61 lines
1.5 KiB
Go
61 lines
1.5 KiB
Go
// Copyright (c) HashiCorp, Inc.
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
package ca
|
|
|
|
import (
|
|
"fmt"
|
|
"time"
|
|
|
|
"github.com/hashicorp/consul/agent/connect"
|
|
"github.com/hashicorp/consul/agent/structs"
|
|
"github.com/mitchellh/mapstructure"
|
|
)
|
|
|
|
func ParseConsulCAConfig(raw map[string]interface{}) (*structs.ConsulCAProviderConfig, error) {
|
|
config := defaultConsulCAProviderConfig()
|
|
decodeConf := &mapstructure.DecoderConfig{
|
|
DecodeHook: structs.ParseDurationFunc(),
|
|
Result: &config,
|
|
WeaklyTypedInput: true,
|
|
}
|
|
|
|
decoder, err := mapstructure.NewDecoder(decodeConf)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if err := decoder.Decode(raw); err != nil {
|
|
return nil, fmt.Errorf("error decoding config: %s", err)
|
|
}
|
|
|
|
if config.PrivateKey == "" && config.RootCert != "" {
|
|
return nil, fmt.Errorf("must provide a private key when providing a root cert")
|
|
}
|
|
|
|
if err := config.CommonCAProviderConfig.Validate(); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if err := config.Validate(); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return &config, nil
|
|
}
|
|
|
|
func defaultConsulCAProviderConfig() structs.ConsulCAProviderConfig {
|
|
return structs.ConsulCAProviderConfig{
|
|
CommonCAProviderConfig: defaultCommonConfig(),
|
|
}
|
|
}
|
|
func defaultCommonConfig() structs.CommonCAProviderConfig {
|
|
return structs.CommonCAProviderConfig{
|
|
LeafCertTTL: 3 * 24 * time.Hour,
|
|
IntermediateCertTTL: 24 * 365 * time.Hour,
|
|
PrivateKeyType: connect.DefaultPrivateKeyType,
|
|
PrivateKeyBits: connect.DefaultPrivateKeyBits,
|
|
RootCertTTL: 10 * 24 * 365 * time.Hour,
|
|
}
|
|
}
|