Merge pull request #10552 from hashicorp/dnephin/ca-remove-rotation-period

ca: remove unused RotationPeriod field
This commit is contained in:
Daniel Nephin 2021-07-06 18:49:33 -04:00 committed by hc-github-team-consul-core
parent 3fb24c9cd4
commit fe76dc7068
27 changed files with 52 additions and 100 deletions

3
.changelog/10552.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:deprecation
connect/ca: remove the `RotationPeriod` field from the Consul CA provider, it was not used for anything.
```

View File

@ -4909,7 +4909,6 @@ func TestAutoConfig_Integration(t *testing.T) {
"LeafCertTTL": "1h", "LeafCertTTL": "1h",
"PrivateKey": ca.SigningKey, "PrivateKey": ca.SigningKey,
"RootCert": ca.RootCert, "RootCert": ca.RootCert,
"RotationPeriod": "6h",
"IntermediateCertTTL": "3h", "IntermediateCertTTL": "3h",
}, },
}, },

View File

@ -704,7 +704,6 @@ func (b *builder) Build() (rt RuntimeConfig, err error) {
// Consul CA config // Consul CA config
"private_key": "PrivateKey", "private_key": "PrivateKey",
"root_cert": "RootCert", "root_cert": "RootCert",
"rotation_period": "RotationPeriod",
"intermediate_cert_ttl": "IntermediateCertTTL", "intermediate_cert_ttl": "IntermediateCertTTL",
// Vault CA config // Vault CA config

View File

@ -1661,7 +1661,6 @@ func (c *RuntimeConfig) ConnectCAConfiguration() (*structs.CAConfiguration, erro
ca := &structs.CAConfiguration{ ca := &structs.CAConfiguration{
Provider: "consul", Provider: "consul",
Config: map[string]interface{}{ Config: map[string]interface{}{
"RotationPeriod": structs.DefaultCARotationPeriod,
"LeafCertTTL": structs.DefaultLeafCertTTL, "LeafCertTTL": structs.DefaultLeafCertTTL,
"IntermediateCertTTL": structs.DefaultIntermediateCertTTL, "IntermediateCertTTL": structs.DefaultIntermediateCertTTL,
}, },

View File

@ -5413,7 +5413,6 @@ func TestLoad_FullConfig(t *testing.T) {
ExposeMaxPort: 2222, ExposeMaxPort: 2222,
ConnectCAProvider: "consul", ConnectCAProvider: "consul",
ConnectCAConfig: map[string]interface{}{ ConnectCAConfig: map[string]interface{}{
"RotationPeriod": "90h",
"IntermediateCertTTL": "8760h", "IntermediateCertTTL": "8760h",
"LeafCertTTL": "1h", "LeafCertTTL": "1h",
"CSRMaxPerSecond": float64(100), "CSRMaxPerSecond": float64(100),
@ -6594,7 +6593,6 @@ func TestConnectCAConfiguration(t *testing.T) {
expected: &structs.CAConfiguration{ expected: &structs.CAConfiguration{
Provider: "consul", Provider: "consul",
Config: map[string]interface{}{ Config: map[string]interface{}{
"RotationPeriod": "2160h",
"LeafCertTTL": "72h", "LeafCertTTL": "72h",
"IntermediateCertTTL": "8760h", // 365 * 24h "IntermediateCertTTL": "8760h", // 365 * 24h
}, },
@ -6611,7 +6609,6 @@ func TestConnectCAConfiguration(t *testing.T) {
Provider: "consul", Provider: "consul",
ClusterID: "adfe7697-09b4-413a-ac0a-fa81ed3a3001", ClusterID: "adfe7697-09b4-413a-ac0a-fa81ed3a3001",
Config: map[string]interface{}{ Config: map[string]interface{}{
"RotationPeriod": "2160h",
"LeafCertTTL": "72h", "LeafCertTTL": "72h",
"IntermediateCertTTL": "8760h", // 365 * 24h "IntermediateCertTTL": "8760h", // 365 * 24h
"cluster_id": "adfe7697-09b4-413a-ac0a-fa81ed3a3001", "cluster_id": "adfe7697-09b4-413a-ac0a-fa81ed3a3001",
