luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity

revert commits on master (#6413)

This commit is contained in:
Alvin Huang 2019-08-27 17:45:58 -04:00 committed by GitHub
parent 2838a1550a
commit e4e9381851
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
22 changed files with 243 additions and 486 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
agent/agent.go
View File

@ -536,7 +536,7 @@ func (a *Agent) setupClientAutoEncryptCache(reply *structs.SignedResponse) (*str
QueryOptions: structs.QueryOptions{Token: a.tokens.AgentToken()},
}
// prepopulate roots cache
// prepolutate roots cache
rootRes := cache.FetchResult{Value: &reply.ConnectCARoots, Index: reply.ConnectCARoots.QueryMeta.Index}
if err := a.cache.Prepopulate(cachetype.ConnectCARootName, rootRes, a.config.Datacenter, a.tokens.AgentToken(), rootsReq.CacheInfo().Key); err != nil {
return nil, nil, err
@ -546,11 +546,9 @@ func (a *Agent) setupClientAutoEncryptCache(reply *structs.SignedResponse) (*str
Datacenter: a.config.Datacenter,
Token: a.tokens.AgentToken(),
Agent: a.config.NodeName,
Domain: a.config.DNSDomain,
NodeName: a.config.NodeName,
}
// prepopulate leaf cache
// prepolutate leaf cache
certRes := cache.FetchResult{Value: &reply.IssuedCert, Index: reply.ConnectCARoots.QueryMeta.Index}
if err := a.cache.Prepopulate(cachetype.ConnectCALeafName, certRes, a.config.Datacenter, a.tokens.AgentToken(), leafReq.Key()); err != nil {
return nil, nil, err

13
agent/agent_endpoint.go
View File

@ -1249,21 +1249,8 @@ func (s *HTTPServer) AgentConnectCALeafCert(resp http.ResponseWriter, req *http.
// not the ID of the service instance.
serviceName := strings.TrimPrefix(req.URL.Path, "/v1/agent/connect/ca/leaf/")
serviceID := serviceName
allServices := s.agent.State.Services()
for _, service := range allServices {
if service.Service == serviceName {
serviceID = service.ID
break
}
}
args := cachetype.ConnectCALeafRequest{
Service: serviceName, // Need name not ID
ServiceID: serviceID,
Datacenter: s.agent.config.Datacenter,
Domain: s.agent.config.DNSDomain,
NodeName: s.agent.config.NodeName,
}
var qOpts structs.QueryOptions

8
agent/cache-types/connect_ca_leaf.go
View File

@ -503,7 +503,6 @@ func (c *ConnectCALeaf) generateNewLeaf(req *ConnectCALeafRequest,
// Build the cert uri
var id connect.CertURI
var commonName string
if req.Service != "" {
id = &connect.SpiffeIDService{
Host: roots.TrustDomain,
@ -511,14 +510,12 @@ func (c *ConnectCALeaf) generateNewLeaf(req *ConnectCALeafRequest,
Namespace: "default",
Service: req.Service,
}
commonName = fmt.Sprintf("%s.%s.service.%s.%s.%s", req.NodeName, req.ServiceID, roots.TrustDomain[:8], req.Datacenter, req.Domain)
} else if req.Agent != "" {
id = &connect.SpiffeIDAgent{
Host: roots.TrustDomain,
Datacenter: req.Datacenter,
Agent: req.Agent,
}
commonName = fmt.Sprintf("%s.agent.%s.%s.%s", req.NodeName, roots.TrustDomain[:8], req.Datacenter, req.Domain)
} else {
return result, errors.New("URI must be either service or agent")
}
@ -530,7 +527,7 @@ func (c *ConnectCALeaf) generateNewLeaf(req *ConnectCALeafRequest,
}
// Create a CSR.
csr, err := connect.CreateCSR(id, commonName, pk)
csr, err := connect.CreateCSR(id, pk)
if err != nil {
return result, err
}
@ -619,11 +616,8 @@ func (c *ConnectCALeaf) SupportsBlocking() bool {
type ConnectCALeafRequest struct {
Token string
Datacenter string
Domain string
Service string // Service name, not ID
ServiceID string
Agent string // Agent name, not ID
NodeName string
MinQueryIndex uint64
MaxQueryTime time.Duration
}

10
agent/connect/ca/mock_Provider.go
View File

@ -66,13 +66,13 @@ func (_m *MockProvider) Cleanup() error {
return r0
}
// Configure provides a mock function with given fields: clusterID, datacenterName, dnsDomain, isRoot, rawConfig
func (_m *MockProvider) Configure(clusterId string, datacenterName string, dnsDomain string, isRoot bool, rawConfig map[string]interface{}) error {
ret := _m.Called(clusterId, datacenterName, dnsDomain, isRoot, rawConfig)
// Configure provides a mock function with given fields: clusterId, isRoot, rawConfig
func (_m *MockProvider) Configure(clusterId string, isRoot bool, rawConfig map[string]interface{}) error {
ret := _m.Called(clusterId, isRoot, rawConfig)
var r0 error
if rf, ok := ret.Get(0).(func(string, string, string, bool, map[string]interface{}) error); ok {
r0 = rf(clusterId, datacenterName, dnsDomain, isRoot, rawConfig)
if rf, ok := ret.Get(0).(func(string, bool, map[string]interface{}) error); ok {
r0 = rf(clusterId, isRoot, rawConfig)
} else {
r0 = ret.Error(0)
}

24
agent/connect/ca/plugin/plugin_test.go
View File

@ -18,11 +18,11 @@ func TestProvider_Configure(t *testing.T) {
require := require.New(t)
// Basic configure
m.On("Configure", "foo", "foo", "consul", false, map[string]interface{}{
m.On("Configure", "foo", false, map[string]interface{}{
"string": "bar",
"number": float64(42), // because json
}).Once().Return(nil)
require.NoError(p.Configure("foo", "foo", "consul", false, map[string]interface{}{
require.NoError(p.Configure("foo", false, map[string]interface{}{
"string": "bar",
"number": float64(42),
}))
@ -30,8 +30,8 @@ func TestProvider_Configure(t *testing.T) {
// Try with an error
m.Mock = mock.Mock{}
m.On("Configure", "foo", "foo", "consul", false, map[string]interface{}{}).Once().Return(errors.New("hello world"))
err := p.Configure("foo", "foo", "consul", false, map[string]interface{}{})
m.On("Configure", "foo", false, map[string]interface{}{}).Once().Return(errors.New("hello world"))
err := p.Configure("foo", false, map[string]interface{}{})
require.Error(err)
require.Contains(err.Error(), "hello")
m.AssertExpectations(t)
@ -42,7 +42,7 @@ func TestProvider_GenerateRoot(t *testing.T) {
testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) {
require := require.New(t)
// Try with no error
// Try cleanup with no error
m.On("GenerateRoot").Once().Return(nil)
require.NoError(p.GenerateRoot())
m.AssertExpectations(t)
@ -61,7 +61,7 @@ func TestProvider_ActiveRoot(t *testing.T) {
testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) {
require := require.New(t)
// Try with no error
// Try cleanup with no error
m.On("ActiveRoot").Once().Return("foo", nil)
actual, err := p.ActiveRoot()
require.NoError(err)
@ -82,7 +82,7 @@ func TestProvider_GenerateIntermediateCSR(t *testing.T) {
testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) {
require := require.New(t)
// Try with no error
// Try cleanup with no error
m.On("GenerateIntermediateCSR").Once().Return("foo", nil)
actual, err := p.GenerateIntermediateCSR()
require.NoError(err)
@ -103,7 +103,7 @@ func TestProvider_SetIntermediate(t *testing.T) {
testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) {
require := require.New(t)
// Try with no error
// Try cleanup with no error
m.On("SetIntermediate", "foo", "bar").Once().Return(nil)
err := p.SetIntermediate("foo", "bar")
require.NoError(err)
@ -123,7 +123,7 @@ func TestProvider_ActiveIntermediate(t *testing.T) {
testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) {
require := require.New(t)
// Try with no error
// Try cleanup with no error
m.On("ActiveIntermediate").Once().Return("foo", nil)
actual, err := p.ActiveIntermediate()
require.NoError(err)
@ -144,7 +144,7 @@ func TestProvider_GenerateIntermediate(t *testing.T) {
testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) {
require := require.New(t)
// Try with no error
// Try cleanup with no error
m.On("GenerateIntermediate").Once().Return("foo", nil)
actual, err := p.GenerateIntermediate()
require.NoError(err)
@ -166,7 +166,7 @@ func TestProvider_Sign(t *testing.T) {
require := require.New(t)
// Create a CSR
csrPEM, _ := connect.TestCSR(t, connect.TestSpiffeIDService(t, "web"), "node1.web.service.dc1.consul.")
csrPEM, _ := connect.TestCSR(t, connect.TestSpiffeIDService(t, "web"))
block, _ := pem.Decode([]byte(csrPEM))
csr, err := x509.ParseCertificateRequest(block.Bytes)
require.NoError(err)
@ -197,7 +197,7 @@ func TestProvider_SignIntermediate(t *testing.T) {
require := require.New(t)
// Create a CSR
csrPEM, _ := connect.TestCSR(t, connect.TestSpiffeIDService(t, "web"), "node1.web.service.dc1.consul.")
csrPEM, _ := connect.TestCSR(t, connect.TestSpiffeIDService(t, "web"))
block, _ := pem.Decode([]byte(csrPEM))
csr, err := x509.ParseCertificateRequest(block.Bytes)
require.NoError(err)

