mirror of
https://github.com/status-im/consul.git
synced 2025-01-10 22:06:20 +00:00
connect/ca: leave blank root key/cert out of the default config (unnecessary)
This commit is contained in:
parent
8e028b7dc6
commit
b4ef7bb64d
@ -81,14 +81,15 @@ func (s *HTTPServer) ConnectCAConfigurationSet(resp http.ResponseWriter, req *ht
|
||||
func fixupConfig(conf *structs.CAConfiguration) {
|
||||
for k, v := range conf.Config {
|
||||
if raw, ok := v.([]uint8); ok {
|
||||
conf.Config[k] = ca.Uint8ToString(raw)
|
||||
strVal := ca.Uint8ToString(raw)
|
||||
conf.Config[k] = strVal
|
||||
switch conf.Provider {
|
||||
case structs.ConsulCAProvider:
|
||||
if k == "PrivateKey" && ca.Uint8ToString(raw) != "" {
|
||||
if k == "PrivateKey" && strVal != "" {
|
||||
conf.Config["PrivateKey"] = "hidden"
|
||||
}
|
||||
case structs.VaultCAProvider:
|
||||
if k == "Token" && ca.Uint8ToString(raw) != "" {
|
||||
if k == "Token" && strVal != "" {
|
||||
conf.Config["Token"] = "hidden"
|
||||
}
|
||||
}
|
||||
|
@ -436,8 +436,6 @@ func DefaultConfig() *Config {
|
||||
CAConfig: &structs.CAConfiguration{
|
||||
Provider: "consul",
|
||||
Config: map[string]interface{}{
|
||||
"PrivateKey": "",
|
||||
"RootCert": "",
|
||||
"RotationPeriod": "2160h",
|
||||
},
|
||||
},
|
||||
|
@ -67,8 +67,6 @@ $ curl localhost:8500/v1/connect/ca/configuration
|
||||
{
|
||||
"Provider": "consul",
|
||||
"Config": {
|
||||
"PrivateKey": null,
|
||||
"RootCert": null,
|
||||
"RotationPeriod": "2160h"
|
||||
},
|
||||
"CreateIndex": 5,
|
||||
@ -77,8 +75,8 @@ $ curl localhost:8500/v1/connect/ca/configuration
|
||||
```
|
||||
|
||||
This is the default Connect CA configuration if nothing is explicitly set when
|
||||
Connect is enabled - the PrivateKey and RootCert fields are both empty, and have been
|
||||
generated (as seen above).
|
||||
Connect is enabled - the PrivateKey and RootCert fields have not been set, so those have
|
||||
been generated (as seen above in the roots list).
|
||||
|
||||
There are two ways to have the Consul CA use a custom private key and root certificate:
|
||||
either through the `ca_config` section of the [Agent configuration]
|
||||
|
Loading…
x
Reference in New Issue
Block a user