@ -6635,7 +6632,6 @@ func TestConnectCAConfiguration(t *testing.T) {
expected: &structs.CAConfiguration{ expected: &structs.CAConfiguration{
Provider: "vault", Provider: "vault",
Config: map[string]interface{}{ Config: map[string]interface{}{
"RotationPeriod": "2160h",
"LeafCertTTL": "72h", "LeafCertTTL": "72h",
"IntermediateCertTTL": "8760h", // 365 * 24h "IntermediateCertTTL": "8760h", // 365 * 24h
}, },
@ -6651,7 +6647,6 @@ func TestConnectCAConfiguration(t *testing.T) {
expected: &structs.CAConfiguration{ expected: &structs.CAConfiguration{
Provider: "consul", Provider: "consul",
Config: map[string]interface{}{ Config: map[string]interface{}{
"RotationPeriod": "2160h",
"LeafCertTTL": "72h", "LeafCertTTL": "72h",
"IntermediateCertTTL": "8760h", // 365 * 24h "IntermediateCertTTL": "8760h", // 365 * 24h
"foo": "bar", "foo": "bar",

View File

@ -198,7 +198,6 @@ auto_encrypt = {
connect { connect {
ca_provider = "consul" ca_provider = "consul"
ca_config { ca_config {
rotation_period = "90h"
intermediate_cert_ttl = "8760h" intermediate_cert_ttl = "8760h"
leaf_cert_ttl = "1h" leaf_cert_ttl = "1h"
# hack float since json parses numbers as float and we have to # hack float since json parses numbers as float and we have to

View File

@ -200,7 +200,6 @@
"connect": { "connect": {
"ca_provider": "consul", "ca_provider": "consul",
"ca_config": { "ca_config": {
"rotation_period": "90h",
"intermediate_cert_ttl": "8760h", "intermediate_cert_ttl": "8760h",
"leaf_cert_ttl": "1h", "leaf_cert_ttl": "1h",
"csr_max_per_second": 100, "csr_max_per_second": 100,

View File

@ -5,9 +5,10 @@ import (
"testing" "testing"
"time" "time"
"github.com/hashicorp/consul/agent/structs"
"github.com/hashicorp/go-msgpack/codec" "github.com/hashicorp/go-msgpack/codec"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
"github.com/hashicorp/consul/agent/structs"
) )
func TestStructs_CAConfiguration_MsgpackEncodeDecode(t *testing.T) { func TestStructs_CAConfiguration_MsgpackEncodeDecode(t *testing.T) {
@ -51,7 +52,7 @@ func TestStructs_CAConfiguration_MsgpackEncodeDecode(t *testing.T) {
Config: map[string]interface{}{ Config: map[string]interface{}{
"PrivateKey": "key", "PrivateKey": "key",
"RootCert": "cert", "RootCert": "cert",
"RotationPeriod": "5m", "RotationPeriod": "5m", // old unused field
"IntermediateCertTTL": "90h", "IntermediateCertTTL": "90h",
"DisableCrossSigning": true, "DisableCrossSigning": true,
}, },
@ -60,7 +61,6 @@ func TestStructs_CAConfiguration_MsgpackEncodeDecode(t *testing.T) {
CommonCAProviderConfig: *expectCommonBase, CommonCAProviderConfig: *expectCommonBase,
PrivateKey: "key", PrivateKey: "key",
RootCert: "cert", RootCert: "cert",
RotationPeriod: 5 * time.Minute,
DisableCrossSigning: true, DisableCrossSigning: true,
}, },
parseFunc: func(t *testing.T, raw map[string]interface{}) interface{} { parseFunc: func(t *testing.T, raw map[string]interface{}) interface{} {

View File

@ -410,7 +410,6 @@ func testCAConfigSet(t testing.T, a TestAgentRPC,
Config: map[string]interface{}{ Config: map[string]interface{}{
"PrivateKey": ca.SigningKey, "PrivateKey": ca.SigningKey,
"RootCert": ca.RootCert, "RootCert": ca.RootCert,
"RotationPeriod": 180 * 24 * time.Hour,