437
agent/connect/ca/plugin/provider.pb.go
View File

@ -1,17 +1,19 @@
// Code generated by protoc-gen-gogo. DO NOT EDIT.
// source: agent/connect/ca/plugin/provider.proto
package plugin
package plugin // import "github.com/hashicorp/consul/agent/connect/ca/plugin"
import proto "github.com/golang/protobuf/proto"
import fmt "fmt"
import math "math"
import (
context "context"
fmt "fmt"
proto "github.com/golang/protobuf/proto"
context "golang.org/x/net/context"
grpc "google.golang.org/grpc"
io "io"
math "math"
)
import io "io"
// Reference imports to suppress errors if they are not otherwise used.
var _ = proto.Marshal
var _ = fmt.Errorf
@ -25,10 +27,8 @@ const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package
type ConfigureRequest struct {
ClusterId string `protobuf:"bytes,1,opt,name=cluster_id,json=clusterId,proto3" json:"cluster_id,omitempty"`
DatacenterName string `protobuf:"bytes,2,opt,name=datacenter_name,json=datacenterName,proto3" json:"datacenter_name,omitempty"`
DnsDomain string `protobuf:"bytes,3,opt,name=dns_domain,json=dnsDomain,proto3" json:"dns_domain,omitempty"`
IsRoot bool `protobuf:"varint,4,opt,name=is_root,json=isRoot,proto3" json:"is_root,omitempty"`
Config []byte `protobuf:"bytes,5,opt,name=config,proto3" json:"config,omitempty"`
IsRoot bool `protobuf:"varint,2,opt,name=is_root,json=isRoot,proto3" json:"is_root,omitempty"`
Config []byte `protobuf:"bytes,3,opt,name=config,proto3" json:"config,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
@ -38,7 +38,7 @@ func (m *ConfigureRequest) Reset() { *m = ConfigureRequest{} }
func (m *ConfigureRequest) String() string { return proto.CompactTextString(m) }
func (*ConfigureRequest) ProtoMessage() {}
func (*ConfigureRequest) Descriptor() ([]byte, []int) {
return fileDescriptor_94daeb7181770839, []int{0}
return fileDescriptor_provider_8ff2d2670790989c, []int{0}
}
func (m *ConfigureRequest) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
@ -55,8 +55,8 @@ func (m *ConfigureRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, er
return b[:n], nil
}
}
func (m *ConfigureRequest) XXX_Merge(src proto.Message) {
xxx_messageInfo_ConfigureRequest.Merge(m, src)
func (dst *ConfigureRequest) XXX_Merge(src proto.Message) {
xxx_messageInfo_ConfigureRequest.Merge(dst, src)
}
func (m *ConfigureRequest) XXX_Size() int {
return m.Size()
@ -74,20 +74,6 @@ func (m *ConfigureRequest) GetClusterId() string {
return ""
}
func (m *ConfigureRequest) GetDatacenterName() string {
if m != nil {
return m.DatacenterName
}
return ""
}
func (m *ConfigureRequest) GetDnsDomain() string {
if m != nil {
return m.DnsDomain
}
return ""
}
func (m *ConfigureRequest) GetIsRoot() bool {
if m != nil {
return m.IsRoot
@ -114,7 +100,7 @@ func (m *SetIntermediateRequest) Reset() { *m = SetIntermediateRequest{}
func (m *SetIntermediateRequest) String() string { return proto.CompactTextString(m) }
func (*SetIntermediateRequest) ProtoMessage() {}
func (*SetIntermediateRequest) Descriptor() ([]byte, []int) {
return fileDescriptor_94daeb7181770839, []int{1}
return fileDescriptor_provider_8ff2d2670790989c, []int{1}
}
func (m *SetIntermediateRequest) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
@ -131,8 +117,8 @@ func (m *SetIntermediateRequest) XXX_Marshal(b []byte, deterministic bool) ([]by
return b[:n], nil
}
}
func (m *SetIntermediateRequest) XXX_Merge(src proto.Message) {
xxx_messageInfo_SetIntermediateRequest.Merge(m, src)
func (dst *SetIntermediateRequest) XXX_Merge(src proto.Message) {
xxx_messageInfo_SetIntermediateRequest.Merge(dst, src)
}
func (m *SetIntermediateRequest) XXX_Size() int {
return m.Size()
@ -168,7 +154,7 @@ func (m *SignRequest) Reset() { *m = SignRequest{} }
func (m *SignRequest) String() string { return proto.CompactTextString(m) }
func (*SignRequest) ProtoMessage() {}
func (*SignRequest) Descriptor() ([]byte, []int) {
return fileDescriptor_94daeb7181770839, []int{2}
return fileDescriptor_provider_8ff2d2670790989c, []int{2}
}
func (m *SignRequest) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
@ -185,8 +171,8 @@ func (m *SignRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
return b[:n], nil
}
}
func (m *SignRequest) XXX_Merge(src proto.Message) {
xxx_messageInfo_SignRequest.Merge(m, src)
func (dst *SignRequest) XXX_Merge(src proto.Message) {
xxx_messageInfo_SignRequest.Merge(dst, src)
}
func (m *SignRequest) XXX_Size() int {
return m.Size()
@ -215,7 +201,7 @@ func (m *SignIntermediateRequest) Reset() { *m = SignIntermediateRequest
func (m *SignIntermediateRequest) String() string { return proto.CompactTextString(m) }
func (*SignIntermediateRequest) ProtoMessage() {}
func (*SignIntermediateRequest) Descriptor() ([]byte, []int) {
return fileDescriptor_94daeb7181770839, []int{3}
return fileDescriptor_provider_8ff2d2670790989c, []int{3}
}
func (m *SignIntermediateRequest) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
@ -232,8 +218,8 @@ func (m *SignIntermediateRequest) XXX_Marshal(b []byte, deterministic bool) ([]b
return b[:n], nil
}
}
func (m *SignIntermediateRequest) XXX_Merge(src proto.Message) {
xxx_messageInfo_SignIntermediateRequest.Merge(m, src)
func (dst *SignIntermediateRequest) XXX_Merge(src proto.Message) {
xxx_messageInfo_SignIntermediateRequest.Merge(dst, src)
}
func (m *SignIntermediateRequest) XXX_Size() int {
return m.Size()
@ -262,7 +248,7 @@ func (m *CrossSignCARequest) Reset() { *m = CrossSignCARequest{} }
func (m *CrossSignCARequest) String() string { return proto.CompactTextString(m) }
func (*CrossSignCARequest) ProtoMessage() {}
func (*CrossSignCARequest) Descriptor() ([]byte, []int) {
return fileDescriptor_94daeb7181770839, []int{4}
return fileDescriptor_provider_8ff2d2670790989c, []int{4}
}
func (m *CrossSignCARequest) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
@ -279,8 +265,8 @@ func (m *CrossSignCARequest) XXX_Marshal(b []byte, deterministic bool) ([]byte,
return b[:n], nil
}
}
func (m *CrossSignCARequest) XXX_Merge(src proto.Message) {
xxx_messageInfo_CrossSignCARequest.Merge(m, src)
func (dst *CrossSignCARequest) XXX_Merge(src proto.Message) {
xxx_messageInfo_CrossSignCARequest.Merge(dst, src)
}
func (m *CrossSignCARequest) XXX_Size() int {
return m.Size()
@ -309,7 +295,7 @@ func (m *ActiveRootResponse) Reset() { *m = ActiveRootResponse{} }
func (m *ActiveRootResponse) String() string { return proto.CompactTextString(m) }
func (*ActiveRootResponse) ProtoMessage() {}
func (*ActiveRootResponse) Descriptor() ([]byte, []int) {
return fileDescriptor_94daeb7181770839, []int{5}
return fileDescriptor_provider_8ff2d2670790989c, []int{5}
}
func (m *ActiveRootResponse) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
@ -326,8 +312,8 @@ func (m *ActiveRootResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte,
return b[:n], nil
}
}
func (m *ActiveRootResponse) XXX_Merge(src proto.Message) {
xxx_messageInfo_ActiveRootResponse.Merge(m, src)
func (dst *ActiveRootResponse) XXX_Merge(src proto.Message) {
xxx_messageInfo_ActiveRootResponse.Merge(dst, src)
}
func (m *ActiveRootResponse) XXX_Size() int {
return m.Size()
@ -356,7 +342,7 @@ func (m *GenerateIntermediateCSRResponse) Reset() { *m = GenerateInterme
func (m *GenerateIntermediateCSRResponse) String() string { return proto.CompactTextString(m) }
func (*GenerateIntermediateCSRResponse) ProtoMessage() {}
func (*GenerateIntermediateCSRResponse) Descriptor() ([]byte, []int) {
return fileDescriptor_94daeb7181770839, []int{6}
return fileDescriptor_provider_8ff2d2670790989c, []int{6}
}
func (m *GenerateIntermediateCSRResponse) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
@ -373,8 +359,8 @@ func (m *GenerateIntermediateCSRResponse) XXX_Marshal(b []byte, deterministic bo
return b[:n], nil
}
}
func (m *GenerateIntermediateCSRResponse) XXX_Merge(src proto.Message) {
xxx_messageInfo_GenerateIntermediateCSRResponse.Merge(m, src)
func (dst *GenerateIntermediateCSRResponse) XXX_Merge(src proto.Message) {
xxx_messageInfo_GenerateIntermediateCSRResponse.Merge(dst, src)
}
func (m *GenerateIntermediateCSRResponse) XXX_Size() int {
return m.Size()
@ -403,7 +389,7 @@ func (m *ActiveIntermediateResponse) Reset() { *m = ActiveIntermediateRe
func (m *ActiveIntermediateResponse) String() string { return proto.CompactTextString(m) }
func (*ActiveIntermediateResponse) ProtoMessage() {}
func (*ActiveIntermediateResponse) Descriptor() ([]byte, []int) {
return fileDescriptor_94daeb7181770839, []int{7}
return fileDescriptor_provider_8ff2d2670790989c, []int{7}
}
func (m *ActiveIntermediateResponse) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
@ -420,8 +406,8 @@ func (m *ActiveIntermediateResponse) XXX_Marshal(b []byte, deterministic bool) (
return b[:n], nil
}
}
func (m *ActiveIntermediateResponse) XXX_Merge(src proto.Message) {
xxx_messageInfo_ActiveIntermediateResponse.Merge(m, src)
func (dst *ActiveIntermediateResponse) XXX_Merge(src proto.Message) {
xxx_messageInfo_ActiveIntermediateResponse.Merge(dst, src)
}
