feat: Support multiple active CAs in Web exports #51301
Conversation
codingllama
added
the
no-changelog
|
The PR is smaller than it seems, as there's a big move from the larger apiserver{,_test}.go files to ca_export{,_test}.go files. Because of that I suggest reviewing commit-by-commit. |
|
Takes inspiration from Gavin's #35754, although it has my own spin on it. |
|
Do we have a way to put multiple DER-encoded certs in the zip file for windows, or will the zip always use PEM? The use case that led to this issue was exporting the windows CA when using HSMs. In order to import the CA on the windows side it needs to be DER. |
I used type=tls-user as an example, but it works the same for type=windows - you'd get the same zip as a result, but the underlying .cer files are DER and not PEM. |
|
Friendly ping @mvbrock @probakowski @GavinFrazar. |
codingllama
force-pushed
the
codingllama/export-all-web
branch
from
806d6b6 to
e2f08d1
Compare
|
Rebased onto master, no changes. |
|
Thanks, Zac! |
codingllama
force-pushed
the
codingllama/export-all-web
branch
from
ccec73a to
9e1b309
Compare
Add support for exporting multiple active CAs via the "format=zip" param.
Error before this PR:
After this PR:
If format=zip is supplied (for example, "/auth/export?type=tls-user&format=zip") then a zip file called "Teleport_CA.zip" is returned as an attachment. The file contains various "ca$i.cer" files, one for each exported CA, in whatever format it would have as a single-file export.
Follow up from #51189. Sibling PR to #51298.
#35444
Changelog: Added support for multiple active CAs in the /auth/export endpoint