"IntermediateCertTTL": 288 * time.Hour, "IntermediateCertTTL": 288 * time.Hour,
}, },
} }

View File

@ -12,9 +12,10 @@ import (
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
"github.com/stretchr/testify/assert"
"github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/agent/connect"
"github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/agent/structs"
"github.com/stretchr/testify/assert"
) )
func TestConnectCARoots_empty(t *testing.T) { func TestConnectCARoots_empty(t *testing.T) {
@ -89,7 +90,6 @@ func TestConnectCAConfig(t *testing.T) {
"Provider": "consul", "Provider": "consul",
"Config": { "Config": {
"LeafCertTTL": "72h", "LeafCertTTL": "72h",
"RotationPeriod": "1h",
"IntermediateCertTTL": "288h" "IntermediateCertTTL": "288h"
} }
}`, }`,
@ -99,7 +99,6 @@ func TestConnectCAConfig(t *testing.T) {
ClusterID: connect.TestClusterID, ClusterID: connect.TestClusterID,
Config: map[string]interface{}{ Config: map[string]interface{}{
"LeafCertTTL": "72h", "LeafCertTTL": "72h",
"RotationPeriod": "1h",
"IntermediateCertTTL": "288h", "IntermediateCertTTL": "288h",
}, },
}, },
@ -111,7 +110,6 @@ func TestConnectCAConfig(t *testing.T) {
"Provider": "consul", "Provider": "consul",
"Config": { "Config": {
"LeafCertTTL": "72h", "LeafCertTTL": "72h",
"RotationPeriod": "1h",
"IntermediateCertTTL": "288h" "IntermediateCertTTL": "288h"
} }
}`, }`,
@ -121,7 +119,6 @@ func TestConnectCAConfig(t *testing.T) {
ClusterID: connect.TestClusterID, ClusterID: connect.TestClusterID,
Config: map[string]interface{}{ Config: map[string]interface{}{
"LeafCertTTL": "72h", "LeafCertTTL": "72h",
"RotationPeriod": "1h",
"IntermediateCertTTL": "288h", "IntermediateCertTTL": "288h",
}, },
}, },
@ -133,7 +130,6 @@ func TestConnectCAConfig(t *testing.T) {
"Provider": "consul", "Provider": "consul",
"Config": { "Config": {
"LeafCertTTL": "72h", "LeafCertTTL": "72h",
"RotationPeriod": "1h",
"IntermediateCertTTL": "288h" "IntermediateCertTTL": "288h"
}, },
"ForceWithoutCrossSigning": true "ForceWithoutCrossSigning": true
@ -144,7 +140,6 @@ func TestConnectCAConfig(t *testing.T) {
ClusterID: connect.TestClusterID, ClusterID: connect.TestClusterID,
Config: map[string]interface{}{ Config: map[string]interface{}{
"LeafCertTTL": "72h", "LeafCertTTL": "72h",
"RotationPeriod": "1h",
"IntermediateCertTTL": "288h", "IntermediateCertTTL": "288h",
}, },
ForceWithoutCrossSigning: true, ForceWithoutCrossSigning: true,
@ -162,7 +157,6 @@ func TestConnectCAConfig(t *testing.T) {
"provider": "consul", "provider": "consul",
"config": { "config": {
"LeafCertTTL": "72h", "LeafCertTTL": "72h",
"RotationPeriod": "1h",
"IntermediateCertTTL": "288h" "IntermediateCertTTL": "288h"
}, },
"force_without_cross_signing": true "force_without_cross_signing": true
@ -173,7 +167,6 @@ func TestConnectCAConfig(t *testing.T) {
ClusterID: connect.TestClusterID, ClusterID: connect.TestClusterID,
Config: map[string]interface{}{ Config: map[string]interface{}{
"LeafCertTTL": "72h", "LeafCertTTL": "72h",
"RotationPeriod": "1h",
"IntermediateCertTTL": "288h", "IntermediateCertTTL": "288h",
}, },
ForceWithoutCrossSigning: true, ForceWithoutCrossSigning: true,
@ -198,7 +191,6 @@ func TestConnectCAConfig(t *testing.T) {
"Provider": "consul", "Provider": "consul",