func (m *ActiveIntermediateResponse) XXX_Size() int {
return m.Size()
@ -450,7 +436,7 @@ func (m *GenerateIntermediateResponse) Reset() { *m = GenerateIntermedia
func (m *GenerateIntermediateResponse) String() string { return proto.CompactTextString(m) }
func (*GenerateIntermediateResponse) ProtoMessage() {}
func (*GenerateIntermediateResponse) Descriptor() ([]byte, []int) {
return fileDescriptor_94daeb7181770839, []int{8}
return fileDescriptor_provider_8ff2d2670790989c, []int{8}
}
func (m *GenerateIntermediateResponse) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
@ -467,8 +453,8 @@ func (m *GenerateIntermediateResponse) XXX_Marshal(b []byte, deterministic bool)
return b[:n], nil
}
}
func (m *GenerateIntermediateResponse) XXX_Merge(src proto.Message) {
xxx_messageInfo_GenerateIntermediateResponse.Merge(m, src)
func (dst *GenerateIntermediateResponse) XXX_Merge(src proto.Message) {
xxx_messageInfo_GenerateIntermediateResponse.Merge(dst, src)
}
func (m *GenerateIntermediateResponse) XXX_Size() int {
return m.Size()
@ -497,7 +483,7 @@ func (m *SignResponse) Reset() { *m = SignResponse{} }
func (m *SignResponse) String() string { return proto.CompactTextString(m) }
func (*SignResponse) ProtoMessage() {}
func (*SignResponse) Descriptor() ([]byte, []int) {
return fileDescriptor_94daeb7181770839, []int{9}
return fileDescriptor_provider_8ff2d2670790989c, []int{9}
}
func (m *SignResponse) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
@ -514,8 +500,8 @@ func (m *SignResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
return b[:n], nil
}
}
func (m *SignResponse) XXX_Merge(src proto.Message) {
xxx_messageInfo_SignResponse.Merge(m, src)
func (dst *SignResponse) XXX_Merge(src proto.Message) {
xxx_messageInfo_SignResponse.Merge(dst, src)
}
func (m *SignResponse) XXX_Size() int {
return m.Size()
@ -544,7 +530,7 @@ func (m *SignIntermediateResponse) Reset() { *m = SignIntermediateRespon
func (m *SignIntermediateResponse) String() string { return proto.CompactTextString(m) }
func (*SignIntermediateResponse) ProtoMessage() {}
func (*SignIntermediateResponse) Descriptor() ([]byte, []int) {
return fileDescriptor_94daeb7181770839, []int{10}
return fileDescriptor_provider_8ff2d2670790989c, []int{10}
}
func (m *SignIntermediateResponse) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
@ -561,8 +547,8 @@ func (m *SignIntermediateResponse) XXX_Marshal(b []byte, deterministic bool) ([]
return b[:n], nil
}
}
func (m *SignIntermediateResponse) XXX_Merge(src proto.Message) {
xxx_messageInfo_SignIntermediateResponse.Merge(m, src)
func (dst *SignIntermediateResponse) XXX_Merge(src proto.Message) {
xxx_messageInfo_SignIntermediateResponse.Merge(dst, src)
}
func (m *SignIntermediateResponse) XXX_Size() int {
return m.Size()
@ -591,7 +577,7 @@ func (m *CrossSignCAResponse) Reset() { *m = CrossSignCAResponse{} }
func (m *CrossSignCAResponse) String() string { return proto.CompactTextString(m) }
func (*CrossSignCAResponse) ProtoMessage() {}
func (*CrossSignCAResponse) Descriptor() ([]byte, []int) {
return fileDescriptor_94daeb7181770839, []int{11}
return fileDescriptor_provider_8ff2d2670790989c, []int{11}
}
func (m *CrossSignCAResponse) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
@ -608,8 +594,8 @@ func (m *CrossSignCAResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte,
return b[:n], nil
}
}
func (m *CrossSignCAResponse) XXX_Merge(src proto.Message) {
xxx_messageInfo_CrossSignCAResponse.Merge(m, src)
func (dst *CrossSignCAResponse) XXX_Merge(src proto.Message) {
xxx_messageInfo_CrossSignCAResponse.Merge(dst, src)
}
func (m *CrossSignCAResponse) XXX_Size() int {
return m.Size()
@ -639,7 +625,7 @@ func (m *Empty) Reset() { *m = Empty{} }
func (m *Empty) String() string { return proto.CompactTextString(m) }
func (*Empty) ProtoMessage() {}
func (*Empty) Descriptor() ([]byte, []int) {
return fileDescriptor_94daeb7181770839, []int{12}
return fileDescriptor_provider_8ff2d2670790989c, []int{12}
}
func (m *Empty) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
@ -656,8 +642,8 @@ func (m *Empty) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return b[:n], nil
}
}
func (m *Empty) XXX_Merge(src proto.Message) {
xxx_messageInfo_Empty.Merge(m, src)
func (dst *Empty) XXX_Merge(src proto.Message) {
xxx_messageInfo_Empty.Merge(dst, src)
}
func (m *Empty) XXX_Size() int {
return m.Size()
@ -684,52 +670,6 @@ func init() {
proto.RegisterType((*Empty)(nil), "plugin.Empty")
}
func init() {
proto.RegisterFile("agent/connect/ca/plugin/provider.proto", fileDescriptor_94daeb7181770839)
}
var fileDescriptor_94daeb7181770839 = []byte{
// 607 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x84, 0x55, 0xdd, 0x6e, 0xd3, 0x30,
0x18, 0x25, 0xfb, 0x69, 0xb7, 0x6f, 0x85, 0x55, 0xde, 0xb4, 0x85, 0x02, 0x5d, 0x15, 0xa1, 0x75,
0x08, 0x68, 0x04, 0x03, 0x4d, 0xe2, 0x8a, 0x11, 0xc6, 0x34, 0x21, 0xa1, 0x91, 0x89, 0x1b, 0x2e,
0xa8, 0x32, 0xc7, 0x74, 0x96, 0x1a, 0x3b, 0xd8, 0xce, 0x24, 0xde, 0x84, 0x67, 0xe0, 0x45, 0xe0,
0x92, 0x47, 0x40, 0xe3, 0x45, 0x90, 0xf3, 0xb7, 0x24, 0x4d, 0x97, 0xbb, 0xfa, 0xcb, 0x39, 0xc7,
0xe7, 0xfb, 0xab, 0x61, 0xd7, 0x9b, 0x10, 0xa6, 0x6c, 0xcc, 0x19, 0x23, 0x58, 0xd9, 0xd8, 0xb3,
0xc3, 0x69, 0x34, 0xa1, 0xcc, 0x0e, 0x05, 0xbf, 0xa4, 0x3e, 0x11, 0xa3, 0x50, 0x70, 0xc5, 0x51,
0x2b, 0x09, 0x5b, 0x3f, 0x0d, 0xe8, 0x3a, 0x9c, 0x7d, 0xa5, 0x93, 0x48, 0x10, 0x97, 0x7c, 0x8b,
0x88, 0x54, 0xe8, 0x01, 0x00, 0x9e, 0x46, 0x52, 0x11, 0x31, 0xa6, 0xbe, 0x69, 0x0c, 0x8c, 0xbd,
0x55, 0x77, 0x35, 0x8d, 0x9c, 0xf8, 0x68, 0x08, 0xeb, 0xbe, 0xa7, 0x3c, 0x4c, 0x98, 0x46, 0x30,
0x2f, 0x20, 0xe6, 0x42, 0x8c, 0xb9, 0x73, 0x1d, 0xfe, 0xe0, 0x05, 0x44, 0xeb, 0xf8, 0x4c, 0x8e,
0x7d, 0x1e, 0x78, 0x94, 0x99, 0x8b, 0x89, 0x8e, 0xcf, 0xe4, 0xdb, 0x38, 0x80, 0xb6, 0xa1, 0x4d,
0xe5, 0x58, 0x70, 0xae, 0xcc, 0xa5, 0x81, 0xb1, 0xb7, 0xe2, 0xb6, 0xa8, 0x74, 0x39, 0x57, 0x68,
0x0b, 0x5a, 0x38, 0xf6, 0x64, 0x2e, 0x0f, 0x8c, 0xbd, 0x8e, 0x9b, 0x9e, 0xac, 0x2f, 0xb0, 0x75,
0x46, 0xd4, 0x89, 0xd6, 0x0f, 0x88, 0x4f, 0x3d, 0x95, 0x3b, 0x7e, 0x04, 0x5d, 0x5a, 0x08, 0x8f,
0x43, 0x12, 0xa4, 0xbe, 0xd7, 0x8b, 0xf1, 0x53, 0x12, 0xa0, 0xbb, 0xb0, 0xa2, 0xaf, 0x8c, 0x21,
0x89, 0xed, 0xb6, 0x3e, 0x9f, 0x92, 0xc0, 0xda, 0x81, 0xb5, 0x33, 0x3a, 0x61, 0x99, 0x68, 0x17,
0x16, 0xb1, 0x14, 0xb1, 0x4e, 0xc7, 0xd5, 0x3f, 0xad, 0xc7, 0xb0, 0xad, 0x01, 0x75, 0x0e, 0x66,
0xc1, 0xbb, 0x80, 0x1c, 0xc1, 0xa5, 0xd4, 0x0c, 0xe7, 0xb0, 0x88, 0x13, 0x2a, 0xc7, 0x09, 0x65,
0x3d, 0x05, 0x74, 0x88, 0x15, 0xbd, 0x24, 0x3a, 0x77, 0x97, 0xc8, 0x90, 0x33, 0x49, 0x74, 0x71,
0xb0, 0x50, 0x85, 0x44, 0x5a, 0x58, 0xc4, 0x26, 0x5f, 0xc1, 0xce, 0x31, 0x61, 0x44, 0x78, 0x8a,
0x14, 0x7d, 0x38, 0x67, 0x6e, 0x89, 0x2b, 0x45, 0x89, 0x2b, 0x85, 0xe6, 0xbe, 0x84, 0x5e, 0x72,
0x55, 0x39, 0x83, 0xa6, 0x2b, 0x0f, 0xe0, 0x7e, 0xdd, 0x95, 0xcd, 0xc4, 0x21, 0x74, 0x92, 0x82,
0x36, 0x01, 0xf7, 0xc1, 0x9c, 0x2d, 0x6c, 0x13, 0x69, 0x04, 0x1b, 0xa5, 0x02, 0x37, 0xe1, 0xdb,
0xb0, 0x7c, 0x14, 0x84, 0xea, 0xfb, 0xf3, 0x5f, 0xcb, 0xb0, 0xe0, 0x1c, 0xa2, 0x17, 0xb0, 0x9a,
0x8f, 0x3e, 0x32, 0x47, 0xc9, 0x46, 0x8c, 0xaa, 0xdb, 0xd0, 0xbb, 0x9d, 0x7d, 0x89, 0xc9, 0xe8,
0x09, 0x74, 0xb2, 0x62, 0xc4, 0xc3, 0x5a, 0xfe, 0x5c, 0x45, 0x1f, 0x00, 0x5c, 0x37, 0xb7, 0x8a,
0xed, 0x65, 0xc7, 0x9a, 0xfe, 0x7f, 0x84, 0xed, 0x39, 0x6d, 0xae, 0xaa, 0x0c, 0xb3, 0x63, 0xd3,
0x58, 0xbc, 0x86, 0xf5, 0xca, 0xfa, 0xa0, 0x7e, 0xc6, 0xad, 0xdf, 0xab, 0x6a, 0x36, 0xc7, 0xd9,
0xa8, 0x96, 0x44, 0x2a, 0x7e, 0xac, 0x72, 0x56, 0xb5, 0x3d, 0x7d, 0x0f, 0x9b, 0x75, 0x6e, 0xab,
0x52, 0x0f, 0x6f, 0x4a, 0x2d, 0x17, 0x7b, 0x06, 0x4b, 0x7a, 0x04, 0xd0, 0x46, 0x9e, 0xcc, 0xf5,
0x12, 0xf7, 0x36, 0xcb, 0xc1, 0x94, 0xf2, 0x09, 0xba, 0xd5, 0x79, 0x43, 0x3b, 0x45, 0x64, 0x5d,
0x31, 0x06, 0xf3, 0x01, 0xa9, 0xec, 0x3b, 0x58, 0x2b, 0x4c, 0x24, 0xca, 0xfb, 0x3b, 0xfb, 0x3f,
0xd0, 0xbb, 0x57, 0xfb, 0x2d, 0xd5, 0x19, 0x42, 0xdb, 0x99, 0x12, 0x8f, 0x45, 0xe1, 0xcd, 0xe3,
0xf5, 0xe6, 0xe8, 0xf7, 0x55, 0xdf, 0xf8, 0x73, 0xd5, 0x37, 0xfe, 0x5e, 0xf5, 0x8d, 0x1f, 0xff,
0xfa, 0xb7, 0x3e, 0xef, 0x4f, 0xa8, 0xba, 0x88, 0xce, 0x47, 0x98, 0x07, 0xf6, 0x85, 0x27, 0x2f,
0x28, 0xe6, 0x22, 0xd4, 0xef, 0x81, 0x8c, 0xa6, 0xf6, 0x9c, 0xc7, 0xe1, 0xbc, 0x15, 0x3f, 0x0a,
0xfb, 0xff, 0x03, 0x00, 0x00, 0xff, 0xff, 0x5a, 0xb9, 0x1f, 0x6c, 0x3e, 0x06, 0x00, 0x00,
}
// Reference imports to suppress errors if they are not otherwise used.
var _ context.Context
var _ grpc.ClientConn
@ -1153,20 +1093,8 @@ func (m *ConfigureRequest) MarshalTo(dAtA []byte) (int, error) {
i = encodeVarintProvider(dAtA, i, uint64(len(m.ClusterId)))
i += copy(dAtA[i:], m.ClusterId)
}
if len(m.DatacenterName) > 0 {
dAtA[i] = 0x12
i++
i = encodeVarintProvider(dAtA, i, uint64(len(m.DatacenterName)))
i += copy(dAtA[i:], m.DatacenterName)
}
if len(m.DnsDomain) > 0 {
dAtA[i] = 0x1a
i++
i = encodeVarintProvider(dAtA, i, uint64(len(m.DnsDomain)))
i += copy(dAtA[i:], m.DnsDomain)
}
if m.IsRoot {
dAtA[i] = 0x20
dAtA[i] = 0x10
i++
if m.IsRoot {
dAtA[i] = 1
