diff --git a/agent/agent.go b/agent/agent.go index 68507253c..063b120eb 100644 --- a/agent/agent.go +++ b/agent/agent.go @@ -536,7 +536,7 @@ func (a *Agent) setupClientAutoEncryptCache(reply *structs.SignedResponse) (*str QueryOptions: structs.QueryOptions{Token: a.tokens.AgentToken()}, } - // prepopulate roots cache + // prepolutate roots cache rootRes := cache.FetchResult{Value: &reply.ConnectCARoots, Index: reply.ConnectCARoots.QueryMeta.Index} if err := a.cache.Prepopulate(cachetype.ConnectCARootName, rootRes, a.config.Datacenter, a.tokens.AgentToken(), rootsReq.CacheInfo().Key); err != nil { return nil, nil, err @@ -546,11 +546,9 @@ func (a *Agent) setupClientAutoEncryptCache(reply *structs.SignedResponse) (*str Datacenter: a.config.Datacenter, Token: a.tokens.AgentToken(), Agent: a.config.NodeName, - Domain: a.config.DNSDomain, - NodeName: a.config.NodeName, } - // prepopulate leaf cache + // prepolutate leaf cache certRes := cache.FetchResult{Value: &reply.IssuedCert, Index: reply.ConnectCARoots.QueryMeta.Index} if err := a.cache.Prepopulate(cachetype.ConnectCALeafName, certRes, a.config.Datacenter, a.tokens.AgentToken(), leafReq.Key()); err != nil { return nil, nil, err diff --git a/agent/agent_endpoint.go b/agent/agent_endpoint.go index e44c8d9a1..6addef95b 100644 --- a/agent/agent_endpoint.go +++ b/agent/agent_endpoint.go @@ -1249,21 +1249,8 @@ func (s *HTTPServer) AgentConnectCALeafCert(resp http.ResponseWriter, req *http. // not the ID of the service instance. serviceName := strings.TrimPrefix(req.URL.Path, "/v1/agent/connect/ca/leaf/") - serviceID := serviceName - allServices := s.agent.State.Services() - for _, service := range allServices { - if service.Service == serviceName { - serviceID = service.ID - break - } - } - args := cachetype.ConnectCALeafRequest{ - Service: serviceName, // Need name not ID - ServiceID: serviceID, - Datacenter: s.agent.config.Datacenter, - Domain: s.agent.config.DNSDomain, - NodeName: s.agent.config.NodeName, + Service: serviceName, // Need name not ID } var qOpts structs.QueryOptions diff --git a/agent/cache-types/connect_ca_leaf.go b/agent/cache-types/connect_ca_leaf.go index 61c9fedc4..64a9edb7e 100644 --- a/agent/cache-types/connect_ca_leaf.go +++ b/agent/cache-types/connect_ca_leaf.go @@ -503,7 +503,6 @@ func (c *ConnectCALeaf) generateNewLeaf(req *ConnectCALeafRequest, // Build the cert uri var id connect.CertURI - var commonName string if req.Service != "" { id = &connect.SpiffeIDService{ Host: roots.TrustDomain, @@ -511,14 +510,12 @@ func (c *ConnectCALeaf) generateNewLeaf(req *ConnectCALeafRequest, Namespace: "default", Service: req.Service, } - commonName = fmt.Sprintf("%s.%s.service.%s.%s.%s", req.NodeName, req.ServiceID, roots.TrustDomain[:8], req.Datacenter, req.Domain) } else if req.Agent != "" { id = &connect.SpiffeIDAgent{ Host: roots.TrustDomain, Datacenter: req.Datacenter, Agent: req.Agent, } - commonName = fmt.Sprintf("%s.agent.%s.%s.%s", req.NodeName, roots.TrustDomain[:8], req.Datacenter, req.Domain) } else { return result, errors.New("URI must be either service or agent") } @@ -530,7 +527,7 @@ func (c *ConnectCALeaf) generateNewLeaf(req *ConnectCALeafRequest, } // Create a CSR. - csr, err := connect.CreateCSR(id, commonName, pk) + csr, err := connect.CreateCSR(id, pk) if err != nil { return result, err } @@ -619,11 +616,8 @@ func (c *ConnectCALeaf) SupportsBlocking() bool { type ConnectCALeafRequest struct { Token string Datacenter string - Domain string Service string // Service name, not ID - ServiceID string Agent string // Agent name, not ID - NodeName string MinQueryIndex uint64 MaxQueryTime time.Duration } diff --git a/agent/connect/ca/mock_Provider.go b/agent/connect/ca/mock_Provider.go index cc579c61f..e8b9e5892 100644 --- a/agent/connect/ca/mock_Provider.go +++ b/agent/connect/ca/mock_Provider.go @@ -66,13 +66,13 @@ func (_m *MockProvider) Cleanup() error { return r0 } -// Configure provides a mock function with given fields: clusterID, datacenterName, dnsDomain, isRoot, rawConfig -func (_m *MockProvider) Configure(clusterId string, datacenterName string, dnsDomain string, isRoot bool, rawConfig map[string]interface{}) error { - ret := _m.Called(clusterId, datacenterName, dnsDomain, isRoot, rawConfig) +// Configure provides a mock function with given fields: clusterId, isRoot, rawConfig +func (_m *MockProvider) Configure(clusterId string, isRoot bool, rawConfig map[string]interface{}) error { + ret := _m.Called(clusterId, isRoot, rawConfig) var r0 error - if rf, ok := ret.Get(0).(func(string, string, string, bool, map[string]interface{}) error); ok { - r0 = rf(clusterId, datacenterName, dnsDomain, isRoot, rawConfig) + if rf, ok := ret.Get(0).(func(string, bool, map[string]interface{}) error); ok { + r0 = rf(clusterId, isRoot, rawConfig) } else { r0 = ret.Error(0) } diff --git a/agent/connect/ca/plugin/plugin_test.go b/agent/connect/ca/plugin/plugin_test.go index 90d9c6b51..f4c100c28 100644 --- a/agent/connect/ca/plugin/plugin_test.go +++ b/agent/connect/ca/plugin/plugin_test.go @@ -18,11 +18,11 @@ func TestProvider_Configure(t *testing.T) { require := require.New(t) // Basic configure - m.On("Configure", "foo", "foo", "consul", false, map[string]interface{}{ + m.On("Configure", "foo", false, map[string]interface{}{ "string": "bar", "number": float64(42), // because json }).Once().Return(nil) - require.NoError(p.Configure("foo", "foo", "consul", false, map[string]interface{}{ + require.NoError(p.Configure("foo", false, map[string]interface{}{ "string": "bar", "number": float64(42), })) @@ -30,8 +30,8 @@ func TestProvider_Configure(t *testing.T) { // Try with an error m.Mock = mock.Mock{} - m.On("Configure", "foo", "foo", "consul", false, map[string]interface{}{}).Once().Return(errors.New("hello world")) - err := p.Configure("foo", "foo", "consul", false, map[string]interface{}{}) + m.On("Configure", "foo", false, map[string]interface{}{}).Once().Return(errors.New("hello world")) + err := p.Configure("foo", false, map[string]interface{}{}) require.Error(err) require.Contains(err.Error(), "hello") m.AssertExpectations(t) @@ -42,7 +42,7 @@ func TestProvider_GenerateRoot(t *testing.T) { testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) { require := require.New(t) - // Try with no error + // Try cleanup with no error m.On("GenerateRoot").Once().Return(nil) require.NoError(p.GenerateRoot()) m.AssertExpectations(t) @@ -61,7 +61,7 @@ func TestProvider_ActiveRoot(t *testing.T) { testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) { require := require.New(t) - // Try with no error + // Try cleanup with no error m.On("ActiveRoot").Once().Return("foo", nil) actual, err := p.ActiveRoot() require.NoError(err) @@ -82,7 +82,7 @@ func TestProvider_GenerateIntermediateCSR(t *testing.T) { testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) { require := require.New(t) - // Try with no error + // Try cleanup with no error m.On("GenerateIntermediateCSR").Once().Return("foo", nil) actual, err := p.GenerateIntermediateCSR() require.NoError(err) @@ -103,7 +103,7 @@ func TestProvider_SetIntermediate(t *testing.T) { testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) { require := require.New(t) - // Try with no error + // Try cleanup with no error m.On("SetIntermediate", "foo", "bar").Once().Return(nil) err := p.SetIntermediate("foo", "bar") require.NoError(err) @@ -123,7 +123,7 @@ func TestProvider_ActiveIntermediate(t *testing.T) { testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) { require := require.New(t) - // Try with no error + // Try cleanup with no error m.On("ActiveIntermediate").Once().Return("foo", nil) actual, err := p.ActiveIntermediate() require.NoError(err) @@ -144,7 +144,7 @@ func TestProvider_GenerateIntermediate(t *testing.T) { testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) { require := require.New(t) - // Try with no error + // Try cleanup with no error m.On("GenerateIntermediate").Once().Return("foo", nil) actual, err := p.GenerateIntermediate() require.NoError(err) @@ -166,7 +166,7 @@ func TestProvider_Sign(t *testing.T) { require := require.New(t) // Create a CSR - csrPEM, _ := connect.TestCSR(t, connect.TestSpiffeIDService(t, "web"), "node1.web.service.dc1.consul.") + csrPEM, _ := connect.TestCSR(t, connect.TestSpiffeIDService(t, "web")) block, _ := pem.Decode([]byte(csrPEM)) csr, err := x509.ParseCertificateRequest(block.Bytes) require.NoError(err) @@ -197,7 +197,7 @@ func TestProvider_SignIntermediate(t *testing.T) { require := require.New(t) // Create a CSR - csrPEM, _ := connect.TestCSR(t, connect.TestSpiffeIDService(t, "web"), "node1.web.service.dc1.consul.") + csrPEM, _ := connect.TestCSR(t, connect.TestSpiffeIDService(t, "web")) block, _ := pem.Decode([]byte(csrPEM)) csr, err := x509.ParseCertificateRequest(block.Bytes) require.NoError(err) diff --git a/agent/connect/ca/plugin/provider.pb.go b/agent/connect/ca/plugin/provider.pb.go index 6c02983a0..8c15dcdc0 100644 --- a/agent/connect/ca/plugin/provider.pb.go +++ b/agent/connect/ca/plugin/provider.pb.go @@ -1,17 +1,19 @@ // Code generated by protoc-gen-gogo. DO NOT EDIT. // source: agent/connect/ca/plugin/provider.proto -package plugin +package plugin // import "github.com/hashicorp/consul/agent/connect/ca/plugin" + +import