ca: remove unused RotationPeriod field

This field was never used. Since it is persisted as part of a map[string]interface{} it
is pretty easy to remove it.

agent/agent_test.go

@@ -4909,7 +4909,6 @@ func TestAutoConfig_Integration(t *testing.T) {
 				"LeafCertTTL":         "1h",
 				"PrivateKey":          ca.SigningKey,
 				"RootCert":            ca.RootCert,
-				"RotationPeriod":      "6h",
 				"IntermediateCertTTL": "3h",
 			},
 		},

agent/config/builder.go

@@ -700,7 +700,6 @@ func (b *builder) Build() (rt RuntimeConfig, err error) {
 			// Consul CA config
 			"private_key":           "PrivateKey",
 			"root_cert":             "RootCert",
-			"rotation_period":       "RotationPeriod",
 			"intermediate_cert_ttl": "IntermediateCertTTL",
 
 			// Vault CA config

agent/config/runtime.go

@@ -1661,7 +1661,6 @@ func (c *RuntimeConfig) ConnectCAConfiguration() (*structs.CAConfiguration, erro
 	ca := &structs.CAConfiguration{
 		Provider: "consul",
 		Config: map[string]interface{}{
-			"RotationPeriod":      structs.DefaultCARotationPeriod,
 			"LeafCertTTL":         structs.DefaultLeafCertTTL,
 			"IntermediateCertTTL": structs.DefaultIntermediateCertTTL,
 		},

agent/config/runtime_test.go

@@ -5413,7 +5413,6 @@ func TestLoad_FullConfig(t *testing.T) {
 		ExposeMaxPort:         2222,
 		ConnectCAProvider:     "consul",
 		ConnectCAConfig: map[string]interface{}{
-			"RotationPeriod":      "90h",
 			"IntermediateCertTTL": "8760h",
 			"LeafCertTTL":         "1h",
 			"CSRMaxPerSecond":     float64(100),
@@ -6594,7 +6593,6 @@ func TestConnectCAConfiguration(t *testing.T) {
 			expected: &structs.CAConfiguration{
 				Provider: "consul",
 				Config: map[string]interface{}{
-					"RotationPeriod":      "2160h",
 					"LeafCertTTL":         "72h",
 					"IntermediateCertTTL": "8760h", // 365 * 24h
 				},
@@ -6611,7 +6609,6 @@ func TestConnectCAConfiguration(t *testing.T) {
 				Provider:  "consul",
 				ClusterID: "adfe7697-09b4-413a-ac0a-fa81ed3a3001",
 				Config: map[string]interface{}{
-					"RotationPeriod":      "2160h",
 					"LeafCertTTL":         "72h",
 					"IntermediateCertTTL": "8760h", // 365 * 24h
 					"cluster_id":          "adfe7697-09b4-413a-ac0a-fa81ed3a3001",
@@ -6635,7 +6632,6 @@ func TestConnectCAConfiguration(t *testing.T) {
 			expected: &structs.CAConfiguration{
 				Provider: "vault",
 				Config: map[string]interface{}{
-					"RotationPeriod":      "2160h",
 					"LeafCertTTL":         "72h",
 					"IntermediateCertTTL": "8760h", // 365 * 24h
 				},
@@ -6651,7 +6647,6 @@ func TestConnectCAConfiguration(t *testing.T) {
 			expected: &structs.CAConfiguration{
 				Provider: "consul",
 				Config: map[string]interface{}{
-					"RotationPeriod":      "2160h",
 					"LeafCertTTL":         "72h",
 					"IntermediateCertTTL": "8760h", // 365 * 24h
 					"foo":                 "bar",

agent/config/testdata/full-config.hcl

@@ -198,7 +198,6 @@ auto_encrypt = {
 connect {
     ca_provider = "consul"
     ca_config {
-        rotation_period = "90h"
         intermediate_cert_ttl = "8760h"
         leaf_cert_ttl = "1h"
         # hack float since json parses numbers as float and we have to

agent/config/testdata/full-config.json

@@ -200,7 +200,6 @@
   "connect": {
     "ca_provider": "consul",
     "ca_config": {
-      "rotation_period": "90h",
       "intermediate_cert_ttl": "8760h",
       "leaf_cert_ttl": "1h",
       "csr_max_per_second": 100,

agent/connect/ca/provider_test.go

@@ -5,9 +5,10 @@ import (
 	"testing"
 	"time"
 
