diff --git a/agent/connect_ca_endpoint.go b/agent/connect_ca_endpoint.go index 336567cf3..82d123369 100644 --- a/agent/connect_ca_endpoint.go +++ b/agent/connect_ca_endpoint.go @@ -88,10 +88,6 @@ func fixupConfig(conf *structs.CAConfiguration) { if k == "PrivateKey" && strVal != "" { conf.Config["PrivateKey"] = "hidden" } - // todo(kyhavlov): add this back in when it's actually used - if k == "RotationPeriod" { - delete(conf.Config, k) - } case structs.VaultCAProvider: if k == "Token" && strVal != "" { conf.Config["Token"] = "hidden" diff --git a/agent/connect_ca_endpoint_test.go b/agent/connect_ca_endpoint_test.go index a14118d01..afaa5f049 100644 --- a/agent/connect_ca_endpoint_test.go +++ b/agent/connect_ca_endpoint_test.go @@ -2,11 +2,10 @@ package agent import ( "bytes" - "fmt" "net/http" "net/http/httptest" - "strings" "testing" + "time" "github.com/hashicorp/consul/agent/connect" ca "github.com/hashicorp/consul/agent/connect/ca" @@ -66,8 +65,9 @@ func TestConnectCAConfig(t *testing.T) { a := NewTestAgent(t.Name(), "") defer a.Shutdown() - root := connect.TestCA(t, nil) - expected := &structs.ConsulCAProviderConfig{} + expected := &structs.ConsulCAProviderConfig{ + RotationPeriod: 90 * 24 * time.Hour, + } // Get the initial config. { @@ -85,17 +85,13 @@ func TestConnectCAConfig(t *testing.T) { // Set the config. { - conf := fmt.Sprintf(` - { - "Provider": "consul", - "Config": { - "PrivateKey": "%s", - "RootCert": "%s" - } - }`, - strings.Replace(root.SigningKey, "\n", "\\n", -1), - strings.Replace(root.RootCert, "\n", "\\n", -1)) - body := bytes.NewBuffer([]byte(conf)) + body := bytes.NewBuffer([]byte(` + { + "Provider": "consul", + "Config": { + "RotationPeriod": 3600000000000 + } + }`)) req, _ := http.NewRequest("PUT", "/v1/connect/ca/configuration", body) resp := httptest.NewRecorder() _, err := a.srv.ConnectCAConfiguration(resp, req) @@ -104,8 +100,7 @@ func TestConnectCAConfig(t *testing.T) { // The config should be updated now. { - expected.PrivateKey = "hidden" - expected.RootCert = root.RootCert + expected.RotationPeriod = time.Hour req, _ := http.NewRequest("GET", "/v1/connect/ca/configuration", nil) resp := httptest.NewRecorder() obj, err := a.srv.ConnectCAConfiguration(resp, req) diff --git a/api/connect_ca_test.go b/api/connect_ca_test.go index ec5d5a0f3..77d047e95 100644 --- a/api/connect_ca_test.go +++ b/api/connect_ca_test.go @@ -1,8 +1,10 @@ package api import ( - "strings" "testing" + "time" + + "github.com/pascaldekloe/goe/verify" "github.com/hashicorp/consul/testutil" "github.com/hashicorp/consul/testutil/retry" @@ -59,6 +61,10 @@ func TestAPI_ConnectCAConfig_get_set(t *testing.T) { c, s := makeClient(t) defer s.Stop() + expected := &ConsulCAProviderConfig{ + RotationPeriod: 90 * 24 * time.Hour, + } + // This fails occasionally if server doesn't have time to bootstrap CA so // retry retry.Run(t, func(r *retry.R) { @@ -69,15 +75,21 @@ func TestAPI_ConnectCAConfig_get_set(t *testing.T) { if conf.Provider != "consul" { r.Fatalf("expected default provider, got %q", conf.Provider) } - _, err = ParseConsulCAConfig(conf.Config) + parsed, err := ParseConsulCAConfig(conf.Config) r.Check(err) + verify.Values(r, "", parsed, expected) // Change a config value and update - conf.Config["PrivateKey"] = "invalid" + conf.Config["PrivateKey"] = "" + conf.Config["RotationPeriod"] = 120 * 24 * time.Hour _, err = connect.CASetConfig(conf, nil) - if err == nil || !strings.Contains(err.Error(), - "error parsing private key \"invalid\": no PEM-encoded data found") { - r.Fatal(err) - } + r.Check(err) + + updated, _, err := connect.CAGetConfig(nil) + r.Check(err) + expected.RotationPeriod = 120 * 24 * time.Hour + parsed, err = ParseConsulCAConfig(updated.Config) + r.Check(err) + verify.Values(r, "", parsed, expected) }) }