Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add fix for api-gateway when using system-wide trusted CAs for external servers #1743

Merged
merged 3 commits into from Nov 18, 2022
Merged

Add fix for api-gateway when using system-wide trusted CAs for external servers #1743

merged 3 commits into from Nov 18, 2022

Conversation

andrewstucki
Copy link
Member

@andrewstucki andrewstucki commented Nov 18, 2022
edited

Changes proposed in this PR:

This adds some logic that was forgotten around leveraging externalServers.useSystemRoots. Without it, attempting to use something like HCP as an external server without agents causes the gateway controller to fail validating the Consul server connection since it's using the wrong certificate authority.

How I've tested this PR:

Validated against HCP with the api-gateway changes in hashicorp/consul-api-gateway#459

Checklist:

  • Tests added
  • CHANGELOG entry added

    HashiCorp engineers only, community PRs should not add a changelog entry.
    Entries should use present tense (e.g. Add support for...)

@andrewstucki andrewstucki requested review from a team, curtbushko and wilkermichael and removed request for a team November 18, 2022 19:28
@andrewstucki andrewstucki mentioned this pull request Nov 18, 2022
Merged
2 tasks
curtbushko
curtbushko approved these changes Nov 18, 2022
View reviewed changes
Copy link
Contributor

@curtbushko curtbushko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

@andrewstucki andrewstucki merged commit 6dfac59 into main Nov 18, 2022
@andrewstucki andrewstucki deleted the as/system-ca-fix branch November 18, 2022 20:38
Merged
2 tasks
Merged
2 tasks
andrewstucki added a commit that referenced this pull request Nov 18, 2022
@andrewstucki
Merge pull request #1743 from hashicorp/as/system-ca-fix
16e7fd4 
Add fix for api-gateway when using system-wide trusted CAs for external servers
@natitomattis natitomattis mentioned this pull request Jun 20, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@curtbushko curtbushko curtbushko approved these changes

@t-eckert t-eckert t-eckert approved these changes

@wilkermichael wilkermichael Awaiting requested review from wilkermichael wilkermichael was automatically assigned from hashicorp/consul-kubernetes

Assignees
No one assigned
Labels
backport/1.0.x
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@andrewstucki @curtbushko @t-eckert