"config": { "config": {
"LeafCertTTL": "72h", "LeafCertTTL": "72h",
"RotationPeriod": "1h",
"IntermediateCertTTL": "288h" "IntermediateCertTTL": "288h"
}, },
"State": { "State": {
@ -211,7 +203,6 @@ func TestConnectCAConfig(t *testing.T) {
ClusterID: connect.TestClusterID, ClusterID: connect.TestClusterID,
Config: map[string]interface{}{ Config: map[string]interface{}{
"LeafCertTTL": "72h", "LeafCertTTL": "72h",
"RotationPeriod": "1h",
"IntermediateCertTTL": "288h", "IntermediateCertTTL": "288h",
}, },
State: map[string]string{ State: map[string]string{

View File

@ -596,7 +596,6 @@ func DefaultConfig() *Config {
CAConfig: &structs.CAConfiguration{ CAConfig: &structs.CAConfiguration{
Provider: "consul", Provider: "consul",
Config: map[string]interface{}{ Config: map[string]interface{}{
"RotationPeriod": structs.DefaultCARotationPeriod,
"LeafCertTTL": structs.DefaultLeafCertTTL, "LeafCertTTL": structs.DefaultLeafCertTTL,
"IntermediateCertTTL": structs.DefaultIntermediateCertTTL, "IntermediateCertTTL": structs.DefaultIntermediateCertTTL,
}, },

View File

@ -9,15 +9,16 @@ import (
"testing" "testing"
"time" "time"
msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/acl"
"github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/agent/connect"
ca "github.com/hashicorp/consul/agent/connect/ca" ca "github.com/hashicorp/consul/agent/connect/ca"
"github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/agent/structs"
"github.com/hashicorp/consul/sdk/testutil/retry" "github.com/hashicorp/consul/sdk/testutil/retry"
"github.com/hashicorp/consul/testrpc" "github.com/hashicorp/consul/testrpc"
msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
) )
func testParseCert(t *testing.T, pemValue string) *x509.Certificate { func testParseCert(t *testing.T, pemValue string) *x509.Certificate {
@ -117,7 +118,6 @@ func TestConnectCAConfig_GetSet(t *testing.T) {
Config: map[string]interface{}{ Config: map[string]interface{}{
"PrivateKey": "", "PrivateKey": "",
"RootCert": "", "RootCert": "",
"RotationPeriod": 180 * 24 * time.Hour,
// This verifies the state persistence for providers although Consul // This verifies the state persistence for providers although Consul
// provider doesn't actually use that mechanism outside of tests. // provider doesn't actually use that mechanism outside of tests.
"test_state": testState, "test_state": testState,
@ -388,7 +388,6 @@ func TestConnectCAConfig_TriggerRotation(t *testing.T) {
Config: map[string]interface{}{ Config: map[string]interface{}{
"PrivateKey": newKey, "PrivateKey": newKey,
"RootCert": "", "RootCert": "",
"RotationPeriod": 90 * 24 * time.Hour,
}, },
} }
{ {
@ -570,7 +569,6 @@ func TestConnectCAConfig_UpdateSecondary(t *testing.T) {
Config: map[string]interface{}{ Config: map[string]interface{}{
"PrivateKey": newKey, "PrivateKey": newKey,
"RootCert": "", "RootCert": "",
"RotationPeriod": 90 * 24 * time.Hour,
}, },
} }
{ {
@ -656,7 +654,6 @@ func TestConnectCAConfig_UpdateSecondary(t *testing.T) {
Config: map[string]interface{}{ Config: map[string]interface{}{
"PrivateKey": newKey, "PrivateKey": newKey,
"RootCert": "", "RootCert": "",
"RotationPeriod": 180 * 24 * time.Hour,
}, },
} }
{ {

View File

