ca: use the cluster ID passed to the primary

instead of fetching it from the state store.
This commit is contained in:
Daniel Nephin 2021-11-05 18:28:37 -04:00
parent b9ab9bae12
commit b4080bc0dc

View File

@ -617,19 +617,13 @@ func (c *ConsulProvider) incrementAndGetNextSerialNumber() (uint64, error) {
// generateCA makes a new root CA using the current private key
func (c *ConsulProvider) generateCA(privateKey string, sn uint64, rootCertTTL time.Duration) (string, error) {
stateStore := c.Delegate.State()
_, config, err := stateStore.CAConfig(nil)
if err != nil {
return "", err
}
privKey, err := connect.ParseSigner(privateKey)
if err != nil {
return "", fmt.Errorf("error parsing private key %q: %s", privateKey, err)
}
// The URI (SPIFFE compatible) for the cert
id := connect.SpiffeIDSigningForCluster(config.ClusterID)
id := connect.SpiffeIDSigningForCluster(c.clusterID)
keyId, err := connect.KeyId(privKey.Public())
if err != nil {
return "", err