Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update more PKI documentation #14490

Merged
merged 7 commits into from
Mar 15, 2022
Merged

Update more PKI documentation #14490

merged 7 commits into from
Mar 15, 2022

Conversation

cipherboy
Copy link
Contributor

Various changes here; would definitely like feedback on if these warrant a backport to 1.10 for clarity.

  • Serial number field is, IMO, misnamed and definitely was misdocumented. It does not impact what most users expect it to (namely, the actual serial number field of the X509 certificate object), but instead adds a serialNumber=<value> attribute into the certificate's Subject. I've clarified it in both the website docs and the path-help docs.
  • key_bits needed to be more consistently documented.
  • Clarify documentation around GET pki/config/crl and GET pki/config/urls being empty when nothing is written yet.
  • Clarify that pki/config/crl/rotate should be called when the CRL is expired or close to expiring, if no revocations have happened.
  • Fix the path-help documentation of the fetch APIs, which referenced the fetch/ path segment that no longer exists.

Not addressed in this PR (and definitely not a candidate for 1.10 backport) is that pki/intermediate/generate/:type returns help text with ttl and not_after fields, but these fields cannot go into the CSR and thus shouldn't be exposed. However, TTL (and not not_after, which is inconsistent with the rest of the API) is used by getGenerationParams to build a role for generation (and is also used by pki/root/generate/:type). That requires some more thought to fix.

@cipherboy
Update description of certificate fetch API
c93e494 
Signed-off-by: Alexander Scheel <[email protected]>
@cipherboy
Clarify /config/crl and /config/url PKI are empty
bf5a227 
GET-ing these URLs will return 404 until such time as a config is posted
to them, even though (in the case of CRL), default values will be used.

Signed-off-by: Alexander Scheel <[email protected]>
@cipherboy
Clarify usage of /pki/crl/rotate
b7d81cd 
Signed-off-by: Alexander Scheel <[email protected]>
@cipherboy
Update documentation around PKI key_bits
e4b4465 
This unifies the description of key_bits to match the API description
(which is consistent across all usages).

Signed-off-by: Alexander Scheel <[email protected]>
@cipherboy
Fix indented field descriptions in PKI paths
c015589 
Signed-off-by: Alexander Scheel <[email protected]>
@cipherboy
Clarify documentation around serial_number
34ad5c3 
Note that this field has no impact on the actual Serial Number field and
only an attribute in the requested certificate's Subject.

Signed-off-by: Alexander Scheel <[email protected]>
@cipherboy cipherboy requested a review from a team March 14, 2022 19:37
@cipherboy cipherboy requested a review from taoism4504 as a code owner March 14, 2022 19:37
@cipherboy cipherboy force-pushed the cipherboy-update-more-pki-docs branch from 7cd50df to 34ad5c3 Compare March 14, 2022 19:37
@vercel vercel bot temporarily deployed to Preview – vault-storybook March 14, 2022 19:37 Inactive
@cipherboy
Fix spelling of localdomain
5d2681e 
Signed-off-by: Alexander Scheel <[email protected]>
@vercel vercel bot temporarily deployed to Preview – vault-storybook March 15, 2022 17:28 Inactive
@vercel vercel bot temporarily deployed to Preview – vault March 15, 2022 17:28 Inactive
@cipherboy cipherboy merged commit 5475b80 into main Mar 15, 2022
@cipherboy
Copy link
Contributor Author

Thanks Steve!

Merged
@cipherboy cipherboy deleted the cipherboy-update-more-pki-docs branch March 30, 2022 12:17
@cipherboy cipherboy restored the cipherboy-update-more-pki-docs branch March 30, 2022 12:17
@cipherboy cipherboy deleted the cipherboy-update-more-pki-docs branch March 30, 2022 12:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stevendpclark stevendpclark stevendpclark approved these changes

@taoism4504 taoism4504 Awaiting requested review from taoism4504

Assignees
No one assigned
Labels
docs pr/no-changelog secret/pki
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cipherboy @stevendpclark