@ -9,11 +9,6 @@ import (
"time" "time"
"github.com/golang/protobuf/proto" "github.com/golang/protobuf/proto"
"github.com/hashicorp/consul/agent/connect"
"github.com/hashicorp/consul/agent/structs"
"github.com/hashicorp/consul/api"
"github.com/hashicorp/consul/sdk/testutil"
"github.com/hashicorp/consul/types"
"github.com/hashicorp/go-raftchunking" "github.com/hashicorp/go-raftchunking"
raftchunkingtypes "github.com/hashicorp/go-raftchunking/types" raftchunkingtypes "github.com/hashicorp/go-raftchunking/types"
"github.com/hashicorp/go-uuid" "github.com/hashicorp/go-uuid"
@ -22,6 +17,12 @@ import (
"github.com/mitchellh/mapstructure" "github.com/mitchellh/mapstructure"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
"github.com/hashicorp/consul/agent/connect"
"github.com/hashicorp/consul/agent/structs"
"github.com/hashicorp/consul/api"
"github.com/hashicorp/consul/sdk/testutil"
"github.com/hashicorp/consul/types"
) )
func generateUUID() (ret string) { func generateUUID() (ret string) {
@ -1301,7 +1302,6 @@ func TestFSM_CAConfig(t *testing.T) {
Config: map[string]interface{}{ Config: map[string]interface{}{
"PrivateKey": "asdf", "PrivateKey": "asdf",
"RootCert": "qwer", "RootCert": "qwer",
"RotationPeriod": 90 * 24 * time.Hour,
"IntermediateCertTTL": 365 * 24 * time.Hour, "IntermediateCertTTL": 365 * 24 * time.Hour,
}, },
}, },
@ -1331,9 +1331,6 @@ func TestFSM_CAConfig(t *testing.T) {
if got, want := conf.RootCert, "qwer"; got != want { if got, want := conf.RootCert, "qwer"; got != want {
t.Fatalf("got %v, want %v", got, want) t.Fatalf("got %v, want %v", got, want)
} }
if got, want := conf.RotationPeriod, 90*24*time.Hour; got != want {
t.Fatalf("got %v, want %v", got, want)
}
if got, want := conf.IntermediateCertTTL, 365*24*time.Hour; got != want { if got, want := conf.IntermediateCertTTL, 365*24*time.Hour; got != want {
t.Fatalf("got %v, want %v", got, want) t.Fatalf("got %v, want %v", got, want)
} }

View File

@ -320,7 +320,6 @@ func TestLeader_SecondaryCA_IntermediateRenew(t *testing.T) {
Config: map[string]interface{}{ Config: map[string]interface{}{
"PrivateKey": "", "PrivateKey": "",
"RootCert": "", "RootCert": "",
"RotationPeriod": "2160h",
"LeafCertTTL": "5s", "LeafCertTTL": "5s",
// The retry loop only retries for 7sec max and // The retry loop only retries for 7sec max and
// the ttl needs to be below so that it // the ttl needs to be below so that it
@ -486,7 +485,6 @@ func TestLeader_SecondaryCA_IntermediateRefresh(t *testing.T) {
Config: map[string]interface{}{ Config: map[string]interface{}{
"PrivateKey": newKey, "PrivateKey": newKey,
"RootCert": "", "RootCert": "",
"RotationPeriod": 90 * 24 * time.Hour,
"IntermediateCertTTL": 72 * 24 * time.Hour, "IntermediateCertTTL": 72 * 24 * time.Hour,
}, },
} }
@ -1054,7 +1052,6 @@ func TestLeader_CARootPruning(t *testing.T) {
"LeafCertTTL": "500ms", "LeafCertTTL": "500ms",
"PrivateKey": newKey, "PrivateKey": newKey,
"RootCert": "", "RootCert": "",
"RotationPeriod": "2160h",
"SkipValidate": true, "SkipValidate": true,
}, },
} }
@ -1127,7 +1124,6 @@ func TestLeader_PersistIntermediateCAs(t *testing.T) {
Config: map[string]interface{}{ Config: map[string]interface{}{
"PrivateKey": newKey, "PrivateKey": newKey,
