terraform-docs-samples icon indicating copy to clipboard operation
terraform-docs-samples copied to clipboard
verified publisher icon terraform-google-modules

privateca root ca example is invalid for a standard compliant root ca

Open hoexter opened this issue 1 year ago • 2 comments

TL;DR

The sample in privateca/certificate_authority_basic/main.tf looks like it's a copy of the subordinate setup and not for the root.

Expected behavior

Sample should be somewhat compliant to RFC 5280 and CA/B Baseline Requirements.

Observed behavior

SAN on Root -> does not make any sense pathLen on Root is not forbidden but according to the rfc not evaluated and not recommended by CA/B BR extendedKeyUsage is forbidden by CA/B BR on a root

Terraform Configuration

does not apply

Terraform Version

does not apply

Additional information

No response

hoexter avatar Apr 02 '24 10:04 hoexter

Thanks for your feedback @hoexter and the additional reference materials. They are super helpful. While I've left feedback on the PR, it seems like we may need to get the main terraform docs updated as well so that we are matching up our docs across pages. @msampathkumar do you have knowledge on these samples?

iennae avatar Apr 16 '24 04:04 iennae

This code samples is shown in https://cloud.google.com/certificate-authority-service/docs/creating-certificate-authorities#create-root-ca which focuses on Root CA.

Reaching out to the TW(Alida) for assitance.

msampathkumar avatar Sep 10 '24 10:09 msampathkumar