proto "github.com/golang/protobuf/proto" +import fmt "fmt" +import math "math" import ( - context "context" - fmt "fmt" - proto "github.com/golang/protobuf/proto" + context "golang.org/x/net/context" grpc "google.golang.org/grpc" - io "io" - math "math" ) +import io "io" + // Reference imports to suppress errors if they are not otherwise used. var _ = proto.Marshal var _ = fmt.Errorf @@ -25,10 +27,8 @@ const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package type ConfigureRequest struct { ClusterId string `protobuf:"bytes,1,opt,name=cluster_id,json=clusterId,proto3" json:"cluster_id,omitempty"` - DatacenterName string `protobuf:"bytes,2,opt,name=datacenter_name,json=datacenterName,proto3" json:"datacenter_name,omitempty"` - DnsDomain string `protobuf:"bytes,3,opt,name=dns_domain,json=dnsDomain,proto3" json:"dns_domain,omitempty"` - IsRoot bool `protobuf:"varint,4,opt,name=is_root,json=isRoot,proto3" json:"is_root,omitempty"` - Config []byte `protobuf:"bytes,5,opt,name=config,proto3" json:"config,omitempty"` + IsRoot bool `protobuf:"varint,2,opt,name=is_root,json=isRoot,proto3" json:"is_root,omitempty"` + Config []byte `protobuf:"bytes,3,opt,name=config,proto3" json:"config,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -38,7 +38,7 @@ func (m *ConfigureRequest) Reset() { *m = ConfigureRequest{} } func (m *ConfigureRequest) String() string { return proto.CompactTextString(m) } func (*ConfigureRequest) ProtoMessage() {} func (*ConfigureRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_94daeb7181770839, []int{0} + return fileDescriptor_provider_8ff2d2670790989c, []int{0} } func (m *ConfigureRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -55,8 +55,8 @@ func (m *ConfigureRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, er return b[:n], nil } } -func (m *ConfigureRequest) XXX_Merge(src proto.Message) { - xxx_messageInfo_ConfigureRequest.Merge(m, src) +func (dst *ConfigureRequest) XXX_Merge(src proto.Message) { + xxx_messageInfo_ConfigureRequest.Merge(dst, src) } func (m *ConfigureRequest) XXX_Size() int { return m.Size() @@ -74,20 +74,6 @@ func (m *ConfigureRequest) GetClusterId() string { return "" } -func (m *ConfigureRequest) GetDatacenterName() string { - if m != nil { - return m.DatacenterName - } - return "" -} - -func (m *ConfigureRequest) GetDnsDomain() string { - if m != nil { - return m.DnsDomain - } - return "" -} - func (m *ConfigureRequest) GetIsRoot() bool { if m != nil { return m.IsRoot @@ -114,7 +100,7 @@ func (m *SetIntermediateRequest) Reset() { *m = SetIntermediateRequest{} func (m *SetIntermediateRequest) String() string { return proto.CompactTextString(m) } func (*SetIntermediateRequest) ProtoMessage() {} func (*SetIntermediateRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_94daeb7181770839, []int{1} + return fileDescriptor_provider_8ff2d2670790989c, []int{1} } func (m *SetIntermediateRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -131,8 +117,8 @@ func (m *SetIntermediateRequest) XXX_Marshal(b []byte, deterministic bool) ([]by return b[:n], nil } } -func (m *SetIntermediateRequest) XXX_Merge(src proto.Message) { - xxx_messageInfo_SetIntermediateRequest.Merge(m, src) +func (dst *SetIntermediateRequest) XXX_Merge(src proto.Message) { + xxx_messageInfo_SetIntermediateRequest.Merge(dst, src) } func (m *SetIntermediateRequest) XXX_Size() int { return m.Size() @@ -168,7 +154,7 @@ func (m *SignRequest) Reset() { *m = SignRequest{} } func (m *SignRequest) String() string { return proto.CompactTextString(m) } func (*SignRequest) ProtoMessage() {} func (*SignRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_94daeb7181770839, []int{2} + return fileDescriptor_provider_8ff2d2670790989c, []int{2} } func (m *SignRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -185,8 +171,8 @@ func (m *SignRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) return b[:n], nil } } -func (m *SignRequest) XXX_Merge(src proto.Message) { - xxx_messageInfo_SignRequest.Merge(m, src) +func (dst *SignRequest) XXX_Merge(src proto.Message) { + xxx_messageInfo_SignRequest.Merge(dst, src) } func (m *SignRequest) XXX_Size() int { return m.Size() @@ -215,7 +201,7 @@ func (m *SignIntermediateRequest) Reset() { *m = SignIntermediateRequest func (m *SignIntermediateRequest) String() string { return proto.CompactTextString(m) } func (*SignIntermediateRequest) ProtoMessage() {} func (*SignIntermediateRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_94daeb7181770839, []int{3} + return fileDescriptor_provider_8ff2d2670790989c, []int{3} } func (m *SignIntermediateRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -232,8 +218,8 @@ func (m *SignIntermediateRequest) XXX_Marshal(b []byte, deterministic bool) ([]b return b[:n], nil } } -func (m *SignIntermediateRequest) XXX_Merge(src proto.Message) { - xxx_messageInfo_SignIntermediateRequest.Merge(m, src) +func (dst *SignIntermediateRequest) XXX_Merge(src proto.Message) { + xxx_messageInfo_SignIntermediateRequest.Merge(dst, src) } func (m *SignIntermediateRequest) XXX_Size() int { return m.Size() @@ -262,7 +248,7 @@ func (m *CrossSignCARequest) Reset() { *m = CrossSignCARequest{} } func (m *CrossSignCARequest) String() string { return proto.CompactTextString(m) } func (*CrossSignCARequest) ProtoMessage() {} func (*CrossSignCARequest) Descriptor() ([]byte, []int) { - return fileDescriptor_94daeb7181770839, []int{4} + return fileDescriptor_provider_8ff2d2670790989c, []int{4} } func (m *CrossSignCARequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -279,8 +265,8 @@ func (m *CrossSignCARequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, return b[:n], nil } } -func (m *CrossSignCARequest) XXX_Merge(src proto.Message) { - xxx_messageInfo_CrossSignCARequest.Merge(m, src) +func (dst *CrossSignCARequest) XXX_Merge(src proto.Message) { + xxx_messageInfo_CrossSignCARequest.Merge(dst, src) } func (m *CrossSignCARequest) XXX_Size() int { return m.Size() @@ -309,7 +295,7 @@ func (m *ActiveRootResponse) Reset() { *m = ActiveRootResponse{} } func (m *ActiveRootResponse) String() string { return proto.CompactTextString(m) } func (*ActiveRootResponse) ProtoMessage() {} func (*ActiveRootResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_94daeb7181770839, []int{5} + return fileDescriptor_provider_8ff2d2670790989c, []int{5} } func (m *ActiveRootResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -326,8 +312,8 @@ func (m *ActiveRootResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, return b[:n], nil } } -func (m *ActiveRootResponse) XXX_Merge(src proto.Message) { - xxx_messageInfo_ActiveRootResponse.Merge(m, src) +func (dst *ActiveRootResponse) XXX_Merge(src proto.Message) { + xxx_messageInfo_ActiveRootResponse.Merge(dst, src) } func (m *ActiveRootResponse) XXX_Size() int { return m.Size() @@ -356,7 +342,7 @@ func (m *GenerateIntermediateCSRResponse) Reset() { *m = GenerateInterme func (m *GenerateIntermediateCSRResponse) String() string { return proto.CompactTextString(m) } func (*GenerateIntermediateCSRResponse) ProtoMessage() {} func (*GenerateIntermediateCSRResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_94daeb7181770839, []int{6} + return fileDescriptor_provider_8ff2d2670790989c, []int{6} } func (m *GenerateIntermediateCSRResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -373,8 +359,8 @@ func (m *GenerateIntermediateCSRResponse) XXX_Marshal(b []byte, deterministic bo return b[:n], nil } } -func (m *GenerateIntermediateCSRResponse) XXX_Merge(src proto.Message) { - xxx_messageInfo_GenerateIntermediateCSRResponse.Merge(m, src) +func (dst *GenerateIntermediateCSRResponse) XXX_Merge(src proto.Message) { + xxx_messageInfo_GenerateIntermediateCSRResponse.Merge(dst, src) } func (m *GenerateIntermediateCSRResponse) XXX_Size() int { return m.Size() @@ -403,7 +389,7 @@ func (m *ActiveIntermediateResponse) Reset() { *m = ActiveIntermediateRe func (m *ActiveIntermediateResponse) String() string { return proto.CompactTextString(m) } func (*ActiveIntermediateResponse) ProtoMessage() {} func (*ActiveIntermediateResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_94daeb7181770839, []int{7} + return fileDescriptor_provider_8ff2d2670790989c, []int{7} } func (m *ActiveIntermediateResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -420,8 +406,8 @@ func (m *ActiveIntermediateResponse) XXX_Marshal(b []byte, deterministic bool) ( return b[:n], nil } } -func (m *ActiveIntermediateResponse) XXX_Merge(src proto.Message) { - xxx_messageInfo_ActiveIntermediateResponse.Merge(m, src) +func (dst *ActiveIntermediateResponse) XXX_Merge(src proto.Message) { + xxx_messageInfo_ActiveIntermediateResponse.Merge(dst, src) } func (m *ActiveIntermediateResponse) XXX_Size() int { return m.Size() @@ -450,7 +436,7 @@ func (m *GenerateIntermediateResponse) Reset() { *m = GenerateIntermedia func (m *GenerateIntermediateResponse) String() string { return proto.CompactTextString(m) } func (*GenerateIntermediateResponse) ProtoMessage() {} func (*GenerateIntermediateResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_94daeb7181770839, []int{8} + return fileDescriptor_provider_8ff2d2670790989c, []int{8} } func (m *GenerateIntermediateResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -467,8 +453,8 @@ func (m *GenerateIntermediateResponse) XXX_Marshal(b []byte, deterministic bool) return b[:n], nil } } -func (m *GenerateIntermediateResponse) XXX_Merge(src proto.Message) { - xxx_messageInfo_GenerateIntermediateResponse.Merge(m, src) +func (dst *GenerateIntermediateResponse) XXX_Merge(src proto.Message) { + xxx_messageInfo_GenerateIntermediateResponse.Merge(dst, src) } func (m *GenerateIntermediateResponse) XXX_Size() int { return m.Size() @@ -497,7 +483,7 @@ func (m *SignResponse) Reset() { *m = SignResponse{} } func (m *SignResponse) String() string { return proto.CompactTextString(m) } func (*SignResponse) ProtoMessage() {} func (*SignResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_94daeb7181770839, []int{9} + return fileDescriptor_provider_8ff2d2670790989c, []int{9} } func (m *SignResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -514,8 +500,8 @@ func (m *SignResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) return b[:n], nil } } -func (m *SignResponse) XXX_Merge(src proto.Message) { - xxx_messageInfo_SignResponse.Merge(m, src) +func (dst *SignResponse) XXX_Merge(src proto.Message) { + xxx_messageInfo_SignResponse.Merge(dst, src) } func (m *SignResponse) XXX_Size() int { return m.Size() @@ -544,7 +530,7 @@ func (m *SignIntermediateResponse) Reset() { *m = SignIntermediateRespon func (m *SignIntermediateResponse) String() string { return proto.CompactTextString(m) } func (*SignIntermediateResponse) ProtoMessage() {} func (*SignIntermediateResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_94daeb7181770839, []int{10} + return fileDescriptor_provider_8ff2d2670790989c, []int{10} } func (m *SignIntermediateResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -561,8 +547,8 @@ func (m *SignIntermediateResponse) XXX_Marshal(b []byte, deterministic bool) ([] return b[:n], nil } } -func (m *SignIntermediateResponse) XXX_Merge(src proto.Message) { - xxx_messageInfo_SignIntermediateResponse.Merge(m, src) +func (dst *SignIntermediateResponse) XXX_Merge(src proto.Message) { + xxx_messageInfo_SignIntermediateResponse.Merge(dst, src) } func (m *SignIntermediateResponse) XXX_Size() int { return m.Size() @@ -591,7 +577,7 @@ func (m *CrossSignCAResponse) Reset() { *m = CrossSignCAResponse{} } func (m *CrossSignCAResponse) String() string { return proto.CompactTextString(m) } func (*CrossSignCAResponse) ProtoMessage() {} func (*CrossSignCAResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_94daeb7181770839, []int{11} + return fileDescriptor_provider_8ff2d2670790989c, []int{11} } func (m *CrossSignCAResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -608,8 +594,8 @@ func (m *CrossSignCAResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, return b[:n], nil } } -func (m *CrossSignCAResponse) XXX_Merge(src proto.Message) { - xxx_messageInfo_CrossSignCAResponse.Merge(m, src) +func (dst *CrossSignCAResponse) XXX_Merge(src proto.Message) { + xxx_messageInfo_CrossSignCAResponse.Merge(dst, src) } func (m *CrossSignCAResponse) XXX_Size() int { return m.Size() @@ -639,7 +625,7 @@ func (m *Empty) Reset() { *m = Empty{} } func (m *Empty) String() string { return proto.CompactTextString(m) } func (*Empty) ProtoMessage() {} func (*Empty) Descriptor() ([]byte, []int) { - return fileDescriptor_94daeb7181770839, []int{12} + return fileDescriptor_provider_8ff2d2670790989c, []int{12} } func (m *Empty) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -656,8 +642,8 @@ func (m *Empty) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { return b[:n], nil } } -func (m *Empty) XXX_Merge(src proto.Message) { - xxx_messageInfo_Empty.Merge(m, src) +func (dst *Empty) XXX_Merge(src proto.Message) { + xxx_messageInfo_Empty.Merge(dst, src) } func (m *Empty) XXX_Size() int { return m.Size() @@ -684,52 +670,6 @@ func init() { proto.RegisterType((*Empty)(nil), "plugin.Empty") } -func init() { - proto.RegisterFile("agent/connect/ca/plugin/provider.proto", fileDescriptor_94daeb7181770839) -} - -var fileDescriptor_94daeb7181770839 = []byte{ - // 607 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x84, 0x55, 0xdd, 0x6e, 0xd3, 0x30, - 0x18, 0x25, 0xfb, 0x69, 0xb7, 0x6f, 0x85, 0x55, 0xde, 0xb4, 0x85, 0x02, 0x5d, 0x15, 0xa1, 0x75, - 0x08, 0x68, 0x04, 0x03, 0x4d, 0xe2, 0x8a, 0x11, 0xc6, 0x34, 0x21, 0xa1, 0x91, 0x89, 0x1b, 0x2e, - 0xa8, 0x32, 0xc7, 0x74, 0x96, 0x1a, 0x3b, 0xd8, 0xce, 0x24, 0xde, 0x84, 0x67, 0xe0, 0x45, 0xe0, - 0x92, 0x47, 0x40, 0xe3, 0x45, 0x90, 0xf3, 0xb7, 0x24, 0x4d, 0x97, 0xbb, 0xfa, 0xcb, 0x39, 0xc7, - 0xe7, 0xfb, 0xab, 0x61, 0xd7, 0x9b, 0x10, 0xa6, 0x6c, 0xcc, 0x19, 0x23, 0x58, 0xd9, 0xd8, 0xb3, - 0xc3, 0x69, 0x34, 0xa1, 0xcc, 0x0e, 0x05, 0xbf, 0xa4, 0x3e, 0x11, 0xa3, 0x50, 0x70, 0xc5, 0x51, - 0x2b, 0x09, 0x5b, 0x3f, 0x0d, 0xe8, 0x3a, 0x9c, 0x7d, 0xa5, 0x93, 0x48, 0x10, 0x97, 0x7c, 0x8b, - 0x88, 0x54, 0xe8, 0x01, 0x00, 0x9e, 0x46, 0x52, 0x11, 0x31, 0xa6, 0xbe, 0x69, 0x0c, 0x8c, 0xbd, - 0x55, 0x77, 0x35, 0x8d, 0x9c, 0xf8, 0x68, 0x08, 0xeb, 0xbe, 0xa7, 0x3c, 0x4c, 0x98, 0x46, 0x30, - 0x2f, 0x20, 0xe6, 0x42, 0x8c, 0xb9, 0x73, 0x1d, 0xfe, 0xe0, 0x05, 0x44, 0xeb, 0xf8, 0x4c, 0x8e, - 0x7d, 0x1e, 0x78, 0x94, 0x99, 0x8b, 0x89, 0x8e, 0xcf, 0xe4, 0xdb, 0x38, 0x80, 0xb6, 0xa1, 0x4d, - 0xe5, 0x58, 0x70, 0xae, 0xcc, 0xa5, 0x81, 0xb1, 0xb7, 0xe2, 0xb6, 0xa8, 0x74, 0x39, 0x57, 0x68, - 0x0b, 0x5a, 0x38, 0xf6, 0x64, 0x2e, 0x0f, 0x8c, 0xbd, 0x8e, 0x9b, 0x9e, 0xac, 0x2f, 0xb0, 0x75, - 0x46, 0xd4, 0x89, 0xd6, 0x0f, 0x88, 0x4f, 0x3d, 0x95, 0x3b, 0x7e, 0x04, 0x5d, 0x5a, 0x08, 0x8f, - 0x43, 0x12, 0xa4, 0xbe, 0xd7, 0x8b, 0xf1, 0x53, 0x12, 0xa0, 0xbb, 0xb0, 0xa2, 0xaf, 0x8c, 0x21, - 0x89, 0xed, 0xb6, 0x3e, 0x9f, 0x92, 0xc0, 0xda, 0x81, 0xb5, 0x33, 0x3a, 0x61, 0x99, 0x68, 0x17, - 0x16, 0xb1, 0x14, 0xb1, 0x4e, 0xc7, 0xd5, 0x3f, 0xad, 0xc7, 0xb0, 0xad, 0x01, 0x75, 0x0e, 0x66, - 0xc1, 0xbb, 0x80, 0x1c, 0xc1, 0xa5, 0xd4, 0x0c, 0xe7, 0xb0, 0x88, 0x13, 0x2a, 0xc7, 0x09, 0x65, - 0x3d, 0x05, 0x74, 0x88, 0x15, 0xbd, 0x24, 0x3a, 0x77, 0x97, 0xc8, 0x90, 0x33, 0x49, 0x74, 0x71, - 0xb0, 0x50, 0x85, 0x44, 0x5a, 0x58, 0xc4, 0x26, 0x5f, 0xc1, 0xce, 0x31, 0x61, 0x44, 0x78, 0x8a, - 0x14, 0x7d, 0x38, 0x67, 0x6e, 0x89, 0x2b, 0x45, 0x89, 0x2b, 0x85, 0xe6, 0xbe, 0x84, 0x5e, 0x72, - 0x55, 0x39, 0x83, 0xa6, 0x2b, 0x0f, 0xe0, 0x7e, 0xdd, 0x95, 0xcd, 0xc4, 0x21, 0x74, 0x92, 0x82, - 0x36, 0x01, 0xf7, 0xc1, 0x9c, 0x2d, 0x6c, 0x13, 0x69, 0x04, 0x1b, 0xa5, 0x02, 0x37, 0xe1, 0xdb, - 0xb0, 0x7c, 0x14, 0x84, 0xea, 0xfb, 0xf3, 0x5f, 0xcb, 0xb0, 0xe0, 0x1c, 0xa2, 0x17, 0xb0, 0x9a, - 0x8f, 0x3e, 0x32, 0x47, 0xc9, 0x46, 0x8c, 0xaa, 0xdb, 0xd0, 0xbb, 0x9d, 0x7d, 0x89, 0xc9, 0xe8, - 0x09, 0x74, 0xb2, 0x62, 0xc4, 0xc3, 0x5a, 0xfe, 0x5c, 0x45, 0x1f, 0x00, 0x5c, 0x37, 0xb7, 0x8a, - 0xed, 0x65, 0xc7, 0x9a, 0xfe, 0x7f, 0x84, 0xed, 0x39, 0x6d, 0xae, 0xaa, 0x0c, 0xb3, 0x63, 0xd3, - 0x58, 0xbc, 0x86, 0xf5, 0xca, 0xfa, 0xa0, 0x7e, 0xc6, 0xad, 0xdf, 0xab, 0x6a, 0x36, 0xc7, 0xd9, - 0xa8, 0x96, 0x44, 0x2a, 0x7e, 0xac, 0x72, 0x56, 0xb5, 0x3d, 0x7d, 0x0f, 0x9b, 0x75, 0x6e, 0xab, - 0x52, 0x0f, 0x6f, 0x4a, 0x2d, 0x17, 0x7b, 0x06, 0x4b, 0x7a, 0x04, 0xd0, 0x46, 0x9e, 0xcc, 0xf5, - 0x12, 0xf7, 0x36, 0xcb, 0xc1, 0x94, 0xf2, 0x09, 0xba, 0xd5, 0x79, 0x43, 0x3b, 0x45, 0x64, 0x5d, - 0x31, 0x06, 0xf3, 0x01, 0xa9, 0xec, 0x3b, 0x58, 0x2b, 0x4c, 0x24, 0xca, 0xfb, 0x3b, 0xfb, 0x3f, - 0xd0, 0xbb, 0x57, 0xfb, 0x2d, 0xd5, 0x19, 0x42, 0xdb, 0x99, 0x12, 0x8f, 0x45, 0xe1, 0xcd, 0xe3, - 0xf5, 0xe6, 0xe8, 0xf7, 0x55, 0xdf, 0xf8, 0x73, 0xd5, 0x37, 0xfe, 0x5e, 0xf5, 0x8d, 0x1f, 0xff, - 0xfa, 0xb7, 0x3e, 0xef, 0x4f, 0xa8, 0xba, 0x88, 0xce, 0x47, 0x98, 0x07, 0xf6, 0x85, 0x27, 0x2f, - 0x28, 0xe6, 0x22, 0xd4, 0xef, 0x81, 0x8c, 0xa6, 0xf6, 0x9c, 0xc7, 0xe1, 0xbc, 0x15, 0x3f, 0x0a, - 0xfb, 0xff, 0x03, 0x00, 0x00, 0xff, 0xff, 0x5a, 0xb9, 0x1f, 0x6c, 0x3e, 0x06, 0x00, 0x00, -} - // Reference imports to suppress errors if they are not otherwise used. var _ context.Context var _ grpc.ClientConn @@ -1153,20 +1093,8 @@ func (m *ConfigureRequest) MarshalTo(dAtA []byte) (int, error) { i = encodeVarintProvider(dAtA, i, uint64(len(m.ClusterId))) i += copy(dAtA[i:], m.ClusterId) } - if len(m.DatacenterName) > 0 { - dAtA[i] = 0x12 - i++ - i = encodeVarintProvider(dAtA, i, uint64(len(m.DatacenterName))) - i += copy(dAtA[i:], m.DatacenterName) - } - if len(m.DnsDomain) > 0 { - dAtA[i] = 0x1a - i++ - i = encodeVarintProvider(dAtA, i, uint64(len(m.DnsDomain))) - i += copy(dAtA[i:], m.DnsDomain) - } if m.IsRoot { - dAtA[i] = 0x20 + dAtA[i] = 0x10 i++ if m.IsRoot { dAtA[i] = 1 @@ -1176,7 +1104,7 @@ func (m *ConfigureRequest) MarshalTo(dAtA []byte) (int, error) { i++ } if len(m.Config) > 0 { - dAtA[i] = 0x2a + dAtA[i] = 0x1a i++ i = encodeVarintProvider(dAtA, i, uint64(len(m.Config))) i += copy(dAtA[i:], m.Config) @@ -1530,14 +1458,6 @@ func (m *ConfigureRequest) Size() (n int) { if l > 0 { n += 1 + l + sovProvider(uint64(l)) } - l = len(m.DatacenterName) - if l > 0 { - n += 1 + l + sovProvider(uint64(l)) - } - l = len(m.DnsDomain) - if l > 0 { - n += 1 + l + sovProvider(uint64(l)) - } if m.IsRoot { n += 2 } @@ -1771,7 +1691,7 @@ func (m *ConfigureRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - wire |= uint64(b&0x7F) << shift + wire |= (uint64(b) & 0x7F) << shift if b < 0x80 { break } @@ -1799,7 +1719,7 @@ func (m *ConfigureRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + stringLen |= (uint64(b) & 