status-im/consul
2
0
Fork 0
mirror of https://github.com/status-im/consul.git synced 2025-02-23 02:48:19 +00:00
Code Issues Projects Releases Wiki Activity

connect: add ExternalTrustDomain to CARoot fields

Browse Source
This commit is contained in:
Kyle Havlovitz 2018-09-17 02:00:28 -07:00
parent 46c829b879
commit 98d95cfa80
3 changed files with 26 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
agent/consul/connect_ca_endpoint.go
View File

@ -107,7 +107,7 @@ func (s *ConnectCA) ConfigurationSet(
return err return err
} }
newActiveRoot, err := parseCARoot(newRootPEM, args.Config.Provider) newActiveRoot, err := parseCARoot(newRootPEM, args.Config.Provider, args.Config.ClusterID)
if err != nil { if err != nil {
return err return err
} }
@ -280,6 +280,7 @@ func (s *ConnectCA) Roots(
Name: r.Name, Name: r.Name,
SerialNumber: r.SerialNumber, SerialNumber: r.SerialNumber,
SigningKeyID: r.SigningKeyID, SigningKeyID: r.SigningKeyID,
ExternalTrustDomain: r.ExternalTrustDomain,
NotBefore: r.NotBefore, NotBefore: r.NotBefore,
NotAfter: r.NotAfter, NotAfter: r.NotAfter,
RootCert: r.RootCert, RootCert: r.RootCert,

5
agent/consul/leader.go
View File

@ -445,7 +445,7 @@ func (s *Server) initializeCA() error {
return fmt.Errorf("error getting root cert: %v", err) return fmt.Errorf("error getting root cert: %v", err)
} }
rootCA, err := parseCARoot(rootPEM, conf.Provider) rootCA, err := parseCARoot(rootPEM, conf.Provider, conf.ClusterID)
if err != nil { if err != nil {
return err return err
} }
@ -501,7 +501,7 @@ func (s *Server) initializeCA() error {
} }
// parseCARoot returns a filled-in structs.CARoot from a raw PEM value. // parseCARoot returns a filled-in structs.CARoot from a raw PEM value.
func parseCARoot(pemValue, provider string) (*structs.CARoot, error) { func parseCARoot(pemValue, provider, clusterID string) (*structs.CARoot, error) {
id, err := connect.CalculateCertFingerprint(pemValue) id, err := connect.CalculateCertFingerprint(pemValue)
if err != nil { if err != nil {
return nil, fmt.Errorf("error parsing root fingerprint: %v", err) return nil, fmt.Errorf("error parsing root fingerprint: %v", err)
@ -515,6 +515,7 @@ func parseCARoot(pemValue, provider string) (*structs.CARoot, error) {
Name: fmt.Sprintf("%s CA Root Cert", strings.Title(provider)), Name: fmt.Sprintf("%s CA Root Cert", strings.Title(provider)),
SerialNumber: rootCert.SerialNumber.Uint64(), SerialNumber: rootCert.SerialNumber.Uint64(),
SigningKeyID: connect.HexString(rootCert.AuthorityKeyId), SigningKeyID: connect.HexString(rootCert.AuthorityKeyId),
ExternalTrustDomain: clusterID,
NotBefore: rootCert.NotBefore, NotBefore: rootCert.NotBefore,
NotAfter: rootCert.NotAfter, NotAfter: rootCert.NotAfter,
RootCert: pemValue, RootCert: pemValue,

3
agent/structs/connect_ca.go
View File

@ -54,6 +54,9 @@ type CARoot struct {
// private key used to sign the certificate. // private key used to sign the certificate.
SigningKeyID string SigningKeyID string
// ExternalTrustDomain is the trust domain this root was generated under.
ExternalTrustDomain string
// Time validity bounds. // Time validity bounds.
NotBefore time.Time NotBefore time.Time
NotAfter time.Time NotAfter time.Time