connect/ca: leave blank root key/cert out of the default config (unnecessary)

This commit is contained in:
Kyle Havlovitz 2018-06-19 18:50:21 -07:00 committed by Jack Pearkes
parent 76aa137ffc
commit fcc5dc6110
3 changed files with 6 additions and 9 deletions

View File

@ -81,14 +81,15 @@ func (s *HTTPServer) ConnectCAConfigurationSet(resp http.ResponseWriter, req *ht
func fixupConfig(conf *structs.CAConfiguration) {
for k, v := range conf.Config {
if raw, ok := v.([]uint8); ok {
conf.Config[k] = ca.Uint8ToString(raw)
strVal := ca.Uint8ToString(raw)
conf.Config[k] = strVal
switch conf.Provider {
case structs.ConsulCAProvider:
if k == "PrivateKey" && ca.Uint8ToString(raw) != "" {
if k == "PrivateKey" && strVal != "" {
conf.Config["PrivateKey"] = "hidden"
}
case structs.VaultCAProvider:
if k == "Token" && ca.Uint8ToString(raw) != "" {
if k == "Token" && strVal != "" {
conf.Config["Token"] = "hidden"
}
}

View File

@ -436,8 +436,6 @@ func DefaultConfig() *Config {
CAConfig: &structs.CAConfiguration{
Provider: "consul",
Config: map[string]interface{}{
"PrivateKey": "",
"RootCert": "",
"RotationPeriod": "2160h",
},
},

View File

@ -67,8 +67,6 @@ $ curl localhost:8500/v1/connect/ca/configuration
{
"Provider": "consul",
"Config": {
"PrivateKey": null,
"RootCert": null,
"RotationPeriod": "2160h"
},
"CreateIndex": 5,
@ -77,8 +75,8 @@ $ curl localhost:8500/v1/connect/ca/configuration
```
This is the default Connect CA configuration if nothing is explicitly set when
Connect is enabled - the PrivateKey and RootCert fields are both empty, and have been
generated (as seen above).
Connect is enabled - the PrivateKey and RootCert fields have not been set, so those have
been generated (as seen above in the roots list).
There are two ways to have the Consul CA use a custom private key and root certificate:
either through the `ca_config` section of the [Agent configuration]