mirror of https://github.com/hashicorp/consul
ca: use the cluster ID passed to the primary
instead of fetching it from the state store.pull/11589/head
parent
b9ab9bae12
commit
b4080bc0dc
|
@ -617,19 +617,13 @@ func (c *ConsulProvider) incrementAndGetNextSerialNumber() (uint64, error) {
|
|||
|
||||
// generateCA makes a new root CA using the current private key
|
||||
func (c *ConsulProvider) generateCA(privateKey string, sn uint64, rootCertTTL time.Duration) (string, error) {
|
||||
stateStore := c.Delegate.State()
|
||||
_, config, err := stateStore.CAConfig(nil)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
privKey, err := connect.ParseSigner(privateKey)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("error parsing private key %q: %s", privateKey, err)
|
||||
}
|
||||
|
||||
// The URI (SPIFFE compatible) for the cert
|
||||
id := connect.SpiffeIDSigningForCluster(config.ClusterID)
|
||||
id := connect.SpiffeIDSigningForCluster(c.clusterID)
|
||||
keyId, err := connect.KeyId(privKey.Public())
|
||||
if err != nil {
|
||||
return "", err
|
||||
|
|
Loading…
Reference in New Issue