-	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/go-msgpack/codec"
 	"github.com/stretchr/testify/require"
+
+	"github.com/hashicorp/consul/agent/structs"
 )
 
 func TestStructs_CAConfiguration_MsgpackEncodeDecode(t *testing.T) {
@@ -51,7 +52,7 @@ func TestStructs_CAConfiguration_MsgpackEncodeDecode(t *testing.T) {
 				Config: map[string]interface{}{
 					"PrivateKey":          "key",
 					"RootCert":            "cert",
-					"RotationPeriod":      "5m",
+					"RotationPeriod":      "5m", // old unused field
 					"IntermediateCertTTL": "90h",
 					"DisableCrossSigning": true,
 				},
@@ -60,7 +61,6 @@ func TestStructs_CAConfiguration_MsgpackEncodeDecode(t *testing.T) {
 				CommonCAProviderConfig: *expectCommonBase,
 				PrivateKey:             "key",
 				RootCert:               "cert",
-				RotationPeriod:         5 * time.Minute,
 				DisableCrossSigning:    true,
 			},
 			parseFunc: func(t *testing.T, raw map[string]interface{}) interface{} {

agent/connect/testing_ca.go

@@ -398,7 +398,6 @@ func testCAConfigSet(t testing.T, a TestAgentRPC,
 		Config: map[string]interface{}{
 			"PrivateKey":          ca.SigningKey,
 			"RootCert":            ca.RootCert,
-			"RotationPeriod":      180 * 24 * time.Hour,
 			"IntermediateCertTTL": 288 * time.Hour,
 		},
 	}

agent/connect_ca_endpoint_test.go

@@ -12,9 +12,10 @@ import (
 
 	"github.com/stretchr/testify/require"
 
+	"github.com/stretchr/testify/assert"
+
 	"github.com/hashicorp/consul/agent/connect"
 	"github.com/hashicorp/consul/agent/structs"
-	"github.com/stretchr/testify/assert"
 )
 
 func TestConnectCARoots_empty(t *testing.T) {
@@ -89,7 +90,6 @@ func TestConnectCAConfig(t *testing.T) {
 				"Provider": "consul",
 				"Config": {
 					"LeafCertTTL": "72h",
-					"RotationPeriod": "1h",
 					"IntermediateCertTTL": "288h"
 				}
 			}`,
@@ -99,7 +99,6 @@ func TestConnectCAConfig(t *testing.T) {
 				ClusterID: connect.TestClusterID,
 				Config: map[string]interface{}{
 					"LeafCertTTL":         "72h",
-					"RotationPeriod":      "1h",
 					"IntermediateCertTTL": "288h",
 				},
 			},
@@ -111,7 +110,6 @@ func TestConnectCAConfig(t *testing.T) {
 				"Provider": "consul",
 				"Config": {
 					"LeafCertTTL": "72h",
-					"RotationPeriod": "1h",
 					"IntermediateCertTTL": "288h"
 				}
 			}`,
@@ -121,7 +119,6 @@ func TestConnectCAConfig(t *testing.T) {
 				ClusterID: connect.TestClusterID,
 				Config: map[string]interface{}{
 					"LeafCertTTL":         "72h",
-					"RotationPeriod":      "1h",
 					"IntermediateCertTTL": "288h",
 				},
 			},
@@ -133,7 +130,6 @@ func TestConnectCAConfig(t *testing.T) {
 				"Provider": "consul",
 				"Config": {
 					"LeafCertTTL": "72h",
-					"RotationPeriod": "1h",
 					"IntermediateCertTTL": "288h"
 				},
 				"ForceWithoutCrossSigning": true
@@ -144,7 +140,6 @@ func TestConnectCAConfig(t *testing.T) {
 				ClusterID: connect.TestClusterID,
 				Config: map[string]interface{}{
 					"LeafCertTTL":         "72h",
-					"RotationPeriod":      "1h",
 					"IntermediateCertTTL": "288h",
 				},
 				ForceWithoutCrossSigning: true,
@@ -162,7 +157,6 @@ func TestConnectCAConfig(t *testing.T) {
 				"provider": "consul",
 				"config": {
 					"LeafCertTTL": "72h",
-					"RotationPeriod": "1h",
 					"IntermediateCertTTL": "288h"
 				},
 				"force_without_cross_signing": true
@@ -173,7 +167,6 @@ func TestConnectCAConfig(t *testing.T) {
 				ClusterID: connect.TestClusterID,
 				Config: map[string]interface{}{
 					"LeafCertTTL":         "72h",
-					"RotationPeriod":      "1h",
 					"IntermediateCertTTL": "288h",
 				},
 				ForceWithoutCrossSigning: true,
@@ -198,7 +191,6 @@ func TestConnectCAConfig(t *testing.T) {
 				"Provider": "consul",
 				"config": {
 					"LeafCertTTL": "72h",
-					"RotationPeriod": "1h",
 					"IntermediateCertTTL": "288h"
 				},
 				"State": {
@@ -211,7 +203,6 @@ func TestConnectCAConfig(t *testing.T) {
 				ClusterID: connect.TestClusterID,
 				Config: map[string]interface{}{
 					"LeafCertTTL":         "72h",
-					"RotationPeriod":      "1h",
 					"IntermediateCertTTL": "288h",
 				},
 				State: map[string]string{

