revert go changes to hide rotation config

2018-06-22 09:48:41 -07:00 · 2018-06-22 09:48:41 -07:00 · d436463d75
parent 837f23441d
commit d436463d75
3 changed files with 31 additions and 28 deletions
--- a/agent/connect_ca_endpoint.go
+++ b/agent/connect_ca_endpoint.go
@ -88,10 +88,6 @@ func fixupConfig(conf *structs.CAConfiguration) {
 				if k == "PrivateKey" && strVal != "" {
 					conf.Config["PrivateKey"] = "hidden"
 				}
-				// todo(kyhavlov): add this back in when it's actually used
-				if k == "RotationPeriod" {
-					delete(conf.Config, k)
-				}
 			case structs.VaultCAProvider:
 				if k == "Token" && strVal != "" {
 					conf.Config["Token"] = "hidden"
--- a/agent/connect_ca_endpoint_test.go
+++ b/agent/connect_ca_endpoint_test.go
@ -2,11 +2,10 @@ package agent

 import (
 	"bytes"
-	"fmt"
 	"net/http"
 	"net/http/httptest"
-	"strings"
 	"testing"
+	"time"

 	"github.com/hashicorp/consul/agent/connect"
 	ca "github.com/hashicorp/consul/agent/connect/ca"
@ -66,8 +65,9 @@ func TestConnectCAConfig(t *testing.T) {
 	a := NewTestAgent(t.Name(), "")
 	defer a.Shutdown()

-	root := connect.TestCA(t, nil)
-	expected := &structs.ConsulCAProviderConfig{}
+	expected := &structs.ConsulCAProviderConfig{
+		RotationPeriod: 90 * 24 * time.Hour,
+	}

 	// Get the initial config.
 	{
@ -85,17 +85,13 @@ func TestConnectCAConfig(t *testing.T) {

 	// Set the config.
 	{
-		conf := fmt.Sprintf(`
+		body := bytes.NewBuffer([]byte(`
 		{
 			"Provider": "consul",
 			"Config": {
-					"PrivateKey": "%s",
-					"RootCert": "%s"
+				"RotationPeriod": 3600000000000
 			}
-			}`,
-			strings.Replace(root.SigningKey, "\n", "\\n", -1),
-			strings.Replace(root.RootCert, "\n", "\\n", -1))
-		body := bytes.NewBuffer([]byte(conf))
+		}`))
 		req, _ := http.NewRequest("PUT", "/v1/connect/ca/configuration", body)
 		resp := httptest.NewRecorder()
 		_, err := a.srv.ConnectCAConfiguration(resp, req)
@ -104,8 +100,7 @@ func TestConnectCAConfig(t *testing.T) {

 	// The config should be updated now.
 	{
-		expected.PrivateKey = "hidden"
-		expected.RootCert = root.RootCert
+		expected.RotationPeriod = time.Hour
 		req, _ := http.NewRequest("GET", "/v1/connect/ca/configuration", nil)
 		resp := httptest.NewRecorder()
 		obj, err := a.srv.ConnectCAConfiguration(resp, req)
--- a/api/connect_ca_test.go
+++ b/api/connect_ca_test.go
@ -1,8 +1,10 @@
 package api

 import (
-	"strings"
 	"testing"
+	"time"
+
+	"github.com/pascaldekloe/goe/verify"

 	"github.com/hashicorp/consul/testutil"
 	"github.com/hashicorp/consul/testutil/retry"
@ -59,6 +61,10 @@ func TestAPI_ConnectCAConfig_get_set(t *testing.T) {
 	c, s := makeClient(t)
 	defer s.Stop()

+	expected := &ConsulCAProviderConfig{
+		RotationPeriod: 90 * 24 * time.Hour,
+	}
+
 	// This fails occasionally if server doesn't have time to bootstrap CA so
 	// retry
 	retry.Run(t, func(r *retry.R) {
@ -69,15 +75,21 @@ func TestAPI_ConnectCAConfig_get_set(t *testing.T) {
 		if conf.Provider != "consul" {
 			r.Fatalf("expected default provider, got %q", conf.Provider)
 		}
-		_, err = ParseConsulCAConfig(conf.Config)
+		parsed, err := ParseConsulCAConfig(conf.Config)
 		r.Check(err)
+		verify.Values(r, "", parsed, expected)

 		// Change a config value and update
-		conf.Config["PrivateKey"] = "invalid"
+		conf.Config["PrivateKey"] = ""
+		conf.Config["RotationPeriod"] = 120 * 24 * time.Hour
 		_, err = connect.CASetConfig(conf, nil)
-		if err == nil || !strings.Contains(err.Error(),
-			"error parsing private key \"invalid\": no PEM-encoded data found") {
-			r.Fatal(err)
-		}
+		r.Check(err)
+
+		updated, _, err := connect.CAGetConfig(nil)
+		r.Check(err)
+		expected.RotationPeriod = 120 * 24 * time.Hour
+		parsed, err = ParseConsulCAConfig(updated.Config)
+		r.Check(err)
+		verify.Values(r, "", parsed, expected)
 	})
 }