"RootCert": "", "RootCert": "",
"RotationPeriod": 90 * 24 * time.Hour,
}, },
} }
{ {
@ -1434,7 +1430,6 @@ func TestLeader_Consul_ForceWithoutCrossSigning(t *testing.T) {
"LeafCertTTL": "500ms", "LeafCertTTL": "500ms",
"PrivateKey": newKey, "PrivateKey": newKey,
"RootCert": "", "RootCert": "",
"RotationPeriod": "2160h",
"SkipValidate": true, "SkipValidate": true,
}, },
ForceWithoutCrossSigning: true, ForceWithoutCrossSigning: true,

View File

@ -186,7 +186,6 @@ func testServerConfig(t *testing.T) (string, *Config) {
Config: map[string]interface{}{ Config: map[string]interface{}{
"PrivateKey": "", "PrivateKey": "",
"RootCert": "", "RootCert": "",
"RotationPeriod": "2160h",
"LeafCertTTL": "72h", "LeafCertTTL": "72h",
"IntermediateCertTTL": "288h", "IntermediateCertTTL": "288h",
}, },

View File

@ -3,7 +3,6 @@ package state
import ( import (
"reflect" "reflect"
"testing" "testing"
"time"
"github.com/hashicorp/go-memdb" "github.com/hashicorp/go-memdb"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
@ -21,7 +20,6 @@ func TestStore_CAConfig(t *testing.T) {
Config: map[string]interface{}{ Config: map[string]interface{}{
"PrivateKey": "asdf", "PrivateKey": "asdf",
"RootCert": "qwer", "RootCert": "qwer",
"RotationPeriod": 90 * 24 * time.Hour,
}, },
} }
@ -106,7 +104,6 @@ func TestStore_CAConfig_Snapshot_Restore(t *testing.T) {
Config: map[string]interface{}{ Config: map[string]interface{}{
"PrivateKey": "asdf", "PrivateKey": "asdf",
"RootCert": "qwer", "RootCert": "qwer",
"RotationPeriod": 90 * 24 * time.Hour,
}, },
} }
if err := s.CASetConfig(99, before); err != nil { if err := s.CASetConfig(99, before); err != nil {

View File

@ -5,12 +5,12 @@ import (
"reflect" "reflect"
"time" "time"
"github.com/hashicorp/consul/lib"
"github.com/mitchellh/mapstructure" "github.com/mitchellh/mapstructure"
"github.com/hashicorp/consul/lib"
) )
const ( const (
DefaultCARotationPeriod = "2160h"
DefaultLeafCertTTL = "72h" DefaultLeafCertTTL = "72h"
DefaultIntermediateCertTTL = "8760h" // 365 * 24h DefaultIntermediateCertTTL = "8760h" // 365 * 24h
) )
@ -436,7 +436,6 @@ type ConsulCAProviderConfig struct {
PrivateKey string PrivateKey string
RootCert string RootCert string
RotationPeriod time.Duration
// DisableCrossSigning is really only useful in test code to use the built in // DisableCrossSigning is really only useful in test code to use the built in
// provider while exercising logic that depends on the CA provider ability to // provider while exercising logic that depends on the CA provider ability to

View File

@ -18,7 +18,6 @@ func TestCAConfiguration_GetCommonConfig(t *testing.T) {
name: "basic defaults", name: "basic defaults",
cfg: &CAConfiguration{ cfg: &CAConfiguration{
Config: map[string]interface{}{ Config: map[string]interface{}{
"RotationPeriod": "2160h",
"LeafCertTTL": "72h", "LeafCertTTL": "72h",
"IntermediateCertTTL": "4320h", "IntermediateCertTTL": "4320h",
"CSRMaxPerSecond": "50", "CSRMaxPerSecond": "50",
@ -40,7 +39,6 @@ func TestCAConfiguration_GetCommonConfig(t *testing.T) {
name: "basic defaults after encoding fun", name: "basic defaults after encoding fun",
cfg: &CAConfiguration{ cfg: &CAConfiguration{
Config: map[string]interface{}{ Config: map[string]interface{}{
