Merge pull request #682 from smallstep/helm-ssh
Fix ssh in helm chart values
This commit is contained in:
commit
8acce7b092
2 changed files with 17 additions and 8 deletions
11
pki/helm.go
11
pki/helm.go
|
@ -14,11 +14,9 @@ import (
|
||||||
|
|
||||||
type helmVariables struct {
|
type helmVariables struct {
|
||||||
*linkedca.Configuration
|
*linkedca.Configuration
|
||||||
Defaults *linkedca.Defaults
|
Defaults *linkedca.Defaults
|
||||||
Password string
|
Password string
|
||||||
SSH struct {
|
EnableSSH bool
|
||||||
Enabled bool
|
|
||||||
}
|
|
||||||
TLS authconfig.TLSOptions
|
TLS authconfig.TLSOptions
|
||||||
Provisioners []provisioner.Interface
|
Provisioners []provisioner.Interface
|
||||||
}
|
}
|
||||||
|
@ -48,6 +46,7 @@ func (p *PKI) WriteHelmTemplate(w io.Writer) error {
|
||||||
Configuration: &p.Configuration,
|
Configuration: &p.Configuration,
|
||||||
Defaults: &p.Defaults,
|
Defaults: &p.Defaults,
|
||||||
Password: "",
|
Password: "",
|
||||||
|
EnableSSH: p.options.enableSSH,
|
||||||
TLS: authconfig.DefaultTLSOptions,
|
TLS: authconfig.DefaultTLSOptions,
|
||||||
Provisioners: provisioners,
|
Provisioners: provisioners,
|
||||||
}); err != nil {
|
}); err != nil {
|
||||||
|
@ -67,7 +66,7 @@ inject:
|
||||||
federateRoots: []
|
federateRoots: []
|
||||||
crt: {{ .Intermediate }}
|
crt: {{ .Intermediate }}
|
||||||
key: {{ .IntermediateKey }}
|
key: {{ .IntermediateKey }}
|
||||||
{{- if .SSH.Enabled }}
|
{{- if .EnableSSH }}
|
||||||
ssh:
|
ssh:
|
||||||
hostKey: {{ .Ssh.HostKey }}
|
hostKey: {{ .Ssh.HostKey }}
|
||||||
userKey: {{ .Ssh.UserKey }}
|
userKey: {{ .Ssh.UserKey }}
|
||||||
|
|
14
pki/pki.go
14
pki/pki.go
|
@ -408,6 +408,15 @@ func (p *PKI) GenerateKeyPairs(pass []byte) error {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
var claims *linkedca.Claims
|
||||||
|
if p.options.enableSSH {
|
||||||
|
claims = &linkedca.Claims{
|
||||||
|
Ssh: &linkedca.SSHClaims{
|
||||||
|
Enabled: true,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// Add JWK provisioner to the configuration.
|
// Add JWK provisioner to the configuration.
|
||||||
publicKey, err := json.Marshal(p.ottPublicKey)
|
publicKey, err := json.Marshal(p.ottPublicKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -418,8 +427,9 @@ func (p *PKI) GenerateKeyPairs(pass []byte) error {
|
||||||
return errors.Wrap(err, "error serializing private key")
|
return errors.Wrap(err, "error serializing private key")
|
||||||
}
|
}
|
||||||
p.Authority.Provisioners = append(p.Authority.Provisioners, &linkedca.Provisioner{
|
p.Authority.Provisioners = append(p.Authority.Provisioners, &linkedca.Provisioner{
|
||||||
Type: linkedca.Provisioner_JWK,
|
Type: linkedca.Provisioner_JWK,
|
||||||
Name: p.options.provisioner,
|
Name: p.options.provisioner,
|
||||||
|
Claims: claims,
|
||||||
Details: &linkedca.ProvisionerDetails{
|
Details: &linkedca.ProvisionerDetails{
|
||||||
Data: &linkedca.ProvisionerDetails_JWK{
|
Data: &linkedca.ProvisionerDetails_JWK{
|
||||||
JWK: &linkedca.JWKProvisioner{
|
JWK: &linkedca.JWKProvisioner{
|
||||||
|
|
Loading…
Reference in a new issue