ca: use the cluster ID passed to the primary

instead of fetching it from the state store.
2021-11-05 18:28:37 -04:00 · 2021-11-05 18:28:37 -04:00 · fee9696d4f
parent 07a33a1526
commit fee9696d4f
1 changed files with 1 additions and 7 deletions
--- a/agent/connect/ca/provider_consul.go
+++ b/agent/connect/ca/provider_consul.go
@ -617,19 +617,13 @@ func (c *ConsulProvider) incrementAndGetNextSerialNumber() (uint64, error) {

 // generateCA makes a new root CA using the current private key
 func (c *ConsulProvider) generateCA(privateKey string, sn uint64, rootCertTTL time.Duration) (string, error) {
-	stateStore := c.Delegate.State()
-	_, config, err := stateStore.CAConfig(nil)
-	if err != nil {
-		return "", err
-	}
-
 	privKey, err := connect.ParseSigner(privateKey)
 	if err != nil {
 		return "", fmt.Errorf("error parsing private key %q: %s", privateKey, err)
 	}

 	// The URI (SPIFFE compatible) for the cert
-	id := connect.SpiffeIDSigningForCluster(config.ClusterID)
+	id := connect.SpiffeIDSigningForCluster(c.clusterID)
 	keyId, err := connect.KeyId(privKey.Public())
 	if err != nil {
 		return "", err