Ensure partition is handled by auto-encrypt

pull/11314/head
freddygv 2021-10-14 08:32:45 -06:00
parent a1a0ce1dad
commit 53ea1f634a
4 changed files with 15 additions and 6 deletions

View File

@ -216,7 +216,7 @@ func (ac *AutoConfig) generateCSR() (csr string, key string, err error) {
Host: unknownTrustDomain,
Datacenter: ac.config.Datacenter,
Agent: ac.config.NodeName,
// TODO(rb)(partitions): populate the partition field from the agent config
Partition: ac.config.PartitionOrDefault(),
}
caConfig, err := ac.config.ConnectCAConfiguration()

View File

@ -2,7 +2,17 @@
package connect
import "fmt"
import (
"fmt"
"github.com/hashicorp/consul/agent/structs"
)
// GetEnterpriseMeta will synthesize an EnterpriseMeta struct from the SpiffeIDAgent.
// in OSS this just returns an empty (but never nil) struct pointer
func (id SpiffeIDAgent) GetEnterpriseMeta() *structs.EnterpriseMeta {
return &structs.EnterpriseMeta{}
}
func (id SpiffeIDAgent) uriPath() string {
return fmt.Sprintf("/agent/client/dc/%s/id/%s", id.Datacenter, id.Agent)

View File

@ -186,8 +186,8 @@ func (s *ConnectCA) Sign(
"we are %s", serviceID.Datacenter, s.srv.config.Datacenter)
}
} else if isAgent {
// TODO(partitions): support auto-config in different partitions
structs.DefaultEnterpriseMetaInDefaultPartition().FillAuthzContext(&authzContext)
entMeta := structs.DefaultEnterpriseMetaInPartition(agentID.PartitionOrDefault())
entMeta.FillAuthzContext(&authzContext)
if authz.NodeWrite(agentID.Agent, &authzContext) != acl.Allow {
return acl.ErrPermissionDenied
}

View File

@ -1438,8 +1438,7 @@ func (c *CAManager) SignCertificate(csr *x509.CertificateRequest, spiffeID conne
csr.URIs = uris
}
// TODO(partitions): support auto-config in different partitions
entMeta.Merge(structs.DefaultEnterpriseMetaInDefaultPartition())
entMeta.Merge(agentID.GetEnterpriseMeta())
}
commonCfg, err := config.GetCommonConfig()