agent/consul/config.go

@@ -596,7 +596,6 @@ func DefaultConfig() *Config {
 		CAConfig: &structs.CAConfiguration{
 			Provider: "consul",
 			Config: map[string]interface{}{
-				"RotationPeriod":      structs.DefaultCARotationPeriod,
 				"LeafCertTTL":         structs.DefaultLeafCertTTL,
 				"IntermediateCertTTL": structs.DefaultIntermediateCertTTL,
 			},

agent/consul/connect_ca_endpoint_test.go

@@ -9,15 +9,16 @@ import (
 	"testing"
 	"time"
 
+	msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
 	"github.com/hashicorp/consul/acl"
 	"github.com/hashicorp/consul/agent/connect"
 	ca "github.com/hashicorp/consul/agent/connect/ca"
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/sdk/testutil/retry"
 	"github.com/hashicorp/consul/testrpc"
-	msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
 )
 
 func testParseCert(t *testing.T, pemValue string) *x509.Certificate {
@@ -117,7 +118,6 @@ func TestConnectCAConfig_GetSet(t *testing.T) {
 		Config: map[string]interface{}{
 			"PrivateKey": "",
 			"RootCert":   "",
-			"RotationPeriod": 180 * 24 * time.Hour,
 			// This verifies the state persistence for providers although Consul
 			// provider doesn't actually use that mechanism outside of tests.
 			"test_state": testState,
@@ -388,7 +388,6 @@ func TestConnectCAConfig_TriggerRotation(t *testing.T) {
 		Config: map[string]interface{}{
 			"PrivateKey": newKey,
 			"RootCert":   "",
-			"RotationPeriod": 90 * 24 * time.Hour,
 		},
 	}
 	{
@@ -570,7 +569,6 @@ func TestConnectCAConfig_UpdateSecondary(t *testing.T) {
 		Config: map[string]interface{}{
 			"PrivateKey": newKey,
 			"RootCert":   "",
-			"RotationPeriod": 90 * 24 * time.Hour,
 		},
 	}
 	{
@@ -656,7 +654,6 @@ func TestConnectCAConfig_UpdateSecondary(t *testing.T) {
 			Config: map[string]interface{}{
 				"PrivateKey": newKey,
 				"RootCert":   "",
-				"RotationPeriod": 180 * 24 * time.Hour,
 			},
 		}
 		{

agent/consul/fsm/commands_oss_test.go

@@ -9,11 +9,6 @@ import (
 	"time"
 
