Connect CA Roots (#332)

G-Research · Jun 13, 2024 · 51d9847 · 51d9847
1 parent 777b198
commit 51d9847
Show file tree

Hide file tree

Showing 4 changed files with 63 additions and 1 deletion.
diff --git a/Consul.Test/AgentTest.cs b/Consul.Test/AgentTest.cs
@@ -1025,6 +1025,34 @@ public async Task Agent_Metrics()
  Assert.NotNull(agentMetrics.Response.Samples);
  }
 
+ [Fact]
+ public async Task Agent_CARoots()
+ {
+ var caRoots = await _client.Agent.GetCARoots();
+ Assert.NotEqual((ulong)0, caRoots.LastIndex);
+ Assert.NotNull(caRoots.Response.ActiveRootID);
+ Assert.Equal("11111111-2222-3333-4444-555555555555.consul", caRoots.Response.TrustDomain);
+ Assert.Single(caRoots.Response.Roots);
+ var root = caRoots.Response.Roots.First();
+ Assert.NotNull(root.ID);
+ Assert.NotNull(root.Name);
+ Assert.NotNull(root.SigningKeyID);
+ Assert.NotNull(root.ExternalTrustDomain);
+ Assert.NotNull(root.NotBefore);
+ Assert.NotNull(root.NotAfter);
+ Assert.NotNull(root.RootCert);
+ Assert.Null(root.IntermediateCerts);
+ Assert.True(root.Active);
+ Assert.NotNull(root.PrivateKeyType);
+ if (AgentVersion >= SemanticVersion.Parse("1.7.0"))
+ {
+ Assert.NotEqual(0, root.PrivateKeyBits);
+ Assert.NotEqual(0, root.CreateIndex);
+ Assert.NotEqual(0, root.ModifyIndex);
+ Assert.NotEqual(0, root.SerialNumber);
+ }
+ }
+
  [SkippableFact]
  public async Task Agent_Reload()
  {

diff --git a/Consul.Test/test_config.json b/Consul.Test/test_config.json
@@ -12,7 +12,10 @@
  },
  "enable_script_checks": true,
  "connect": {
- "enabled": true
+ "enabled": true,
+ "ca_config": {
+ "cluster_id": "11111111-2222-3333-4444-555555555555"
+ }
  },
  "encrypt": "d8wu8CSUrqgtjVsvcBPmhQ==",
  "enable_central_service_config": true

diff --git a/Consul/Agent.cs b/Consul/Agent.cs
@@ -676,6 +676,31 @@ public class Sample
  public Dictionary<string, string> Labels { get; set; }
  }
 
+ public class CARoots
+ {
+ public string ActiveRootID { get; set; }
+ public string TrustDomain { get; set; }
+ public List<Root> Roots { get; set; }
+ }
+
+ public class Root
+ {
+ public string ID { get; set; }
+ public string Name { get; set; }
+ public long SerialNumber { get; set; }
+ public string SigningKeyID { get; set; }
+ public string ExternalTrustDomain { get; set; }
+ public string NotBefore { get; set; }
+ public string NotAfter { get; set; }
+ public string RootCert { get; set; }
+ public List<string> IntermediateCerts { get; set; }
+ public bool Active { get; set; }
+ public string PrivateKeyType { get; set; }
+ public long PrivateKeyBits { get; set; }
+ public long CreateIndex { get; set; }
+ public long ModifyIndex { get; set; }
+ }
+
  /// <summary>
  /// Agent can be used to query the Agent endpoints
  /// </summary>
@@ -1139,6 +1164,11 @@ public async Task<QueryResult<ServiceConfiguration>> GetServiceConfiguration(str
  return await _client.Get<ServiceConfiguration>($"/v1/agent/service/{serviceId}", q).Execute(ct).ConfigureAwait(false);
  }
 
+ public async Task<QueryResult<CARoots>> GetCARoots(CancellationToken ct = default)
+ {
+ return await _client.Get<CARoots>("v1/agent/connect/ca/roots", QueryOptions.Default).Execute(ct).ConfigureAwait(false);
+ }
+
  /// <summary>
  /// Log streamer
  /// </summary>

diff --git a/Consul/Interfaces/IAgentEndpoint.cs b/Consul/Interfaces/IAgentEndpoint.cs
@@ -63,6 +63,7 @@ public interface IAgentEndpoint
  Task<QueryResult<LocalServiceHealth>> GetLocalServiceHealthByID(string serviceID, QueryOptions q, CancellationToken ct = default);
  Task<QueryResult<LocalServiceHealth>> GetLocalServiceHealthByID(string serviceID, CancellationToken ct = default);
  Task<QueryResult<Metrics>> GetAgentMetrics(CancellationToken ct = default);
+ Task<QueryResult<CARoots>> GetCARoots(CancellationToken ct = default);
  Task<QueryResult<AgentVersion>> GetAgentVersion(CancellationToken ct = default);
  Task<WriteResult> Reload(CancellationToken ct = default);
  [Obsolete]