in Go.
|
|
|
|
|
|
|
|
sqlite uses CGO which prevents the building of statically-linked binaries.
This change will omit sqlite support when building a static binary with:
CGO_ENABLED=0 go build --ldflags '-extldflags "-static"'
|
|
The 'datastore' string option is deprecated and will be removed in a
future version. The new 'database' map option is preferred.
|
|
Vault is supported for the following:
As a well-known filesystem for TLS cert, TLS key and SSH signing key.
For configuration secrets for cookie_secret, csrf_secret, oauth_client_id and oauth_client_secret options.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Add a template for revocation
Use DATETIME type to store created/expires times
Require auth for the /admin and /revoke endpoints
|
|
|