@ -1176,7 +1104,7 @@ func (m *ConfigureRequest) MarshalTo(dAtA []byte) (int, error) {
i++
}
if len(m.Config) > 0 {
dAtA[i] = 0x2a
dAtA[i] = 0x1a
i++
i = encodeVarintProvider(dAtA, i, uint64(len(m.Config)))
i += copy(dAtA[i:], m.Config)
@ -1530,14 +1458,6 @@ func (m *ConfigureRequest) Size() (n int) {
if l > 0 {
n += 1 + l + sovProvider(uint64(l))
}
l = len(m.DatacenterName)
if l > 0 {
n += 1 + l + sovProvider(uint64(l))
}
l = len(m.DnsDomain)
if l > 0 {
n += 1 + l + sovProvider(uint64(l))
}
if m.IsRoot {
n += 2
}
@ -1771,7 +1691,7 @@ func (m *ConfigureRequest) Unmarshal(dAtA []byte) error {
}
b := dAtA[iNdEx]
iNdEx++
wire |= uint64(b&0x7F) << shift
wire |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
@ -1799,7 +1719,7 @@ func (m *ConfigureRequest) Unmarshal(dAtA []byte) error {
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
stringLen |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
@ -1809,79 +1729,12 @@ func (m *ConfigureRequest) Unmarshal(dAtA []byte) error {
return ErrInvalidLengthProvider
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthProvider
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.ClusterId = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 2:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field DatacenterName", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowProvider
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthProvider
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthProvider
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.DatacenterName = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 3:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field DnsDomain", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowProvider
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthProvider
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthProvider
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.DnsDomain = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 4:
if wireType != 0 {
return fmt.Errorf("proto: wrong wireType = %d for field IsRoot", wireType)
}
@ -1895,13 +1748,13 @@ func (m *ConfigureRequest) Unmarshal(dAtA []byte) error {
}
b := dAtA[iNdEx]
iNdEx++
v |= int(b&0x7F) << shift
v |= (int(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
m.IsRoot = bool(v != 0)
case 5:
case 3:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Config", wireType)
}
@ -1915,7 +1768,7 @@ func (m *ConfigureRequest) Unmarshal(dAtA []byte) error {
}
b := dAtA[iNdEx]
iNdEx++
byteLen |= int(b&0x7F) << shift
byteLen |= (int(b) & 0x7F) << shift
if b < 0x80 {
break
}
@ -1924,9 +1777,6 @@ func (m *ConfigureRequest) Unmarshal(dAtA []byte) error {
return ErrInvalidLengthProvider
}
postIndex := iNdEx + byteLen
if postIndex < 0 {
return ErrInvalidLengthProvider
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
@ -1944,9 +1794,6 @@ func (m *ConfigureRequest) Unmarshal(dAtA []byte) error {
if skippy < 0 {
return ErrInvalidLengthProvider
}
if (iNdEx + skippy) < 0 {
return ErrInvalidLengthProvider
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
@ -1975,7 +1822,7 @@ func (m *SetIntermediateRequest) Unmarshal(dAtA []byte) error {
}
b := dAtA[iNdEx]
iNdEx++
wire |= uint64(b&0x7F) << shift
wire |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
@ -2003,7 +1850,7 @@ func (m *SetIntermediateRequest) Unmarshal(dAtA []byte) error {
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
stringLen |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
@ -2013,9 +1860,6 @@ func (m *SetIntermediateRequest) Unmarshal(dAtA []byte) error {
return ErrInvalidLengthProvider
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthProvider
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
@ -2035,7 +1879,7 @@ func (m *SetIntermediateRequest) Unmarshal(dAtA []byte) error {
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
stringLen |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
@ -2045,9 +1889,6 @@ func (m *SetIntermediateRequest) Unmarshal(dAtA []byte) error {
return ErrInvalidLengthProvider
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthProvider
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
@ -2062,9 +1903,6 @@ func (m *SetIntermediateRequest) Unmarshal(dAtA []byte) error {
if skippy < 0 {
return ErrInvalidLengthProvider
}
if (iNdEx + skippy) < 0 {
return ErrInvalidLengthProvider
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
@ -2093,7 +1931,7 @@ func (m *SignRequest) Unmarshal(dAtA []byte) error {
}
b := dAtA[iNdEx]
iNdEx++
wire |= uint64(b&0x7F) << shift
wire |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
@ -2121,7 +1959,7 @@ func (m *SignRequest) Unmarshal(dAtA []byte) error {
}
b := dAtA[iNdEx]
iNdEx++
byteLen |= int(b&0x7F) << shift
byteLen |= (int(b) & 0x7F) << shift
if b < 0x80 {
break
}
@ -2130,9 +1968,6 @@ func (m *SignRequest) Unmarshal(dAtA []byte) error {
return ErrInvalidLengthProvider
}
postIndex := iNdEx + byteLen
if postIndex < 0 {
return ErrInvalidLengthProvider
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
@ -2150,9 +1985,6 @@ func (m *SignRequest) Unmarshal(dAtA []byte) error {
if skippy < 0 {
return ErrInvalidLengthProvider
}
if (iNdEx + skippy) < 0 {
return ErrInvalidLengthProvider
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
@ -2181,7 +2013,7 @@ func (m *SignIntermediateRequest) Unmarshal(dAtA []byte) error {
}
b := dAtA[iNdEx]
iNdEx++
wire |= uint64(b&0x7F) << shift
wire |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
@ -2209,7 +2041,7 @@ func (m *SignIntermediateRequest) Unmarshal(dAtA []byte) error {
}
b := dAtA[iNdEx]
iNdEx++
byteLen |= int(b&0x7F) << shift
byteLen |= (int(b) & 0x7F) << shift
if b < 0x80 {
break
}
@ -2218,9 +2050,6 @@ func (m *SignIntermediateRequest) Unmarshal(dAtA []byte) error {
return ErrInvalidLengthProvider
}
postIndex := iNdEx + byteLen
if postIndex < 0 {
return ErrInvalidLengthProvider
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
@ -2238,9 +2067,6 @@ func (m *SignIntermediateRequest) Unmarshal(dAtA []byte) error {
if skippy < 0 {
return ErrInvalidLengthProvider
}
if (iNdEx + skippy) < 0 {
return ErrInvalidLengthProvider
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
@ -2269,7 +2095,7 @@ func (m *CrossSignCARequest) Unmarshal(dAtA []byte) error {
}
b := dAtA[iNdEx]
iNdEx++
wire |= uint64(b&0x7F) << shift
wire |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
@ -2297,7 +2123,7 @@ func (m *CrossSignCARequest) Unmarshal(dAtA []byte) error {
}
b := dAtA[iNdEx]
iNdEx++
byteLen |= int(b&0x7F) << shift
byteLen |= (int(b) & 0x7F) << shift
if b < 0x80 {
break
}
@ -2306,9 +2132,6 @@ func (m *CrossSignCARequest) Unmarshal(dAtA []byte) error {
return ErrInvalidLengthProvider
}
postIndex := iNdEx + byteLen
if postIndex < 0 {
return ErrInvalidLengthProvider
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
@ -2326,9 +2149,6 @@ func (m *CrossSignCARequest) Unmarshal(dAtA []byte) error {
if skippy < 0 {
return ErrInvalidLengthProvider
}
if (iNdEx + skippy) < 0 {
return ErrInvalidLengthProvider
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
@ -2357,7 +2177,7 @@ func (m *ActiveRootResponse) Unmarshal(dAtA []byte) error {
}
b := dAtA[iNdEx]
iNdEx++
wire |= uint64(b&0x7F) << shift
wire |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
@ -2385,7 +2205,7 @@ func (m *ActiveRootResponse) Unmarshal(dAtA []byte) error {
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
stringLen |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
@ -2395,9 +2215,6 @@ func (m *ActiveRootResponse) Unmarshal(dAtA []byte) error {
return ErrInvalidLengthProvider
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthProvider
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
@ -2412,9 +2229,6 @@ func (m *ActiveRootResponse) Unmarshal(dAtA []byte) error {
if skippy < 0 {
return ErrInvalidLengthProvider
}
if (iNdEx + skippy) < 0 {
return ErrInvalidLengthProvider
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
@ -2443,7 +2257,7 @@ func (m *GenerateIntermediateCSRResponse) Unmarshal(dAtA []byte) error {
}
b := dAtA[iNdEx]
iNdEx++
wire |= uint64(b&0x7F) << shift
wire |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
@ -2471,7 +2285,7 @@ func (m *GenerateIntermediateCSRResponse) Unmarshal(dAtA []byte) error {
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
stringLen |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
@ -2481,9 +2295,6 @@ func (m *GenerateIntermediateCSRResponse) Unmarshal(dAtA []byte) error {
return ErrInvalidLengthProvider
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthProvider
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
@ -2498,9 +2309,6 @@ func (m *GenerateIntermediateCSRResponse) Unmarshal(dAtA []byte) error {
if skippy < 0 {
return ErrInvalidLengthProvider
}
if (iNdEx + skippy) < 0 {
return ErrInvalidLengthProvider
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
@ -2529,7 +2337,7 @@ func (m *ActiveIntermediateResponse) Unmarshal(dAtA []byte) error {
}
b := dAtA[iNdEx]
