Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Fix minor typos and warnings in commented root_ca sections #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Fix minor typos and warnings in commented root_ca sections #1

wants to merge 4 commits into from

Conversation

@danielpops
Copy link

@danielpops danielpops commented Jul 15, 2020
edited
Loading

For my demo purposes I wanted to leverage the root_ca within vault itself, but found a typo (missing quote) and a warning.

I also added key_usage values to the roles to avoid diffs on subsequent terraform plan invocations, e.g. this was happening:

Terraform will perform the following actions:

  # vault_pki_secret_backend_role.role-server-cer will be updated in-place
  ~ resource "vault_pki_secret_backend_role" "role-server-cer" {
        allow_any_name                     = false
        allow_bare_domains                 = false
        allow_glob_domains                 = false
        allow_ip_sans                      = true
        allow_localhost                    = true
        allow_subdomains                   = true
        allowed_domains                    = [
            "mydomain.com",
        ]
        allowed_other_sans                 = []
        allowed_uri_sans                   = []
        backend                            = "pki-int-ca"
        basic_constraints_valid_for_non_ca = false
        client_flag                        = false
        code_signing_flag                  = false
        country                            = [
            "usa",
        ]
        email_protection_flag              = false
        enforce_hostnames                  = true
        ext_key_usage                      = []
        generate_lease                     = false
        id                                 = "pki-int-ca/roles/server-cert-for-mydomain.com"
        key_bits                           = 2048
        key_type                           = "rsa"
      ~ key_usage                          = [
          - "DigitalSignature",
          - "KeyAgreement",
          - "KeyEncipherment",
        ]
        locality                           = [
            "Beverly Hills",
        ]
        max_ttl                            = "63113904"
        name                               = "server-cert-for-mydomain.com"
        no_store                           = true
        not_before_duration                = "0s"
        organization                       = [
            "My Company",
        ]
        ou                                 = [
            "development",
        ]
        policy_identifiers                 = []
        postal_code                        = []
        province                           = []
        require_cn                         = true
        server_flag                        = true
        street_address                     = []
        ttl                                = "2592000"
        use_csr_common_name                = true
        use_csr_sans                       = true
    }

  # vault_pki_secret_backend_role.vault-client-cert will be updated in-place
  ~ resource "vault_pki_secret_backend_role" "vault-client-cert" {
        allow_any_name                     = false
        allow_bare_domains                 = true
        allow_glob_domains                 = false
        allow_ip_sans                      = true
        allow_localhost                    = true
        allow_subdomains                   = false
        allowed_domains                    = [
            "mydomain.com",
        ]
        allowed_other_sans                 = []
        allowed_uri_sans                   = []
        backend                            = "pki-int-ca"
        basic_constraints_valid_for_non_ca = false
        client_flag                        = true
        code_signing_flag                  = false
        country                            = [
            "usa",
        ]
        email_protection_flag              = false
        enforce_hostnames                  = true
        ext_key_usage                      = []
        generate_lease                     = false
        id                                 = "pki-int-ca/roles/client-cert-for-mydomain.com"
        key_bits                           = 2048
        key_type                           = "rsa"
      ~ key_usage                          = [
          - "DigitalSignature",
          - "KeyAgreement",
          - "KeyEncipherment",
        ]
        locality                           = [
            "Beverly Hills",
        ]
        max_ttl                            = "63113904"
        name                               = "client-cert-for-mydomain.com"
        no_store                           = true
        not_before_duration                = "0s"
        organization                       = [
            "My Company",
        ]
        ou                                 = [
            "development",
        ]
        policy_identifiers                 = []
        postal_code                        = []
        province                           = []
        require_cn                         = true
        server_flag                        = true
        street_address                     = []
        ttl                                = "2592000"
        use_csr_common_name                = true
        use_csr_sans                       = true
    }

Plan: 0 to add, 2 to change, 0 to destroy.

@danielpops
Copy link
Author

@stvdilln have you taken a look at this? Any objection to merging the changes?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@grigorov grigorov grigorov approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@danielpops @grigorov