 	"github.com/golang/protobuf/proto"
-	"github.com/hashicorp/consul/agent/connect"
-	"github.com/hashicorp/consul/agent/structs"
-	"github.com/hashicorp/consul/api"
-	"github.com/hashicorp/consul/sdk/testutil"
-	"github.com/hashicorp/consul/types"
 	"github.com/hashicorp/go-raftchunking"
 	raftchunkingtypes "github.com/hashicorp/go-raftchunking/types"
 	"github.com/hashicorp/go-uuid"
@@ -22,6 +17,12 @@ import (
 	"github.com/mitchellh/mapstructure"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+
+	"github.com/hashicorp/consul/agent/connect"
+	"github.com/hashicorp/consul/agent/structs"
+	"github.com/hashicorp/consul/api"
+	"github.com/hashicorp/consul/sdk/testutil"
+	"github.com/hashicorp/consul/types"
 )
 
 func generateUUID() (ret string) {
@@ -1301,7 +1302,6 @@ func TestFSM_CAConfig(t *testing.T) {
 			Config: map[string]interface{}{
 				"PrivateKey":          "asdf",
 				"RootCert":            "qwer",
-				"RotationPeriod":      90 * 24 * time.Hour,
 				"IntermediateCertTTL": 365 * 24 * time.Hour,
 			},
 		},
@@ -1331,9 +1331,6 @@ func TestFSM_CAConfig(t *testing.T) {
 	if got, want := conf.RootCert, "qwer"; got != want {
 		t.Fatalf("got %v, want %v", got, want)
 	}
-	if got, want := conf.RotationPeriod, 90*24*time.Hour; got != want {
-		t.Fatalf("got %v, want %v", got, want)
-	}
 	if got, want := conf.IntermediateCertTTL, 365*24*time.Hour; got != want {
 		t.Fatalf("got %v, want %v", got, want)
 	}

agent/consul/leader_connect_test.go

@@ -320,7 +320,6 @@ func TestLeader_SecondaryCA_IntermediateRenew(t *testing.T) {
 			Config: map[string]interface{}{
 				"PrivateKey":  "",
 				"RootCert":    "",
-				"RotationPeriod": "2160h",
 				"LeafCertTTL": "5s",
 				// The retry loop only retries for 7sec max and
 				// the ttl needs to be below so that it
@@ -486,7 +485,6 @@ func TestLeader_SecondaryCA_IntermediateRefresh(t *testing.T) {
 		Config: map[string]interface{}{
 			"PrivateKey":          newKey,
 			"RootCert":            "",
-			"RotationPeriod":      90 * 24 * time.Hour,
 			"IntermediateCertTTL": 72 * 24 * time.Hour,
 		},
 	}
@@ -1054,7 +1052,6 @@ func TestLeader_CARootPruning(t *testing.T) {
 			"LeafCertTTL":  "500ms",
 			"PrivateKey":   newKey,
 			"RootCert":     "",
-			"RotationPeriod": "2160h",
 			"SkipValidate": true,
 		},
 	}
@@ -1127,7 +1124,6 @@ func TestLeader_PersistIntermediateCAs(t *testing.T) {
 		Config: map[string]interface{}{
 			"PrivateKey": newKey,
 			"RootCert":   "",
-			"RotationPeriod": 90 * 24 * time.Hour,
 		},
 	}
 	{
@@ -1434,7 +1430,6 @@ func TestLeader_Consul_ForceWithoutCrossSigning(t *testing.T) {
 			"LeafCertTTL":  "500ms",
 			"PrivateKey":   newKey,
 			"RootCert":     "",
-			"RotationPeriod": "2160h",
 			"SkipValidate": true,
 		},
 		ForceWithoutCrossSigning: true,

agent/consul/server_test.go

@@ -186,7 +186,6 @@ func testServerConfig(t *testing.T) (string, *Config) {
 		Config: map[string]interface{}{
 			"PrivateKey":          "",
 			"RootCert":            "",
-			"RotationPeriod":      "2160h",
 			"LeafCertTTL":         "72h",
 			"IntermediateCertTTL": "288h",
 		},

agent/consul/state/connect_ca_test.go

@@ -3,7 +3,6 @@ package state
 import (
 	"reflect"
 	"testing"
-	"time"
 
 	"github.com/hashicorp/go-memdb"
 	"github.com/stretchr/testify/assert"
@@ -21,7 +20,6 @@ func TestStore_CAConfig(t *testing.T) {
 		Config: map[string]interface{}{
 			"PrivateKey": "asdf",
 			"RootCert":   "qwer",
-			"RotationPeriod": 90 * 24 * time.Hour,
 		},
 	}
 