iNdEx++
wire |= uint64(b&0x7F) << shift
wire |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
@ -2557,7 +2365,7 @@ func (m *ActiveIntermediateResponse) Unmarshal(dAtA []byte) error {
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
stringLen |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
@ -2567,9 +2375,6 @@ func (m *ActiveIntermediateResponse) Unmarshal(dAtA []byte) error {
return ErrInvalidLengthProvider
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthProvider
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
@ -2584,9 +2389,6 @@ func (m *ActiveIntermediateResponse) Unmarshal(dAtA []byte) error {
if skippy < 0 {
return ErrInvalidLengthProvider
}
if (iNdEx + skippy) < 0 {
return ErrInvalidLengthProvider
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
@ -2615,7 +2417,7 @@ func (m *GenerateIntermediateResponse) Unmarshal(dAtA []byte) error {
}
b := dAtA[iNdEx]
iNdEx++
wire |= uint64(b&0x7F) << shift
wire |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
@ -2643,7 +2445,7 @@ func (m *GenerateIntermediateResponse) Unmarshal(dAtA []byte) error {
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
stringLen |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
@ -2653,9 +2455,6 @@ func (m *GenerateIntermediateResponse) Unmarshal(dAtA []byte) error {
return ErrInvalidLengthProvider
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthProvider
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
@ -2670,9 +2469,6 @@ func (m *GenerateIntermediateResponse) Unmarshal(dAtA []byte) error {
if skippy < 0 {
return ErrInvalidLengthProvider
}
if (iNdEx + skippy) < 0 {
return ErrInvalidLengthProvider
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
@ -2701,7 +2497,7 @@ func (m *SignResponse) Unmarshal(dAtA []byte) error {
}
b := dAtA[iNdEx]
iNdEx++
wire |= uint64(b&0x7F) << shift
wire |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
@ -2729,7 +2525,7 @@ func (m *SignResponse) Unmarshal(dAtA []byte) error {
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
stringLen |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
@ -2739,9 +2535,6 @@ func (m *SignResponse) Unmarshal(dAtA []byte) error {
return ErrInvalidLengthProvider
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthProvider
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
@ -2756,9 +2549,6 @@ func (m *SignResponse) Unmarshal(dAtA []byte) error {
if skippy < 0 {
return ErrInvalidLengthProvider
}
if (iNdEx + skippy) < 0 {
return ErrInvalidLengthProvider
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
@ -2787,7 +2577,7 @@ func (m *SignIntermediateResponse) Unmarshal(dAtA []byte) error {
}
b := dAtA[iNdEx]
iNdEx++
wire |= uint64(b&0x7F) << shift
wire |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
@ -2815,7 +2605,7 @@ func (m *SignIntermediateResponse) Unmarshal(dAtA []byte) error {
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
stringLen |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
@ -2825,9 +2615,6 @@ func (m *SignIntermediateResponse) Unmarshal(dAtA []byte) error {
return ErrInvalidLengthProvider
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthProvider
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
@ -2842,9 +2629,6 @@ func (m *SignIntermediateResponse) Unmarshal(dAtA []byte) error {
if skippy < 0 {
return ErrInvalidLengthProvider
}
if (iNdEx + skippy) < 0 {
return ErrInvalidLengthProvider
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
@ -2873,7 +2657,7 @@ func (m *CrossSignCAResponse) Unmarshal(dAtA []byte) error {
}
b := dAtA[iNdEx]
iNdEx++
wire |= uint64(b&0x7F) << shift
wire |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
@ -2901,7 +2685,7 @@ func (m *CrossSignCAResponse) Unmarshal(dAtA []byte) error {
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
stringLen |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
@ -2911,9 +2695,6 @@ func (m *CrossSignCAResponse) Unmarshal(dAtA []byte) error {
return ErrInvalidLengthProvider
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthProvider
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
@ -2928,9 +2709,6 @@ func (m *CrossSignCAResponse) Unmarshal(dAtA []byte) error {
if skippy < 0 {
return ErrInvalidLengthProvider
}
if (iNdEx + skippy) < 0 {
return ErrInvalidLengthProvider
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
@ -2959,7 +2737,7 @@ func (m *Empty) Unmarshal(dAtA []byte) error {
}
b := dAtA[iNdEx]
iNdEx++
wire |= uint64(b&0x7F) << shift
wire |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
@ -2982,9 +2760,6 @@ func (m *Empty) Unmarshal(dAtA []byte) error {
if skippy < 0 {
return ErrInvalidLengthProvider
}
if (iNdEx + skippy) < 0 {
return ErrInvalidLengthProvider
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
@ -3052,11 +2827,8 @@ func skipProvider(dAtA []byte) (n int, err error) {
break
}
}
if length < 0 {
return 0, ErrInvalidLengthProvider
}
iNdEx += length
if iNdEx < 0 {
if length < 0 {
return 0, ErrInvalidLengthProvider
}
return iNdEx, nil
@ -3087,9 +2859,6 @@ func skipProvider(dAtA []byte) (n int, err error) {
return 0, err
}
iNdEx = start + next
if iNdEx < 0 {
return 0, ErrInvalidLengthProvider
}
}
return iNdEx, nil
case 4:
@ -3108,3 +2877,47 @@ var (
ErrInvalidLengthProvider = fmt.Errorf("proto: negative length found during unmarshaling")
ErrIntOverflowProvider = fmt.Errorf("proto: integer overflow")
)
func init() {
proto.RegisterFile("agent/connect/ca/plugin/provider.proto", fileDescriptor_provider_8ff2d2670790989c)
}
var fileDescriptor_provider_8ff2d2670790989c = []byte{
// 566 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x84, 0x54, 0xdf, 0x6e, 0xd3, 0x3e,
0x18, 0xfd, 0xa5, 0xfb, 0xad, 0x5d, 0xbf, 0x15, 0xad, 0xf2, 0xa6, 0xb5, 0x14, 0x68, 0xab, 0x08,
0xad, 0x45, 0x40, 0x23, 0x28, 0x68, 0x12, 0x57, 0x94, 0x68, 0x4c, 0x13, 0x37, 0x23, 0x15, 0x37,
0x5c, 0x50, 0xa5, 0xae, 0x49, 0x2d, 0x35, 0x71, 0xb0, 0x9d, 0x49, 0xbc, 0x09, 0x6f, 0x04, 0x97,
0x3c, 0x02, 0x2a, 0x2f, 0x82, 0x9c, 0x26, 0x59, 0x92, 0xa6, 0xcb, 0x5d, 0xfc, 0xe5, 0x9c, 0xf3,
0xfd, 0x3b, 0x36, 0x9c, 0xd9, 0x0e, 0xf1, 0xa4, 0x81, 0x99, 0xe7, 0x11, 0x2c, 0x0d, 0x6c, 0x1b,
0xfe, 0x2a, 0x70, 0xa8, 0x67, 0xf8, 0x9c, 0xdd, 0xd0, 0x05, 0xe1, 0x23, 0x9f, 0x33, 0xc9, 0x50,
0x75, 0x13, 0xd6, 0xe7, 0xd0, 0x34, 0x99, 0xf7, 0x95, 0x3a, 0x01, 0x27, 0x16, 0xf9, 0x16, 0x10,
0x21, 0xd1, 0x23, 0x00, 0xbc, 0x0a, 0x84, 0x24, 0x7c, 0x46, 0x17, 0x6d, 0xad, 0xaf, 0x0d, 0xeb,
0x56, 0x3d, 0x8a, 0x5c, 0x2d, 0x50, 0x0b, 0x6a, 0x54, 0xcc, 0x38, 0x63, 0xb2, 0x5d, 0xe9, 0x6b,
0xc3, 0x03, 0xab, 0x4a, 0x85, 0xc5, 0x98, 0x44, 0xa7, 0x50, 0xc5, 0xa1, 0x56, 0x7b, 0xaf, 0xaf,
0x0d, 0x1b, 0x56, 0x74, 0xd2, 0xbf, 0xc0, 0xe9, 0x94, 0xc8, 0x2b, 0x4f, 0x12, 0xee, 0x92, 0x05,
0xb5, 0x65, 0x92, 0xe9, 0x09, 0x34, 0x69, 0x2a, 0x3c, 0xf3, 0x89, 0x1b, 0xe5, 0x3b, 0x4a, 0xc7,
0xaf, 0x89, 0x8b, 0xee, 0xc3, 0x81, 0x4a, 0x19, 0x42, 0x2a, 0x21, 0xa4, 0xa6, 0xce, 0xd7, 0xc4,
0xd5, 0x7b, 0x70, 0x38, 0xa5, 0x8e, 0x17, 0x8b, 0x36, 0x61, 0x0f, 0x0b, 0x1e, 0xea, 0x34, 0x2c,
0xf5, 0xa9, 0x3f, 0x85, 0x96, 0x02, 0x14, 0x55, 0xb0, 0x0d, 0x3e, 0x03, 0x64, 0x72, 0x26, 0x84,
0x62, 0x98, 0x93, 0x34, 0x8e, 0xcb, 0x04, 0xc7, 0xa5, 0xfe, 0x1c, 0xd0, 0x04, 0x4b, 0x7a, 0x43,
0x54, 0xef, 0x16, 0x11, 0x3e, 0xf3, 0x04, 0x51, 0xc3, 0xc1, 0x5c, 0xa6, 0x1a, 0xa9, 0x62, 0x1e,
0x16, 0xf9, 0x06, 0x7a, 0x97, 0xc4, 0x23, 0xdc, 0x96, 0x24, 0x5d, 0x87, 0x39, 0xb5, 0x32, 0x5c,
0xc1, 0x33, 0x5c, 0xc1, 0x15, 0xf7, 0x35, 0x74, 0x36, 0xa9, 0xb2, 0x1d, 0x94, 0xa5, 0x3c, 0x87,
0x87, 0x45, 0x29, 0xcb, 0x89, 0x03, 0x68, 0x6c, 0x06, 0x5a, 0x06, 0x1c, 0x43, 0x7b, 0x7b, 0xb0,
0x65, 0xa4, 0x11, 0x1c, 0x67, 0x06, 0x5c, 0x86, 0xaf, 0xc1, 0xfe, 0x85, 0xeb, 0xcb, 0xef, 0x2f,
0x7f, 0xee, 0x43, 0xc5, 0x9c, 0xa0, 0x57, 0x50, 0x4f, 0x2c, 0x8b, 0xda, 0xa3, 0x8d, 0x91, 0x47,
0x79, 0x17, 0x77, 0xee, 0xc5, 0x7f, 0x42, 0x32, 0x7a, 0x06, 0x8d, 0x78, 0x18, 0xa1, 0x59, 0xb3,
0xbf, 0xf3, 0xe8, 0x73, 0x80, 0xdb, 0xe5, 0xe6, 0xb1, 0x9d, 0xf8, 0x58, 0xb0, 0xff, 0x8f, 0xd0,
0xda, 0xb1, 0xe6, 0xbc, 0xca, 0x20, 0x3e, 0x96, 0xd9, 0xe2, 0x2d, 0x1c, 0xe5, 0xae, 0x0f, 0xea,
0xc6, 0xdc, 0xe2, 0x7b, 0x95, 0xef, 0xe6, 0x32, 0xb6, 0x6a, 0x46, 0x24, 0x57, 0x8f, 0x9e, 0xed,
0xaa, 0x70, 0xa7, 0x1f, 0xe0, 0xa4, 0xa8, 0xda, 0xbc, 0xd4, 0xe3, 0xbb, 0x5a, 0x4b, 0xc4, 0x5e,
0xc0, 0xff, 0xca, 0x02, 0xe8, 0x38, 0x69, 0xe6, 0xf6, 0x12, 0x77, 0x4e, 0xb2, 0xc1, 0x88, 0xf2,
0x09, 0x9a, 0x79, 0xbf, 0xa1, 0x5e, 0x1a, 0x59, 0x34, 0x8c, 0xfe, 0x6e, 0x40, 0x24, 0xfb, 0x1e,
0x0e, 0x53, 0x8e, 0x44, 0xc9, 0x7e, 0xb7, 0xdf, 0x81, 0xce, 0x83, 0xc2, 0x7f, 0x91, 0xce, 0x00,
0x6a, 0xe6, 0x8a, 0xd8, 0x5e, 0xe0, 0xdf, 0x6d, 0xaf, 0x77, 0x17, 0xbf, 0xd6, 0x5d, 0xed, 0xf7,
0xba, 0xab, 0xfd, 0x59, 0x77, 0xb5, 0x1f, 0x7f, 0xbb, 0xff, 0x7d, 0x1e, 0x3b, 0x54, 0x2e, 0x83,
0xf9, 0x08, 0x33, 0xd7, 0x58, 0xda, 0x62, 0x49, 0x31, 0xe3, 0xbe, 0x7a, 0xc6, 0x45, 0xb0, 0x32,
0x76, 0xbc, 0xe9, 0xf3, 0x6a, 0xf8, 0x96, 0x8f, 0xff, 0x05, 0x00, 0x00, 0xff, 0xff, 0x7b, 0x20,
0xb4, 0xe4, 0xf5, 0x05, 0x00, 0x00,
}