0x7F) << shift if b < 0x80 { break } @@ -1809,79 +1729,12 @@ func (m *ConfigureRequest) Unmarshal(dAtA []byte) error { return ErrInvalidLengthProvider } postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthProvider - } if postIndex > l { return io.ErrUnexpectedEOF } m.ClusterId = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DatacenterName", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthProvider - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthProvider - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.DatacenterName = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DnsDomain", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthProvider - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthProvider - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.DnsDomain = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 4: if wireType != 0 { return fmt.Errorf("proto: wrong wireType = %d for field IsRoot", wireType) } @@ -1895,13 +1748,13 @@ func (m *ConfigureRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - v |= int(b&0x7F) << shift + v |= (int(b) & 0x7F) << shift if b < 0x80 { break } } m.IsRoot = bool(v != 0) - case 5: + case 3: if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field Config", wireType) } @@ -1915,7 +1768,7 @@ func (m *ConfigureRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - byteLen |= int(b&0x7F) << shift + byteLen |= (int(b) & 0x7F) << shift if b < 0x80 { break } @@ -1924,9 +1777,6 @@ func (m *ConfigureRequest) Unmarshal(dAtA []byte) error { return ErrInvalidLengthProvider } postIndex := iNdEx + byteLen - if postIndex < 0 { - return ErrInvalidLengthProvider - } if postIndex > l { return io.ErrUnexpectedEOF } @@ -1944,9 +1794,6 @@ func (m *ConfigureRequest) Unmarshal(dAtA []byte) error { if skippy < 0 { return ErrInvalidLengthProvider } - if (iNdEx + skippy) < 0 { - return ErrInvalidLengthProvider - } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } @@ -1975,7 +1822,7 @@ func (m *SetIntermediateRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - wire |= uint64(b&0x7F) << shift + wire |= (uint64(b) & 0x7F) << shift if b < 0x80 { break } @@ -2003,7 +1850,7 @@ func (m *SetIntermediateRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + stringLen |= (uint64(b) & 0x7F) << shift if b < 0x80 { break } @@ -2013,9 +1860,6 @@ func (m *SetIntermediateRequest) Unmarshal(dAtA []byte) error { return ErrInvalidLengthProvider } postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthProvider - } if postIndex > l { return io.ErrUnexpectedEOF } @@ -2035,7 +1879,7 @@ func (m *SetIntermediateRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + stringLen |= (uint64(b) & 0x7F) << shift if b < 0x80 { break } @@ -2045,9 +1889,6 @@ func (m *SetIntermediateRequest) Unmarshal(dAtA []byte) error { return ErrInvalidLengthProvider } postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthProvider - } if postIndex > l { return io.ErrUnexpectedEOF } @@ -2062,9 +1903,6 @@ func (m *SetIntermediateRequest) Unmarshal(dAtA []byte) error { if skippy < 0 { return ErrInvalidLengthProvider } - if (iNdEx + skippy) < 0 { - return ErrInvalidLengthProvider - } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } @@ -2093,7 +1931,7 @@ func (m *SignRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - wire |= uint64(b&0x7F) << shift + wire |= (uint64(b) & 0x7F) << shift if b < 0x80 { break } @@ -2121,7 +1959,7 @@ func (m *SignRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - byteLen |= int(b&0x7F) << shift + byteLen |= (int(b) & 0x7F) << shift if b < 0x80 { break } @@ -2130,9 +1968,6 @@ func (m *SignRequest) Unmarshal(dAtA []byte) error { return ErrInvalidLengthProvider } postIndex := iNdEx + byteLen - if postIndex < 0 { - return ErrInvalidLengthProvider - } if postIndex > l { return io.ErrUnexpectedEOF } @@ -2150,9 +1985,6 @@ func (m *SignRequest) Unmarshal(dAtA []byte) error { if skippy < 0 { return ErrInvalidLengthProvider } - if (iNdEx + skippy) < 0 { - return ErrInvalidLengthProvider - } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } @@ -2181,7 +2013,7 @@ func (m *SignIntermediateRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - wire |= uint64(b&0x7F) << shift + wire |= (uint64(b) & 0x7F) << shift if b < 0x80 { break } @@ -2209,7 +2041,7 @@ func (m *SignIntermediateRequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - byteLen |= int(b&0x7F) << shift + byteLen |= (int(b) & 0x7F) << shift if b < 0x80 { break } @@ -2218,9 +2050,6 @@ func (m *SignIntermediateRequest) Unmarshal(dAtA []byte) error { return ErrInvalidLengthProvider } postIndex := iNdEx + byteLen - if postIndex < 0 { - return ErrInvalidLengthProvider - } if postIndex > l { return io.ErrUnexpectedEOF } @@ -2238,9 +2067,6 @@ func (m *SignIntermediateRequest) Unmarshal(dAtA []byte) error { if skippy < 0 { return ErrInvalidLengthProvider } - if (iNdEx + skippy) < 0 { - return ErrInvalidLengthProvider - } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } @@ -2269,7 +2095,7 @@ func (m *CrossSignCARequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - wire |= uint64(b&0x7F) << shift + wire |= (uint64(b) & 0x7F) << shift if b < 0x80 { break } @@ -2297,7 +2123,7 @@ func (m *CrossSignCARequest) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - byteLen |= int(b&0x7F) << shift + byteLen |= (int(b) & 0x7F) << shift if b < 0x80 { break } @@ -2306,9 +2132,6 @@ func (m *CrossSignCARequest) Unmarshal(dAtA []byte) error { return ErrInvalidLengthProvider } postIndex := iNdEx + byteLen - if postIndex < 0 { - return ErrInvalidLengthProvider - } if postIndex > l { return io.ErrUnexpectedEOF } @@ -2326,9 +2149,6 @@ func (m *CrossSignCARequest) Unmarshal(dAtA []byte) error { if skippy < 0 { return ErrInvalidLengthProvider } - if (iNdEx + skippy) < 0 { - return ErrInvalidLengthProvider - } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } @@ -2357,7 +2177,7 @@ func (m *ActiveRootResponse) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - wire |= uint64(b&0x7F) << shift + wire |= (uint64(b) & 0x7F) << shift if b < 0x80 { break } @@ -2385,7 +2205,7 @@ func (m *ActiveRootResponse) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + stringLen |= (uint64(b) & 0x7F) << shift if b < 0x80 { break } @@ -2395,9 +2215,6 @@ func (m *ActiveRootResponse) Unmarshal(dAtA []byte) error { return ErrInvalidLengthProvider } postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthProvider - } if postIndex > l { return io.ErrUnexpectedEOF } @@ -2412,9 +2229,6 @@ func (m *ActiveRootResponse) Unmarshal(dAtA []byte) error { if skippy < 0 { return ErrInvalidLengthProvider } - if (iNdEx + skippy) < 0 { - return ErrInvalidLengthProvider - } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } @@ -2443,7 +2257,7 @@ func (m *GenerateIntermediateCSRResponse) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - wire |= uint64(b&0x7F) << shift + wire |= (uint64(b) & 0x7F) << shift if b < 0x80 { break } @@ -2471,7 +2285,7 @@ func (m *GenerateIntermediateCSRResponse) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + stringLen |= (uint64(b) & 0x7F) << shift if b < 0x80 { break } @@ -2481,9 +2295,6 @@ func (m *GenerateIntermediateCSRResponse) Unmarshal(dAtA []byte) error { return ErrInvalidLengthProvider } postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthProvider - } if postIndex > l { return io.ErrUnexpectedEOF } @@ -2498,9 +2309,6 @@ func (m *GenerateIntermediateCSRResponse) Unmarshal(dAtA []byte) error { if skippy < 0 { return ErrInvalidLengthProvider } - if (iNdEx + skippy) < 0 { - return ErrInvalidLengthProvider - } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } @@ -2529,7 +2337,7 @@ func (m *ActiveIntermediateResponse) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - wire |= uint64(b&0x7F) << shift + wire |= (uint64(b) & 0x7F) << shift if b < 0x80 { break } @@ -2557,7 +2365,7 @@ func (m *ActiveIntermediateResponse) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + stringLen |= (uint64(b) & 0x7F) << shift if b < 0x80 { break } @@ -2567,9 +2375,6 @@ func (m *ActiveIntermediateResponse) Unmarshal(dAtA []byte) error { return ErrInvalidLengthProvider } postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthProvider - } if postIndex > l { return io.ErrUnexpectedEOF } @@ -2584,9 +2389,6 @@ func (m *ActiveIntermediateResponse) Unmarshal(dAtA []byte) error { if skippy < 0 { return ErrInvalidLengthProvider } - if (iNdEx + skippy) < 0 { - return ErrInvalidLengthProvider - } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } @@ -2615,7 +2417,7 @@ func (m *GenerateIntermediateResponse) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - wire |= uint64(b&0x7F) << shift + wire |= (uint64(b) & 0x7F) << shift if b < 0x80 { break } @@ -2643,7 +2445,7 @@ func (m *GenerateIntermediateResponse) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + stringLen |= (uint64(b) & 0x7F) << shift if b < 0x80 { break } @@ -2653,9 +2455,6 @@ func (m *GenerateIntermediateResponse) Unmarshal(dAtA []byte) error { return ErrInvalidLengthProvider } postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthProvider - } if postIndex > l { return io.ErrUnexpectedEOF } @@ -2670,9 +2469,6 @@ func (m *GenerateIntermediateResponse) Unmarshal(dAtA []byte) error { if skippy < 0 { return