mirror of https://github.com/hashicorp/consul
Ensure partition is handled by auto-encrypt
parent
a1a0ce1dad
commit
53ea1f634a
|
@ -216,7 +216,7 @@ func (ac *AutoConfig) generateCSR() (csr string, key string, err error) {
|
|||
Host: unknownTrustDomain,
|
||||
Datacenter: ac.config.Datacenter,
|
||||
Agent: ac.config.NodeName,
|
||||
// TODO(rb)(partitions): populate the partition field from the agent config
|
||||
Partition: ac.config.PartitionOrDefault(),
|
||||
}
|
||||
|
||||
caConfig, err := ac.config.ConnectCAConfiguration()
|
||||
|
|
|
@ -2,7 +2,17 @@
|
|||
|
||||
package connect
|
||||
|
||||
import "fmt"
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
)
|
||||
|
||||
// GetEnterpriseMeta will synthesize an EnterpriseMeta struct from the SpiffeIDAgent.
|
||||
// in OSS this just returns an empty (but never nil) struct pointer
|
||||
func (id SpiffeIDAgent) GetEnterpriseMeta() *structs.EnterpriseMeta {
|
||||
return &structs.EnterpriseMeta{}
|
||||
}
|
||||
|
||||
func (id SpiffeIDAgent) uriPath() string {
|
||||
return fmt.Sprintf("/agent/client/dc/%s/id/%s", id.Datacenter, id.Agent)
|
||||
|
|
|
@ -186,8 +186,8 @@ func (s *ConnectCA) Sign(
|
|||
"we are %s", serviceID.Datacenter, s.srv.config.Datacenter)
|
||||
}
|
||||
} else if isAgent {
|
||||
// TODO(partitions): support auto-config in different partitions
|
||||
structs.DefaultEnterpriseMetaInDefaultPartition().FillAuthzContext(&authzContext)
|
||||
entMeta := structs.DefaultEnterpriseMetaInPartition(agentID.PartitionOrDefault())
|
||||
entMeta.FillAuthzContext(&authzContext)
|
||||
if authz.NodeWrite(agentID.Agent, &authzContext) != acl.Allow {
|
||||
return acl.ErrPermissionDenied
|
||||
}
|
||||
|
|
|
@ -1438,8 +1438,7 @@ func (c *CAManager) SignCertificate(csr *x509.CertificateRequest, spiffeID conne
|
|||
|
||||
csr.URIs = uris
|
||||
}
|
||||
// TODO(partitions): support auto-config in different partitions
|
||||
entMeta.Merge(structs.DefaultEnterpriseMetaInDefaultPartition())
|
||||
entMeta.Merge(agentID.GetEnterpriseMeta())
|
||||
}
|
||||
|
||||
commonCfg, err := config.GetCommonConfig()
|
||||
|
|
Loading…
Reference in New Issue