6
agent/connect/ca/plugin/provider.proto
View File

@ -30,10 +30,8 @@ service CA {
message ConfigureRequest {
string cluster_id = 1;
string datacenter_name = 2;
string dns_domain = 3;
bool is_root = 4;
bytes config = 5; // JSON-encoded structure
bool is_root = 2;
bytes config = 3; // JSON-encoded structure
}
message SetIntermediateRequest {

6
agent/connect/ca/plugin/transport_grpc.go
View File

@ -20,7 +20,7 @@ func (p *providerPluginGRPCServer) Configure(_ context.Context, req *ConfigureRe
return nil, err
}
return &Empty{}, p.impl.Configure(req.ClusterId, req.DatacenterName, req.DnsDomain, req.IsRoot, rawConfig)
return &Empty{}, p.impl.Configure(req.ClusterId, req.IsRoot, rawConfig)
}
func (p *providerPluginGRPCServer) GenerateRoot(context.Context, *Empty) (*Empty, error) {
@ -95,8 +95,6 @@ type providerPluginGRPCClient struct {
func (p *providerPluginGRPCClient) Configure(
clusterId string,
datacenterName string,
dnsDomain string,
isRoot bool,
rawConfig map[string]interface{}) error {
config, err := json.Marshal(rawConfig)
@ -106,8 +104,6 @@ func (p *providerPluginGRPCClient) Configure(
_, err = p.client.Configure(p.doneCtx, &ConfigureRequest{
ClusterId: clusterId,
DatacenterName: datacenterName,
DnsDomain: dnsDomain,
IsRoot: isRoot,
Config: config,
})

8
agent/connect/ca/plugin/transport_netrpc.go
View File

@ -15,7 +15,7 @@ type providerPluginRPCServer struct {
}
func (p *providerPluginRPCServer) Configure(args *ConfigureRPCRequest, _ *struct{}) error {
return p.impl.Configure(args.ClusterId, args.DatacenterName, args.DNSDomain, args.IsRoot, args.RawConfig)
return p.impl.Configure(args.ClusterId, args.IsRoot, args.RawConfig)
}
func (p *providerPluginRPCServer) GenerateRoot(struct{}, *struct{}) error {
@ -95,14 +95,10 @@ type providerPluginRPCClient struct {
func (p *providerPluginRPCClient) Configure(
clusterId string,
datacenterName string,
dnsDomain string,
isRoot bool,
rawConfig map[string]interface{}) error {
return p.client.Call("Plugin.Configure", &ConfigureRPCRequest{
ClusterId: clusterId,
DatacenterName: datacenterName,
DNSDomain: dnsDomain,
IsRoot: isRoot,
RawConfig: rawConfig,
}, &struct{}{})
@ -179,8 +175,6 @@ var _ ca.Provider = &providerPluginRPCClient{}
type ConfigureRPCRequest struct {
ClusterId string
DatacenterName string
DNSDomain string
IsRoot bool
RawConfig map[string]interface{}
}

3
agent/connect/ca/provider.go
View File

@ -12,8 +12,7 @@ import (
type Provider interface {
// Configure initializes the provider based on the given cluster ID, root status
// and configuration values.
Configure(clusterId string, datacenterName string, dnsDomain string,
isRoot bool, rawConfig map[string]interface{}) error
Configure(clusterId string, isRoot bool, rawConfig map[string]interface{}) error
// GenerateRoot causes the creation of a new root certificate for this provider.
// This can also be a no-op if a root certificate already exists for the given

52
agent/connect/ca/provider_consul.go
View File

@ -28,8 +28,6 @@ type ConsulProvider struct {
config *structs.ConsulCAProviderConfig
id string
clusterID string
dcName string
domain string
isRoot bool
spiffeID *connect.SpiffeIDSigning
@ -42,8 +40,7 @@ type ConsulProviderStateDelegate interface {
}
// Configure sets up the provider using the given configuration.
func (c *ConsulProvider) Configure(clusterID string, datacenterName string, dnsDomain string,
isRoot bool, rawConfig map[string]interface{}) error {
func (c *ConsulProvider) Configure(clusterID string, isRoot bool, rawConfig map[string]interface{}) error {
// Parse the raw config and update our ID.
config, err := ParseConsulCAConfig(rawConfig)
if err != nil {
@ -52,15 +49,9 @@ func (c *ConsulProvider) Configure(clusterID string, datacenterName string, dnsD
c.config = config
hash := sha256.Sum256([]byte(fmt.Sprintf("%s,%s,%v", config.PrivateKey, config.RootCert, isRoot)))
c.id = strings.Replace(fmt.Sprintf("% x", hash), " ", ":", -1)
c.clusterID = clusterID
c.isRoot = isRoot
c.spiffeID = connect.SpiffeIDSigningForCluster(&structs.CAConfiguration{ClusterID: clusterID})
c.dcName = datacenterName
c.domain = dnsDomain
c.clusterID = clusterID
if len(c.clusterID) > 8 {
c.clusterID = c.clusterID[:8]
}
// Exit early if the state store has an entry for this provider's config.
_, providerState, err := c.Delegate.State().CAProviderState(c.id)
@ -198,8 +189,7 @@ func (c *ConsulProvider) GenerateIntermediateCSR() (string, error) {
return "", err
}
commonName := fmt.Sprintf("intermediate.ca.%s.%s.%s", c.clusterID, c.dcName, c.domain)
csr, err := connect.CreateCACSR(c.spiffeID, commonName, signer)
csr, err := connect.CreateCACSR(c.spiffeID, signer)
if err != nil {
return "", err
}
@ -354,22 +344,22 @@ func (c *ConsulProvider) Sign(csr *x509.CertificateRequest) (string, error) {
return "", err
}
//// Parse the SPIFFE ID
//spiffeId, err := connect.ParseCertURI(csr.URIs[0])
//if err != nil {
// return "", err
//}
// Parse the SPIFFE ID
spiffeId, err := connect.ParseCertURI(csr.URIs[0])
if err != nil {
return "", err
}
subject := ""
switch id := spiffeId.(type) {
case *connect.SpiffeIDService:
subject = id.Service
case *connect.SpiffeIDAgent:
subject = id.Agent
default:
return "", fmt.Errorf("SPIFFE ID in CSR must be a service ID")
}
//subjectName := ""
//switch id := spiffeId.(type) {
//case *connect.SpiffeIDService:
// subjectName = fmt.Sprintf("%s.%s.service.%s.%s", id.Host, id.Service, id.Datacenter, c.domain)
//case *connect.SpiffeIDAgent:
// subjectName = fmt.Sprintf("%s.agent.%s.%s", id.Agent, id.Datacenter, c.domain)
//default:
// return "", fmt.Errorf("SPIFFE ID in CSR must be a service ID")
//}
//
// Parse the CA cert
certPEM, err := c.ActiveIntermediate()
if err != nil {
@ -389,7 +379,7 @@ func (c *ConsulProvider) Sign(csr *x509.CertificateRequest) (string, error) {
effectiveNow := time.Now().Add(-1 * time.Minute)
template := x509.Certificate{
SerialNumber: sn,
Subject: csr.Subject,
Subject: pkix.Name{CommonName: subject},
URIs: csr.URIs,
Signature: csr.Signature,
SignatureAlgorithm: csr.SignatureAlgorithm,
@ -627,7 +617,7 @@ func (c *ConsulProvider) generateCA(privateKey string, sn uint64) (string, error
return "", fmt.Errorf("error parsing private key %q: %s", privateKey, err)
}
commonName := fmt.Sprintf("root.ca.%s.%s.%s", c.clusterID, c.dcName, c.domain)
name := fmt.Sprintf("Consul CA %d", sn)
// The URI (SPIFFE compatible) for the cert
id := connect.SpiffeIDSigningForCluster(config)
@ -641,7 +631,7 @@ func (c *ConsulProvider) generateCA(privateKey string, sn uint64) (string, error
serialNum.SetUint64(sn)
template := x509.Certificate{
SerialNumber: serialNum,
Subject: pkix.Name{CommonName: commonName},
Subject: pkix.Name{CommonName: name},
URIs: []*url.URL{id.URI()},
BasicConstraintsValid: true,
KeyUsage: x509.KeyUsageCertSign |

