connect/ca: hide the RotationPeriod config field since it isn't used yet

This commit is contained in:
Kyle Havlovitz 2018-06-21 16:54:59 -07:00 committed by Jack Pearkes
parent b2f14647c2
commit c20bbf8760
6 changed files with 29 additions and 42 deletions

View File

@ -88,6 +88,10 @@ func fixupConfig(conf *structs.CAConfiguration) {
if k == "PrivateKey" && strVal != "" { if k == "PrivateKey" && strVal != "" {
conf.Config["PrivateKey"] = "hidden" conf.Config["PrivateKey"] = "hidden"
} }
// todo(kyhavlov): add this back in when it's actually used
if k == "RotationPeriod" {
delete(conf.Config, k)
}
case structs.VaultCAProvider: case structs.VaultCAProvider:
if k == "Token" && strVal != "" { if k == "Token" && strVal != "" {
conf.Config["Token"] = "hidden" conf.Config["Token"] = "hidden"

View File

@ -2,10 +2,11 @@ package agent
import ( import (
"bytes" "bytes"
"fmt"
"net/http" "net/http"
"net/http/httptest" "net/http/httptest"
"strings"
"testing" "testing"
"time"
"github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/agent/connect"
ca "github.com/hashicorp/consul/agent/connect/ca" ca "github.com/hashicorp/consul/agent/connect/ca"
@ -65,9 +66,8 @@ func TestConnectCAConfig(t *testing.T) {
a := NewTestAgent(t.Name(), "") a := NewTestAgent(t.Name(), "")
defer a.Shutdown() defer a.Shutdown()
expected := &structs.ConsulCAProviderConfig{ root := connect.TestCA(t, nil)
RotationPeriod: 90 * 24 * time.Hour, expected := &structs.ConsulCAProviderConfig{}
}
// Get the initial config. // Get the initial config.
{ {
@ -85,13 +85,17 @@ func TestConnectCAConfig(t *testing.T) {
// Set the config. // Set the config.
{ {
body := bytes.NewBuffer([]byte(` conf := fmt.Sprintf(`
{ {
"Provider": "consul", "Provider": "consul",
"Config": { "Config": {
"RotationPeriod": 3600000000000 "PrivateKey": "%s",
} "RootCert": "%s"
}`)) }
}`,
strings.Replace(root.SigningKey, "\n", "\\n", -1),
strings.Replace(root.RootCert, "\n", "\\n", -1))
body := bytes.NewBuffer([]byte(conf))
req, _ := http.NewRequest("PUT", "/v1/connect/ca/configuration", body) req, _ := http.NewRequest("PUT", "/v1/connect/ca/configuration", body)
resp := httptest.NewRecorder() resp := httptest.NewRecorder()
_, err := a.srv.ConnectCAConfiguration(resp, req) _, err := a.srv.ConnectCAConfiguration(resp, req)
@ -100,7 +104,8 @@ func TestConnectCAConfig(t *testing.T) {
// The config should be updated now. // The config should be updated now.
{ {
expected.RotationPeriod = time.Hour expected.PrivateKey = "hidden"
expected.RootCert = root.RootCert
req, _ := http.NewRequest("GET", "/v1/connect/ca/configuration", nil) req, _ := http.NewRequest("GET", "/v1/connect/ca/configuration", nil)
resp := httptest.NewRecorder() resp := httptest.NewRecorder()
obj, err := a.srv.ConnectCAConfiguration(resp, req) obj, err := a.srv.ConnectCAConfiguration(resp, req)

View File

@ -1,10 +1,8 @@
package api package api
import ( import (
"strings"
"testing" "testing"
"time"
"github.com/pascaldekloe/goe/verify"
"github.com/hashicorp/consul/testutil" "github.com/hashicorp/consul/testutil"
"github.com/hashicorp/consul/testutil/retry" "github.com/hashicorp/consul/testutil/retry"
@ -61,10 +59,6 @@ func TestAPI_ConnectCAConfig_get_set(t *testing.T) {
c, s := makeClient(t) c, s := makeClient(t)
defer s.Stop() defer s.Stop()
expected := &ConsulCAProviderConfig{
RotationPeriod: 90 * 24 * time.Hour,
}
// This fails occasionally if server doesn't have time to bootstrap CA so // This fails occasionally if server doesn't have time to bootstrap CA so
// retry // retry
retry.Run(t, func(r *retry.R) { retry.Run(t, func(r *retry.R) {
@ -75,21 +69,15 @@ func TestAPI_ConnectCAConfig_get_set(t *testing.T) {
if conf.Provider != "consul" { if conf.Provider != "consul" {
r.Fatalf("expected default provider, got %q", conf.Provider) r.Fatalf("expected default provider, got %q", conf.Provider)
} }
parsed, err := ParseConsulCAConfig(conf.Config) _, err = ParseConsulCAConfig(conf.Config)
r.Check(err) r.Check(err)
verify.Values(r, "", parsed, expected)
// Change a config value and update // Change a config value and update
conf.Config["PrivateKey"] = "" conf.Config["PrivateKey"] = "invalid"
conf.Config["RotationPeriod"] = 120 * 24 * time.Hour
_, err = connect.CASetConfig(conf, nil) _, err = connect.CASetConfig(conf, nil)
r.Check(err) if err == nil || !strings.Contains(err.Error(),
"error parsing private key \"invalid\": no PEM-encoded data found") {
updated, _, err := connect.CAGetConfig(nil) r.Fatal(err)
r.Check(err) }
expected.RotationPeriod = 120 * 24 * time.Hour
parsed, err = ParseConsulCAConfig(updated.Config)
r.Check(err)
verify.Values(r, "", parsed, expected)
}) })
} }

View File

@ -135,7 +135,6 @@ providers, see [Provider Config](/docs/connect/ca.html).
"Config": { "Config": {
"PrivateKey": "-----BEGIN RSA PRIVATE KEY-----...", "PrivateKey": "-----BEGIN RSA PRIVATE KEY-----...",
"RootCert": "-----BEGIN CERTIFICATE-----...", "RootCert": "-----BEGIN CERTIFICATE-----...",
"RotationPeriod": "720h"
} }
} }
``` ```

View File

@ -698,11 +698,6 @@ Consul will not enable TLS for the HTTP API unless the `https` port has been ass
* <a name="consul_ca_root_cert"></a><a href="#consul_ca_root_cert">`root_cert`</a> The * <a name="consul_ca_root_cert"></a><a href="#consul_ca_root_cert">`root_cert`</a> The
PEM contents of the root certificate to use for the CA. PEM contents of the root certificate to use for the CA.
* <a name="consul_ca_rotation_period"></a><a href="#consul_ca_rotation_period">`rotation_period`</a> The
frequency with which to re-generate and rotate the private key and root certificate, in the form of a
duration value such as `720h`. Only applies in the case where the private key or root certificate are
left blank. Defaults to `2160h` (90 days).
#### Vault CA Provider (`ca_provider = "vault"`) #### Vault CA Provider (`ca_provider = "vault"`)
* <a name="vault_ca_address"></a><a href="#vault_ca_address">`address`</a> The address of the Vault * <a name="vault_ca_address"></a><a href="#vault_ca_address">`address`</a> The address of the Vault

View File

@ -55,11 +55,7 @@ The output looks like this:
``` ```
{ {
"Provider": "consul", "Provider": "consul",
"Config": { "Config": {},
"PrivateKey": null,
"RootCert": null,
"RotationPeriod": "2160h"
},
"CreateIndex": 5, "CreateIndex": 5,
"ModifyIndex": 197 "ModifyIndex": 197
} }