@@ -106,7 +104,6 @@ func TestStore_CAConfig_Snapshot_Restore(t *testing.T) {
 		Config: map[string]interface{}{
 			"PrivateKey": "asdf",
 			"RootCert":   "qwer",
-			"RotationPeriod": 90 * 24 * time.Hour,
 		},
 	}
 	if err := s.CASetConfig(99, before); err != nil {

agent/structs/connect_ca.go

@@ -5,12 +5,12 @@ import (
 	"reflect"
 	"time"
 
-	"github.com/hashicorp/consul/lib"
 	"github.com/mitchellh/mapstructure"
+
+	"github.com/hashicorp/consul/lib"
 )
 
 const (
-	DefaultCARotationPeriod    = "2160h"
 	DefaultLeafCertTTL         = "72h"
 	DefaultIntermediateCertTTL = "8760h" // 365 * 24h
 )
@@ -436,7 +436,6 @@ type ConsulCAProviderConfig struct {
 
 	PrivateKey string
 	RootCert   string
-	RotationPeriod time.Duration
 
 	// DisableCrossSigning is really only useful in test code to use the built in
 	// provider while exercising logic that depends on the CA provider ability to

agent/structs/connect_ca_test.go

@@ -18,7 +18,6 @@ func TestCAConfiguration_GetCommonConfig(t *testing.T) {
 			name: "basic defaults",
 			cfg: &CAConfiguration{
 				Config: map[string]interface{}{
-					"RotationPeriod":      "2160h",
 					"LeafCertTTL":         "72h",
 					"IntermediateCertTTL": "4320h",
 					"CSRMaxPerSecond":     "50",
@@ -40,7 +39,6 @@ func TestCAConfiguration_GetCommonConfig(t *testing.T) {
 			name: "basic defaults after encoding fun",
 			cfg: &CAConfiguration{
 				Config: map[string]interface{}{
-					"RotationPeriod":      []uint8("2160h"),
 					"LeafCertTTL":         []uint8("72h"),
 					"IntermediateCertTTL": []uint8("4320h"),
 				},

api/connect_ca.go

@@ -49,7 +49,6 @@ type ConsulCAProviderConfig struct {
 
 	PrivateKey          string
 	RootCert            string
-	RotationPeriod      time.Duration
 	IntermediateCertTTL time.Duration
 }
 

api/connect_ca_test.go

@@ -4,9 +4,10 @@ import (
 	"testing"
 	"time"
 
+	"github.com/stretchr/testify/require"
+
 	"github.com/hashicorp/consul/sdk/testutil"
 	"github.com/hashicorp/consul/sdk/testutil/retry"
-	"github.com/stretchr/testify/require"
 )
 
 func TestAPI_ConnectCARoots_empty(t *testing.T) {
@@ -62,7 +63,6 @@ func TestAPI_ConnectCAConfig_get_set(t *testing.T) {
 
 	s.WaitForSerfCheck(t)
 	expected := &ConsulCAProviderConfig{
-		RotationPeriod:      90 * 24 * time.Hour,
 		IntermediateCertTTL: 365 * 24 * time.Hour,
 	}
 	expected.LeafCertTTL = 72 * time.Hour
@@ -83,7 +83,6 @@ func TestAPI_ConnectCAConfig_get_set(t *testing.T) {
 
 		// Change a config value and update
 		conf.Config["PrivateKey"] = ""
-		conf.Config["RotationPeriod"] = 120 * 24 * time.Hour
 		conf.Config["IntermediateCertTTL"] = 300 * 24 * time.Hour
 
 		// Pass through some state as if the provider stored it so we can make sure
@@ -95,7 +94,6 @@ func TestAPI_ConnectCAConfig_get_set(t *testing.T) {
 
 		updated, _, err := connect.CAGetConfig(nil)
 		r.Check(err)
-		expected.RotationPeriod = 120 * 24 * time.Hour
 		expected.IntermediateCertTTL = 300 * 24 * time.Hour
 		parsed, err = ParseConsulCAConfig(updated.Config)
 		r.Check(err)

command/connect/ca/set/connect_ca_set_test.go

@@ -7,11 +7,12 @@ import (
 
 	"github.com/stretchr/testify/require"
 
