diff --git a/.changelog/26086.txt b/.changelog/26086.txt new file mode 100644 index 000000000..506071fc7 --- /dev/null +++ b/.changelog/26086.txt @@ -0,0 +1,3 @@ +```release-note:bug +cli: Fixed a bug in the `tls cert create` command that always added ``".global.nomad"` to the certificate DNS names, even when the specified region was not ``"global"`. +``` diff --git a/command/tls_cert_create.go b/command/tls_cert_create.go index 59a818386..9061da77c 100644 --- a/command/tls_cert_create.go +++ b/command/tls_cert_create.go @@ -39,16 +39,12 @@ type TLSCertCreateCommand struct { // domain is used to provide a custom domain for the certificate. domain string - // cluster_region is used to add the region name to the certifacte SAN - // records - cluster_region string - // key is used to set the custom CA certificate key when creating // certificates. key string - // cluster_region is used to add the region name to the certifacte SAN - // records + // region is used to add the Nomad region name to the certificate SAN + // records. region string server bool @@ -82,9 +78,6 @@ Certificate Create Options: -client Generate a client certificate. - -cluster-region - DEPRECATED please use -region. - -days Provide number of days the certificate is valid for from now on. Defaults to 1 year. @@ -141,8 +134,6 @@ func (c *TLSCertCreateCommand) Run(args []string) int { flagSet.StringVar(&c.ca, "ca", "#DOMAIN#-agent-ca.pem", "") flagSet.BoolVar(&c.cli, "cli", false, "") flagSet.BoolVar(&c.client, "client", false, "") - // cluster region will be deprecated in the next version - flagSet.StringVar(&c.cluster_region, "cluster-region", "", "") flagSet.IntVar(&c.days, "days", 365, "") flagSet.StringVar(&c.domain, "domain", "nomad", "") flagSet.StringVar(&c.key, "key", "#DOMAIN#-agent-ca-key.pem", "") @@ -176,7 +167,7 @@ func (c *TLSCertCreateCommand) Run(args []string) int { var dnsNames []string var ipAddresses []net.IP var extKeyUsage []x509.ExtKeyUsage - var name, regionName, prefix string + var name, prefix string for _, d := range c.dnsNames { if len(d) > 0 { @@ -190,24 +181,21 @@ func (c *TLSCertCreateCommand) Run(args []string) int { } } - // set region variable to prepare for deprecating cluster_region - switch { - case c.cluster_region != "": - regionName = c.cluster_region - case c.clientConfig().Region != "" && c.clientConfig().Region != "global": - regionName = c.clientConfig().Region - default: - regionName = "global" + regionIdentifier := "global" + + if r := c.clientConfig().Region; r != "" { + regionIdentifier = r } - // Set dnsNames and ipAddresses based on whether this is a client, server or cli + // Set dnsNames and ipAddresses based on whether this is a client, server or + // cli. switch { case c.server: - ipAddresses, dnsNames, name, extKeyUsage, prefix = recordPreparation("server", regionName, c.domain, dnsNames, ipAddresses) + ipAddresses, dnsNames, name, extKeyUsage, prefix = recordPreparation("server", regionIdentifier, c.domain, dnsNames, ipAddresses) case