mirror of https://github.com/status-im/consul.git
connect/ca: leave blank root key/cert out of the default config (unnecessary)
This commit is contained in:
parent
8e028b7dc6
commit
b4ef7bb64d
|
@ -81,14 +81,15 @@ func (s *HTTPServer) ConnectCAConfigurationSet(resp http.ResponseWriter, req *ht
|
||||||
func fixupConfig(conf *structs.CAConfiguration) {
|
func fixupConfig(conf *structs.CAConfiguration) {
|
||||||
for k, v := range conf.Config {
|
for k, v := range conf.Config {
|
||||||
if raw, ok := v.([]uint8); ok {
|
if raw, ok := v.([]uint8); ok {
|
||||||
conf.Config[k] = ca.Uint8ToString(raw)
|
strVal := ca.Uint8ToString(raw)
|
||||||
|
conf.Config[k] = strVal
|
||||||
switch conf.Provider {
|
switch conf.Provider {
|
||||||
case structs.ConsulCAProvider:
|
case structs.ConsulCAProvider:
|
||||||
if k == "PrivateKey" && ca.Uint8ToString(raw) != "" {
|
if k == "PrivateKey" && strVal != "" {
|
||||||
conf.Config["PrivateKey"] = "hidden"
|
conf.Config["PrivateKey"] = "hidden"
|
||||||
}
|
}
|
||||||
case structs.VaultCAProvider:
|
case structs.VaultCAProvider:
|
||||||
if k == "Token" && ca.Uint8ToString(raw) != "" {
|
if k == "Token" && strVal != "" {
|
||||||
conf.Config["Token"] = "hidden"
|
conf.Config["Token"] = "hidden"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -436,8 +436,6 @@ func DefaultConfig() *Config {
|
||||||
CAConfig: &structs.CAConfiguration{
|
CAConfig: &structs.CAConfiguration{
|
||||||
Provider: "consul",
|
Provider: "consul",
|
||||||
Config: map[string]interface{}{
|
Config: map[string]interface{}{
|
||||||
"PrivateKey": "",
|
|
||||||
"RootCert": "",
|
|
||||||
"RotationPeriod": "2160h",
|
"RotationPeriod": "2160h",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
|
@ -67,8 +67,6 @@ $ curl localhost:8500/v1/connect/ca/configuration
|
||||||
{
|
{
|
||||||
"Provider": "consul",
|
"Provider": "consul",
|
||||||
"Config": {
|
"Config": {
|
||||||
"PrivateKey": null,
|
|
||||||
"RootCert": null,
|
|
||||||
"RotationPeriod": "2160h"
|
"RotationPeriod": "2160h"
|
||||||
},
|
},
|
||||||
"CreateIndex": 5,
|
"CreateIndex": 5,
|
||||||
|
@ -77,8 +75,8 @@ $ curl localhost:8500/v1/connect/ca/configuration
|
||||||
```
|
```
|
||||||
|
|
||||||
This is the default Connect CA configuration if nothing is explicitly set when
|
This is the default Connect CA configuration if nothing is explicitly set when
|
||||||
Connect is enabled - the PrivateKey and RootCert fields are both empty, and have been
|
Connect is enabled - the PrivateKey and RootCert fields have not been set, so those have
|
||||||
generated (as seen above).
|
been generated (as seen above in the roots list).
|
||||||
|
|
||||||
There are two ways to have the Consul CA use a custom private key and root certificate:
|
There are two ways to have the Consul CA use a custom private key and root certificate:
|
||||||
either through the `ca_config` section of the [Agent configuration]
|
either through the `ca_config` section of the [Agent configuration]
|
||||||
|
|
Loading…
Reference in New Issue