-
Notifications
You must be signed in to change notification settings - Fork 4.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
plumb thru root cert tll to the aws ca provider #11449
Conversation
bd12b92
to
9725132
Compare
Signed-off-by: FFMMM <FFMMM@users.noreply.github.com>
7b7dafc
to
d607482
Compare
@@ -33,9 +33,6 @@ const ( | |||
// leaf cert. | |||
LeafTemplateARN = "arn:aws:acm-pca:::template/EndEntityCertificate/V1" | |||
|
|||
// RootTTL is the validity duration for root certs we create. | |||
AWSRootTTL = 5 * 365 * 24 * time.Hour | |||
|
|||
// IntermediateTTL is the validity duration for the intermediate certs we | |||
// create. | |||
AWSIntermediateTTL = 1 * 365 * 24 * time.Hour |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
probably in a subsequent PR, but I think we can also make this configurable.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the AWSRootTTL is actually replaced by the RootCertTTL option :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, with some minor change to the changelog
Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>
🍒 If backport labels were added before merging, cherry-picking will start automatically. To retroactively trigger a backport after merging, add backport labels and re-run https://circleci.com/gh/hashicorp/consul/493829. |
Branching off from #11428
PR adds root cert ttl config to AWS CA provider.
Testing
PR Checklist
Signed-off-by: FFMMM FFMMM@users.noreply.github.com