Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add capability for the v1/connect/ca/roots endpoint to return a PEM encoded certificate chain #8774

Merged
merged 2 commits into from
Oct 9, 2020
Merged

Add capability for the v1/connect/ca/roots endpoint to return a PEM encoded certificate chain #8774

merged 2 commits into from
Oct 9, 2020

Conversation

mkeeler
Copy link
Member

@mkeeler mkeeler commented Sep 29, 2020
edited
Loading

The v1/connect/ca/roots endpoint has picked up a pem=true argument. When set this causes the endpoint to output data with a Content-Type set to application/pem-certificate-chain and the response body to be a PEM encoded certificate chain of all root and intermediate certs that would normally be contained in the response.

This output format can be useful in situations where you need a certificate bundle for passing off to another application such as the Consul CLI when they will interact with an API presenting behind a Connect CA signed TLS cert (such as when auto_encrypt or auto_config are used for generating a Consul clients HTTPs certificate).

@mkeeler mkeeler force-pushed the feature/connect-ca-cert-bundle branch from fd48049 to d455c34 Compare October 8, 2020 19:50
@mkeeler mkeeler requested a review from a team October 8, 2020 19:53
@mkeeler mkeeler marked this pull request as ready for review October 8, 2020 19:53
hanshasselberg
hanshasselberg approved these changes Oct 8, 2020
View reviewed changes
Copy link
Member

@hanshasselberg hanshasselberg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

agent/connect_ca_endpoint.go Show resolved Hide resolved
@mkeeler mkeeler force-pushed the feature/connect-ca-cert-bundle branch from d455c34 to 5361701 Compare October 8, 2020 20:09
rboyer
rboyer reviewed Oct 8, 2020
View reviewed changes
agent/connect_ca_endpoint.go Outdated Show resolved Hide resolved
rboyer
rboyer requested changes Oct 8, 2020
View reviewed changes
Copy link
Member

@rboyer rboyer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Found some minor things.

@mkeeler mkeeler force-pushed the feature/connect-ca-cert-bundle branch from f7d5dd3 to 84baae4 Compare October 9, 2020 13:28
rboyer
rboyer reviewed Oct 9, 2020
View reviewed changes
agent/connect_ca_endpoint.go Outdated Show resolved Hide resolved
rboyer
rboyer approved these changes Oct 9, 2020
View reviewed changes
Copy link
Member

@rboyer rboyer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, just one more typo.

@mkeeler @rboyer
Update agent/connect_ca_endpoint.go
201f6a3 
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
rboyer
rboyer approved these changes Oct 9, 2020
View reviewed changes
Copy link
Member

@rboyer rboyer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:shipit:

@mkeeler mkeeler merged commit 8f890bc into master Oct 9, 2020
@mkeeler mkeeler deleted the feature/connect-ca-cert-bundle branch October 9, 2020 14:43
@hashicorp-ci
Copy link
Contributor

🍒✅ Cherry pick of commit 8f890bc onto release/1.8.x succeeded!

hashicorp-ci pushed a commit that referenced this pull request Oct 9, 2020
@mkeeler @rboyer @hashicorp-ci
Add capability for the v1/connect/ca/roots endpoint to return a PEM e…
6cae442 
…ncoded certificate chain (#8774)

Co-authored-by: R.B. Boyer <rb@hashicorp.com>
@mikemorris mikemorris mentioned this pull request Jun 8, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@blake blake blake left review comments

@rboyer rboyer rboyer approved these changes

@hanshasselberg hanshasselberg hanshasselberg approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@mkeeler @hashicorp-ci @blake @rboyer @hanshasselberg @hashibot-web