+	"github.com/mitchellh/cli"
+
 	"github.com/hashicorp/consul/agent"
 	"github.com/hashicorp/consul/agent/connect/ca"
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/testrpc"
-	"github.com/mitchellh/cli"
 )
 
 func TestConnectCASetConfigCommand_noTabs(t *testing.T) {
@@ -53,6 +54,5 @@ func TestConnectCASetConfigCommand(t *testing.T) {
 
 	parsed, err := ca.ParseConsulCAConfig(reply.Config)
 	require.NoError(err)
-	require.Equal(24*time.Hour, parsed.RotationPeriod)
 	require.Equal(288*time.Hour, parsed.IntermediateCertTTL)
 }

command/connect/ca/set/test-fixtures/ca_config.json

@@ -3,7 +3,6 @@
 	"Config": {
 		"PrivateKey": "",
 		"RootCert": "",
-		"RotationPeriod": "24h",
 		"IntermediateCertTTL": "288h"
 	}
 }

ui/packages/consul-ui/mock-api/v1/connect/ca/configuration

@@ -3,7 +3,6 @@
   "Config": {
     "PrivateKey": null,
     "RootCert": null,
-    "RotationPeriod": 7776000000000000
   },
   "CreateIndex": 5,
   "ModifyIndex": 5

website/content/api-docs/connect/ca.mdx

@@ -139,7 +139,6 @@ $ curl \
   "Provider": "consul",
   "Config": {
     "LeafCertTTL": "72h",
-    "RotationPeriod": "2160h",
     "IntermediateCertTTL": "8760h"
   },
   "CreateIndex": 5,
@@ -190,7 +189,6 @@ The table below shows this endpoint's support for
     "LeafCertTTL": "72h",
     "PrivateKey": "-----BEGIN RSA PRIVATE KEY-----...",
     "RootCert": "-----BEGIN CERTIFICATE-----...",
-    "RotationPeriod": "2160h",
     "IntermediateCertTTL": "8760h"
   },
   "ForceWithoutCrossSigning": false

website/content/docs/connect/ca/consul.mdx

@@ -74,7 +74,6 @@ $ curl localhost:8500/v1/connect/ca/configuration
     "Provider": "consul",
     "Config": {
         "LeafCertTTL": "72h",
-        "RotationPeriod": "2160h",
         "IntermediateCertTTL": "8760h"
     },
     "CreateIndex": 5,
@@ -105,7 +104,6 @@ $ jq -n --arg key "$(cat root.key)"  --arg cert "$(cat root.crt)" '
         "LeafCertTTL": "72h",
         "PrivateKey": $key,
         "RootCert": $cert,
-        "RotationPeriod": "2160h",
         "IntermediateCertTTL": "8760h"
     }
 }' > ca_config.json
@@ -121,7 +119,6 @@ $ cat ca_config.json
     "LeafCertTTL": "72h",
     "PrivateKey": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEArqiy1c3pbT3cSkjdEM1APALUareU...",
     "RootCert": "-----BEGIN CERTIFICATE-----\nMIIDijCCAnKgAwIBAgIJAOFZ66em1qC7MA0GCSqGSIb3...",
-    "RotationPeriod": "2160h",
     "IntermediateCertTTL": "8760h"
   }
 }

website/content/docs/connect/ca/index.mdx

@@ -89,7 +89,6 @@ $ curl http://localhost:8500/v1/connect/ca/configuration
     "Provider": "consul",
     "Config": {
         "LeafCertTTL": "72h",
-        "RotationPeriod": "2160h",
         "IntermediateCertTTL": "8760h"
     },
     "CreateIndex": 5,

website/content/docs/k8s/connect/connect-ca-provider.mdx

@@ -127,7 +127,6 @@ $ kubectl exec consul-server-0 -- curl -s http://localhost:8500/v1/connect/ca/co
     "IntermediatePKIPath": "connect-intermediate",
     "LeafCertTTL": "72h",
     "RootPKIPath": "connect-root",
-    "RotationPeriod": "2160h",
     "Token": "s.VgQvaXl8xGFO1RUxAPbPbsfN"
   },
   "State": null,