ErrInvalidLengthProvider } - if (iNdEx + skippy) < 0 { - return ErrInvalidLengthProvider - } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } @@ -2701,7 +2497,7 @@ func (m *SignResponse) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - wire |= uint64(b&0x7F) << shift + wire |= (uint64(b) & 0x7F) << shift if b < 0x80 { break } @@ -2729,7 +2525,7 @@ func (m *SignResponse) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + stringLen |= (uint64(b) & 0x7F) << shift if b < 0x80 { break } @@ -2739,9 +2535,6 @@ func (m *SignResponse) Unmarshal(dAtA []byte) error { return ErrInvalidLengthProvider } postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthProvider - } if postIndex > l { return io.ErrUnexpectedEOF } @@ -2756,9 +2549,6 @@ func (m *SignResponse) Unmarshal(dAtA []byte) error { if skippy < 0 { return ErrInvalidLengthProvider } - if (iNdEx + skippy) < 0 { - return ErrInvalidLengthProvider - } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } @@ -2787,7 +2577,7 @@ func (m *SignIntermediateResponse) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - wire |= uint64(b&0x7F) << shift + wire |= (uint64(b) & 0x7F) << shift if b < 0x80 { break } @@ -2815,7 +2605,7 @@ func (m *SignIntermediateResponse) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + stringLen |= (uint64(b) & 0x7F) << shift if b < 0x80 { break } @@ -2825,9 +2615,6 @@ func (m *SignIntermediateResponse) Unmarshal(dAtA []byte) error { return ErrInvalidLengthProvider } postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthProvider - } if postIndex > l { return io.ErrUnexpectedEOF } @@ -2842,9 +2629,6 @@ func (m *SignIntermediateResponse) Unmarshal(dAtA []byte) error { if skippy < 0 { return ErrInvalidLengthProvider } - if (iNdEx + skippy) < 0 { - return ErrInvalidLengthProvider - } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } @@ -2873,7 +2657,7 @@ func (m *CrossSignCAResponse) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - wire |= uint64(b&0x7F) << shift + wire |= (uint64(b) & 0x7F) << shift if b < 0x80 { break } @@ -2901,7 +2685,7 @@ func (m *CrossSignCAResponse) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + stringLen |= (uint64(b) & 0x7F) << shift if b < 0x80 { break } @@ -2911,9 +2695,6 @@ func (m *CrossSignCAResponse) Unmarshal(dAtA []byte) error { return ErrInvalidLengthProvider } postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthProvider - } if postIndex > l { return io.ErrUnexpectedEOF } @@ -2928,9 +2709,6 @@ func (m *CrossSignCAResponse) Unmarshal(dAtA []byte) error { if skippy < 0 { return ErrInvalidLengthProvider } - if (iNdEx + skippy) < 0 { - return ErrInvalidLengthProvider - } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } @@ -2959,7 +2737,7 @@ func (m *Empty) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - wire |= uint64(b&0x7F) << shift + wire |= (uint64(b) & 0x7F) << shift if b < 0x80 { break } @@ -2982,9 +2760,6 @@ func (m *Empty) Unmarshal(dAtA []byte) error { if skippy < 0 { return ErrInvalidLengthProvider } - if (iNdEx + skippy) < 0 { - return ErrInvalidLengthProvider - } if (iNdEx + skippy) > l { return io.ErrUnexpectedEOF } @@ -3052,11 +2827,8 @@ func skipProvider(dAtA []byte) (n int, err error) { break } } - if length < 0 { - return 0, ErrInvalidLengthProvider - } iNdEx += length - if iNdEx < 0 { + if length < 0 { return 0, ErrInvalidLengthProvider } return iNdEx, nil @@ -3087,9 +2859,6 @@ func skipProvider(dAtA []byte) (n int, err error) { return 0, err } iNdEx = start + next - if iNdEx < 0 { - return 0, ErrInvalidLengthProvider - } } return iNdEx, nil case 4: @@ -3108,3 +2877,47 @@ var ( ErrInvalidLengthProvider = fmt.Errorf("proto: negative length found during unmarshaling") ErrIntOverflowProvider = fmt.Errorf("proto: integer overflow") ) + +func init() { + proto.RegisterFile("agent/connect/ca/plugin/provider.proto", fileDescriptor_provider_8ff2d2670790989c) +} + +var fileDescriptor_provider_8ff2d2670790989c = []byte{ + // 566 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x84, 0x54, 0xdf, 0x6e, 0xd3, 0x3e, + 0x18, 0xfd, 0xa5, 0xfb, 0xad, 0x5d, 0xbf, 0x15, 0xad, 0xf2, 0xa6, 0xb5, 0x14, 0x68, 0xab, 0x08, + 0xad, 0x45, 0x40, 0x23, 0x28, 0x68, 0x12, 0x57, 0x94, 0x68, 0x4c, 0x13, 0x37, 0x23, 0x15, 0x37, + 0x5c, 0x50, 0xa5, 0xae, 0x49, 0x2d, 0x35, 0x71, 0xb0, 0x9d, 0x49, 0xbc, 0x09, 0x6f, 0x04, 0x97, + 0x3c, 0x02, 0x2a, 0x2f, 0x82, 0x9c, 0x26, 0x59, 0x92, 0xa6, 0xcb, 0x5d, 0xfc, 0xe5, 0x9c, 0xf3, + 0xfd, 0x3b, 0x36, 0x9c, 0xd9, 0x0e, 0xf1, 0xa4, 0x81, 0x99, 0xe7, 0x11, 0x2c, 0x0d, 0x6c, 0x1b, + 0xfe, 0x2a, 0x70, 0xa8, 0x67, 0xf8, 0x9c, 0xdd, 0xd0, 0x05, 0xe1, 0x23, 0x9f, 0x33, 0xc9, 0x50, + 0x75, 0x13, 0xd6, 0xe7, 0xd0, 0x34, 0x99, 0xf7, 0x95, 0x3a, 0x01, 0x27, 0x16, 0xf9, 0x16, 0x10, + 0x21, 0xd1, 0x23, 0x00, 0xbc, 0x0a, 0x84, 0x24, 0x7c, 0x46, 0x17, 0x6d, 0xad, 0xaf, 0x0d, 0xeb, + 0x56, 0x3d, 0x8a, 0x5c, 0x2d, 0x50, 0x0b, 0x6a, 0x54, 0xcc, 0x38, 0x63, 0xb2, 0x5d, 0xe9, 0x6b, + 0xc3, 0x03, 0xab, 0x4a, 0x85, 0xc5, 0x98, 0x44, 0xa7, 0x50, 0xc5, 0xa1, 0x56, 0x7b, 0xaf, 0xaf, + 0x0d, 0x1b, 0x56, 0x74, 0xd2, 0xbf, 0xc0, 0xe9, 0x94, 0xc8, 0x2b, 0x4f, 0x12, 0xee, 0x92, 0x05, + 0xb5, 0x65, 0x92, 0xe9, 0x09, 0x34, 0x69, 0x2a, 0x3c, 0xf3, 0x89, 0x1b, 0xe5, 0x3b, 0x4a, 0xc7, + 0xaf, 0x89, 0x8b, 0xee, 0xc3, 0x81, 0x4a, 0x19, 0x42, 0x2a, 0x21, 0xa4, 0xa6, 0xce, 0xd7, 0xc4, + 0xd5, 0x7b, 0x70, 0x38, 0xa5, 0x8e, 0x17, 0x8b, 0x36, 0x61, 0x0f, 0x0b, 0x1e, 0xea, 0x34, 0x2c, + 0xf5, 0xa9, 0x3f, 0x85, 0x96, 0x02, 0x14, 0x55, 0xb0, 0x0d, 0x3e, 0x03, 0x64, 0x72, 0x26, 0x84, + 0x62, 0x98, 0x93, 0x34, 0x8e, 0xcb, 0x04, 0xc7, 0xa5, 0xfe, 0x1c, 0xd0, 0x04, 0x4b, 0x7a, 0x43, + 0x54, 0xef, 0x16, 0x11, 0x3e, 0xf3, 0x04, 0x51, 0xc3, 0xc1, 0x5c, 0xa6, 0x1a, 0xa9, 0x62, 0x1e, + 0x16, 0xf9, 0x06, 0x7a, 0x97, 0xc4, 0x23, 0xdc, 0x96, 0x24, 0x5d, 0x87, 0x39, 0xb5, 0x32, 0x5c, + 0xc1, 0x33, 0x5c, 0xc1, 0x15, 0xf7, 0x35, 0x74, 0x36, 0xa9, 0xb2, 0x1d, 0x94, 0xa5, 0x3c, 0x87, + 0x87, 0x45, 0x29, 0xcb, 0x89, 0x03, 0x68, 0x6c, 0x06, 0x5a, 0x06, 0x1c, 0x43, 0x7b, 0x7b, 0xb0, + 0x65, 0xa4, 0x11, 0x1c, 0x67, 0x06, 0x5c, 0x86, 0xaf, 0xc1, 0xfe, 0x85, 0xeb, 0xcb, 0xef, 0x2f, + 0x7f, 0xee, 0x43, 0xc5, 0x9c, 0xa0, 0x57, 0x50, 0x4f, 0x2c, 0x8b, 0xda, 0xa3, 0x8d, 0x91, 0x47, + 0x79, 0x17, 0x77, 0xee, 0xc5, 0x7f, 0x42, 0x32, 0x7a, 0x06, 0x8d, 0x78, 0x18, 0xa1, 0x59, 0xb3, + 0xbf, 0xf3, 0xe8, 0x73, 0x80, 0xdb, 0xe5, 0xe6, 0xb1, 0x9d, 0xf8, 0x58, 0xb0, 0xff, 0x8f, 0xd0, + 0xda, 0xb1, 0xe6, 0xbc, 0xca, 0x20, 0x3e, 0x96, 0xd9, 0xe2, 0x2d, 0x1c, 0xe5, 0xae, 0x0f, 0xea, + 0xc6, 0xdc, 0xe2, 0x7b, 0x95, 0xef, 0xe6, 0x32, 0xb6, 0x6a, 0x46, 0x24, 0x57, 0x8f, 0x9e, 0xed, + 0xaa, 0x70, 0xa7, 0x1f, 0xe0, 0xa4, 0xa8, 0xda, 0xbc, 0xd4, 0xe3, 0xbb, 0x5a, 0x4b, 0xc4, 0x5e, + 0xc0, 0xff, 0xca, 0x02, 0xe8, 0x38, 0x69, 0xe6, 0xf6, 0x12, 0x77, 0x4e, 0xb2, 0xc1, 0x88, 0xf2, + 0x09, 0x9a, 0x79, 0xbf, 0xa1, 0x5e, 0x1a, 0x59, 0x34, 0x8c, 0xfe, 0x6e, 0x40, 0x24, 0xfb, 0x1e, + 0x0e, 0x53, 0x8e, 0x44, 0xc9, 0x7e, 0xb7, 0xdf, 0x81, 0xce, 0x83, 0xc2, 0x7f, 0x91, 0xce, 0x00, + 0x6a, 0xe6, 0x8a, 0xd8, 0x5e, 0xe0, 0xdf, 0x6d, 0xaf, 0x77, 0x17, 0xbf, 0xd6, 0x5d, 0xed, 0xf7, + 0xba, 0xab, 0xfd, 0x59, 0x77, 0xb5, 0x1f, 0x7f, 0xbb, 0xff, 0x7d, 0x1e, 0x3b, 0x54, 0x2e, 0x83, + 0xf9, 0x08, 0x33, 0xd7, 0x58, 0xda, 0x62, 0x49, 0x31, 0xe3, 0xbe, 0x7a, 0xc6, 0x45, 0xb0, 0x32, + 0x76, 0xbc, 0xe9, 0xf3, 0x6a, 0xf8, 0x96, 0x8f, 0xff, 0x05, 0x00, 0x00, 0xff, 0xff, 0x7b, 0x20, + 0xb4, 0xe4, 0xf5, 0x05, 0x00, 0x00, +} diff --git a/agent/connect/ca/plugin/provider.proto b/agent/connect/ca/plugin/provider.proto index f6d61c217..6ca9cf88f 100644 --- a/agent/connect/ca/plugin/provider.proto +++ b/agent/connect/ca/plugin/provider.proto @@ -30,10 +30,8 @@ service CA { message ConfigureRequest { string cluster_id = 1; - string datacenter_name = 2; - string dns_domain = 3; - bool is_root = 4; - bytes config = 5; // JSON-encoded structure + bool is_root = 2; + bytes config = 3; // JSON-encoded structure } message SetIntermediateRequest { diff --git a/agent/connect/ca/plugin/transport_grpc.go b/agent/connect/ca/plugin/transport_grpc.go index 0c8bc41aa..cb21e559c 100644 --- a/agent/connect/ca/plugin/transport_grpc.go +++ b/agent/connect/ca/plugin/transport_grpc.go @@ -20,7 +20,7 @@ func (p *providerPluginGRPCServer) Configure(_ context.Context, req *ConfigureRe return nil, err } - return &Empty{}, p.impl.Configure(req.ClusterId, req.DatacenterName, req.DnsDomain, req.IsRoot, rawConfig) + return &Empty{}, p.impl.Configure(req.ClusterId, req.IsRoot, rawConfig) } func (p *providerPluginGRPCServer) GenerateRoot(context.Context, *Empty) (*Empty, error) { @@ -95,8 +95,6 @@ type providerPluginGRPCClient struct { func (p *providerPluginGRPCClient) Configure( clusterId string, - datacenterName string, - dnsDomain string, isRoot bool, rawConfig map[string]interface{}) error { config, err := json.Marshal(rawConfig) @@ -105,11 +103,9 @@ func (p *providerPluginGRPCClient) Configure( } _, err = p.client.Configure(p.doneCtx, &ConfigureRequest{ - ClusterId: clusterId, - DatacenterName: datacenterName, - DnsDomain: dnsDomain, - IsRoot: isRoot, - Config: config, + ClusterId: clusterId, + IsRoot: isRoot, + Config: config, }) return p.err(err) } diff --git a/agent/connect/ca/plugin/transport_netrpc.go b/agent/connect/ca/plugin/transport_netrpc.go index 06115e6c7..8186e1d00 