From ef92a3a6d7903f7a641a776742cdf423891df6a6 Mon Sep 17 00:00:00 2001
From: Mariano Cano <mariano@smallstep.com>
Date: Mon, 19 Oct 2020 18:08:51 -0700
Subject: [PATCH] Move cas options under authority.

---
 authority/authority.go |  6 +++---
 authority/config.go    | 17 +++++++++++------
 2 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/authority/authority.go b/authority/authority.go
index 3fdb67cc..5b6f7761 100644
--- a/authority/authority.go
+++ b/authority/authority.go
@@ -156,8 +156,8 @@ func (a *Authority) init() error {
 	// Initialize the X.509 CA Service if it has not been set in the options.
 	if a.x509CAService == nil {
 		var options casapi.Options
-		if a.config.CAS != nil {
-			options = *a.config.CAS
+		if a.config.AuthorityConfig.Options != nil {
+			options = *a.config.AuthorityConfig.Options
 		}
 
 		// Read intermediate and create X509 signer for default CAS.
@@ -183,7 +183,7 @@ func (a *Authority) init() error {
 		// Get root certificate from CAS.
 		if srv, ok := a.x509CAService.(casapi.CertificateAuthorityGetter); ok {
 			resp, err := srv.GetCertificateAuthority(&casapi.GetCertificateAuthorityRequest{
-				Name: options.Certificateauthority,
+				Name: options.CertificateAuthority,
 			})
 			if err != nil {
 				return err
diff --git a/authority/config.go b/authority/config.go
index 48d56952..9d79ce9a 100644
--- a/authority/config.go
+++ b/authority/config.go
@@ -55,7 +55,6 @@ type Config struct {
 	Address          string               `json:"address"`
 	DNSNames         []string             `json:"dnsNames"`
 	KMS              *kms.Options         `json:"kms,omitempty"`
-	CAS              *cas.Options         `json:"cas,omitempty"`
 	SSH              *SSHConfig           `json:"ssh,omitempty"`
 	Logger           json.RawMessage      `json:"logger,omitempty"`
 	DB               *db.Config           `json:"db,omitempty"`
@@ -78,8 +77,11 @@ type ASN1DN struct {
 	CommonName         string `json:"commonName,omitempty" step:"commonName"`
 }
 
-// AuthConfig represents the configuration options for the authority.
+// AuthConfig represents the configuration options for the authority. An
+// underlaying registration authority can also be configured using the
+// cas.Options.
 type AuthConfig struct {
+	*cas.Options
 	Provisioners         provisioner.List      `json:"provisioners"`
 	Template             *ASN1DN               `json:"template,omitempty"`
 	Claims               *provisioner.Claims   `json:"claims,omitempty"`
@@ -185,8 +187,11 @@ func (c *Config) Validate() error {
 		return errors.New("dnsNames cannot be empty")
 	}
 
-	// The default CAS requires root, crt and key.
-	if c.CAS.Is(cas.SoftCAS) {
+	// Options holds the RA/CAS configuration.
+	ra := c.AuthorityConfig.Options
+
+	// The default RA/CAS requires root, crt and key.
+	if ra.Is(cas.SoftCAS) {
 		switch {
 		case c.Root.HasEmpties():
 			return errors.New("root cannot be empty")
@@ -225,8 +230,8 @@ func (c *Config) Validate() error {
 		return err
 	}
 
-	// Validate CAS options, nil is ok.
-	if err := c.CAS.Validate(); err != nil {
+	// Validate RA/CAS options, nil is ok.
+	if err := ra.Validate(); err != nil {
 		return err
 	}