"RotationPeriod": []uint8("2160h"),
"LeafCertTTL": []uint8("72h"), "LeafCertTTL": []uint8("72h"),
"IntermediateCertTTL": []uint8("4320h"), "IntermediateCertTTL": []uint8("4320h"),
}, },

View File

@ -49,7 +49,6 @@ type ConsulCAProviderConfig struct {
PrivateKey string PrivateKey string
RootCert string RootCert string
RotationPeriod time.Duration
IntermediateCertTTL time.Duration IntermediateCertTTL time.Duration
} }

View File

@ -4,9 +4,10 @@ import (
"testing" "testing"
"time" "time"
"github.com/stretchr/testify/require"
"github.com/hashicorp/consul/sdk/testutil" "github.com/hashicorp/consul/sdk/testutil"
"github.com/hashicorp/consul/sdk/testutil/retry" "github.com/hashicorp/consul/sdk/testutil/retry"
"github.com/stretchr/testify/require"
) )
func TestAPI_ConnectCARoots_empty(t *testing.T) { func TestAPI_ConnectCARoots_empty(t *testing.T) {
@ -62,7 +63,6 @@ func TestAPI_ConnectCAConfig_get_set(t *testing.T) {
s.WaitForSerfCheck(t) s.WaitForSerfCheck(t)
expected := &ConsulCAProviderConfig{ expected := &ConsulCAProviderConfig{
RotationPeriod: 90 * 24 * time.Hour,
IntermediateCertTTL: 365 * 24 * time.Hour, IntermediateCertTTL: 365 * 24 * time.Hour,
} }
expected.LeafCertTTL = 72 * time.Hour expected.LeafCertTTL = 72 * time.Hour
@ -83,7 +83,6 @@ func TestAPI_ConnectCAConfig_get_set(t *testing.T) {
// Change a config value and update // Change a config value and update
conf.Config["PrivateKey"] = "" conf.Config["PrivateKey"] = ""
conf.Config["RotationPeriod"] = 120 * 24 * time.Hour
conf.Config["IntermediateCertTTL"] = 300 * 24 * time.Hour conf.Config["IntermediateCertTTL"] = 300 * 24 * time.Hour
// Pass through some state as if the provider stored it so we can make sure // Pass through some state as if the provider stored it so we can make sure
@ -95,7 +94,6 @@ func TestAPI_ConnectCAConfig_get_set(t *testing.T) {
updated, _, err := connect.CAGetConfig(nil) updated, _, err := connect.CAGetConfig(nil)
r.Check(err) r.Check(err)
expected.RotationPeriod = 120 * 24 * time.Hour
expected.IntermediateCertTTL = 300 * 24 * time.Hour expected.IntermediateCertTTL = 300 * 24 * time.Hour
parsed, err = ParseConsulCAConfig(updated.Config) parsed, err = ParseConsulCAConfig(updated.Config)
r.Check(err) r.Check(err)

View File

@ -7,11 +7,12 @@ import (
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
"github.com/mitchellh/cli"
"github.com/hashicorp/consul/agent" "github.com/hashicorp/consul/agent"
"github.com/hashicorp/consul/agent/connect/ca" "github.com/hashicorp/consul/agent/connect/ca"
"github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/agent/structs"
"github.com/hashicorp/consul/testrpc" "github.com/hashicorp/consul/testrpc"
"github.com/mitchellh/cli"
) )
func TestConnectCASetConfigCommand_noTabs(t *testing.T) { func TestConnectCASetConfigCommand_noTabs(t *testing.T) {
@ -53,6 +54,5 @@ func TestConnectCASetConfigCommand(t *testing.T) {
parsed, err := ca.ParseConsulCAConfig(reply.Config) parsed, err := ca.ParseConsulCAConfig(reply.Config)
require.NoError(err) require.NoError(err)
require.Equal(24*time.Hour, parsed.RotationPeriod)
require.Equal(288*time.Hour, parsed.IntermediateCertTTL) require.Equal(288*time.Hour, parsed.IntermediateCertTTL)
} }

