terraform-docs-samples icon indicating copy to clipboard operation
terraform-docs-samples copied to clipboard

Published 20 hours ago verified publisher icon terraform-google-modules

fix: provide a sensible example for a privateca Root CA example

Open hoexter opened this issue 10 months ago • 2 comments

This one looks a lot like someone copied by accident the subordinate example out of certificate_authority_subordinate/main.tf as a root CA. Thus it contains a lot of values set which are outright invalid or not recommend for Root CA certficates if you consider RFC 5280 and CA/B Baseline Requirements as the standard to follow.

Also the subordinate example is a bit odd, e.g. configuring SAN on any kind of CA certificate doesn't make sense. And the resources examples there make use of the same pool name.

I tried to keep the lifetime setting, but set it to 99 years. That is probably a sensible value for a P(rivate)KI setup. For something public 10y or 15y are probably more sensible.

Description

Fixes #630

Note: If you are not associated with Google, open an issue for discussion before submitting a pull request.

Checklist

Readiness

  • [] Yes, merge this PR after it is approved
  • [X] No, don't merge this PR after it is approved

Testing

--> this should get a test run somewhere, right now I don't have a test setup at hand to validate it against the API of the CAS

hoexter avatar Apr 02 '24 10:04 hoexter

/gcbrun

msampathkumar avatar Jul 04 '24 11:07 msampathkumar

@msampathkumar Can you help add @pmansour to the list of reviewers?

Sita04 avatar Jul 05 '24 15:07 Sita04

This PR has been inactive for two months. If this inactivity continues for another two weeks, I will close the request.

msampathkumar avatar Sep 30 '24 12:09 msampathkumar

@msampathkumar I updated the PR long ago with the proposed changes by @pmansour. Thus it's just waiting for a review by you/your team. :)

hoexter avatar Oct 07 '24 07:10 hoexter

/gcbrun

glasnt avatar Oct 10 '24 04:10 glasnt