100644 --- a/agent/connect/ca/plugin/transport_netrpc.go +++ b/agent/connect/ca/plugin/transport_netrpc.go @@ -15,7 +15,7 @@ type providerPluginRPCServer struct { } func (p *providerPluginRPCServer) Configure(args *ConfigureRPCRequest, _ *struct{}) error { - return p.impl.Configure(args.ClusterId, args.DatacenterName, args.DNSDomain, args.IsRoot, args.RawConfig) + return p.impl.Configure(args.ClusterId, args.IsRoot, args.RawConfig) } func (p *providerPluginRPCServer) GenerateRoot(struct{}, *struct{}) error { @@ -95,16 +95,12 @@ type providerPluginRPCClient struct { func (p *providerPluginRPCClient) Configure( clusterId string, - datacenterName string, - dnsDomain string, isRoot bool, rawConfig map[string]interface{}) error { return p.client.Call("Plugin.Configure", &ConfigureRPCRequest{ - ClusterId: clusterId, - DatacenterName: datacenterName, - DNSDomain: dnsDomain, - IsRoot: isRoot, - RawConfig: rawConfig, + ClusterId: clusterId, + IsRoot: isRoot, + RawConfig: rawConfig, }, &struct{}{}) } @@ -178,11 +174,9 @@ var _ ca.Provider = &providerPluginRPCClient{} // Structs for net/rpc request and response type ConfigureRPCRequest struct { - ClusterId string - DatacenterName string - DNSDomain string - IsRoot bool - RawConfig map[string]interface{} + ClusterId string + IsRoot bool + RawConfig map[string]interface{} } type SetIntermediateRPCRequest struct { diff --git a/agent/connect/ca/provider.go b/agent/connect/ca/provider.go index bd3547475..1a89d6492 100644 --- a/agent/connect/ca/provider.go +++ b/agent/connect/ca/provider.go @@ -12,8 +12,7 @@ import ( type Provider interface { // Configure initializes the provider based on the given cluster ID, root status // and configuration values. - Configure(clusterId string, datacenterName string, dnsDomain string, - isRoot bool, rawConfig map[string]interface{}) error + Configure(clusterId string, isRoot bool, rawConfig map[string]interface{}) error // GenerateRoot causes the creation of a new root certificate for this provider. // This can also be a no-op if a root certificate already exists for the given diff --git a/agent/connect/ca/provider_consul.go b/agent/connect/ca/provider_consul.go index 7d87890e8..730a06e69 100644 --- a/agent/connect/ca/provider_consul.go +++ b/agent/connect/ca/provider_consul.go @@ -28,8 +28,6 @@ type ConsulProvider struct { config *structs.ConsulCAProviderConfig id string clusterID string - dcName string - domain string isRoot bool spiffeID *connect.SpiffeIDSigning @@ -42,8 +40,7 @@ type ConsulProviderStateDelegate interface { } // Configure sets up the provider using the given configuration. -func (c *ConsulProvider) Configure(clusterID string, datacenterName string, dnsDomain string, - isRoot bool, rawConfig map[string]interface{}) error { +func (c *ConsulProvider) Configure(clusterID string, isRoot bool, rawConfig map[string]interface{}) error { // Parse the raw config and update our ID. config, err := ParseConsulCAConfig(rawConfig) if err != nil { @@ -52,15 +49,9 @@ func (c *ConsulProvider) Configure(clusterID string, datacenterName string, dnsD c.config = config hash := sha256.Sum256([]byte(fmt.Sprintf("%s,%s,%v", config.PrivateKey, config.RootCert, isRoot))) c.id = strings.Replace(fmt.Sprintf("% x", hash), " ", ":", -1) + c.clusterID = clusterID c.isRoot = isRoot c.spiffeID = connect.SpiffeIDSigningForCluster(&structs.CAConfiguration{ClusterID: clusterID}) - c.dcName = datacenterName - c.domain = dnsDomain - - c.clusterID = clusterID - if len(c.clusterID) > 8 { - c.clusterID = c.clusterID[:8] - } // Exit early if the state store has an entry for this provider's config. _, providerState, err := c.Delegate.State().CAProviderState(c.id) @@ -198,8 +189,7 @@ func (c *ConsulProvider) GenerateIntermediateCSR() (string, error) { return "", err } - commonName := fmt.Sprintf("intermediate.ca.%s.%s.%s", c.clusterID, c.dcName, c.domain) - csr, err := connect.CreateCACSR(c.spiffeID, commonName, signer) + csr, err := connect.CreateCACSR(c.spiffeID, signer) if err != nil { return "", err } @@ -354,22 +344,22 @@ func (c *ConsulProvider) Sign(csr *x509.CertificateRequest) (string, error) { return "", err } - //// Parse the SPIFFE ID - //spiffeId, err := connect.ParseCertURI(csr.URIs[0]) - //if err != nil { - // return "", err - //} + // Parse the SPIFFE ID + spiffeId, err := connect.ParseCertURI(csr.URIs[0]) + if err != nil { + return "", err + } + + subject := "" + switch id := spiffeId.(type) { + case *connect.SpiffeIDService: + subject = id.Service + case *connect.SpiffeIDAgent: + subject = id.Agent + default: + return "", fmt.Errorf("SPIFFE ID in CSR must be a service ID") + } - //subjectName := "" - //switch id := spiffeId.(type) { - //case *connect.SpiffeIDService: - // subjectName = fmt.Sprintf("%s.%s.service.%s.%s", id.Host, id.Service, id.Datacenter, c.domain) - //case *connect.SpiffeIDAgent: - // subjectName = fmt.Sprintf("%s.agent.%s.%s", id.Agent, id.Datacenter, c.domain) - //default: - // return "", fmt.Errorf("SPIFFE ID in CSR must be a service ID") - //} - // // Parse the CA cert certPEM, err := c.ActiveIntermediate() if err != nil { @@ -389,7 +379,7 @@ func (c *ConsulProvider) Sign(csr *x509.CertificateRequest) (string, error) { effectiveNow := time.Now().Add(-1 * time.Minute) template := x509.Certificate{ SerialNumber: sn, - Subject: csr.Subject, + Subject: pkix.Name{CommonName: subject}, URIs: csr.URIs, Signature: csr.Signature, SignatureAlgorithm: csr.SignatureAlgorithm, @@ -627,7 +617,7 @@ func (c *ConsulProvider) generateCA(privateKey string, sn uint64) (string, error return "", fmt.Errorf("error parsing private key %q: %s", privateKey, err) } - commonName := fmt.Sprintf("root.ca.%s.%s.%s", c.clusterID, c.dcName, c.domain) + name := fmt.Sprintf("Consul CA %d", sn) // The URI (SPIFFE compatible) for the cert id := connect.SpiffeIDSigningForCluster(config) @@ -641,7 +631,7 @@ func (c *ConsulProvider) generateCA(privateKey string, sn uint64) (string, error serialNum.SetUint64(sn) template := x509.Certificate{ SerialNumber: serialNum, - Subject: pkix.Name{CommonName: commonName}, + Subject: pkix.Name{CommonName: name}, URIs: []*url.URL{id.URI()}, BasicConstraintsValid: true, KeyUsage: x509.KeyUsageCertSign | diff --git a/agent/connect/ca/provider_consul_test.go b/agent/connect/ca/provider_consul_test.go index 133852045..774dcc264 100644 --- a/agent/connect/ca/provider_consul_test.go +++ b/agent/connect/ca/provider_consul_test.go @@ -79,7 +79,7 @@ func TestConsulCAProvider_Bootstrap(t *testing.T) { delegate := newMockDelegate(t, conf) provider := &ConsulProvider{Delegate: delegate} - require.NoError(provider.Configure(conf.ClusterID, "dc1", "consul", true, conf.Config)) + require.NoError(provider.Configure(conf.ClusterID, true, conf.Config)) require.NoError(provider.GenerateRoot()) root, err := provider.ActiveRoot() @@ -110,7 +110,7 @@ func TestConsulCAProvider_Bootstrap_WithCert(t *testing.T) { delegate := newMockDelegate(t, conf) provider := &ConsulProvider{Delegate: delegate} - require.NoError(provider.Configure(conf.ClusterID, "dc1", "consul", true, conf.Config)) + require.NoError(provider.Configure(conf.ClusterID, true, conf.Config)) require.NoError(provider.GenerateRoot()) root, err := provider.ActiveRoot() @@ -127,7 +127,7 @@ func TestConsulCAProvider_SignLeaf(t *testing.T) { delegate := newMockDelegate(t, conf) provider := &ConsulProvider{Delegate: delegate} - require.NoError(provider.Configure(conf.ClusterID, "dc1", "consul", true, conf.Config)) + require.NoError(provider.Configure(conf.ClusterID, true, conf.Config)) require.NoError(provider.GenerateRoot()) spiffeService := &connect.SpiffeIDService{ @@ -139,7 +139,7 @@ func TestConsulCAProvider_SignLeaf(t *testing.T) { // Generate a leaf cert for the service. { - raw, _ := connect.TestCSR(t, spiffeService, "node1.foo.service.dc1.consul.") + raw, _ := connect.TestCSR(t, spiffeService) csr, err := connect.ParseCSR(raw) require.NoError(err) @@ -149,8 +149,8 @@ func TestConsulCAProvider_SignLeaf(t *testing.T) { parsed, err := connect.ParseCert(cert) require.NoError(err) - require.Equal(spiffeService.URI(), parsed.URIs[0]) - require.Equal("node1.foo.service.dc1.consul.", parsed.Subject.CommonName) + require.Equal(parsed.URIs[0], spiffeService.URI()) + require.Equal(parsed.Subject.CommonName, "foo") require.Equal(uint64(2), parsed.SerialNumber.Uint64()) // Ensure the cert is valid now and expires within the correct limit. @@ -163,7 +163,7 @@ func TestConsulCAProvider_SignLeaf(t *testing.T) { // the serial number is incremented. spiffeService.Service = "bar" { - raw, _ := connect.TestCSR(t, spiffeService, "node1.bar.service.dc1.consul.") + raw, _ := connect.TestCSR(t, spiffeService) csr, err := connect.ParseCSR(raw) require.NoError(err) @@ -173,8 +173,8 @@ func TestConsulCAProvider_SignLeaf(t *testing.T) { parsed, err := connect.ParseCert(cert) require.NoError(err) - require.Equal(spiffeService.URI(), parsed.URIs[0]) - require.Equal("node1.bar.service.dc1.consul.", parsed.Subject.CommonName) + require.Equal(parsed.URIs[0], spiffeService.URI()) + require.Equal(parsed.Subject.CommonName, "bar") require.Equal(parsed.SerialNumber.Uint64(), uint64(2)) // Ensure the cert is valid now and expires within the correct limit. @@ -189,7 +189,7 @@ func TestConsulCAProvider_SignLeaf(t *testing.T) { } // Generate a leaf cert for an agent. { - raw, _ := connect.TestCSR(t, spiffeAgent, "uuid.agent.dc1.consul.") + raw, _ := connect.TestCSR(t, spiffeAgent) csr, err := connect.ParseCSR(raw) require.NoError(err) @@ -200,7 +200,7 @@ func TestConsulCAProvider_SignLeaf(t *testing.T) { parsed, err := connect.ParseCert(cert) require.NoError(err) require.Equal(spiffeAgent.URI(), parsed.URIs[0]) - require.Equal("uuid.agent.dc1.consul.", parsed.Subject.CommonName) + require.Equal("uuid", parsed.Subject.CommonName) require.Equal(uint64(2), parsed.SerialNumber.Uint64()) // Ensure the cert is valid now and expires within the correct limit. @@ -218,14 +218,14 @@ func TestConsulCAProvider_CrossSignCA(t *testing.T) { conf1 := testConsulCAConfig() delegate1 := newMockDelegate(t, conf1) provider1 := &ConsulProvider{Delegate: delegate1} - require.NoError(provider1.Configure(conf1.ClusterID, "dc1", "consul", true, conf1.Config)) + require.NoError(provider1.Configure(conf1.ClusterID, true, conf1.Config)) require.NoError(provider1.GenerateRoot()) conf2 := testConsulCAConfig() conf2.CreateIndex = 10 delegate2 := newMockDelegate(t, conf2) provider2 := &ConsulProvider{Delegate: delegate2} - require.NoError(provider2.Configure(conf2.ClusterID, "dc2", "consul", true, conf2.Config)) + require.NoError(provider2.Configure(conf2.ClusterID, true, conf2.Config)) require.NoError(provider2.GenerateRoot()) testCrossSignProviders(t, provider1, provider2) @@ -274,7 +274,7 @@ func testCrossSignProviders(t *testing.T, provider1, provider2 Provider) { Datacenter: "dc1", Service: "foo", } - raw, _ := connect.TestCSR(t, spiffeService, "node1.foo.service.dc1.consul.") + raw, _ := connect.TestCSR(t, spiffeService) leafCsr, err := connect.ParseCSR(raw) require.NoError(err) @@ -310,14 +310,14 @@ func TestConsulProvider_SignIntermediate(t *testing.T) { conf1 := testConsulCAConfig() delegate1 := newMockDelegate(t, conf1) provider1 := &ConsulProvider{Delegate: delegate1} - require.NoError(provider1.Configure(conf1.ClusterID, "dc1", "consul", true, conf1.Config)) + require.NoError(provider1.Configure(conf1.ClusterID, true, conf1.Config)) require.NoError(provider1.GenerateRoot()) conf2 := testConsulCAConfig() conf2.CreateIndex = 10 delegate2 := newMockDelegate(t, conf2) provider2 := &ConsulProvider{Delegate: delegate2} - require.NoError(provider2.Configure(conf2.ClusterID, "dc1", "consul", false, conf2.Config)) + require.NoError(provider2.Configure(conf2.ClusterID, false, conf2.Config)) testSignIntermediateCrossDC(t, provider1, provider2) } @@ -347,7 +347,7 @@ func testSignIntermediateCrossDC(t *testing.T, provider1, provider2 Provider) { Datacenter: "dc1", Service: "foo", } - raw, _ := connect.TestCSR(t, spiffeService, "node1.foo.service.dc1.consul.") + raw, _ := connect.TestCSR(t, spiffeService) leafCsr, err := connect.ParseCSR(raw) require.NoError(err) @@ -392,7 +392,7 @@ func TestConsulCAProvider_MigrateOldID(t *testing.T) { require.NotNil(providerState) provider := &ConsulProvider{Delegate: delegate} - require.NoError(provider.Configure(conf.ClusterID, "dc1", "consul", true, conf.Config)) + require.NoError(provider.Configure(conf.ClusterID, true, conf.Config)) require.NoError(provider.GenerateRoot()) // After running Configure, the old ID entry should be gone. diff --git a/agent/connect/ca/provider_vault.go b/agent/connect/ca/provider_vault.go index 96a8a2019..f1fef4706 100644 --- a/agent/connect/ca/provider_vault.go +++ b/agent/connect/ca/provider_vault.go @@ -25,9 +25,7 @@ type VaultProvider struct { config *structs.VaultCAProviderConfig client *vaultapi.Client isRoot bool - clusterID string - dcName string - domain string + clusterId string } func vaultTLSConfig(config *structs.VaultCAProviderConfig) *vaultapi.TLSConfig { @@ -42,8 +40,7 @@ func vaultTLSConfig(config *structs.VaultCAProviderConfig) *vaultapi.TLSConfig { } // Configure sets up the provider using the given configuration. -func (v *VaultProvider) Configure(clusterId string, datacenterName string, dnsDomain string, - isRoot bool, rawConfig map[string]interface{}) error { +func (v *VaultProvider) Configure(clusterId string, isRoot bool, rawConfig map[string]interface{}) error { config, err := ParseVaultCAConfig(rawConfig) if err != nil { return err @@ -65,13 +62,7 @@ func (v *VaultProvider) Configure(clusterId string, datacenterName string, dnsDo v.config = config v.client = client v.isRoot = isRoot - v.dcName = datacenterName - v.domain = dnsDomain - - v.clusterID = clusterId - if len(v.clusterID) > 8 { - v.clusterID = v.clusterID[:8] - } + v.clusterId = clusterId return nil } @@ -105,10 +96,13 @@ func (v *VaultProvider) GenerateRoot() error { fallthrough case ErrBackendNotInitialized: - uuid, _ := uuid.GenerateUUID() - spiffeID := connect.SpiffeIDSigning{ClusterID: v.clusterID, Domain: v.domain} + spiffeID := connect.SpiffeIDSigning{ClusterID: v.clusterId, Domain: "consul"} + uuid, err := uuid.GenerateUUID() + if err != nil { + return err + } _, err = v.client.Logical().Write(v.config.RootPKIPath+"root/generate/internal", map[string]interface{}{ - "common_name": fmt.Sprintf("%s.root.ca.%s.%s.%s", uuid[:8], v.clusterID, v.dcName, v.domain), + "common_name": fmt.Sprintf("Vault CA Root Authority %s", uuid), "uri_sans": spiffeID.URI().String(), "key_type": v.config.PrivateKeyType, "key_bits": v.config.PrivateKeyBits, @@ -164,16 +158,15 @@ func (v *VaultProvider) generateIntermediateCSR() (string, error) { if err != nil { return "", err } - spiffeID := connect.SpiffeIDSigning{ClusterID: v.clusterID, Domain: "consul"} + spiffeID := connect.SpiffeIDSigning{ClusterID: v.clusterId, Domain: "consul"} if role == nil { _, err := v.client.Logical().Write(rolePath, map[string]interface{}{ - "allow_any_name": true, - "enforce_hostnames": false, - "allowed_uri_sans": "spiffe://*", - "key_type": "any", - "max_ttl": v.config.LeafCertTTL.String(), - "no_store": true, - "require_cn": false, + "allow_any_name": true, + "allowed_uri_sans": "spiffe://*", + "key_type": "any", + "max_ttl": v.config.LeafCertTTL.String(), + "no_store": true, + "require_cn": false, }) if err != nil { return "", err @@ -181,9 +174,8 @@ func (v *VaultProvider) generateIntermediateCSR() (string, error) { } // Generate a new intermediate CSR for the root to sign. - uuid, _ := uuid.GenerateUUID() data, err := v.client.Logical().Write(v.config.IntermediatePKIPath+"intermediate/generate/internal", map[string]interface{}{ - "common_name": fmt.Sprintf("%s.intermediate.ca.%s.%s.%s", uuid[:8], v.clusterID, v.dcName, v.domain), + "common_name": "Vault CA Intermediate Authority", "key_type": v.config.PrivateKeyType, "key_bits": v.config.PrivateKeyBits, "uri_sans": spiffeID.URI().String(), diff --git a/agent/connect/ca/provider_vault_test.go b/agent/connect/ca/provider_vault_test.go index 3c73a7bc5..b0ddaa411 100644 --- a/agent/connect/ca/provider_vault_test.go +++ b/agent/connect/ca/provider_vault_test.go @@ -48,7 +48,7 @@ func testVaultClusterWithConfig(t *testing.T, isRoot bool, rawConf map[string]in require := require.New(t) provider := &VaultProvider{} - require.NoError(provider.Configure("asdf", "dc1", "consul", isRoot, conf)) + require.NoError(provider.Configure("asdf", isRoot, conf)) if isRoot { require.NoError(provider.GenerateRoot()) _, err := provider.GenerateIntermediate() @@ -120,7 +120,7 @@ func TestVaultCAProvider_Bootstrap(t *testing.T) { require.NoError(err) require.True(parsed.IsCA) require.Len(parsed.URIs, 1) - require.Equal(parsed.URIs[0].String(), fmt.Sprintf("spiffe://%s.consul", provider.clusterID)) + require.Equal(parsed.URIs[0].String(), fmt.Sprintf("spiffe://%s.consul", provider.clusterId)) } } @@ -149,7 +149,7 @@ func TestVaultCAProvider_SignLeaf(t *testing.T) { // Generate a leaf cert for the service. var firstSerial uint64 { - raw, _ := connect.TestCSR(t, spiffeService, "node1.foo.service.dc1.consul.") + raw, _ := connect.TestCSR(t, spiffeService) csr, err := connect.ParseCSR(raw) require.NoError(err) @@ -159,7 +159,7 @@ func TestVaultCAProvider_SignLeaf(t *testing.T) { parsed, err := connect.ParseCert(cert) require.NoError(err) - require.Equal(spiffeService.URI(), parsed.URIs[0]) + require.Equal(parsed.URIs[0], spiffeService.URI()) firstSerial = parsed.SerialNumber.Uint64() // Ensure the cert is valid now and expires within the correct limit. @@ -172,7 +172,7 @@ func TestVaultCAProvider_SignLeaf(t *testing.T) { // the serial number is unique. spiffeService.Service = "bar" { - raw, _ := connect.TestCSR(t, spiffeService, "node1.bar.service.dc1.consul.") + raw, _ := connect.TestCSR(t, spiffeService) csr, err := connect.ParseCSR(raw) require.NoError(err) @@ -182,7 +182,7 @@ func TestVaultCAProvider_SignLeaf(t *testing.T) { parsed, err := connect.ParseCert(cert) require.NoError(err) - require.Equal(spiffeService.URI(), parsed.URIs[0]) + require.Equal(parsed.URIs[0], spiffeService.URI()) require.NotEqual(firstSerial, parsed.SerialNumber.Uint64()) // Ensure the cert is valid now and expires within the correct limit. @@ -233,7 +233,7 @@ func TestVaultProvider_SignIntermediateConsul(t *testing.T) { conf := testConsulCAConfig() delegate := newMockDelegate(t, conf) provider2 := &ConsulProvider{Delegate: delegate} - require.NoError(provider2.Configure(conf.ClusterID, "dc2", "consul", false, conf.Config)) + require.NoError(provider2.Configure(conf.ClusterID, false, conf.Config)) testSignIntermediateCrossDC(t, provider1, provider2) } @@ -243,7 +243,7 @@ func TestVaultProvider_SignIntermediateConsul(t *testing.T) { conf := testConsulCAConfig() delegate := newMockDelegate(t, conf) provider1 := &ConsulProvider{Delegate: delegate} - require.NoError(provider1.Configure(conf.ClusterID, "dc1", "consul", true, conf.Config)) + require.NoError(provider1.Configure(conf.ClusterID, true, conf.Config)) require.NoError(provider1.GenerateRoot()) provider2, core, listener := testVaultClusterWithConfig(t, false, nil) diff --git a/agent/connect/csr.go b/agent/connect/csr.go index deed31433..61a73ed33 100644 --- a/agent/connect/csr.go +++ b/agent/connect/csr.go @@ -13,9 +13,8 @@ import ( // CreateCSR returns a CSR to sign the given service along with the PEM-encoded // private key for this certificate. -func CreateCSR(uri CertURI, commonName string, privateKey crypto.Signer, extensions ...pkix.Extension) (string, error) { +func CreateCSR(uri CertURI, privateKey crypto.Signer, extensions ...pkix.Extension) (string, error) { template := &x509.CertificateRequest{ - Subject: pkix.Name{CommonName: commonName}, URIs: []*url.URL{uri.URI()}, SignatureAlgorithm: x509.ECDSAWithSHA256, ExtraExtensions: extensions, @@ -38,13 +37,13 @@ func CreateCSR(uri CertURI, commonName string, privateKey crypto.Signer, extensi // CreateCSR returns a CA CSR to sign the given service along with the PEM-encoded // private key for this certificate. -func CreateCACSR(uri CertURI, commonName string, privateKey crypto.Signer) (string, error) { +func CreateCACSR(uri CertURI, privateKey crypto.Signer) (string, error) { ext, err := CreateCAExtension() if err != nil { return "", err } - return CreateCSR(uri, commonName, privateKey, ext) + return CreateCSR(uri, privateKey, ext) } // CreateCAExtension creates a pkix.Extension for the x509 Basic Constraints diff --git a/agent/connect/testing_ca.go b/agent/connect/testing_ca.go index 3af0b929b..a1deeeedb 100644 --- a/agent/connect/testing_ca.go +++ b/agent/connect/testing_ca.go @@ -227,9 +227,8 @@ func TestLeaf(t testing.T, service string, root *structs.CARoot) (string, string // TestCSR returns a CSR to sign the given service along with the PEM-encoded // private key for this certificate. -func TestCSR(t testing.T, uri CertURI, commonName string) (string, string) { +func TestCSR(t testing.T, uri CertURI) (string, string) { template := &x509.CertificateRequest{ - Subject: pkix.Name{CommonName: commonName}, URIs: []*url.URL{uri.URI()}, SignatureAlgorithm: x509.ECDSAWithSHA256, } diff --git a/agent/consul/auto_encrypt.go b/agent/consul/auto_encrypt.go index 03452a456..e3a0e78c5 100644 --- a/agent/consul/auto_encrypt.go +++ b/agent/consul/auto_encrypt.go @@ -65,8 +65,7 @@ func (c *Client) RequestAutoEncryptCerts(servers []string, port int, token strin } // Create a CSR. - commonName := fmt.Sprintf("%s.agent.%s.%s", id.Agent, id.Datacenter, c.config.Domain) - csr, err := connect.CreateCSR(id, commonName, pk) + csr, err := connect.CreateCSR(id, pk) if err != nil { return errFn(err) } diff --git a/agent/consul/auto_encrypt_endpoint_test.go b/agent/consul/auto_encrypt_endpoint_test.go index 7bdc300f0..cc260b515 100644 --- a/agent/consul/auto_encrypt_endpoint_test.go +++ b/agent/consul/auto_encrypt_endpoint_test.go @@ -69,14 +69,13 @@ func TestAutoEncryptSign(t *testing.T) { Datacenter: "dc1", Agent: "uuid", } - commonName := fmt.Sprintf("%s.agent.%s.%s", id.Agent, id.Datacenter, "consul") // Create a new private key pk, _, err := connect.GeneratePrivateKey() require.NoError(t, err, info) // Create a CSR. - csr, err := connect.CreateCSR(id, commonName, pk) + csr, err := connect.CreateCSR(id, pk) require.NoError(t, err, info) require.NotEmpty(t, csr, info) args := &structs.CASignRequest{ diff --git a/agent/consul/connect_ca_endpoint.go b/agent/consul/connect_ca_endpoint.go index f47ba2774..fbcdc403c 100644 --- a/agent/consul/connect_ca_endpoint.go +++ b/agent/consul/connect_ca_endpoint.go @@ -176,7 +176,7 @@ func (s *ConnectCA) ConfigurationSet( if err != nil { return fmt.Errorf("could not initialize provider: %v", err) } - if err := newProvider.Configure(args.Config.ClusterID, s.srv.config.Datacenter, s.srv.config.Domain, true, args.Config.Config); err != nil { + if err := newProvider.Configure(args.Config.ClusterID, true, args.Config.Config); err != nil { return fmt.Errorf("error configuring provider: %v", err) } if err := newProvider.GenerateRoot(); err != nil { diff --git a/agent/consul/connect_ca_endpoint_test.go b/agent/consul/connect_ca_endpoint_test.go index f3000493b..d11de89b7 100644 --- a/agent/consul/connect_ca_endpoint_test.go +++ b/agent/consul/connect_ca_endpoint_test.go @@ -246,7 +246,7 @@ func TestConnectCAConfig_TriggerRotation(t *testing.T) { { // Generate a CSR and request signing spiffeId := connect.TestSpiffeIDService(t, "web") - csr, _ := connect.TestCSR(t, spiffeId, "node1.web.service.dc1.consul.") + csr, _ := connect.TestCSR(t, spiffeId) args := &structs.CASignRequest{ Datacenter: "dc1", CSR: csr, @@ -309,7 +309,7 @@ func TestConnectCASign(t *testing.T) { // Generate a CSR and request signing spiffeId := connect.TestSpiffeIDService(t, "web") - csr, _ := connect.TestCSR(t, spiffeId, "node1.web.service.dc1.consul.") + csr, _ := connect.TestCSR(t, spiffeId) args := &structs.CASignRequest{ Datacenter: "dc1", CSR: csr, @@ -319,7 +319,7 @@ func TestConnectCASign(t *testing.T) { // Generate a second CSR and request signing spiffeId2 := connect.TestSpiffeIDService(t, "web2") - csr, _ = connect.TestCSR(t, spiffeId2, "node1.web2.service.dc1.consul.") + csr, _ = connect.TestCSR(t, spiffeId2) args = &structs.CASignRequest{ Datacenter: "dc1", CSR: csr, @@ -366,7 +366,7 @@ func BenchmarkConnectCASign(b *testing.B) { // Generate a CSR and request signing spiffeID := connect.TestSpiffeIDService(b, "web") - csr, _ := connect.TestCSR(b, spiffeID, "node1.web.service.dc1.consul.") + csr, _ := connect.TestCSR(b, spiffeID) args := &structs.CASignRequest{ Datacenter: "dc1", CSR: csr, @@ -406,7 +406,7 @@ func TestConnectCASign_rateLimit(t *testing.T) { // Generate a CSR and request signing a few times in a loop. spiffeID := connect.TestSpiffeIDService(t, "web") - csr, _ := connect.TestCSR(t, spiffeID, "node1.web.service.dc1.consul.") + csr, _ := connect.TestCSR(t, spiffeID) args := &structs.CASignRequest{ Datacenter: "dc1", CSR: csr, @@ -460,7 +460,7 @@ func TestConnectCASign_concurrencyLimit(t *testing.T) { // Generate a CSR and request signing a few times in a loop. spiffeID := connect.TestSpiffeIDService(t, "web") - csr, _ := connect.TestCSR(t, spiffeID, "node1.web.service.dc1.consul.") + csr, _ := connect.TestCSR(t, spiffeID) args := &structs.CASignRequest{ Datacenter: "dc1", CSR: csr, @@ -625,7 +625,7 @@ func TestConnectCASignValidation(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - csr, _ := connect.TestCSR(t, tt.id, "") + csr, _ := connect.TestCSR(t, tt.id) args := &structs.CASignRequest{ Datacenter: "dc1", CSR: csr, diff --git a/agent/consul/leader_connect.go b/agent/consul/leader_connect.go index 9fdf9d265..02caa4516 100644 --- a/agent/consul/leader_connect.go +++ b/agent/consul/leader_connect.go @@ -197,7 +197,7 @@ func (s *Server) initializeCA() error { // initializeRootCA runs the initialization logic for a root CA. func (s *Server) initializeRootCA(provider ca.Provider, conf *structs.CAConfiguration) error { - if err := provider.Configure(conf.ClusterID, s.config.Datacenter, s.config.Domain, true, conf.Config); err != nil { + if err := provider.Configure(conf.ClusterID, true, conf.Config); err != nil { return fmt.Errorf("error configuring provider: %v", err) } if err := provider.GenerateRoot(); err != nil { @@ -750,7 +750,7 @@ func (s *Server) initializeSecondaryProvider(provider ca.Provider, roots structs return err } - if err := provider.Configure(clusterID, s.config.Datacenter, s.config.Domain, false, conf.Config); err != nil { + if err := provider.Configure(clusterID, false, conf.Config); err != nil { return fmt.Errorf("error configuring provider: %v", err) } diff --git a/agent/consul/leader_connect_test.go b/agent/consul/leader_connect_test.go index 14fb36bee..42a54fe45 100644 --- a/agent/consul/leader_connect_test.go +++ b/agent/consul/leader_connect_test.go @@ -86,7 +86,7 @@ func TestLeader_SecondaryCA_Initialize(t *testing.T) { Datacenter: "primary", Service: "foo", } - raw, _ := connect.TestCSR(t, spiffeService, "node1.foo.service.primary.consul.") + raw, _ := connect.TestCSR(t, spiffeService) leafCsr, err := connect.ParseCSR(raw) require.NoError(err) @@ -216,7 +216,7 @@ func TestLeader_SecondaryCA_IntermediateRefresh(t *testing.T) { Datacenter: "dc1", Service: "foo", } - raw, _ := connect.TestCSR(t, spiffeService, "node1.foo.service.primary.consul.") + raw, _ := connect.TestCSR(t, spiffeService) leafCsr, err := connect.ParseCSR(raw) require.NoError(err) @@ -434,7 +434,7 @@ func TestLeader_SecondaryCA_UpgradeBeforePrimary(t *testing.T) { Datacenter: "dc1", Service: "foo", } - raw, _ := connect.TestCSR(t, spiffeService, "node1.foo.service.primary.consul.") + raw, _ := connect.TestCSR(t, spiffeService) leafCsr, err := connect.ParseCSR(raw) require.NoError(t, err)