View File

@ -3,7 +3,6 @@
"Config": { "Config": {
"PrivateKey": "", "PrivateKey": "",
"RootCert": "", "RootCert": "",
"RotationPeriod": "24h",
"IntermediateCertTTL": "288h" "IntermediateCertTTL": "288h"
} }
} }

View File

@ -3,7 +3,6 @@
"Config": { "Config": {
"PrivateKey": null, "PrivateKey": null,
"RootCert": null, "RootCert": null,
"RotationPeriod": 7776000000000000
}, },
"CreateIndex": 5, "CreateIndex": 5,
"ModifyIndex": 5 "ModifyIndex": 5

View File

@ -139,7 +139,6 @@ $ curl \
"Provider": "consul", "Provider": "consul",
"Config": { "Config": {
"LeafCertTTL": "72h", "LeafCertTTL": "72h",
"RotationPeriod": "2160h",
"IntermediateCertTTL": "8760h" "IntermediateCertTTL": "8760h"
}, },
"CreateIndex": 5, "CreateIndex": 5,
@ -190,7 +189,6 @@ The table below shows this endpoint's support for
"LeafCertTTL": "72h", "LeafCertTTL": "72h",
"PrivateKey": "-----BEGIN RSA PRIVATE KEY-----...", "PrivateKey": "-----BEGIN RSA PRIVATE KEY-----...",
"RootCert": "-----BEGIN CERTIFICATE-----...", "RootCert": "-----BEGIN CERTIFICATE-----...",
"RotationPeriod": "2160h",
"IntermediateCertTTL": "8760h" "IntermediateCertTTL": "8760h"
}, },
"ForceWithoutCrossSigning": false "ForceWithoutCrossSigning": false

View File

@ -74,7 +74,6 @@ $ curl localhost:8500/v1/connect/ca/configuration
"Provider": "consul", "Provider": "consul",
"Config": { "Config": {
"LeafCertTTL": "72h", "LeafCertTTL": "72h",
"RotationPeriod": "2160h",
"IntermediateCertTTL": "8760h" "IntermediateCertTTL": "8760h"
}, },
"CreateIndex": 5, "CreateIndex": 5,
@ -105,7 +104,6 @@ $ jq -n --arg key "$(cat root.key)" --arg cert "$(cat root.crt)" '
"LeafCertTTL": "72h", "LeafCertTTL": "72h",
"PrivateKey": $key, "PrivateKey": $key,
"RootCert": $cert, "RootCert": $cert,
"RotationPeriod": "2160h",
"IntermediateCertTTL": "8760h" "IntermediateCertTTL": "8760h"
} }
}' > ca_config.json }' > ca_config.json
@ -121,7 +119,6 @@ $ cat ca_config.json
"LeafCertTTL": "72h", "LeafCertTTL": "72h",
"PrivateKey": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEArqiy1c3pbT3cSkjdEM1APALUareU...", "PrivateKey": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEArqiy1c3pbT3cSkjdEM1APALUareU...",
"RootCert": "-----BEGIN CERTIFICATE-----\nMIIDijCCAnKgAwIBAgIJAOFZ66em1qC7MA0GCSqGSIb3...", "RootCert": "-----BEGIN CERTIFICATE-----\nMIIDijCCAnKgAwIBAgIJAOFZ66em1qC7MA0GCSqGSIb3...",
"RotationPeriod": "2160h",
"IntermediateCertTTL": "8760h" "IntermediateCertTTL": "8760h"
} }
} }

View File

@ -89,7 +89,6 @@ $ curl http://localhost:8500/v1/connect/ca/configuration
"Provider": "consul", "Provider": "consul",
"Config": { "Config": {
"LeafCertTTL": "72h", "LeafCertTTL": "72h",
"RotationPeriod": "2160h",
"IntermediateCertTTL": "8760h" "IntermediateCertTTL": "8760h"
}, },
"CreateIndex": 5, "CreateIndex": 5,

View File

@ -127,7 +127,6 @@ $ kubectl exec consul-server-0 -- curl -s http://localhost:8500/v1/connect/ca/co
"IntermediatePKIPath": "connect-intermediate", "IntermediatePKIPath": "connect-intermediate",
"LeafCertTTL": "72h", "LeafCertTTL": "72h",
"RootPKIPath": "connect-root", "RootPKIPath": "connect-root",
"RotationPeriod": "2160h",
"Token": "s.VgQvaXl8xGFO1RUxAPbPbsfN" "Token": "s.VgQvaXl8xGFO1RUxAPbPbsfN"
}, },
"State": null, "State": null,