36
agent/connect/ca/provider_consul_test.go
View File

@ -79,7 +79,7 @@ func TestConsulCAProvider_Bootstrap(t *testing.T) {
delegate := newMockDelegate(t, conf)
provider := &ConsulProvider{Delegate: delegate}
require.NoError(provider.Configure(conf.ClusterID, "dc1", "consul", true, conf.Config))
require.NoError(provider.Configure(conf.ClusterID, true, conf.Config))
require.NoError(provider.GenerateRoot())
root, err := provider.ActiveRoot()
@ -110,7 +110,7 @@ func TestConsulCAProvider_Bootstrap_WithCert(t *testing.T) {
delegate := newMockDelegate(t, conf)
provider := &ConsulProvider{Delegate: delegate}
require.NoError(provider.Configure(conf.ClusterID, "dc1", "consul", true, conf.Config))
require.NoError(provider.Configure(conf.ClusterID, true, conf.Config))
require.NoError(provider.GenerateRoot())
root, err := provider.ActiveRoot()
@ -127,7 +127,7 @@ func TestConsulCAProvider_SignLeaf(t *testing.T) {
delegate := newMockDelegate(t, conf)
provider := &ConsulProvider{Delegate: delegate}
require.NoError(provider.Configure(conf.ClusterID, "dc1", "consul", true, conf.Config))
require.NoError(provider.Configure(conf.ClusterID, true, conf.Config))
require.NoError(provider.GenerateRoot())
spiffeService := &connect.SpiffeIDService{
@ -139,7 +139,7 @@ func TestConsulCAProvider_SignLeaf(t *testing.T) {
// Generate a leaf cert for the service.
{
raw, _ := connect.TestCSR(t, spiffeService, "node1.foo.service.dc1.consul.")
raw, _ := connect.TestCSR(t, spiffeService)
csr, err := connect.ParseCSR(raw)
require.NoError(err)
@ -149,8 +149,8 @@ func TestConsulCAProvider_SignLeaf(t *testing.T) {
parsed, err := connect.ParseCert(cert)
require.NoError(err)
require.Equal(spiffeService.URI(), parsed.URIs[0])
require.Equal("node1.foo.service.dc1.consul.", parsed.Subject.CommonName)
require.Equal(parsed.URIs[0], spiffeService.URI())
require.Equal(parsed.Subject.CommonName, "foo")
require.Equal(uint64(2), parsed.SerialNumber.Uint64())
// Ensure the cert is valid now and expires within the correct limit.
@ -163,7 +163,7 @@ func TestConsulCAProvider_SignLeaf(t *testing.T) {
// the serial number is incremented.
spiffeService.Service = "bar"
{
raw, _ := connect.TestCSR(t, spiffeService, "node1.bar.service.dc1.consul.")
raw, _ := connect.TestCSR(t, spiffeService)
csr, err := connect.ParseCSR(raw)
require.NoError(err)
@ -173,8 +173,8 @@ func TestConsulCAProvider_SignLeaf(t *testing.T) {
parsed, err := connect.ParseCert(cert)
require.NoError(err)
require.Equal(spiffeService.URI(), parsed.URIs[0])
require.Equal("node1.bar.service.dc1.consul.", parsed.Subject.CommonName)
require.Equal(parsed.URIs[0], spiffeService.URI())
require.Equal(parsed.Subject.CommonName, "bar")
require.Equal(parsed.SerialNumber.Uint64(), uint64(2))
// Ensure the cert is valid now and expires within the correct limit.
@ -189,7 +189,7 @@ func TestConsulCAProvider_SignLeaf(t *testing.T) {
}
// Generate a leaf cert for an agent.
{
raw, _ := connect.TestCSR(t, spiffeAgent, "uuid.agent.dc1.consul.")
raw, _ := connect.TestCSR(t, spiffeAgent)
csr, err := connect.ParseCSR(raw)
require.NoError(err)
@ -200,7 +200,7 @@ func TestConsulCAProvider_SignLeaf(t *testing.T) {
parsed, err := connect.ParseCert(cert)
require.NoError(err)
require.Equal(spiffeAgent.URI(), parsed.URIs[0])
require.Equal("uuid.agent.dc1.consul.", parsed.Subject.CommonName)
require.Equal("uuid", parsed.Subject.CommonName)
require.Equal(uint64(2), parsed.SerialNumber.Uint64())
// Ensure the cert is valid now and expires within the correct limit.
@ -218,14 +218,14 @@ func TestConsulCAProvider_CrossSignCA(t *testing.T) {
conf1 := testConsulCAConfig()
delegate1 := newMockDelegate(t, conf1)
provider1 := &ConsulProvider{Delegate: delegate1}
require.NoError(provider1.Configure(conf1.ClusterID, "dc1", "consul", true, conf1.Config))
require.NoError(provider1.Configure(conf1.ClusterID, true, conf1.Config))
require.NoError(provider1.GenerateRoot())
conf2 := testConsulCAConfig()
conf2.CreateIndex = 10
delegate2 := newMockDelegate(t, conf2)
provider2 := &ConsulProvider{Delegate: delegate2}
require.NoError(provider2.Configure(conf2.ClusterID, "dc2", "consul", true, conf2.Config))
require.NoError(provider2.Configure(conf2.ClusterID, true, conf2.Config))
require.NoError(provider2.GenerateRoot())
testCrossSignProviders(t, provider1, provider2)
@ -274,7 +274,7 @@ func testCrossSignProviders(t *testing.T, provider1, provider2 Provider) {
Datacenter: "dc1",
Service: "foo",
}
raw, _ := connect.TestCSR(t, spiffeService, "node1.foo.service.dc1.consul.")
raw, _ := connect.TestCSR(t, spiffeService)
leafCsr, err := connect.ParseCSR(raw)
require.NoError(err)
@ -310,14 +310,14 @@ func TestConsulProvider_SignIntermediate(t *testing.T) {
conf1 := testConsulCAConfig()
delegate1 := newMockDelegate(t, conf1)
provider1 := &ConsulProvider{Delegate: delegate1}
require.NoError(provider1.Configure(conf1.ClusterID, "dc1", "consul", true, conf1.Config))
require.NoError(provider1.Configure(conf1.ClusterID, true, conf1.Config))
require.NoError(provider1.GenerateRoot())
conf2 := testConsulCAConfig()
conf2.CreateIndex = 10
delegate2 := newMockDelegate(t, conf2)
provider2 := &ConsulProvider{Delegate: delegate2}
require.NoError(provider2.Configure(conf2.ClusterID, "dc1", "consul", false, conf2.Config))
require.NoError(provider2.Configure(conf2.ClusterID, false, conf2.Config))
testSignIntermediateCrossDC(t, provider1, provider2)
}
@ -347,7 +347,7 @@ func testSignIntermediateCrossDC(t *testing.T, provider1, provider2 Provider) {
Datacenter: "dc1",
Service: "foo",
}
raw, _ := connect.TestCSR(t, spiffeService, "node1.foo.service.dc1.consul.")
raw, _ := connect.TestCSR(t, spiffeService)
leafCsr, err := connect.ParseCSR(raw)
require.NoError(err)
@ -392,7 +392,7 @@ func TestConsulCAProvider_MigrateOldID(t *testing.T) {
require.NotNil(providerState)
provider := &ConsulProvider{Delegate: delegate}
require.NoError(provider.Configure(conf.ClusterID, "dc1", "consul", true, conf.Config))
require.NoError(provider.Configure(conf.ClusterID, true, conf.Config))
require.NoError(provider.GenerateRoot())
// After running Configure, the old ID entry should be gone.

30
agent/connect/ca/provider_vault.go
View File

@ -25,9 +25,7 @@ type VaultProvider struct {
config *structs.VaultCAProviderConfig
client *vaultapi.Client
isRoot bool
clusterID string
dcName string
domain string
clusterId string
}
func vaultTLSConfig(config *structs.VaultCAProviderConfig) *vaultapi.TLSConfig {
@ -42,8 +40,7 @@ func vaultTLSConfig(config *structs.VaultCAProviderConfig) *vaultapi.TLSConfig {
}
// Configure sets up the provider using the given configuration.
func (v *VaultProvider) Configure(clusterId string, datacenterName string, dnsDomain string,
isRoot bool, rawConfig map[string]interface{}) error {
func (v *VaultProvider) Configure(clusterId string, isRoot bool, rawConfig map[string]interface{}) error {
config, err := ParseVaultCAConfig(rawConfig)
if err != nil {
return err
@ -65,13 +62,7 @@ func (v *VaultProvider) Configure(clusterId string, datacenterName string, dnsDo
v.config = config
v.client = client
v.isRoot = isRoot
v.dcName = datacenterName
v.domain = dnsDomain
v.clusterID = clusterId
if len(v.clusterID) > 8 {
v.clusterID = v.clusterID[:8]
}
v.clusterId = clusterId
return nil
}
@ -105,10 +96,13 @@ func (v *VaultProvider) GenerateRoot() error {
fallthrough
case ErrBackendNotInitialized:
uuid, _ := uuid.GenerateUUID()
spiffeID := connect.SpiffeIDSigning{ClusterID: v.clusterID, Domain: v.domain}
spiffeID := connect.SpiffeIDSigning{ClusterID: v.clusterId, Domain: "consul"}
uuid, err := uuid.GenerateUUID()
if err != nil {
return err
}
_, err = v.client.Logical().Write(v.config.RootPKIPath+"root/generate/internal", map[string]interface{}{
"common_name": fmt.Sprintf("%s.root.ca.%s.%s.%s", uuid[:8], v.clusterID, v.dcName, v.domain),
"common_name": fmt.Sprintf("Vault CA Root Authority %s", uuid),
"uri_sans": spiffeID.URI().String(),
"key_type": v.config.PrivateKeyType,
"key_bits": v.config.PrivateKeyBits,
@ -164,11 +158,10 @@ func (v *VaultProvider) generateIntermediateCSR() (string, error) {
if err != nil {
return "", err
}
spiffeID := connect.SpiffeIDSigning{ClusterID: v.clusterID, Domain: "consul"}
spiffeID := connect.SpiffeIDSigning{ClusterID: v.clusterId, Domain: "consul"}
if role == nil {
_, err := v.client.Logical().Write(rolePath, map[string]interface{}{
"allow_any_name": true,
"enforce_hostnames": false,
"allowed_uri_sans": "spiffe://*",
"key_type": "any",
"max_ttl": v.config.LeafCertTTL.String(),
@ -181,9 +174,8 @@ func (v *VaultProvider) generateIntermediateCSR() (string, error) {
}
// Generate a new intermediate CSR for the root to sign.
uuid, _ := uuid.GenerateUUID()
data, err := v.client.Logical().Write(v.config.IntermediatePKIPath+"intermediate/generate/internal", map[string]interface{}{
"common_name": fmt.Sprintf("%s.intermediate.ca.%s.%s.%s", uuid[:8], v.clusterID, v.dcName, v.domain),
"common_name": "Vault CA Intermediate Authority",
"key_type": v.config.PrivateKeyType,
"key_bits": v.config.PrivateKeyBits,
"uri_sans": spiffeID.URI().String(),