c.client: - ipAddresses, dnsNames, name, extKeyUsage, prefix = recordPreparation("client", regionName, c.domain, dnsNames, ipAddresses) + ipAddresses, dnsNames, name, extKeyUsage, prefix = recordPreparation("client", regionIdentifier, c.domain, dnsNames, ipAddresses) case c.cli: - ipAddresses, dnsNames, name, extKeyUsage, prefix = recordPreparation("cli", regionName, c.domain, dnsNames, ipAddresses) + ipAddresses, dnsNames, name, extKeyUsage, prefix = recordPreparation("cli", regionIdentifier, c.domain, dnsNames, ipAddresses) default: c.Ui.Error("Neither client, cli nor server - should not happen") return 1 @@ -301,36 +289,29 @@ func (c *TLSCertCreateCommand) Run(args []string) int { return 0 } -func recordPreparation(certType string, regionName string, domain string, dnsNames []string, ipAddresses []net.IP) ([]net.IP, []string, string, []x509.ExtKeyUsage, string) { - var ( - extKeyUsage []x509.ExtKeyUsage - name, regionUrl, prefix string - ) +func recordPreparation(certType, regionName, domain string, dnsNames []string, ipAddresses []net.IP) ( + []net.IP, []string, string, []x509.ExtKeyUsage, string) { + + var extKeyUsage []x509.ExtKeyUsage + if certType == "server" || certType == "client" { extKeyUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth} ipAddresses = append(ipAddresses, net.ParseIP("127.0.0.1")) } else if certType == "cli" { extKeyUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth} } - // prefix is used to generate the filename for the certificate before writing to disk. - prefix = fmt.Sprintf("%s-%s-%s", regionName, certType, domain) - regionUrl = fmt.Sprintf("%s.%s.nomad", certType, regionName) - name = fmt.Sprintf("%s.%s.%s", certType, regionName, domain) - if regionName != "global" && domain != "nomad" { - dnsNames = append(dnsNames, name, regionUrl, fmt.Sprintf("%s.global.nomad", certType), "localhost") - } + // Generate the file prefix used to write the certificate and key files to + // local disk. + prefix := fmt.Sprintf("%s-%s-%s", regionName, certType, domain) - if regionName != "global" && domain == "nomad" { - dnsNames = append(dnsNames, regionUrl, fmt.Sprintf("%s.global.nomad", certType), "localhost") - } + // The TLS common name is a combination of the certificate role (server, + // client, or cli), the Nomad region name, and the domain. + commonName := fmt.Sprintf("%s.%s.%s", certType, regionName, domain) - if regionName == "global" && domain != "nomad" { - dnsNames = append(dnsNames, regionUrl, fmt.Sprintf("%s.%s.%s", certType, regionName, domain), "localhost") - } + // Generate a new list of DNS names which includes the original array, the + // common name, and "localhost". + dnsNames = append(dnsNames, commonName, "localhost") - if regionName == "global" && domain == "nomad" { - dnsNames = append(dnsNames, name, "localhost") - } - return ipAddresses, dnsNames, name, extKeyUsage, prefix + return ipAddresses, dnsNames, commonName, extKeyUsage, prefix } diff --git a/command/tls_cert_create_test.go b/command/tls_cert_create_test.go