Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

plumb thru root cert tll to the aws ca provider #11449

Merged
merged 2 commits into from
Nov 4, 2021
Merged

plumb thru root cert tll to the aws ca provider #11449

merged 2 commits into from
Nov 4, 2021

Conversation

acpana
Copy link
Contributor

@acpana acpana commented Oct 29, 2021
edited
Loading

Branching off from #11428

PR adds root cert ttl config to AWS CA provider.

Testing

  • added new units around root cert ttl testing, also:
go test -run TestAWS ./agent/connect/ca
ok      github.com/hashicorp/consul/agent/connect/ca    53.035s

PR Checklist

  • gofmt
  • go mod -- n/a
  • docs
  • changelog

Signed-off-by: FFMMM FFMMM@users.noreply.github.com

@github-actions github-actions bot added the theme/connect Anything related to Consul Connect, Service Mesh, Side Car Proxies label Oct 29, 2021
@acpana acpana mentioned this pull request Nov 1, 2021
Merged
17 tasks
@acpana acpana requested a review from a team as a November 1, 2021 16:52
@acpana acpana marked this pull request as draft November 1, 2021 17:34
@acpana acpana force-pushed the ffmmm/f-10762 branch 2 times, most recently from bd12b92 to 9725132 Compare November 1, 2021 19:49
@acpana acpana changed the title plumb thru root cert tll to the aws ca provider WIP: plumb thru root cert tll to the aws ca provider Nov 1, 2021
@acpana acpana mentioned this pull request Nov 2, 2021
Merged
Base automatically changed from ffmmm/f-10762 to main November 2, 2021 18:02
@FFMMM
plumb thru root cert ttl to the aws ca provider
d607482 
Signed-off-by: FFMMM <FFMMM@users.noreply.github.com>
@vercel vercel bot temporarily deployed to Preview – consul-ui-staging November 3, 2021 22:00 Inactive
@acpana acpana marked this pull request as ready for review November 3, 2021 22:10
@acpana acpana changed the title WIP: plumb thru root cert tll to the aws ca provider plumb thru root cert tll to the aws ca provider Nov 3, 2021
@acpana acpana mentioned this pull request Nov 3, 2021
Closed
dhiaayachi
dhiaayachi reviewed Nov 4, 2021
View reviewed changes
agent/connect/ca/provider_aws.go
@@ -33,9 +33,6 @@ const (
// leaf cert.
LeafTemplateARN = "arn:aws:acm-pca:::template/EndEntityCertificate/V1"

// RootTTL is the validity duration for root certs we create.
AWSRootTTL = 5 * 365 * 24 * time.Hour

// IntermediateTTL is the validity duration for the intermediate certs we
// create.
AWSIntermediateTTL = 1 * 365 * 24 * time.Hour
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

probably in a subsequent PR, but I think we can also make this configurable.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the AWSRootTTL is actually replaced by the RootCertTTL option :)

dhiaayachi
dhiaayachi reviewed Nov 4, 2021
View reviewed changes
.changelog/11449.txt Outdated Show resolved Hide resolved
dhiaayachi
dhiaayachi approved these changes Nov 4, 2021
View reviewed changes
Copy link
Collaborator

@dhiaayachi dhiaayachi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, with some minor change to the changelog

@FFMMM @dhiaayachi
Update .changelog/11449.txt
da251d3 
Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>
@vercel vercel bot temporarily deployed to Preview – consul-ui-staging November 4, 2021 19:02 Inactive
@vercel vercel bot temporarily deployed to Preview – consul November 4, 2021 19:02 Inactive
@acpana acpana merged commit 61bd417 into main Nov 4, 2021
@acpana acpana deleted the ffmmm/f-10762-acmpca branch November 4, 2021 19:19
@hc-github-team-consul-core
Copy link
Collaborator

🍒 If backport labels were added before merging, cherry-picking will start automatically.

To retroactively trigger a backport after merging, add backport labels and re-run https://circleci.com/gh/hashicorp/consul/493829.

@dnephin dnephin added theme/certificates Related to creating, distributing, and rotating certificates in Consul type/enhancement Proposed improvement or new feature labels Nov 26, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dhiaayachi dhiaayachi dhiaayachi approved these changes

Assignees
No one assigned
Labels
theme/certificates Related to creating, distributing, and rotating certificates in Consul theme/connect Anything related to Consul Connect, Service Mesh, Side Car Proxies type/enhancement Proposed improvement or new feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@acpana @hc-github-team-consul-core @dhiaayachi @dnephin @FFMMM