16
agent/connect/ca/provider_vault_test.go
View File

@ -48,7 +48,7 @@ func testVaultClusterWithConfig(t *testing.T, isRoot bool, rawConf map[string]in
require := require.New(t)
provider := &VaultProvider{}
require.NoError(provider.Configure("asdf", "dc1", "consul", isRoot, conf))
require.NoError(provider.Configure("asdf", isRoot, conf))
if isRoot {
require.NoError(provider.GenerateRoot())
_, err := provider.GenerateIntermediate()
@ -120,7 +120,7 @@ func TestVaultCAProvider_Bootstrap(t *testing.T) {
require.NoError(err)
require.True(parsed.IsCA)
require.Len(parsed.URIs, 1)
require.Equal(parsed.URIs[0].String(), fmt.Sprintf("spiffe://%s.consul", provider.clusterID))
require.Equal(parsed.URIs[0].String(), fmt.Sprintf("spiffe://%s.consul", provider.clusterId))
}
}
@ -149,7 +149,7 @@ func TestVaultCAProvider_SignLeaf(t *testing.T) {
// Generate a leaf cert for the service.
var firstSerial uint64
{
raw, _ := connect.TestCSR(t, spiffeService, "node1.foo.service.dc1.consul.")
raw, _ := connect.TestCSR(t, spiffeService)
csr, err := connect.ParseCSR(raw)
require.NoError(err)
@ -159,7 +159,7 @@ func TestVaultCAProvider_SignLeaf(t *testing.T) {
parsed, err := connect.ParseCert(cert)
require.NoError(err)
require.Equal(spiffeService.URI(), parsed.URIs[0])
require.Equal(parsed.URIs[0], spiffeService.URI())
firstSerial = parsed.SerialNumber.Uint64()
// Ensure the cert is valid now and expires within the correct limit.
@ -172,7 +172,7 @@ func TestVaultCAProvider_SignLeaf(t *testing.T) {
// the serial number is unique.
spiffeService.Service = "bar"
{
raw, _ := connect.TestCSR(t, spiffeService, "node1.bar.service.dc1.consul.")
raw, _ := connect.TestCSR(t, spiffeService)
csr, err := connect.ParseCSR(raw)
require.NoError(err)
@ -182,7 +182,7 @@ func TestVaultCAProvider_SignLeaf(t *testing.T) {
parsed, err := connect.ParseCert(cert)
require.NoError(err)
require.Equal(spiffeService.URI(), parsed.URIs[0])
require.Equal(parsed.URIs[0], spiffeService.URI())
require.NotEqual(firstSerial, parsed.SerialNumber.Uint64())
// Ensure the cert is valid now and expires within the correct limit.
@ -233,7 +233,7 @@ func TestVaultProvider_SignIntermediateConsul(t *testing.T) {
conf := testConsulCAConfig()
delegate := newMockDelegate(t, conf)
provider2 := &ConsulProvider{Delegate: delegate}
require.NoError(provider2.Configure(conf.ClusterID, "dc2", "consul", false, conf.Config))
require.NoError(provider2.Configure(conf.ClusterID, false, conf.Config))
testSignIntermediateCrossDC(t, provider1, provider2)
}
@ -243,7 +243,7 @@ func TestVaultProvider_SignIntermediateConsul(t *testing.T) {
conf := testConsulCAConfig()
delegate := newMockDelegate(t, conf)
provider1 := &ConsulProvider{Delegate: delegate}
require.NoError(provider1.Configure(conf.ClusterID, "dc1", "consul", true, conf.Config))
require.NoError(provider1.Configure(conf.ClusterID, true, conf.Config))
require.NoError(provider1.GenerateRoot())
provider2, core, listener := testVaultClusterWithConfig(t, false, nil)

7
agent/connect/csr.go
View File

@ -13,9 +13,8 @@ import (
// CreateCSR returns a CSR to sign the given service along with the PEM-encoded
// private key for this certificate.
func CreateCSR(uri CertURI, commonName string, privateKey crypto.Signer, extensions ...pkix.Extension) (string, error) {
func CreateCSR(uri CertURI, privateKey crypto.Signer, extensions ...pkix.Extension) (string, error) {
template := &x509.CertificateRequest{
Subject: pkix.Name{CommonName: commonName},
URIs: []*url.URL{uri.URI()},
SignatureAlgorithm: x509.ECDSAWithSHA256,
ExtraExtensions: extensions,
@ -38,13 +37,13 @@ func CreateCSR(uri CertURI, commonName string, privateKey crypto.Signer, extensi
// CreateCSR returns a CA CSR to sign the given service along with the PEM-encoded
// private key for this certificate.
func CreateCACSR(uri CertURI, commonName string, privateKey crypto.Signer) (string, error) {
func CreateCACSR(uri CertURI, privateKey crypto.Signer) (string, error) {
ext, err := CreateCAExtension()
if err != nil {
return "", err
}
return CreateCSR(uri, commonName, privateKey, ext)
return CreateCSR(uri, privateKey, ext)
}
// CreateCAExtension creates a pkix.Extension for the x509 Basic Constraints

3
agent/connect/testing_ca.go
View File

@ -227,9 +227,8 @@ func TestLeaf(t testing.T, service string, root *structs.CARoot) (string, string
// TestCSR returns a CSR to sign the given service along with the PEM-encoded
// private key for this certificate.
func TestCSR(t testing.T, uri CertURI, commonName string) (string, string) {
func TestCSR(t testing.T, uri CertURI) (string, string) {
template := &x509.CertificateRequest{
Subject: pkix.Name{CommonName: commonName},
URIs: []*url.URL{uri.URI()},
SignatureAlgorithm: x509.ECDSAWithSHA256,
}

3
agent/consul/auto_encrypt.go
View File

@ -65,8 +65,7 @@ func (c *Client) RequestAutoEncryptCerts(servers []string, port int, token strin
}
// Create a CSR.
commonName := fmt.Sprintf("%s.agent.%s.%s", id.Agent, id.Datacenter, c.config.Domain)
csr, err := connect.CreateCSR(id, commonName, pk)
csr, err := connect.CreateCSR(id, pk)
if err != nil {
return errFn(err)
}

3
agent/consul/auto_encrypt_endpoint_test.go
View File

@ -69,14 +69,13 @@ func TestAutoEncryptSign(t *testing.T) {
Datacenter: "dc1",
Agent: "uuid",
}
commonName := fmt.Sprintf("%s.agent.%s.%s", id.Agent, id.Datacenter, "consul")
// Create a new private key
pk, _, err := connect.GeneratePrivateKey()
require.NoError(t, err, info)
// Create a CSR.
csr, err := connect.CreateCSR(id, commonName, pk)
csr, err := connect.CreateCSR(id, pk)
require.NoError(t, err, info)
require.NotEmpty(t, csr, info)
args := &structs.CASignRequest{

2
agent/consul/connect_ca_endpoint.go
View File

@ -176,7 +176,7 @@ func (s *ConnectCA) ConfigurationSet(
if err != nil {
return fmt.Errorf("could not initialize provider: %v", err)
}
if err := newProvider.Configure(args.Config.ClusterID, s.srv.config.Datacenter, s.srv.config.Domain, true, args.Config.Config); err != nil {
if err := newProvider.Configure(args.Config.ClusterID, true, args.Config.Config); err != nil {
return fmt.Errorf("error configuring provider: %v", err)
}
if err := newProvider.GenerateRoot(); err != nil {

14
agent/consul/connect_ca_endpoint_test.go
View File

@ -246,7 +246,7 @@ func TestConnectCAConfig_TriggerRotation(t *testing.T) {
{
// Generate a CSR and request signing
spiffeId := connect.TestSpiffeIDService(t, "web")
csr, _ := connect.TestCSR(t, spiffeId, "node1.web.service.dc1.consul.")
csr, _ := connect.TestCSR(t, spiffeId)
args := &structs.CASignRequest{
Datacenter: "dc1",
CSR: csr,
@ -309,7 +309,7 @@ func TestConnectCASign(t *testing.T) {
// Generate a CSR and request signing
spiffeId := connect.TestSpiffeIDService(t, "web")
csr, _ := connect.TestCSR(t, spiffeId, "node1.web.service.dc1.consul.")
csr, _ := connect.TestCSR(t, spiffeId)
args := &structs.CASignRequest{
Datacenter: "dc1",
CSR: csr,
@ -319,7 +319,7 @@ func TestConnectCASign(t *testing.T) {
// Generate a second CSR and request signing
spiffeId2 := connect.TestSpiffeIDService(t, "web2")
csr, _ = connect.TestCSR(t, spiffeId2, "node1.web2.service.dc1.consul.")
csr, _ = connect.TestCSR(t, spiffeId2)
args = &structs.CASignRequest{
Datacenter: "dc1",
CSR: csr,
@ -366,7 +366,7 @@ func BenchmarkConnectCASign(b *testing.B) {
// Generate a CSR and request signing
spiffeID := connect.TestSpiffeIDService(b, "web")
csr, _ := connect.TestCSR(b, spiffeID, "node1.web.service.dc1.consul.")
csr, _ := connect.TestCSR(b, spiffeID)
args := &structs.CASignRequest{
Datacenter: "dc1",
CSR: csr,
@ -406,7 +406,7 @@ func TestConnectCASign_rateLimit(t *testing.T) {
// Generate a CSR and request signing a few times in a loop.
spiffeID := connect.TestSpiffeIDService(t, "web")
csr, _ := connect.TestCSR(t, spiffeID, "node1.web.service.dc1.consul.")
csr, _ := connect.TestCSR(t, spiffeID)
args := &structs.CASignRequest{
Datacenter: "dc1",
CSR: csr,
@ -460,7 +460,7 @@ func TestConnectCASign_concurrencyLimit(t *testing.T) {
// Generate a CSR and request signing a few times in a loop.
spiffeID := connect.TestSpiffeIDService(t, "web")
csr, _ := connect.TestCSR(t, spiffeID, "node1.web.service.dc1.consul.")
csr, _ := connect.TestCSR(t, spiffeID)
args := &structs.CASignRequest{
Datacenter: "dc1",
CSR: csr,
@ -625,7 +625,7 @@ func TestConnectCASignValidation(t *testing.T) {
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
csr, _ := connect.TestCSR(t, tt.id, "")
csr, _ := connect.TestCSR(t, tt.id)
args := &structs.CASignRequest{
Datacenter: "dc1",
CSR: csr,

4
agent/consul/leader_connect.go
View File

@ -197,7 +197,7 @@ func (s *Server) initializeCA() error {
// initializeRootCA runs the initialization logic for a root CA.
func (s *Server) initializeRootCA(provider ca.Provider, conf *structs.CAConfiguration) error {
if err := provider.Configure(conf.ClusterID, s.config.Datacenter, s.config.Domain, true, conf.Config); err != nil {
if err := provider.Configure(conf.ClusterID, true, conf.Config); err != nil {
return fmt.Errorf("error configuring provider: %v", err)
}
if err := provider.GenerateRoot(); err != nil {
@ -750,7 +750,7 @@ func (s *Server) initializeSecondaryProvider(provider ca.Provider, roots structs
return err
}
if err := provider.Configure(clusterID, s.config.Datacenter, s.config.Domain, false, conf.Config); err != nil {
if err := provider.Configure(clusterID, false, conf.Config); err != nil {
return fmt.Errorf("error configuring provider: %v", err)
}

6
agent/consul/leader_connect_test.go
View File

@ -86,7 +86,7 @@ func TestLeader_SecondaryCA_Initialize(t *testing.T) {
Datacenter: "primary",
Service: "foo",
}
raw, _ := connect.TestCSR(t, spiffeService, "node1.foo.service.primary.consul.")
raw, _ := connect.TestCSR(t, spiffeService)
leafCsr, err := connect.ParseCSR(raw)
require.NoError(err)
@ -216,7 +216,7 @@ func TestLeader_SecondaryCA_IntermediateRefresh(t *testing.T) {
Datacenter: "dc1",
Service: "foo",
}
raw, _ := connect.TestCSR(t, spiffeService, "node1.foo.service.primary.consul.")
raw, _ := connect.TestCSR(t, spiffeService)
leafCsr, err := connect.ParseCSR(raw)
require.NoError(err)
@ -434,7 +434,7 @@ func TestLeader_SecondaryCA_UpgradeBeforePrimary(t *testing.T) {
Datacenter: "dc1",
Service: "foo",
}
raw, _ := connect.TestCSR(t, spiffeService, "node1.foo.service.primary.consul.")
raw, _ := connect.TestCSR(t, spiffeService)
leafCsr, err := connect.ParseCSR(raw)
require.NoError(t, err)