index 75d6f659b..a385ca074 100644 --- a/command/tls_cert_create_test.go +++ b/command/tls_cert_create_test.go @@ -107,7 +107,6 @@ func TestTlsCertCreateCommandDefaults_fileCreate(t *testing.T) { "server.region1.nomad", []string{ "server.region1.nomad", - "server.global.nomad", "localhost", }, []net.IP{{127, 0, 0, 1}}, @@ -217,7 +216,6 @@ func TestTlsRecordPreparation(t *testing.T) { expectedipAddresses: []net.IP{net.ParseIP("127.0.0.1")}, expectedDNSNames: []string{ "server.region1.nomad", - "server.global.nomad", "localhost", }, expectedName: "server.region1.nomad", @@ -233,7 +231,6 @@ func TestTlsRecordPreparation(t *testing.T) { ipAddresses: []string{}, expectedipAddresses: []net.IP{net.ParseIP("127.0.0.1")}, expectedDNSNames: []string{ - "server.global.nomad", "server.global.domain1", "localhost", }, diff --git a/helper/tlsutil/testdata/badRegion-client-bad-key.pem b/helper/tlsutil/testdata/badRegion-client-bad-key.pem index 7b56a389b..2a9bfe620 100644 --- a/helper/tlsutil/testdata/badRegion-client-bad-key.pem +++ b/helper/tlsutil/testdata/badRegion-client-bad-key.pem @@ -1,5 +1,5 @@ -----BEGIN EC PRIVATE KEY----- -MHcCAQEEIEbr9QQxvZRlT+WFHAZnw/pwsNhGkbHVtkRWSTfYh0GtoAoGCCqGSM49 -AwEHoUQDQgAEdmOVwqDMhWyP/YXJekbyILsk4CV6L9W0mK3MjD148g0XjhT8yDUL -FHFqm8bNNAO+gBbI1EDS8TpHIWtiQ86QSg== +MHcCAQEEIKk8d2emRn2ogBXZY6vrZzN/LWr0+nloUfUDVaTMa25ooAoGCCqGSM49 +AwEHoUQDQgAEyHsxg78wuPB8FG45YJIjDy5XNvkRuF7kge3Qto2NMUObdXlpYEBM +kBi5s5ow4Bqjp9LpQFT77Ts+xpFqZ3mi2A== -----END EC PRIVATE KEY----- diff --git a/helper/tlsutil/testdata/badRegion-client-bad.pem b/helper/tlsutil/testdata/badRegion-client-bad.pem index c919fe5a4..8c4c2d26c 100644 --- a/helper/tlsutil/testdata/badRegion-client-bad.pem +++ b/helper/tlsutil/testdata/badRegion-client-bad.pem @@ -1,18 +1,17 @@ -----BEGIN CERTIFICATE----- -MIICzzCCAnWgAwIBAgIRAIFUltA5xgNPcFFlo2aKtIcwCgYIKoZIzj0EAwIwgbgx +MIICozCCAkigAwIBAgIRAPZum3AsvBr+eZ5eX1cBrtcwCgYIKoZIzj0EAwIwgbgx CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj bzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw FQYDVQQKEw5IYXNoaUNvcnAgSW5jLjE/MD0GA1UEAxM2Tm9tYWQgQWdlbnQgQ0Eg -MTU5MTUzODQ3MzA3OTM3NDc0Mzk0MzkzMDI3NzEwMTg0MTQxNTA4MB4XDTI1MDUw -MjEyMDc1OVoXDTI2MDUwMjEyMDc1OVowHzEdMBsGA1UEAxMUY2xpZW50LmJhZFJl -Z2lvbi5iYWQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR2Y5XCoMyFbI/9hcl6 -RvIguyTgJXov1bSYrcyMPXjyDReOFPzINQsUcWqbxs00A76AFsjUQNLxOkcha2JD -zpBKo4H3MIH0MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYI -KwYBBQUHAwIwDAYDVR0TAQH/BAIwADApBgNVHQ4EIgQgWG3m916eQoU94ufqaBPi -812f+iKn0HmqJ0hdqjxjxGMwKwYDVR0jBCQwIoAgCFCUC6vPCT2XDvuGJ7CFIuRI -p68R+n3y0VB8/nBfe9owXQYDVR0RBFYwVIIUY2xpZW50LmJhZFJlZ2lvbi5iYWSC -FmNsaWVudC5iYWRSZWdpb24ubm9tYWSCE2NsaWVudC5nbG9iYWwubm9tYWSCCWxv -Y2FsaG9zdIcEfwAAATAKBggqhkjOPQQDAgNIADBFAiEApczLizCiPhkoDDOzouO0 -z5XsRN0z60srWf+1cfU9A34CIGQnoGDM943exxkQQe6ZBI6BR1nfB/IemxNlvrMs -K+s4 +MTU5MTUzODQ3MzA3OTM3NDc0Mzk0MzkzMDI3NzEwMTg0MTQxNTA4MB4XDTI1MDYy +MDEyNTI0MFoXDTI2MDYyMDEyNTI0MFowHzEdMBsGA1UEAxMUY2xpZW50LmJhZFJl +Z2lvbi5iYWQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATIezGDvzC48HwUbjlg +kiMPLlc2+RG4XuSB7dC2jY0xQ5t1eWlgQEyQGLmzmjDgGqOn0ulAVPvtOz7GkWpn +eaLYo4HKMIHHMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYI +KwYBBQUHAwIwDAYDVR0TAQH/BAIwADApBgNVHQ4EIgQgEd/0T23L8jJLRtwWl1+5 +qYyBqm9nlfsIZm+vaYBSVPYwKwYDVR0jBCQwIoAgCFCUC6vPCT2XDvuGJ7CFIuRI +p68R+n3y0VB8/nBfe9owMAYDVR0RBCkwJ4IUY2xpZW50LmJhZFJlZ2lvbi5iYWSC +CWxvY2FsaG9zdIcEfwAAATAKBggqhkjOPQQDAgNJADBGAiEAyTdYI/7s5tY+RJjz +5n/jBPyISA+trpcXwYNJ4qQbo+wCIQDuYlit9Gi9DLkLgGd8vsvcLy+j3b9qBE3Y +r08brTf1zQ== -----END CERTIFICATE----- diff --git a/helper/tlsutil/testdata/badRegion-server-bad-key.pem b/helper/tlsutil/testdata/badRegion-server-bad-key.pem index 74aadc7b9..b8e84b00f 100644 --- a/helper/tlsutil/testdata/badRegion-server-bad-key.pem +++ b/helper/tlsutil/testdata/badRegion-server-bad-key.pem @@ -1,5 +1,5 @@ -----BEGIN EC PRIVATE KEY----- -MHcCAQEEIJXs4LOqeaYEyWLjc/d1dyDMfgIU5UQRxcVoRivOPMcioAoGCCqGSM49 -AwEHoUQDQgAEdffb4T11XNYkIMJHawSigBhGRGw8cD9TB663nWG8AgWh/V9uk9mw -yWcoRETDx7Y4athINsD66fRwelKNN/SMnw== +MHcCAQEEIFYpihoMQZc5KiQnRhbjuG3Z3Zz+6CZmPBrlGnL2ISrWoAoGCCqGSM49 +AwEHoUQDQgAESOj4nVa+vZO7V/LZN+mPl3iIgYhFciOrSTJhy4qjQgOqo/PTH6jZ +U7lRHNDSMGUPATbqapL/tlv19UB3Bkuvdg== -----END EC PRIVATE KEY----- diff --git a/helper/tlsutil/testdata/badRegion-server-bad.pem b/helper/tlsutil/testdata/badRegion-server-bad.pem index 2f962c0d8..71cbf8270 100644 --- a/helper/tlsutil/testdata/badRegion-server-bad.pem +++ b/helper/tlsutil/testdata/badRegion-server-bad.pem @@ -1,18 +1,17 @@ -----BEGIN CERTIFICATE----- -MIICzzCCAnSgAwIBAgIQa3qvui9MXrlD1JulWcYlGjAKBggqhkjOPQQDAjCBuDEL +MIICoDCCAkegAwIBAgIQEA4wMi/TMrcu3WC6wB+1CjAKBggqhkjOPQQDAjCBuDEL MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv MRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV BgNVBAoTDkhhc2hpQ29ycCBJbmMuMT8wPQYDVQQDEzZOb21hZCBBZ2VudCBDQSAx -NTkxNTM4NDczMDc5Mzc0NzQzOTQzOTMwMjc3MTAxODQxNDE1MDgwHhcNMjUwNTAy -MTIwNzU5WhcNMjYwNTAyMTIwNzU5WjAfMR0wGwYDVQQDExRzZXJ2ZXIuYmFkUmVn -aW9uLmJhZDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHX32+E9dVzWJCDCR2sE -ooAYRkRsPHA/Uweut51hvAIFof1fbpPZsMlnKEREw8e2OGrYSDbA+un0cHpSjTf0 -jJ+jgfcwgfQwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr -BgEFBQcDAjAMBgNVHRMBAf8EAjAAMCkGA1UdDgQiBCAZeiGRew0bfMMbbJ+U5dHS -dfGgA+rI+aqUj25tDSlmDzArBgNVHSMEJDAigCAIUJQLq88JPZcO+4YnsIUi5Ein -rxH6ffLRUHz+cF972jBdBgNVHREEVjBUghRzZXJ2ZXIuYmFkUmVnaW9uLmJhZIIW -c2VydmVyLmJhZFJlZ2lvbi5ub21hZIITc2VydmVyLmdsb2JhbC5ub21hZIIJbG9j -YWxob3N0hwR/AAABMAoGCCqGSM49BAMCA0kAMEYCIQDzIf0rL1FAYn5KSxhfVKdJ -dGkYqeiL9YUsAw72uFxHbgIhAKqK1JNRv53rBAjzmjZJw/5Xn7TE8nnbDuYyKnxG -S7eT +NTkxNTM4NDczMDc5Mzc0NzQzOTQzOTMwMjc3MTAxODQxNDE1MDgwHhcNMjUwNjIw +MTI1MjQwWhcNMjYwNjIwMTI1MjQwWjAfMR0wGwYDVQQDExRzZXJ2ZXIuYmFkUmVn +aW9uLmJhZDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEjo+J1Wvr2Tu1fy2Tfp +j5d4iIGIRXIjq0kyYcuKo0IDqqPz0x+o2VO5URzQ0jBlDwE26mqS/7Zb9fVAdwZL +r3ajgcowgccwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr +BgEFBQcDAjAMBgNVHRMBAf8EAjAAMCkGA1UdDgQiBCBa/ZDAdDv0vC8t//nHWvq3 +3xY+0Zp76TtJ27abvhOmazArBgNVHSMEJDAigCAIUJQLq88JPZcO+4YnsIUi5Ein +rxH6ffLRUHz+cF972jAwBgNVHREEKTAnghRzZXJ2ZXIuYmFkUmVnaW9uLmJhZIIJ +bG9jYWxob3N0hwR/AAABMAoGCCqGSM49BAMCA0cAMEQCIHJuKQNm4jgAx++eOL84 +mrUWBEaezWpk2efZLcPdGsWSAiA3R80THTDKwlzpspVqggvyNRbk+k7cYQRr4pcY +ty6nBQ== -----END CERTIFICATE----- diff --git a/helper/tlsutil/testdata/global-client-nomad-key.pem b/helper/tlsutil/testdata/global-client-nomad-key.pem index 6eacb5c3c..ec1b32a85 100644 --- a/helper/tlsutil/testdata/global-client-nomad-key.pem +++ b/helper/tlsutil/testdata/global-client-nomad-key.pem @@ -1,5 +1,5 @@ -----BEGIN EC PRIVATE KEY----- -MHcCAQEEIJShzvcArPG0/VBQBenDVEOdlqK0c05GOZsK7+lwynMcoAoGCCqGSM49 -AwEHoUQDQgAETXS/uB8i2LnrhIkHS9zjVEa14CAkz53QZPIEKpwIbF1OxcVWhXkx -rpSc2JQpERbIDAIvHkqsZbAjVQU9hmvrvg== +MHcCAQEEID5Gr6PKtaffTAmqejQXR+NGXMAcCulRLf86TVs577Q+oAoGCCqGSM49 +AwEHoUQDQgAEyo1HmrxdII2+L5TyY9jPluzo031FF6BC5VXaP8PbPnD1G49vlm7Q +W0xVOqKUwJF5MnrXfzoBnTZcdIrPruuDdw== -----END EC PRIVATE KEY----- diff --git a/helper/tlsutil/testdata/global-client-nomad.pem b/helper/tlsutil/testdata/global-client-nomad.pem index c29bad36c..bc7a36f94 100644 --- a/helper/tlsutil/testdata/global-client-nomad.pem +++ b/helper/tlsutil/testdata/global-client-nomad.pem @@ -1,17 +1,17 @@ -----BEGIN CERTIFICATE----- -MIICoDCCAkWgAwIBAgIQJsb/Lvp0/3ZYEmdrXK5s6TAKBggqhkjOPQQDAjCBuDEL -MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv -MRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV -BgNVBAoTDkhhc2hpQ29ycCBJbmMuMT8wPQYDVQQDEzZOb21hZCBBZ2VudCBDQSAy -NjIwNjI1NjE0NTQ4NDA3MDEwNjQ0NzU5ODQyMjMzMTQ1NDI2NzIwHhcNMjUwNTAy -MTIwNjIyWhcNMjYwNTAyMTIwNjIyWjAeMRwwGgYDVQQDExNjbGllbnQuZ2xvYmFs -Lm5vbWFkMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAETXS/uB8i2LnrhIkHS9zj -VEa14CAkz53QZPIEKpwIbF1OxcVWhXkxrpSc2JQpERbIDAIvHkqsZbAjVQU9hmvr -vqOByTCBxjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG -AQUFBwMCMAwGA1UdEwEB/wQCMAAwKQYDVR0OBCIEIFACuyxFeOccwzTiOpsf2kz2 -170j7ksaJcdvmDBIcl89MCsGA1UdIwQkMCKAIDVSNgVCiLhcb7DNl8fNlceCmoDH -eNrYzpWdMHHtwcQcMC8GA1UdEQQoMCaCE2NsaWVudC5nbG9iYWwubm9tYWSCCWxv -Y2FsaG9zdIcEfwAAATAKBggqhkjOPQQDAgNJADBGAiEA4ixue8guhYI9c7E0wlDF -zYIeopTlFnrDGbrd7FPqDSECIQDFly6cAQ9mQejWEzsdv520jc71U3UC77lcdLbs -4d/y0A== +MIICoTCCAkagAwIBAgIRAN/p3iuXI/+dJX3wshZUwyAwCgYIKoZIzj0EAwIwgbgx +CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj +bzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw +FQYDVQQKEw5IYXNoaUNvcnAgSW5jLjE/MD0GA1UEAxM2Tm9tYWQgQWdlbnQgQ0Eg +MjYyMDYyNTYxNDU0ODQwNzAxMDY0NDc1OTg0MjIzMzE0NTQyNjcyMB4XDTI1MDYy +MDEyNTA1NloXDTI2MDYyMDEyNTA1NlowHjEcMBoGA1UEAxMTY2xpZW50Lmdsb2Jh +bC5ub21hZDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABMqNR5q8XSCNvi+U8mPY +z5bs6NN9RRegQuVV2j/D2z5w9RuPb5Zu0FtMVTqilMCReTJ61386AZ02XHSKz67r +g3ejgckwgcYwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr +BgEFBQcDAjAMBgNVHRMBAf8EAjAAMCkGA1UdDgQiBCAaW8uBoxrKhEjNXKEPXiMr +nQaDH9Npipl/CCP1V+CrlzArBgNVHSMEJDAigCA1UjYFQoi4XG+wzZfHzZXHgpqA +x3ja2M6VnTBx7cHEHDAvBgNVHREEKDAmghNjbGllbnQuZ2xvYmFsLm5vbWFkggls +b2NhbGhvc3SHBH8AAAEwCgYIKoZIzj0EAwIDSQAwRgIhAJIUMdRmMJSi3hT5PU/W +G0hJJG8Vxh7VT8ebNxnz9VhGAiEAnfBPT+JsgEMqlX7nZPFGhoOKIOfuozaWSbBz +hAsns14= -----END CERTIFICATE----- diff --git a/helper/tlsutil/testdata/global-server-nomad-key.pem b/helper/tlsutil/testdata/global-server-nomad-key.pem index 435d48374..37adc3a08 100644 --- a/helper/tlsutil/testdata/global-server-nomad-key.pem +++ b/helper/tlsutil/testdata/global-server-nomad-key.pem @@ -1,5 +1,5 @@ -----BEGIN EC PRIVATE KEY----- -MHcCAQEEIHtMohNhWUCJ7+5iEFE0xVcmjO+8HtZ/Xy6YTraBykZooAoGCCqGSM49 -AwEHoUQDQgAEG0x5ksFPi1LA4pDOewaYaMXE5ML9vmYaOttoFbgRfaSowSBx6wpa -fN6b565RRhRuPkI8eQa6hwSJL1JSlBwdhQ== +MHcCAQEEIF7gRiwEqYZhlloKsMyAMZ0zynvDVyUimEAEnI43z7/RoAoGCCqGSM49 +AwEHoUQDQgAEQ1wTyHo3vjISeiL5ql7e03zUYeQRTdl2iOeqfTyn6dITR0mgsPe/ +qzPhlGMlW+/2aFkIvmvkD0JumTu6wIPqyQ== -----END EC PRIVATE KEY----- diff --git a/helper/tlsutil/testdata/global-server-nomad.pem b/helper/tlsutil/testdata/global-server-nomad.pem index 0f02a3200..47b640988 100644 --- a/helper/tlsutil/testdata/global-server-nomad.pem +++ b/helper/tlsutil/testdata/global-server-nomad.pem @@ -1,17 +1,17 @@ -----BEGIN CERTIFICATE----- -MIICnzCCAkWgAwIBAgIQVReOD344n4OOValJVWIapjAKBggqhkjOPQQDAjCBuDEL +MIICnzCCAkWgAwIBAgIQHj3goiF3rxOXBp5KyJPVuDAKBggqhkjOPQQDAjCBuDEL MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv MRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV BgNVBAoTDkhhc2hpQ29ycCBJbmMuMT8wPQYDVQQDEzZOb21hZCBBZ2VudCBDQSAy -NjIwNjI1NjE0NTQ4NDA3MDEwNjQ0NzU5ODQyMjMzMTQ1NDI2NzIwHhcNMjUwNTAy -MTIwNjIyWhcNMjYwNTAyMTIwNjIyWjAeMRwwGgYDVQQDExNzZXJ2ZXIuZ2xvYmFs -Lm5vbWFkMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEG0x5ksFPi1LA4pDOewaY -aMXE5ML9vmYaOttoFbgRfaSowSBx6wpafN6b565RRhRuPkI8eQa6hwSJL1JSlBwd -haOByTCBxjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG -AQUFBwMCMAwGA1UdEwEB/wQCMAAwKQYDVR0OBCIEIDj3UwkShqXCLRBqp8AztARh -PgpKwXTXs8HV12AegN8YMCsGA1UdIwQkMCKAIDVSNgVCiLhcb7DNl8fNlceCmoDH +NjIwNjI1NjE0NTQ4NDA3MDEwNjQ0NzU5ODQyMjMzMTQ1NDI2NzIwHhcNMjUwNjIw +MTI1MDU2WhcNMjYwNjIwMTI1MDU2WjAeMRwwGgYDVQQDExNzZXJ2ZXIuZ2xvYmFs +Lm5vbWFkMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEQ1wTyHo3vjISeiL5ql7e +03zUYeQRTdl2iOeqfTyn6dITR0mgsPe/qzPhlGMlW+/2aFkIvmvkD0JumTu6wIPq +yaOByTCBxjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG +AQUFBwMCMAwGA1UdEwEB/wQCMAAwKQYDVR0OBCIEIFUATGblzDY9ZPhh2Hxqtcq9 +Ik/SOt+csC4sbDlHx0bAMCsGA1UdIwQkMCKAIDVSNgVCiLhcb7DNl8fNlceCmoDH eNrYzpWdMHHtwcQcMC8GA1UdEQQoMCaCE3NlcnZlci5nbG9iYWwubm9tYWSCCWxv -Y2FsaG9zdIcEfwAAATAKBggqhkjOPQQDAgNIADBFAiBLWW+t+HR8pFlisUXF8fVQ -vGvw5Q3zzuMmghNdMfulqAIhAJLT64jAXQFmFNeJpMMQO7NbhV1cLHf8tXo2GOCE -ipU0 +Y2FsaG9zdIcEfwAAATAKBggqhkjOPQQDAgNIADBFAiBi9n1J2vwM4Eh18pY9qdZd +28h+3cpQYbFGLCcEjknXgQIhAPPxdhNbQ6fyuwDrkbF/gOUftTUtNhhpO8DY3Zjv +mTMt -----END CERTIFICATE----- diff --git a/helper/tlsutil/testdata/regionFoo-client-nomad-key.pem b/helper/tlsutil/testdata/regionFoo-client-nomad-key.pem index 541001bba..bf5d64d3f 100644 --- a/helper/tlsutil/testdata/regionFoo-client-nomad-key.pem +++ b/helper/tlsutil/testdata/regionFoo-client-nomad-key.pem @@ -1,5 +1,5 @@ -----BEGIN EC PRIVATE KEY----- -MHcCAQEEIIti9mUkwepjy83t+p4sR2vt+1LoWDBTB5XxOu5k3LHzoAoGCCqGSM49 -AwEHoUQDQgAEu5MA5D0M20MnluzjwAPH3taoSNGdpEFOgED2m5o+G1yWnBu5YaHu -Hx6xsGyvyAT1GZ2BZiMVY8aQPPUpBvdHTQ== +MHcCAQEEIC6Zb2A2b0eHOL1P0TreEeyyPhF7ga4tHRQy1oBPENmDoAoGCCqGSM49 +AwEHoUQDQgAEDkAbolF7vLkCF/cNglYmBP3TK6TwpwSTR60AneZKyXLY9ZjQND17 +X9avu80cyJkktcKMXMDV2iHowPxWmlxAjA== -----END EC PRIVATE KEY----- diff --git a/helper/tlsutil/testdata/regionFoo-client-nomad.pem b/helper/tlsutil/testdata/regionFoo-client-nomad.pem index c33a057bf..43bdebe53 100644 --- a/helper/tlsutil/testdata/regionFoo-client-nomad.pem +++ b/helper/tlsutil/testdata/regionFoo-client-nomad.pem @@ -1,17 +1,17 @@ -----BEGIN CERTIFICATE----- -MIICuzCCAmGgAwIBAgIRAPnUAMiIhB6p3fddfmZQliMwCgYIKoZIzj0EAwIwgbgx +MIICpjCCAkygAwIBAgIRAL9bNTwXnAjd6l7LeWLFpucwCgYIKoZIzj0EAwIwgbgx CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj bzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw FQYDVQQKEw5IYXNoaUNvcnAgSW5jLjE/MD0GA1UEAxM2Tm9tYWQgQWdlbnQgQ0Eg -MjYyMDYyNTYxNDU0ODQwNzAxMDY0NDc1OTg0MjIzMzE0NTQyNjcyMB4XDTI1MDUw -MjEyMDk0NFoXDTI2MDUwMjEyMDk0NFowITEfMB0GA1UEAxMWY2xpZW50LnJlZ2lv -bkZvby5ub21hZDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLuTAOQ9DNtDJ5bs -48ADx97WqEjRnaRBToBA9puaPhtclpwbuWGh7h8esbBsr8gE9RmdgWYjFWPGkDz1 -KQb3R02jgeEwgd4wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMB -BggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMCkGA1UdDgQiBCBHcLp6utfmnR9b8wvt -7QDzBzd/s4PGriiFaZfAHSZlQzArBgNVHSMEJDAigCA1UjYFQoi4XG+wzZfHzZXH -gpqAx3ja2M6VnTBx7cHEHDBHBgNVHREEQDA+ghZjbGllbnQucmVnaW9uRm9vLm5v -bWFkghNjbGllbnQuZ2xvYmFsLm5vbWFkgglsb2NhbGhvc3SHBH8AAAEwCgYIKoZI -zj0EAwIDSAAwRQIgdOu1JQrrMH43dbFFsbxETXQr2USdq6ZJ0WBOkd/mTGkCIQDl -lNgf8BQsbnOSNT+ZpiIk00ifUVvpHNnnL2Pv3OZmGA== +MjYyMDYyNTYxNDU0ODQwNzAxMDY0NDc1OTg0MjIzMzE0NTQyNjcyMB4XDTI1MDYy +MDEyNTEyMFoXDTI2MDYyMDEyNTEyMFowITEfMB0GA1UEAxMWY2xpZW50LnJlZ2lv +bkZvby5ub21hZDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABA5AG6JRe7y5Ahf3 +DYJWJgT90yuk8KcEk0etAJ3mSsly2PWY0DQ9e1/Wr7vNHMiZJLXCjFzA1doh6MD8 +VppcQIyjgcwwgckwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMB +BggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMCkGA1UdDgQiBCD1NbLrtvFb+0vhwdb+ +Y+9FKsZKypoqQBy1Wgu4GMv+XDArBgNVHSMEJDAigCA1UjYFQoi4XG+wzZfHzZXH +gpqAx3ja2M6VnTBx7cHEHDAyBgNVHREEKzApghZjbGllbnQucmVnaW9uRm9vLm5v +bWFkgglsb2NhbGhvc3SHBH8AAAEwCgYIKoZIzj0EAwIDSAAwRQIgNIS7OemovXSg +gShooyH9s/6/KDhE7hBWP80tkfU9VTkCIQC6lYDoq2IPaL0pqzFy1Z5BUdIeTUJh +PYKQ8PrLAbNJLQ== -----END CERTIFICATE----- diff --git a/helper/tlsutil/testdata/regionFoo-server-nomad-key.pem b/helper/tlsutil/testdata/regionFoo-server-nomad-key.pem index 28e1c3c8f..3b7695bbc 100644 --- a/helper/tlsutil/testdata/regionFoo-server-nomad-key.pem +++ b/helper/tlsutil/testdata/regionFoo-server-nomad-key.pem @@ -1,5 +1,5 @@ -----BEGIN EC PRIVATE KEY----- -MHcCAQEEIPpZY+Oy7aj127fsvANb9bQCJ+X6jPZLgXC6RrrozjzioAoGCCqGSM49 -AwEHoUQDQgAErhTVsvE0FIT66/kZfrP4se5sTxZK60BVoCCuQOKBW47VUgZbIjjF -zhoSCyXko3Z1NET7FxwyOSGjdXOF5m5yZA== +MHcCAQEEIAL8PR3BeBaVaAalDh3RkusdUjyVIHR+OGYRXTVOKEdcoAoGCCqGSM49 +AwEHoUQDQgAEK8IsGS6VJdf1Ik14y+PgBOZdVJRZDlKFlvU0isVEnoSAmmFjoZpT +wgTAf0QdoCwlfakwqljmbmE5E/QrA3ySCw== -----END EC PRIVATE KEY----- diff --git a/helper/tlsutil/testdata/regionFoo-server-nomad.pem b/helper/tlsutil/testdata/regionFoo-server-nomad.pem index 4a90c1f05..ac9ca010e 100644 --- a/helper/tlsutil/testdata/regionFoo-server-nomad.pem +++ b/helper/tlsutil/testdata/regionFoo-server-nomad.pem @@ -1,17 +1,17 @@ -----BEGIN CERTIFICATE----- -MIICuzCCAmGgAwIBAgIRAJ2sg8BGYUbhmhraFRZIXhgwCgYIKoZIzj0EAwIwgbgx +MIICpzCCAkygAwIBAgIRAOgSVlcFdzGslL3laKW29Z0wCgYIKoZIzj0EAwIwgbgx CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj bzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw FQYDVQQKEw5IYXNoaUNvcnAgSW5jLjE/MD0GA1UEAxM2Tm9tYWQgQWdlbnQgQ0Eg -MjYyMDYyNTYxNDU0ODQwNzAxMDY0NDc1OTg0MjIzMzE0NTQyNjcyMB4XDTI1MDUw -MjEyMDk0M1oXDTI2MDUwMjEyMDk0M1owITEfMB0GA1UEAxMWc2VydmVyLnJlZ2lv -bkZvby5ub21hZDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABK4U1bLxNBSE+uv5 -GX6z+LHubE8WSutAVaAgrkDigVuO1VIGWyI4xc4aEgsl5KN2dTRE+xccMjkho3Vz -heZucmSjgeEwgd4wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMB -BggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMCkGA1UdDgQiBCCl/G2fQsqZaGSzTY6Y -szXpu5V6d0k1XbVa9xrjksEmzDArBgNVHSMEJDAigCA1UjYFQoi4XG+wzZfHzZXH -gpqAx3ja2M6VnTBx7cHEHDBHBgNVHREEQDA+ghZzZXJ2ZXIucmVnaW9uRm9vLm5v -bWFkghNzZXJ2ZXIuZ2xvYmFsLm5vbWFkgglsb2NhbGhvc3SHBH8AAAEwCgYIKoZI -zj0EAwIDSAAwRQIhALMTV8TEhQ4gAni39w26nxrtKYJCTTST12oATeOvhq70AiBw -yKcrkJuD0p4F9+0Z9NC0CiindYtn+3mWGmDb5ohOmw== +MjYyMDYyNTYxNDU0ODQwNzAxMDY0NDc1OTg0MjIzMzE0NTQyNjcyMB4XDTI1MDYy +MDEyNTEyMFoXDTI2MDYyMDEyNTEyMFowITEfMB0GA1UEAxMWc2VydmVyLnJlZ2lv +bkZvby5ub21hZDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCvCLBkulSXX9SJN +eMvj4ATmXVSUWQ5ShZb1NIrFRJ6EgJphY6GaU8IEwH9EHaAsJX2pMKpY5m5hORP0 +KwN8kgujgcwwgckwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMB +BggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMCkGA1UdDgQiBCBf0aPAgkM3OB1at2BG +IkN+gpuXXNToVgdtVc39cGAAbTArBgNVHSMEJDAigCA1UjYFQoi4XG+wzZfHzZXH +gpqAx3ja2M6VnTBx7cHEHDAyBgNVHREEKzApghZzZXJ2ZXIucmVnaW9uRm9vLm5v +bWFkgglsb2NhbGhvc3SHBH8AAAEwCgYIKoZIzj0EAwIDSQAwRgIhAICI9TqZTmd5 +t9Pc99FyOhEYb0Ql8djO/3XdeLOQa91lAiEAkMU2sSheRbUZCa5GAQlHNYPsUs50 +qgTsuoR6u4512rw= -----END CERTIFICATE----- diff --git a/website/content/docs/commands/tls/cert-create.mdx b/website/content/docs/commands/tls/cert-create.mdx index d744737a5..bff5f8571 100644 --- a/website/content/docs/commands/tls/cert-create.mdx +++ b/website/content/docs/commands/tls/cert-create.mdx @@ -35,8 +35,6 @@ Usage: `nomad tls cert create [options]` - `-days=`: Provide number of days the certificate is valid for from now on. Defaults to 1 year. -- `-cluster-region=`: DEPRECATED please use `-region`. - - `-domain=`: Provide the domain. Matters only for `-server` certificates.